• psmgx@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    3
    ·
    8 months ago

    Sounds like a concerted effort by a reasonably competent state actor. The +0800 timezone offset implies parts of Asia and is a small but crucial detail, esp given the commit times. In other words, China, Malaysia, Korea, etc. – somewhere in Asia.

    OTOH the author even concedes identity theft or smart attempts to discredit and point at Asia. Still, is on par for Chinese and NK actors.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      28
      arrow-down
      5
      ·
      edit-2
      8 months ago

      It could also be the opposite, someone trying to act like one of the Asian countries. The article lists the UTC times for the commits at 12-17, which would correspond to 8AM-1PM EST or 5-10AM PDT. That also could be fudged, or it could be a relatively new US spook working primarily in the mornings. Or if it’s someone in Asia, that’s 8PM-1AM, which is the perfect time for an evening hacker.

      It’s really not clear who’s behind it.

      I’m guessing an independent hacker in Asia because a state actor would probably just exploit existing bugs instead of adding new ones, and they certainly wouldn’t do something as obvious as “safe_fprintf -> fprintf.” I’m guessing this is all one individual trying to create business for themselves.

    • mwguy@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      In other words, China, Malaysia, Korea, etc. – somewhere in Asia.

      The Shadow Broker’s leaks showed that state actors had whole tool suites to ensure that the product appeared like it was coming from a different location. Given that those tools have been leaked since 2016 and the concept is even older; relying on metadata like timezones, character set, etc… to make determinations about location is unreliable at best.

  • blarth
    link
    fedilink
    English
    arrow-up
    22
    ·
    8 months ago

    What a wild read. Definitely smells like nation state actor.

    • Eiim@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      I’m not really convinced. I haven’t seen anything outside the capabilities of a talented individual, and such an exploit would be worth a lot of money, so the motivation is there.

  • fluxion@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    8 months ago

    It’s so disgusting to think that Jigar Kumar guy pressuring the original maintainer was Jia himself just manipulating his way into a maintainer role.

    I hate people sometimes.

    • darkpanda@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 months ago

      It may not have a been a single person in the first place. “Jia” may have just been a front for multiple people or a team of people working together to facilitate the whole situation.

  • Pika@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    9
    ·
    8 months ago

    this is insane that it lasted as long as it was before found. I’m glad that was quickly resolved before it hit stable.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      8 months ago

      And there’s the Open Collective Foundation closing (not Open Source Collective or Open Collective Inc), which means a bunch of projects need to deal with a bunch of paperwork.

      I wish FOSS had a better community backing so a larger group of trusted devs could handle maintenance on multiple projects. Basically, any “production” Linux distribution would only ship software with stable maintenance. I’d join such a group, but as always, funding is an issue.