WingNews logo WingNews
top | item 39884105

(no title)

jpz | 1 year ago

I think the idea this was HUMINT operation by a state sponsored intelligence service is more likely.

The twitter thread here was interesting.

https://x.com/thegrugq/status/1774392858101039419

Raging about these being inconsiderate people, when they were likely fictional personalities that were part of a long con seems to be a bit foolish to me.

discuss

order

mustache_kimono|1 year ago

> I think the idea this was HUMINT operation by a state sponsored intelligence service is more likely.

It's not an either/or proposition. I definitely think it was state sponsored, AND one method used was social engineering a burned out maintainer.

bloak|1 year ago

It seems to me that people are very much exaggerating how "professional" this attack was. Yes, it doesn't look like the actions of a single bored teenager but I don't think the government of a country like the USA or China would deliberately permit their employees to get involved with crap like this. Any backdoor they try to insert would look exactly like an innocent bug. So my (uninformed) guess would be that this is done by criminals, something like a ransomware gang branching out a bit. Though North Korea sometimes sponsors activities that are indistinguishable from those of a criminal gang so it could come from there.

I'm just speculating, of course. I don't know anything really.

paulmd|1 year ago

this is going to be impossible to prove or disprove, but given the state-sponsored nature of the attack (which seems fairly likely at this point)... I also wonder if maybe there wasn't some tips pushing Andreas Freund down the path of discovering it too.

like let's say you're the NSA and you know Russia (/china/etc) is trying to do this backdoor. maybe you send Freund an email through one of your cutouts and say hey, I've been looking at the ubuntu RCs and we noticed some performance regression in the postgres tests, etc... do it from some corpo email from a "friend" at some bigtech company that legitimately uses postgres/ubuntu and it's completely 100% deniable and innocuous.

it'd be interesting to see correspondence to/from Freund on his mailing lists too, see if there was anyone that (in retrospect) might have been tipping him down the path of discovery too.

(which is not to diminish in any way what he did... chasing a tiny perf regression in core library functionality back to root-cause is no mean feat. especially when it's code that is actively trying to evade detection - watching for debuggers, etc. Although that heisenbug nature might have also made it more compelling to these sorts of people ;)