85
Backdoor in utility commonly used by Linux distros risks SSH compromise (www.scmagazine.com)
submitted 7 months ago by zephyreks@lemmy.ml to c/worldnews@lemmy.ml
5 comments fedilink hide all child comments

Discovered by Andres Freund: https://www.openwall.com/lists/oss-security/2024/03/29/4

you are viewing a single comment's thread
view the rest of the comments
[-] intelshill@lemmy.ca 4 points 7 months ago

This is either a state actor operating under a fake name or it deserves to be one.

The perpetrator, "Jia Tan," let's assume has last name 陈. In Mandarin, this is pronounced as Chen, in Hong Kong as Chan, while in Minnan this is pronounced as Tan. Minnan is prevalent in Taiwan, Singapore, Malaysia, Indonesia, and other southeast Asian countries as well as in parts of Fujian, China (where it originated).

A common feature of early Chinese expat communities was that they were overwhelmingly from Guangdong (think Gold Rush era). However, more recently, there's been a massive wave of Taiwan and Hong Kong emigration... The relevant takeaway here is that Tan is much more common of a pronunciation in expat communities than it is in China.

Of course, they could also have the last name 谭, but that's a good bit rarer. 陈 is the most common Chinese surname overseas and the 5th most common in China, while 谭 is something like 54th most common in China. Odds are high that, if this was a persona constructed by a state actor, it did not come from China but from an overseas actor for which Tan is a more common romanization.

[-] krolden@lemmy.ml 2 points 7 months ago* (last edited 7 months ago)

What makes you think thats actually their name?

[-] mlg@lemmy.world 2 points 7 months ago

This makes sense, but the implementation itself was also kind of sloppy. I think it was bound to be found sooner or later, which seems oddly unlikely for an APT that would spend more time and effort hiding it.

I wouldn't expect China, NSA, or any big name APT to be behind this.

I wonder if it was really a state actor or actually just a random blackhat group trying to gg ez a backdoor.

[-] intelshill@lemmy.ca 7 points 7 months ago

Way too big of a target for a black hat group imo. It was only sloppy because they got caught.

The length of this project points to external funding.

this post was submitted on 30 Mar 2024
85 points (94.7% liked)

World News

32316 readers
533 users here now

News from around the world!

Rules:

founded 5 years ago
MODERATORS
Rumblestiltskin@lemmy.ml
AgreeableLandscape@lemmy.ml
jackmarxist@lemmy.ml
zephyreks@lemmy.ml
OurToothbrush@lemmy.ml