Microsoft developers discover potential cybersecurity risks

Men who operate computers are rarely the main characters in stories. Microsoft developer Andres Freund discovered a malicious backdoor in popular open source software last week. Programmers scrambled to fix the problem, but warned that if not fixed, hundreds of millions of devices could be compromised, leading to a catastrophic cybersecurity breach.

Freund told the New York Times that he first noticed the unusual error message while performing routine maintenance on the Linux operating system, a critical software used by banks, governments and businesses around the world. Initially, he ignored it, but after a few weeks he noticed that the application used to log into his computer remotely was using more power on his system than expected.

Lessons on following your intuition

To most people, Freund's observation would not seem like a red flag. But they lead experienced developers down a rabbit hole, disassemble all the code, and the bad guys cleverly insert backdoors, allowing hackers to use this software to gain remote access to many computers around the world. I discovered that I was able to do it.

(Obvious) Culprit: The sign points to a user using the pseudonym Jia Tan. Open source software is primarily maintained by volunteer developers, and it takes a lot of effort to be the one to hit the “publish” button. Tan has spent his three years working with crypto gatekeepers to gain their trust.

Although Tan's true identity is unclear, cybersecurity experts say the complexity of the project suggests he is likely a group of hackers working on behalf of a very powerful group or even a nation-state.

Big picture: It is often joked within the industry that the only thing standing in the way of a potentially devastating attack on the world's cyber infrastructure is a handful of overworked volunteer developers. Especially when it comes to giant companies like Microsoft, which make billions of dollars building the same open source systems.-Hmm