Millions of computers worldwide could have been victims of the most widespread IT hack yet, had it not been foiled just days ago by Microsoft engineer, who spotted the malicious code almost by accident.
Andres Freund is a Microsoft software engineer who realised that some of his code was using more power than it should – which led to him discovering a backdoor in the Linux code that could have been catastrophic.
“I didn’t even notice it during logging in with ssh or such,” Freund writes. “I was doing some micro-benchmarking at the time and was looking to quiesce the system to reduce noise.
“Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd. Which showed lots of cpu time in code with perf unable to attribute it to a symbol, with the dso showing as liblzma.
“Got suspicious. Then recalled that I had seen an odd valgrind complaint in my automated testing of postgres, a few weeks earlier, after some package updates were installed. Really required a lot of coincidences.”
They were lucky coincidences for computer users the world over: any machine running any operating system with the backdoored utility, and meeting the specs in the malicious code could potentially be taken over by malicious actors.
Microsoft CEO Satya Nadella hailed Freund’s discover: “Love seeing how Andres Freund, with his curiosity and craftmanship, was able to help us all.
“Security is a team sport, and this is the culture we need everywhere.”