If users were found in Russia or Belarus, the code added to the server would wipe files.
Liran Tal is a researcher at the cybersecurity firm Snyk. It will be hard to spot the new code in the base64-encoded data.
After the code was downloaded, a post went viral claiming that the code hit server operated by an American nongovernment organization in Belarus and that the sabotage resulted in executing your code and wiping over 30,000 messages and files detailing war crimes committed in Ukraine by the Russian army.
The code was part of the package for less than a day. No organization has made a public statement about any damages and the message from the American NGOs has not been verified.
While this is an attack with protest-driven motives, it highlights a larger issue facing the software supply chain: the transitive dependency in your code can have a huge impact on your security.
This isn't the first time that open-source developers have sabotaged their own projects. In January, the author of another popular project called colors added an infinite loop to their code that rendered any server useless until the issue was fixed.
Protestware is the latest attempt by activists to use tech to deliver anti-war messages. Activists have been using targeted advertisements to push news about the war in Ukraine to ordinary Russians who are otherwise at the mercy of state propaganda. Crowdsourced reviews and anti-war pop up messages have been used since Russian troops began their invasion.
Protestware is more proof that the cyberwar unfolding around Ukraine is related to the information and propaganda war.
Protestware can deliver similar anti-war messages, but within the open-source community there are worries that the possibility of sabotage can undermine the open-source community. Although it is less well known than commercial software, open-source software is important to running every facet of the internet.
“The Pandora’s box is now opened, and from this point on, people who use open source will experience xenophobia more than ever before, EVERYONE included,” GitHub user NM17 wrote. “The trust factor of open source, which was based on goodwill of the developers is now practically gone, and now, more and more people are realizing that one day, their library/application can possibly be exploited to do/say whatever some random dev on the internet thought was 'the right thing to do.’ Not a single good came out of this ‘protest.'”
All Rights Reserved © 2024
