Activists are targeting Russians with open-source “protestware”

But node.ipc also added code that detects its users and, if found in Russia or Belarus, clears the files.

According to Liran Tal, a researcher at cybersecurity firm Snyk, the malicious code was created on March 15. The new code base was hidden in 64-encoded data which would make it difficult to find.

Shortly after the code was downloaded, a GitHub post went viral claiming that the code hit servers run by an American non-governmental organization in Belarus and that the sabotage resulted in “your code being executed and details of war crimes committed in Ukraine.” More than 30,000 messages and files were cleared. Russian military and government officials. ”

According to Snyk, the code remained part of the package for less than a day. The message has not been verified by the American NGO and no organization has made a public statement about the damage.

“While this is an attack with counter-driven motivations, it highlights a major problem facing the software supply chain: Infectious dependence on your code can have a big impact on your security,” Tal wrote.

This is not the first time open-source developers have sabotaged their own projects. In January, the author of another popular project called Colors added an endless loop to his code that would make any server running it useless until the problem was solved.

A new movement

Protestware is just the latest in a series of attempts by activists to use Russian technology to pierce Russian censorship and deliver anti-war messages. Activists are using targeted advertisements to spread the word about the war in Ukraine to ordinary Russians who are at the mercy of otherwise censorship and ubiquitous state propaganda. Crowdsourced Reviews And anti-war pop-up messages are a tactic used by Russian troops since the beginning of their offensive.

For the most part, Protestware is further evidence that much of what we can see in public from the cyber warfare around Ukraine is directly related to the first and foremost information and propaganda war.

Protestware can deliver similar anti-war messages, but there are concerns in the open-source community that the possibility of sabotage – especially if it goes beyond simple anti-aggression messaging and begins to destroy data – undermines the open-source ecosystem. Can. Although less well-known than commercial software, open source software is vital for running every aspect of the Internet.

GitHub user NM17 wrote, “The Pandora’s box is now open, and from this point on, those who use open source will experience more xenophobia than ever before, including everyone.” “The open source trust factor, which was based on the goodwill of the developers, is now practically gone, and now, more and more people are realizing that one day, their library / application may be used to do / say anything. Thought on the internet that ‘it’s worth doing.’ Not one good thing came out of this “protest.”

Similar Posts

Leave a Reply

Your email address will not be published.