A prominent story in The New York Times last week set a compelling stage: “Did one guy just stop a huge cyberattack?”
The article dove into the details of Andres Freund, a 38-year-old software engineer at Microsoft. Freund recently stumbled upon a secret backdoor embedded in Linux, the open-source operating system that runs most global servers used by government, finance, and healthcare organizations.
Like most versions of popular open-source software, Linux receives regular updates from coders and developers, who fix vulnerabilities whenever they encounter them. But when Freund encountered an unusual line of code, he realized it was something bigger—possibly even the kind of hidden “master key” that could allow hackers to hijack hundreds of millions of systems and execute a major cyberattack.
The New York Times extends the metaphor beautifully:
“In the cybersecurity world, a database engineer inadvertently finding a backdoor in a core Linux feature is a little like a bakery worker who smells a freshly baked loaf of bread, senses something is off and correctly deduces that someone has tampered with the entire global yeast supply. It’s the kind of intuition that requires years of experience and obsessive attention to detail, plus a healthy dose of luck.”
As Freund did more research, he kept finding more evidence of a serious issue. So he distributed his information to a group of open-source software developers, who quickly fixed the problem and gave Freund credit for preventing what “could have been the most widespread and effective backdoor ever planted in any software product,” according to cybersecurity experts interviewed for the article.
It was a major publicity win for Microsoft, which has struggled lately. The New York Times recently sued Microsoft and OpenAI over claims of copyright infringement involving artificial intelligence systems that generate text. And the same week as the news about the intrepid coder saving the day, the Department of Homeland Security’s Cyber Safety Review Board recently faulted Microsoft for “shoddy cybersecurity practices, lax corporate culture, and a deliberate lack of transparency” related to a targeted Chinese hack last year that infiltrated the Microsoft Exchange Online mailboxes of 22 organizations and more than 500 individuals around the world, including leading U.S. government officials.
The Linux vulnerability and the Chinese hack were both incredibly sophisticated, with U.S. intelligence agencies saying that last year’s breach was carried out at the behest of the Ministry of State Security (MSS), Beijing’s elite spy service. The exact source of the Linux backdoor is still undetermined, though researchers think that only Russia or China—countries with thriving digital crime groups that employ hackers with formidable chops—could have pulled it off.
But there are still lessons to be learned for everyday businesses across North America. CMIT Solutions has compiled a few in the list below:
Compared to the enormous cost inflicted by a data breach or software vulnerability, proactive IT services are far cheaper. Good IT support can empower your employees to work smarter everyday while setting your business up for long-term success. Every company deserves that kind of enterprise-level support and competitive advantage.
If you’re ready to work with IT experts who care about your business and can mitigate the most significant risks, CMIT Solutions is ready to connect. We have more than 250 offices and 800 technicians across North America, all providing thousands of clients with cutting-edge cybersecurity protection.
Don’t waste another minute worrying about high-profile hacks or trying to navigate the complex IT landscape alone. Contact CMIT Solutions today to talk to a trusted IT expert for guidance you can count on.
Local boy with autism is spreading holiday cheer in a big way
Nonprofit named recipient for annual donation campaign
Denise Cherry-Russell, a Kenosha resident and proud veteran, won the "Win Your Wish List" Sweepstakes
Froedtert Pleasant Prairie Hospital is proud to welcome a new cardiothoracic surgeon to their world-class…
Unlock productivity and security with trusted IT guidance
An adorable 1 ½-year-old pup looking for a loving home
This website uses cookies.