The case

Over Easter, sheer luck prevented probably the biggest catastrophe in global IT security. Software developer Andres Freund discovered that the “back door” in the software used worldwide for remote server maintenance had been secretly accessed.

Source: Thomas Krause; NZZ and dnip

The commentary

One cannot help but wonder how this could happen and one must seriously ponder about what can and must be done to prevent this from happening again (find out more in link). Linux and Unix operating systems are not familiar to the general public as these systems are rarely installed on computers and laptops in offices or at home. In contrast, a large proportion of Internet servers use Linux, and according to the analysis platform W3Techs, 85 % of all web servers run on Unix. It seems that the perpetrators were able to access most of the systems, and at this point in time who was behind the attack is still shrouded in mystery though the elaborate procedure and technical skill as well as the fact that the “back door” was only accessible by means of a specific key (mechanism ensuring that cyber criminals or enemy states are prevented from spying or jeopardise the systems) point at professionals. In consequence one must assume that Freund’s discovery unveiled the activities of a foreign secret service. According to Neue Zürcher Zeitung said organisations would have the resources and time for such long-term operations.    

This publication has been prepared solely for information purposes and is does not constitute a recommendation, a solicitation, or an offer. The information on which this publication is based has been obtained from sources that we believe to be reliable and in good faith, but we have not independently verified such information and no representation or warranty, express or implied, is made as to its accuracy. All expressions of opinion are made as of the date of publication and may be subject to change without notice. k-flash and all related affiliates accepts no liability or responsibility whatsoever for any consequential loss of any kind arising out of the use of this publication or any part of its contents. The use of this publication should not be regarded as a substitute for the exercise by the recipient of his or her own judgment. This publication is not directed to any person in any jurisdictions that prohibit such publication.