If you're not fluent in coding, just know this: "Had it not been discovered, it would have been catastrophic to the world," a security analyst at Analygence tells Ars Technica. He's referring to a carefully hidden "backdoor" found in the open-source software Linux that could have given the hacker access to computers all over the planet. And how was it discovered? Not by a crack team of cybersleuths or a massive government operation but by a single person—a 38-year-old software engineer named Andres Freund who works for Microsoft and lives in San Francisco, reports the New York Times.
"This is the Silver Back Gorilla of nerds," is how one admirer put it in a tweet. "The internet final boss." Similar praise of Freund can be found all over, including from Microsoft CEO Satya Nadella. "I find it very odd," Freund himself tells the Times. "I'm a fairly private person who just sits in front of the computer and hacks on code." What's more, Freund isn't even a security researcher, notes a post at deepfactor. He stumbled upon his discovery because he noticed a slight lag time in a system he was running for his actual work and decided to investigate, per the Guardian.
The Times uses this analogy: "In the cybersecurity world, a database engineer inadvertently finding a backdoor in a core Linux feature is a little like a bakery worker who smells a freshly baked loaf of bread, senses something is off and correctly deduces that someone has tampered with the entire global yeast supply." It's not clear yet who planted the backdoor—save for the pseudonym "Jia Tan"—but it was sophisticated enough that fingers are being pointed at China or Russia. "Jia Tan" appears to have spent years establishing credibility in the coding world in order to gain status as a "maintainer" with the clout to make and approve changes. "This was certainly the act of an individual or group playing the long game," writes Mark Larkin at deepfactor, who has an in-depth look at what happened. (More hacking stories.)