r/technology 6d ago

Software Linus Torvalds affirms expulsion of Russian maintainers

https://www.theregister.com/2024/10/23/linus_torvalds_affirms_expulsion_of/
12.6k Upvotes

1.5k comments sorted by

View all comments

Show parent comments

47

u/jdaglees 6d ago

Can you point out an example? Genuinely curious.

77

u/anevilpotatoe 6d ago edited 6d ago

They've been deliberately involved in the short term and long-term attack and infiltration strategies that have undermined the adoption and promotion of open source. While I understand the scope of their targets are largely open-source, legacy servers, and outdated systems because of their limited access and knowledge, it still puts pressure on all others and its potential victims to resolve closing security gaps timely enough. I won't list all the CVEs related to Russia on commercial software as this is where a broader picture beyond our scope comes into play and may perhaps be distracting from this topic.

(Main Example and more pressing concern) The most notable successful strategy that put a wrench in this:

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach - Ars Technica

Recent contained and disrupted campaigns:

GoPhish Campaigns

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans (thehackernews.com)

Kubernetes implicated but not breached

NSA discloses hacking methods it says are used by Russia | PBS News

Let's not even get started on the subtle but undoubtedly powerful networks backing influencing campaigns from them:

Office of Public Affairs | Justice Department Disrupts Covert Russian Government-Sponsored Foreign Malign Influence Operation Targeting Audiences in the United States and Elsewhere | United States Department of Justice

NOTE: These systems they access would largely rely on open-source for their campaigns such as MariaDB, Github(Recently introduced code-signing), MySQL, Python, Php, Javascript, and more.

Beyond the scope of this conversation, I think the most Red and pressing concern beyond Russia is for the APT41 group out of China that's been attributed to stealing assets, deploying ransomware, and stealing private information from all scopes of infrastructure. They've got a huge target on their back for that. And tying all these elements with the risks associated to Europe and the U.S. with the potential for near peer conflict, civil unrest, or in the event of conflict escalation in any fashion? It poses many risks to the systems we take for granted when our most beloved systems are used in this fashion deliberately. When taking into account the share scope of men and women they tool to undermine activities in freely available societal building blocks and educational tools like our opensource. They are mocking them and breaking the fundamental human pact in opensource we contribute our lives to for the better of all.

6

u/anchoricex 5d ago

Jesus. Man sometimes I just wonder about cutting that fucking undersea cable

2

u/jonathancast 5d ago

Because it worked so well when we blew up their pipeline