But code was also added to node.ipc that would locate its users and, if they were found in Russia or Belarus, delete the files.
Malicious code from March 15 according to Liran Tal, a researcher at the cybersecurity firm Snyk. The new code has been hidden in the base64 encoded data, making it difficult to detect.
Shortly after uploading the GitHub code message went viral, stating that the code got onto the servers of an American NGO in Belarus and that the sabotage “led to the execution of your code and the deletion of over 30,000 messages and files detailing war crimes committed in Ukraine by the Russian army and government officials.”
According to Snick, the code remained part of the package for less than a day. The message purporting to be from an American NGO has not been verified, and neither organization has made public claims of any damage.
“While this is a protest attack, it highlights a larger problem facing the software supply chain: transitive dependencies in your code can have a huge impact on your security,” Tal wrote.
This is not the first time open source developers have sabotaged their own projects. In January, the author of another popular project colors added infinite loop to their code, which rendered any server it ran on useless until the problem was fixed.
The protest software is just the latest in a long line of attempts by activists to use technology to overcome Russian censorship and spread anti-war messages. Activists have used targeted advertising to bring news of the war in Ukraine to ordinary Russians who would otherwise be at the mercy of increasing censorship and ubiquitous state propaganda. crowdsourcing reviews as well as anti-war pop-up messages it is a tactic that has been used ever since the Russian troops began their invasion.
For the most part, the protest software is further evidence that much of what we can publicly see from the cyber war unfolding around Ukraine is directly related to the propaganda war in the first place.
Protest software can spread similar anti-war messages, but there are fears in the open source community that the possibility of sabotage—especially if it goes beyond mere intrusion messaging and starts destroying data—could undermine the open source ecosystem. Although less well-known than commercial software, open source software is extremely important in all aspects of the Internet.
“Pandora’s box is now open and from now on, people using open source will experience more xenophobia than ever before, including EVERYONE,” wrote GitHub user NM17. “The trust factor in open source, which was based on the goodwill of the developers, has now practically disappeared, and now more and more people are realizing that one day their library / application can be used to do / say anything, any some random web developer thought it was “the right thing”. Nothing good came of this “protest”.