The Ukrainian IT Army, set up in an urgent call by the Ukrainian Deputy Prime Minister, has already numbered more than 300,000 men. However, a single initiative by one programmer managed to upset quite a few programmers around the world this week. This programmer, known as RIAEvangelist, is responsible for a software package called Node-ipc. It probably does not mean anything to you, but for the million people who download it every week, it’s probably very important.
As part of this initiative the same programmer introduced a change in the code “which adds a message of peace against Russian aggression,” he said. What he forgot to mention is that with the positive message also came an order to rewrite computers from Belarus and Russia and replace all their software code with hearts. But this initiative, unlike other initiatives to disrupt Russia’s Internet connection, was not received sympathetically. In fact, many programmers have condemned the developer programmer regardless of their attitude to the warring parties.
And why were they so angry? In practice, for computers the action of RIAEvangelist was equivalent to someone dumping explosives in the concrete of a bridge. It is not certain that he will blow it up, but its very presence is a danger to lives. The Internet, as it is today, is built on open source software packages. These packages are maintained by volunteers, whose job it is to make sure that they continue to operate and maintain the backbone of the Internet.
The point is that quite a few organizations that run open source software automatically update the code when such an update is sent. And when such an update contains malware, the damage is immediate and the time bomb goes straight into the concrete of the bridge foundations.
In fact, it is a completely different type of virus. These are no longer attempts to implant software through file delivery or computer intrusion. The idea here is to push malware through the back door, into a place where no one will suspect.
But it is precisely this openness that creates a kind of vaccine, since open source is on display for the whole world. This feature helped programmers uncover in a few hours the recalcitrant update of RIAEvangelist and tarnish its reputation forever, preventing developers from distributing the problematic update – which would not have happened if it were closed source systems that no one knows what is written in them.
The fighting in Ukraine is dragging all sides, and also the community of programmers, to the edge. Let’s hope that the attempts to stop the attackers will reach their destination and not create peripheral damage, which could destroy significant parts of the global Internet.
The author is the CEO of Linnovate, which specializes in the construction and maintenance of cloud environments and open source platforms.