This is the best timeline I've seen so far on what we know about the Xz backdoor. Some good info here for researchers: https://boehs.org/node/everything-i-know-about-the-xz-backdoor

@briankrebs Can't wait to watch the movie

A list of strings found in the backdoor code:


@briankrebs whoa.

theres a killswitch, and it looks like it was aiming to take screenshots, and possibly interact with other user accounts (pam?) on the system.


@Viss do you think the second to the last line is the kill switch (the long seemingly random string)?

@ranvel thats the current theory


The intel community in the US is going to have fun taking this apart come Monday. The boys at Meade are probably already trying to track this guy down.

Personally, I suspect a national state, but good luck figuring out which one.

@wiredog Everything here goes back to China.

@briankrebs I'm interest in who expected a payoff commensurate with the effort that apparently went into creating this xz backdoor.

@Corb_The_Lesser We got the X and the Z part, what we don't know is Y.

Two names that are mentioned as entities that sped this backdoor along -- Hans Jensen and Jia Tan -- both worked on a fork of lz4, a compression algorithm. I'm guessing anything either of these guys touched is getting the fine-toothed comb treatment now, but this one stood out for me b/c of the overlap.



@briankrebs There's also Jigar Kumar and Dennis Ens in the mailing list pressuring Lasse to get another maintainer. There's also krygorin4545 and misoeater91 on the Debian bug report for the 5.6.1 version.

@briankrebs Is it true that a Dev found the ?🤔

@briankrebs they are likely the same person, along with other sock puppet accounts pressuring the author to give commit rights. At least 4