A tale about trust, deception and how fragile the internet really is
Find us on:

This week Andreas Constantinides, a renowned cybersecurity expert, joins me to help me uncover the alarming case of Jia Tan—a fabricated identity at the center of a sophisticated cyber espionage operation. Andreas lends his extensive expertise as we analyze how Jia Tan, seemingly a diligent contributor to open-source projects like XZ Utils, was a cover for a collective executing a long-term backdoor placement in critical software infrastructure. This episode not only explores the broader implications of trust and security in the open-source community but also discusses the fact that female personas are commonly used by hackers in long-sting operations. Join us as we piece together the digital puzzle that nearly compromised millions of servers worldwide.

If you have the understanding and you are really interested in the technical details of how this happened you can read more here.

A timeline of the events.

Jia's Tan account on Github.

XCKD Sudo Strip

XKCD Dependency Strip