The man who saved the internet

[Smoutwortel]

The lessons I pull from this story are:



Even the scariest threat actors have to sleep:
The time of posting is quite telling in what area someone is.

Two years is a lot(try explaining that to a city planner).

Open review works(caught a two year attack a month after it materialized).

Edit{
The layered release cycle works(the targeted infrastructure was safe from the attack, because they use slow releases).}

Code checking tools work(valgrind).

Binary commits shouldn't be accepted without a good explanation why it has to be binary and nothing else and being fully documented as which part does what and than only after review of someone who can read it.
Yes, it's true that source commits can be malicious too, but a. they can actually be reviewed without reverse engineering, b. most malicious commits are binary, c. it allows for an extra layer of automated code analysis.

High level attackers are selfish:
Most truly advanced stuff is written with the requirement for a secret key and the option for a high entropy kill switch. High entropy unique environmental information and hard coded credentials are thus telltale signs of an attack(and also bad practice, so cracking down on them won't hurt code quality).

Source code is data and should thus be unable to edit any current program on the system without active user permission.

Maintainer feature bullying should be cracked down upon.

It's too easy to hide from debuggers:
Every attack I've seen so far had debugger hide features. We could make research easier and computers safer if we stopped telling all programs whether or not they were being debugged. There're very few legit uses for it and it makes life way too easy for malware writers.