• twinnie
    link
    fedilink
    arrow-up
    6
    arrow-down
    26
    ·
    9 months ago

    The guy was from Hong Kong, they probably threatened to throw his family in jail.

    • underisk@lemmy.ml
      link
      fedilink
      arrow-up
      48
      ·
      9 months ago

      he was using a singapore VPN and had access to multiple sockpuppets. we know literally nothing else about them and anything you’ve heard to the contrary is baseless rumor.

      leading theory is that it was a state-sponsored actor, but frankly even that much is speculation and which state is still way up in the air.

          • tal@lemmy.today
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            9 months ago

            we know about the singapore VPN because they connected to IRC on libera chat with it.

            Hmm.

            I don’t know if the VPN provider is willing to provide any information, but I wonder if it’s possible to pierce the veil of VPN in at least approximate terms?

            If you have a tcpdump of packets coming out of a VPN – probably not something that anyone has from the Jia Tan group – you have timings on packets.

            The most immediate thing you can do there – with a nod to Cliff Stoll’s own estimate to locate the other end of a connection – is put at least an upper bound and likely a rough distance that the packets are traveling, by looking at the minimum latency.

            But…I bet that you can do more. If you’re logging congestion on major Internet arteries, I’d imagine that it shouldn’t take too many instances of latency spikes before you have a signature giving the very rough location of someone.

            Some other people pointed out that if they used a browser, it may have exposed some information that might have been logged, like encodings.

            • underisk@lemmy.ml
              link
              fedilink
              arrow-up
              4
              ·
              9 months ago

              I don’t foresee anyone with the kind of data needed to do more investigation releasing it to the public, so I doubt we’re going to be getting any satisfying answers to this. Microsoft may have an internal team combing through github logs, but if they find anything they’re unlikely to be sharing it with anyone but law enforcement agencies.

    • Potatos_are_not_friends@lemmy.world
      link
      fedilink
      arrow-up
      12
      ·
      9 months ago

      Via https://boehs.org/node/everything-i-know-about-the-xz-backdoor

      They found this particularly interesting as Cheong is new information. I’ve now learned from another source that Cheong isn’t Mandarin, it’s Cantonese. This source theorizes that Cheong is a variant of the 張 surname, as “eong” matches Jyutping (a Cantonese romanisation standard) and “Cheung” is pretty common in Hong Kong as an official surname romanisation. A third source has alerted me that “Jia” is Mandarin (as Cantonese rarely uses J and especially not Ji). The Tan last name is possible in Mandarin, but is most common for the Hokkien Chinese dialect pronunciation of the character 陳 (Cantonese: Chan, Mandarin: Chen). It’s most likely our actor simply mashed plausible sounding Chinese names together.

      • xantoxis@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        9 months ago

        Wild, so it would suggest that the actor wasn’t Chinese at all. An authentic Chinese person probably wouldn’t choose a name that sounded like that, any more than I would name myself Sean MacBerkowitz, it would just sound wrong.

        A random name generator might produce something like this, of course, if it wasn’t programmed to be too picky.

        • baseless_discourse@mander.xyz
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          9 months ago

          Or they are Chinese, and pick non-authentic Chinese names so people wouldn’t suspect them? I don’t think looking at the name can be a great way to identify the source.

          This attack is clearly sophisticate: the attacker(s) are probably well-trained in obscuring their identity to not reveal much info from their name picks. Say, just use a random name generator.