How one hacker accidentally saved the internet from the biggest global cyberattack in history

Imagine where we'd be if the internet was scrubbed from existence and we might actually have to talk to each other.

With the World Wide Web being such a fountain of knowledge and holding everything from our financials to medical records, it's important to keep it safe. Aside from that, most of us spend hours every day scrolling through it - whether it be for work or pleasure.

Cyberattacks are nothing new, but whereas most hackers tend to target one specific site or company to expose the information inside, one man apparently averted a global catastrophe by saving the entire internet from a deadly cyberattack.

In March 2024, lone Microsoft engineer Andres Freund was running routine tests on Linux's latest version and noticed a strange CPU spike that might go unnoticed to the untrained eye. This split-second blip could've brought the internet to its knees.

Freund's CPU spike turned out to be something much more than your standard anomaly, highlighting an internet backdoor that could've been there for years and was possibly tucked away by state-sponsored hackers.

If left untamed, the backdoor could spread to millions of servers and give hackers access to hospitals, governments, and global systems worldwide. The software was planted in the widely-used XZ Utils software and threatened to give hackers a 'master key' to the internet. Considering Linux is used on all of the Top 500 supercomputers, you can see why an open invite to hackers might be a problem.

Open-source software is handled by a group of developers, with Lasse Collin having overseen XZ Utils since 2005. As calls for change mounted, Collin employed a new face called 'Jia Tan' in 2022.

Tan's real mission was to plant the backdoor in XZ Utils, and after a year of flying under the radar, they reportedly planted the backdoor code in March 2023. It was around this time that they changed the security alert system so that Collin was no longer warned about any potential breaches.

Jia Tan is likely just an alias (Sean Anthony Eddy / Getty

Freund discovered the backdoor on March 27, 2024, and within hours, devs and cybersecurity experts were trying to patch the vulnerability. The incident has raised questions about the use of open-source software, although security has hopefully been heightened it.

Costin Raiu, former Head of the Global Research and Analysis Team at Russian cybersecurity firm Kaspersky, explained to Wired, "This multiyear operation was very cunning, and the implanted backdoor is incredibly deceptive.

"I’d say this is a nation-state-backed group, one with long-term goals in mind that affords to invest into multiyear infiltration of open source projects." He suspects China, Russia, or North Korea could be behind the attack, but can't be sure.

As for Jia Tan, there's been no luck in tracing whether this was was an individual person or a shady cabal operating under the cover of internet darkness.

Freund has been hailed a hero, with Microsoft CEO Satya Nadella calling him the 'silverback gorilla of nerds.' There are worries that Jia Tan will return in another form, but don't worry, we've got Freund to watch our backs.