But node.ipc also had code added to it that located its users and, if they were found within Russia or Belarus, wiped files.
The malicious code on March 15, according to Liran Tal, a researcher at the cybersecurity firm Snyk. The new code was hidden within base64-encoded data that will make it hard to spot.
Soon after the code was downloaded, a GitHub post went viral claiming that the code hit servers operated by an American nongovernment organization in Belarus and that the sabotage “resulted in executing your code and wiping over 30,000 messages and files detailing war crimes committed in Ukraine by Russian army and government officials.”
The code remained part of the package for less than a day, according to Snyk. The message allegedly from the American NGO has not been verified and no organization has made a public statement about any damages.
“While this is an attack with protest-driven motivations, it highlights a larger issue facing the software supply chain: the transitive dependencies in your code can have a huge impact on your security,” Tal wrote.
This is not the first time open-source developers have sabotaged their own projects. In January, the author of another popular project called colors added an infinite loop to their code that rendered any server that was running it useless until the issue was fixed.
A new movement
Protestware is just the latest of multiple attempts by activists to use tech to pierce Russian censorship and deliver anti-war messages. Activists have been using targeted advertisements to push news about the war in Ukraine to ordinary Russians who are otherwise at the mercy of accelerating censorship and ubiquitous state propaganda. Crowdsourced reviews and anti-war pop up messages are tactics that have been employed since Russian troops began their invasion.
For the most part, protestware is more proof that much of what we can publicly see from the cyberwar unfolding around Ukraine is directly related first and foremost to the information and propaganda war.
Protestware can deliver similar anti-war messages, but within the open-source community there are worries that the possibility of sabotage — especially if it goes further than simple anti-invasion messaging and starts destroying data — can undermine the open-source ecosystem. Although it is less well known than commercial software, open-source software is enormously important to running every facet of the internet.
“The Pandora’s box is now opened, and from this point on, people who use open source will experience xenophobia more than ever before, EVERYONE included,” GitHub user NM17 wrote. “The trust factor of open source, which was based on goodwill of the developers is now practically gone, and now, more and more people are realizing that one day, their library/application can possibly be exploited to do/say whatever some random dev on the internet thought was ‘the right thing to do.’ Not a single good came out of this ‘protest.’”