SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow0152
Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand.
The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.
What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).
The hacker claims all source code has been downloaded and stored on one of their servers, and gives the victim ten days to pay the ransom; otherwise, they'll make the code public.
Source: https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/
(Score: 0) by Anonymous Coward on Monday May 06 2019, @08:27AM (2 children)
Interesting. I don't think the guy will rake up a lot of money, though. Most projects do not feature code breakthroughs and the projects with them have already been reverse engineered by the competition. Did somebody not have any local copy relying only on git? hm?
(Score: 0) by Anonymous Coward on Monday May 06 2019, @01:07PM (1 child)
And how exactly am I (or the developer) supposed to know that what the extortionist puts back is what was there before? How do we know that the black mailer hasn't put some back doors or other malicious software into the code when it's returned?
(Score: 2, Informative) by Anonymous Coward on Monday May 06 2019, @02:13PM
The same way you know that the remote copy of your git repository is the same one you're working on locally: through git tree hashes. If the two aren't the same, git will abort on a diverted history.
(And yes, there's a possible hash collision attack there -- but underhanded C becomes a lot harder if the underhanded code must also match the original file hash).