Last month, the world narrowly avoided a cyberattack of stunning ambition. The targets were some of the most important computers on the planet. Computers that power the internet. Computers used by banks and airlines and even the military. What these computers had in common was that they all relied on open source software. A strange fact about modern life is that most of the computers responsible for it are running open source software. That is, software mostly written by unpaid, sometimes even anonymous volunteers. Some crucial open source programs are managed by just a single overworked programmer. And as the world learned last month, these programs can become attractive targets for hackers. In this case, the hackers had infiltrated a popular open source program called XZ. Slowly, over the course of two years, they transformed XZ into a secret backdoor. And if they hadn't been caught, they could have taken control of large swaths of the internet. On today's show, we get the story behind the XZ hack and what made it possible. How the hackers took advantage of the strange way we make modern software. And what that tells us about the economics of one of the most important industries in the world. Help support Planet Money and hear our bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney. Learn more about sponsor message choices: podcastchoices.com/adchoices NPR Privacy Policy
New from the embedded podcast.
What happens when three republican women challenge their own party?
Maybe we need to speak out a little bit bolder.
Maybe we need to do something to get people's attention.
They have a front row seat to democracy now.
You do, too.
Listen to super majority from NPR's embedded and Wpln.
This is planet money from NPrDez.
Now that Richard Jones knows how close the entire world came to disaster, he's been looking back for any hints, any clues that he might have missed.
For him, the first clue was this message that showed up in his inbox on February 26.
So I remember I got this email, and it was not anything unusual.
Richard is a senior engineer at Red Hat.
He helps make an operating system that that is used all over the world.
We're talking Fortune 500 companies, major hospital systems, banks, even the us military.
And what's interesting about that operating system is that it is completely open source, meaning it's made out of all these different pieces of software that people are putting out for free.
So Richard is often emailing with strangers on the Internet.
I don't know who half the people I talk to on the Internet about software are.
I don't know who they are in real life.
I've never met any of them.
Instead, we work on reputation.