The ‘Internet apocalypse’ that nobody cares about
A historic event of unprecedented magnitude that will keep the specialists busy for many months to come: This information has not exited the mainstream media nor the public at large.
Published: January 29, 2022, 11:55 am
“Log4j” is not known to anyone outside of developer circles. And many who use this piece of computer code are not even aware of its vulnerability. For PCs, smartphones, game consoles and internet-enabled objects in general, it is one of the most used programs in the world with up to a billion downloads per year. Because of its severity, the Log4j vulnerability has been given its own name. It’s called “Log4Shell”.
Some 25 years ago, Ceki Gülcü, who now owns his own software consulting company, wrote his master’s thesis in cryptography at the IBM research laboratory near Zurich in Switzerland. After his studies, he remained employed in an IBM team that dealt with data security.
The software he developed writes down what happens when you use software and Log4j version 1 was created. Ceki Gülcü explained the functionality of Log4j using the example of the black box in an airplane, which records the conversations of the pilots, the speed, the altitude and all the technical aspects that are programmed to monitor and control the flight.
Log4j’s software is open source, i.e. software that is made available to the general public free of charge. Such software has a reputation for being generally safe precisely because of its transparency. It is assumed that many eyes ensure that possible problems are recognized and solved.
In 2000, the program was officially handed over to the Apache open source foundation. This non-profit foundation is made up of volunteer developers and contributors. In 2006, Ceki Gülcü left the project and developed his own software such as SLF4J or LogBack, which are well known and popular today.
In 2012, the Apache Foundation started a complete revision under the name Log4j Version 2. A special function was introduced: Log4j 2 analyzes and interprets external programs before their content is used further.
And this is exactly where the vulnerability was discovered over a month ago: An attacker can submit a specially crafted file that Log4j falsely accepts. This means that any code from external sources can be executed. Another option is to simply freeze the compromised computer and then demand a ransom.
The discovery of the vulnerability reads like a thriller. It was Chen Zhaojun, a member of the Alibaba Cloud Security team, who discovered the vulnerability. He informed the Apache Foundation and together with them made the vulnerability public on December 9, 2021, giving the developers enough time to fix the problem. After a leak on a Chinese blogging platform shortly before publication, there were discussions about the details of the vulnerability. Hackers didn’t wait: the first attacks were observed in the first few days after discovery.
Giants like NASA, Twitter, Oracle and Apple are known to use programs in which the Log4j vulnerability is present. For example, iCloud, Apple’s online storage service, could have been hacked via this vulnerability. In theory, the small helicopter that NASA sent to Mars is also vulnerable, as some of the programs used to communicate with it from Earth are based on Log4j. Small and medium-sized businesses, government agencies and even individuals with private servers at home are also affected, and it will take some time before the extent of the gap is known.
Furthermore, it is clear that the Belgian Ministry of Defense was the first known victim of a Log4Shell attack. Spectacular precautionary measures were taken, for example in Canada with the preventive shutdown of government servers or in Germany with the giant company Bosch, which also manufactures connected objects and admitted to being affected, but without giving further details.
Actually, this vulnerability may have been discovered and exploited by hackers long before, without anyone noticing. As a reminder, version 2 was released in 2012. It is therefore not impossible that criminals could have smuggled malicious programs into computer systems. For some actors, gaining access to confidential information is more attractive than being paid for it. It is feared that the first wave of attacks was just an initial earthquake before a tsunami of larger attacks.
What should a digital future look like?
The fact is that neither society nor governments are prepared for accelerated digitization today.
Before governments continue to push for electronic voting and the automated exchange of medical data, societies should discuss the kind of future they want. This includes a public discussion on the legal aspects, security and data protection, infrastructure, open source, surveillance, sovereignty over our data, democracy, culture, copyright. And of course censorship must also be included in the discussions. And public participation is necessary because the transition concerns us all – we urgently need to assume digital responsibility.
This “computer apocalypse” raises the question of the importance of our digital world. Contingency plans should be put in place since technical measures alone are not enough. Countries and businesses need to prepare to continue working in the event of a larger network failure. In addition, crisis communication infrastructure should be planned.
Each person is responsible for the security of their own computer system and makes sure to know the basics of home privacy: All sensitive data should be kept in a separate area from the internet. Change the passwords regularly, as well as the password for a WLAN and install a password on any hard drive.
All rights reserved. You have permission to quote freely from the articles provided that the source (www.freewestmedia.com) is given. Photos may not be used without our consent.
Consider donating to support our work
Help us to produce more articles like this. FreeWestMedia is depending on donations from our readers to keep going. With your help, we expose the mainstream fake news agenda.
Keep your language polite. Readers from many different countries visit and contribute to Free West Media and we must therefore obey the rules in, for example, Germany. Illegal content will be deleted.
If you have been approved to post comments without preview from FWM, you are responsible for violations of any law. This means that FWM may be forced to cooperate with authorities in a possible crime investigation.
If your comments are subject to preview by FWM, please be patient. We continually review comments but depending on the time of day it can take up to several hours before your comment is reviewed.
We reserve the right to delete comments that are offensive, contain slander or foul language, or are irrelevant to the discussion.
BerlinSomething doesn't add up. While climate activists are warning us about the end of the world, the number of passengers doubled in 2022. In other words: A massively growing number of people are using the air's "dirty" transport and are responsible for copious amounts of CO2 emissions.
ParisFollowing the second day of mass mobilisation against the Macron administration's pension reform, the unions have announced new social movements on 7 and 11 February.
BudapestIn an interview with the Austrian daily eXXpress, Viktor Orban, Hungary's Prime Minister said he was convinced that the current political system in Europe would collapse within this decade.
StrasbourgThe “accidental” declaration of war on Russia by German Foreign Minister Annalena Baerbock (Green Party) has stirred up the political classes. Moscow sees evidence that the EU states are "direct warring parties" and the Kremlin has demanded an explanation.
BudapestThe result of parliamentary elections in Hungary in April 2022 has been the bane of the opposition. The defeated movement around Péter Márki-Zay received illegal funds from the US on a larger scale than previously thought, according to a recently declassified intel report. Most media outlets have been silent about it.
GenevaThe WHO has introduced a global patient file with the vaccinated and unvaccinated to be codified in future.
ParisAn investigation by Médiapart revealed that the Renaissance deputy of Hauts-de-Seine Emmanuel Pellerin used cocaine, before as well as after his election.
StockholmAfter the burning of the Quran in Stockholm, Turkey has no intention of allowing Sweden to join NATO. Sweden's Prime Minister, on the other hand, pointed to the importance of freedom of expression. The NATO Secretary General also spoke up on the matter.
BerlinThe asylum disaster continues unabated in 2023. According to a confidential "Status Report on Migration and Refugees" by the EU Commission dated January 11, the number of asylum applications in the EU rose by around half in the past year to well over 900 000.
ParisSome 150 000 students marched in Paris on January 21 against pension reform, according to the youth organisations that initiated the demonstration, but only 14 000 according to sources close to the Macron administration.