Skip to main content
banner image
venafi logo

Open Source Sabotage and Encryption Efficacy Emerge as Tactics in Ukraine Resistance

Open Source Sabotage and Encryption Efficacy Emerge as Tactics in Ukraine Resistance

March 25, 2022 | Brooke Crothers

Inserting malicious code into open source software has emerged as one kind of “protestware” against the Russian invasion of Ukraine.  And a debate on the efficacy of encryption in the popular Telegram app is also front and center in the war.

Why are TLS certificates such a hot commodity on the dark web? Read the report to find out!
Open source as a weapon and weak link

As part of the protest against the ongoing war, an open source developer added malicious code to a popular open-source package, wiping files on computers located in Russia and Belarus.

The protest began as a benign “peace” message when installing the popular npm package node-ipc but then quickly morphed into malware in later versions, as first reported by Bleeping Computer.

The packages originally added a "message of peace" on the desktop of any user installing the packages, according to the report.  But later select npm versions of the node-ipc library launched a destructive payload to delete all data of users installing the package. The malware targeted users based in Russia and Belarus.

“Interestingly, the malicious code…would read the system's external IP address and only delete data by overwriting files for users based in Russia and Belarus.”

--BIG sabotage: Famous npm package deletes files to protest Ukraine war, Bleeping Computer, March 17, 2022

As a dependency, node-ipc is automatically downloaded and incorporated into other libraries, including ones that have over one million weekly downloads, according to Ars Technica.

While this kind of hacktivism can be an effective weapon in the ongoing Ukraine-Russia cyberwar, it also exposes a weak link in open source: one person can have a devastating impact on downstream applications.

“The protestware event exposes some of the risks posed when armies of volunteer developers produce the code that’s crucial for hundreds or thousands of other applications to run,” Ars Technica said.

Ukrainians get serious about encryption

Another cyber front in the war is encryption, as citizens seek out communications that can’t be seen by prying eyes.

Evidence of this trend is seen in Signal's growing popularity: the app has surpassed Telegram for the first time in Ukraine, according to Cloudflare, whose CEO tweeted about it February.

While both apps boast encryption, the way it’s implemented is not the same. In short, Signal is end-to-end encryption, while Telegram is not.

With Telegram, data is encrypted but the service owner has the encryption key and can read messages. With Signal, private encryption keys are held with the device owner. The service owner cannot read messages, as pointed out by InfoQ.

Signal founder Moxie Marlinspike went so far to tweet a warning to Ukrainians that Telegram does not implement end-to-end encryption.  

"Telegram is the most popular messenger in urban Ukraine...most ppl there believe it’s an 'encrypted app.' The reality is the opposite-TG is by default a cloud database w/ a plaintext copy of every msg everyone has ever sent/recvd," Marlinspike said in February.

Both open source development and encryption implementation strategies play a significant role in the modern enterprise. Seeing these tactics used and misused in the Ukrainian resistance should remind us of how important it is to protect valuable encryption and open source assets in any large organization.

Related Posts


Like this blog? We think you will love this.
Featured Blog

Ukraine-Russia Cyber ‘Trench’ Warfare Intensifies

Russian offensive persists though not at scale expected

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more