Five hundred milliseconds.

Half a second.

The margin by which the internet was not hijacked.

March, 2024. San Francisco.

A thirty-eight-year-old Microsoft engineer named Andres Freund is benchmarking PostgreSQL on a Debian development system. It is a routine task. Freund is a committer on the PostgreSQL project. He tests database performance against pre-release Linux distributions as a regular part of his work.

Something is wrong with the test environment.

Failing SSH login attempts — the kind that hit every public-facing server constantly, automated bots trying random username and password combinations — are using far more CPU than they should. A failed login should terminate quickly. These are not terminating quickly.

Freund notices.

He investigates further. Successful SSH logins, on his own local machine, are taking five hundred milliseconds longer than the baseline of approximately one hundred milliseconds.

Half a second.

Freund runs the connection under Valgrind, a memory-debugging tool. Valgrind throws errors pointing at liblzma — a compression library that the SSH daemon has no legitimate reason to invoke.

This is when the investigation becomes urgent.

Over the next several days, Freund traces the errors. He finds that the sshd process on his test machine is executing code from liblzma during authentication. He dissects the xz-utils source in the git repository. The source is clean. But the release tarball — the compressed source archive that Debian actually downloads and builds from — contains a file called build-to-host.m4 that is not in the git source.

That file contains an obfuscated script. The script decodes a bash script hidden inside a test file called bad-3-corrupt_lzma2.xz — a file that is disguised as a broken test input for the compression library's error handling. The bash script decodes a second file, good-large_compressed.lzma, using custom obfuscation combined with RC4 decryption.

What comes out at the end of the chain is a compiled shared object.

The shared object is a backdoor.

On the evening of March twenty-ninth, 2024 — while, by his own account, listening to a security podcast during a cooking break — Andres Freund posts his findings to the oss-security mailing list at Openwall.

Within 24 hours, Red Hat has assigned it a CVE number. The severity score is ten point zero. The highest possible. CISA issues an emergency advisory. Debian, SUSE, Fedora, Arch, and Kali all revert the affected packages. GitHub suspends the account of the maintainer who committed the backdoor.

The backdoor, it turns out, was scheduled to ship with stable Linux distributions within approximately two weeks.

Freund caught it by accident.

This is the case file on what happened. On what almost happened. And on what the operation was.

The target of the attack was xz-utils.

xz-utils is a compression toolkit. Its main tool, the xz command, produces .xz files — the Unix equivalent of .zip files, with higher compression ratios. Beneath the command-line tool is a library called liblzma, which provides the compression algorithm to other programs that need it.

liblzma is loaded, directly or indirectly, by an enormous amount of Linux system software. Package managers link against it. System utilities link against it. And — through a chain that the attackers specifically engineered — the OpenSSH daemon links against it.

The chain runs like this. On most major Linux distributions, sshd is patched to support systemd's service notification mechanism, called sd_notify. That patch causes sshd to load a library called libsystemd. And libsystemd, in turn, loads liblzma.

The result: on most production Linux servers, the SSH daemon — the process that accepts remote logins — loads a compression library at startup, even though SSH does not compress authentication traffic.

Compromise the compression library, and you compromise the daemon that controls remote access to every Linux server on the internet.

At the moment of the backdoor's near-deployment, Linux was running roughly ninety-six percent of the top one million web servers in the world. All five hundred of the world's most powerful supercomputers. Approximately ninety-two percent of virtual machines across Amazon Web Services, Google Cloud, and Microsoft Azure. Android, which powers about eighty-five percent of the world's smartphones, is built on the Linux kernel.

The xz-utils backdoor, had it shipped to stable distributions, would have been present in a substantial fraction of all of the above.

Alex Stamos, the former chief security officer at Facebook, described the intended outcome in one phrase: a master key to any SSH server on Earth.

This is why the CVE was scored ten point zero.

The technical design of the backdoor is worth understanding precisely.

The attacker exploited the fact that release tarballs contain auto-generated files that do not exist in the version-controlled git source. Specifically, the build-to-host.m4 file in the tarball contained a single line that had been modified to inject an obfuscated script into the configure step of the build process.

This meant that anyone reading the git source code could not see the backdoor. Anyone building from git could not trigger it. Only Linux distributions, which build from the released tarballs — which is effectively all of them — would execute the injection.

The injection chain was three stages. Stage one extracted a bash script from a file disguised as a corrupt compression test input. Stage two used that bash script to decode a second test file into a compiled shared object. Stage three linked the shared object into the compiled liblzma binary.

The shared object used a legitimate glibc feature called IFUNC — indirect function resolvers — to hijack a specific OpenSSH function called RSA_public_decrypt.

RSA_public_decrypt is the OpenSSH function that validates RSA signatures during certificate authentication. Every time a client attempts to connect using an RSA certificate, sshd calls this function to verify the signature.

With the backdoor active, sshd was calling the attacker's code instead.

The attacker's code inspected the RSA public modulus — the large integer value passed in the client's certificate. Normally, this value is used in standard RSA verification. In the backdoor, it was actually a payload container. The code decrypted the payload using a hardcoded ChaCha20 symmetric key. Then it verified the decrypted payload's signature using a hardcoded Ed448 public key.

If the signature verified — meaning the payload was signed by the attacker's private key — the code executed the embedded shell commands as root.

This is what security researchers call gated remote code execution. The backdoor activates only when the attacker presents a valid cryptographic signature. An ordinary attacker who stumbled across the backdoor could not exploit it. Only the holder of the Ed448 private key could trigger it.

This detail matters. A criminal actor building a vulnerability for sale makes it usable by whoever buys it. A state actor building a persistent access capability makes it exclusive. Only they, and anyone they explicitly authorize, can use the key.

The xz-utils backdoor was designed for exclusive use. It was not a vulnerability. It was a strategic asset.

The operation that produced the backdoor began on January twenty-sixth, 2021.

On that date, a GitHub account was created under the username JiaT75. The display name was Jia Tan. The account had no prior digital footprint. No social media presence under that name. No conference talks. No previous open-source contributions. No appearances in data breaches. The name appears to be a pseudonym.

JiaT75's first public contribution to xz-utils occurred on October twenty-ninth, 2021 — nine months after the account's creation. It was a minor patch for an editor configuration file. Innocuous. Unimportant. The kind of contribution that establishes presence without drawing scrutiny.

Over the next two years and five months, JiaT75 authored more than five hundred commits to open-source projects. The vast majority were legitimate improvements — code reviews, translations, continuous integration maintenance, bug fixes. Useful work. Genuinely helpful.

Approximately eight of those commits were malicious.

The ratio matters. Sixty to one. For every malicious commit, the operator produced sixty pieces of real, useful work. This is what made the pattern impossible to detect through statistical anomaly analysis. The attacker spent two and a half years of dedicated effort producing genuinely valuable contributions, purely to accumulate the trust required to commit the eight changes that ultimately mattered.

The operation did not work alone.

Beginning in April 2022, a user calling himself Jigar Kumar appeared on the xz-devel mailing list. Kumar had no history on the list before April 2022. His entire presence consisted of pressure emails to the project's lead maintainer, complaining about slow response times and demanding that a new maintainer be added.

In May 2022, a second account — Dennis Ens — appeared, inquiring about the maintenance status of the Java version of xz-utils, and following up with additional pressure messages.

Both accounts had the same profile. No digital presence before 2022. No activity outside the xz-devel mailing list. No participation in any other project before or after the pressure campaign.

In February 2024 — weeks before the backdoor was committed — a third account appeared. Hans Jansen. Jansen's role was to pressure Debian maintainers into adopting the compromised version of xz-utils as soon as possible. On March twenty-fifth, 2024, Hans Jansen filed a Debian bug report explicitly requesting the upgrade.

Four days later, Andres Freund posted his findings to oss-security.

Two additional supporting accounts — krygorin4545 and misoeater91 — provided background pressure in various threads, following the same pattern. No pre-operation presence. Participation only during specific pressure windows. Disappearance after objectives were achieved.

Kaspersky's post-incident analysis noted that the geographic styling of the sock-puppet names was inconsistent — Singaporean, European, Indian — suggesting that the operator had deliberately dispersed the cover identities to avoid the appearance of coordination. But the behavioral pattern — timing of appearances, synchronized pressure points, collective disappearance after each objective — suggested a single operator or tightly coordinated team.

The pressure worked.

On June twenty-ninth, 2022, the lead maintainer of xz-utils — a Finnish software developer named Lasse Collin — replied to the mailing list and stated that Jia Tan would have a bigger role in the project going forward, and was, in practice, already functioning as a co-maintainer.

This was the handover.

To understand what had just happened, it is necessary to understand what Lasse Collin's position was.

Collin had maintained xz-utils, alone, since 2009. The project was unpaid. He worked on it in his free time. Earlier that same month, in a June 2022 mailing list reply, Collin had publicly acknowledged that he was dealing with long-term mental health issues. He referred to the project, in his own words, as an unpaid hobby project.

Lasse Collin is not responsible for what happened. The security community has been unanimous on this point. Collin was doing unpaid hobby work. He was dealing with documented health challenges. He was under sustained, coordinated pressure from what turned out to be a state-level intelligence operation. The system that placed him in that position failed him. He did not fail the system.

What the operation exploited was not Collin's competence. It was his structural position — alone, unpaid, dealing with real-world stressors, responsible for maintaining infrastructure used by billions of people, without institutional support.

The professional attacker identified that structure and targeted it.

Once the handover was complete, the infrastructure preparation began.

In October 2022, Jia Tan was added to the Tukaani organization on GitHub. In December 2022, he created the repository's organizational structure and made his first release. In March 2023, he changed the primary security contact email at Google's OSS-Fuzz — the automated vulnerability-scanning platform — from Lasse Collin's address to his own. From that point forward, any security-relevant bug report would reach Jia Tan before it reached anyone else.

In June 2023, Jia Tan introduced IFUNC resolver infrastructure into liblzma. The commits appeared to be legitimate performance optimization work. In retrospect, they were the hooks through which the backdoor would eventually be injected.

In July 2023, Jia Tan opened a pull request at OSS-Fuzz to disable IFUNC fuzzing for xz. The change was intended to prevent the fuzz-testing pipeline from detecting anomalies in the IFUNC-based backdoor when it eventually shipped.

In February 2024, a separate commit broke the build-system detection of Landlock — a Linux kernel security feature that restricts process privileges. The commit disabled xz's own sandbox on systems that would otherwise have enforced it.

On February twenty-third and March ninth, 2024, the backdoor itself was committed in two stages, packaged as part of the xz-utils 5.6.0 and 5.6.1 releases.

Nineteen days later, Andres Freund noticed a 500-millisecond SSH delay.

Researchers analyzing the commit metadata left behind by the operation noticed a pattern.

Jia Tan's commit timestamps clustered primarily in the Central European or Eastern European time zones. Working hours corresponded to approximately nine in the morning to five in the afternoon Central European Time. Activity continued during major Chinese public holidays and paused during several European ones.

The name, and the claimed operational geography, was East Asian. The actual work pattern was European.

This is what intelligence tradecraft analysts call signature leakage. An operator spent over thirty months maintaining a cover identity. But the automatic timestamps embedded in every git commit periodically revealed the actual location of the machine that was making the commit.

Three candidate attributions have appeared in public analysis from security researchers with relevant expertise.

American security researcher Dave Aitel, a former NSA computer scientist, publicly assessed that the operation fits the pattern attributable to APT29 — the advanced persistent threat group attributed by the United States and United Kingdom governments to Russia's Foreign Intelligence Service. APT29 is known for long-duration espionage campaigns, including the SolarWinds supply chain compromise disclosed in 2020. Working hours aligned with Moscow time zone match Jia Tan's pattern.

Costin Raiu — the former director of Kaspersky's Global Research and Analysis Team, with three decades of experience attributing sophisticated operations — identified three plausible candidates in a February 2026 podcast interview. Russia's APT29 was one. China's APT41, associated with the Ministry of State Security, was a second. North Korea's Lazarus Group, already featured in earlier Fragment Zero coverage, was a third.

As of April 2026, no intelligence service has publicly attributed the operation. No indictments have been filed. No arrests have been made. The real identity of Jia Tan remains unknown.

What is not in dispute, among researchers with relevant tradecraft expertise, is that the operation's patience, operational security, cryptographic sophistication, and resource commitment are consistent with a nation-state intelligence service — or a close functional equivalent — and are inconsistent with individual criminal or hacktivist activity.

This was not the work of a lone hacker.

The xz-utils operation was possible because of a structural feature of how modern technology civilization builds its critical infrastructure.

The software that runs the internet was built, to a substantial degree, by volunteers working on their own time. The companies that profit from this software have contributed back a small fraction of its economic value.

xz-utils was bundled with every major Linux distribution and ran on an enormous fraction of global servers. Its maintainer was unpaid. OpenSSL, the library that provides cryptography to most of the internet, was notoriously understaffed before the Heartbleed vulnerability in 2014. Log4j, the Java logging library behind the Log4Shell vulnerability in 2021, was maintained by a handful of volunteers — behind enterprise infrastructure globally.

In every case, a library treated as critical infrastructure by multi-billion-dollar companies was maintained with hobby-project resources.

The xz-utils operation did not invent this structural vulnerability. It exploited it.

On April eleventh, 2024 — two weeks after Freund's disclosure — the U.S. Cybersecurity and Infrastructure Security Agency published a formal statement acknowledging the structural problem. CISA's position: the burden of securing open-source infrastructure cannot fall on individual unpaid maintainers, and companies consuming open-source software must contribute back, either financially or through developer time, to produce a sustainable ecosystem.

The recommendations were non-binding. They were best practices. They depended on voluntary adoption by companies whose incentive structure had not historically rewarded the investment.

Within a month, the Linux Foundation and the Open Source Security Foundation published a joint alert warning that similar social engineering takeover attempts were already in progress against multiple other open-source projects. The OpenJS Foundation — which maintains Node.js, jQuery, and related JavaScript infrastructure — publicly disclosed that it had received a coordinated pressure campaign following the same pattern as xz-utils, and had rebuffed it only because the xz-utils disclosure had taught the community what to look for.

A 2026 Linux Foundation report documented the broader pattern across the ecosystem. The report's core finding: what happened with xz-utils was not a singular incident. It was a method. The method is being attempted at scale. Most of the successful detections are happening because the xz-utils case provided a signature to match against.

How many unsuccessful detections there are — operations already in progress that have not yet been caught — is by construction impossible to count from public sources.

Two episodes ago on Fragment Zero, the case file on the Dark Forest hypothesis closed with an observation. The doctrine Liu Cixin formalized in 2008 — silence as survival, concealment as strategic necessity, revelation as existential hazard — is the oldest operational security principle in the history of human conflict.

Every force that has ever operated under conditions of uncertain threat and asymmetric capability has converged on the same conclusion.

Be quiet. Move carefully. Assume observation.

The xz-utils operation is the Dark Forest executed inside a human trust relationship.

The attacker did not breach a firewall. The attacker did not exploit a zero-day. The attacker did not bypass any cryptographic protection. The attacker did something much simpler. The attacker hid in plain sight for three years, producing useful work, building genuine credibility, behaving exactly like any other helpful contributor, while preparing — silently, patiently, at strategic patience unimaginable to most technical organizations — the moment at which the prepared infrastructure would be used.

The attack succeeded almost entirely because it was silent. It was detected not by any security tool, not by any audit, not by any institutional defense, but by one engineer's accidental observation of five hundred milliseconds of unexplained latency.

Andres Freund's statement on his own discovery, posted to Mastodon in the weeks after the disclosure, should close the case file.

Relying on luck in the future is a bad strategy.

The xz-utils backdoor was caught.

The Dark Forest version of the operation — the one that targets trust relationships rather than computer systems — is being attempted right now, at this moment, against some indeterminate number of other critical open-source projects. The pattern works. The economic incentives that make it work have not meaningfully changed. The institutional responses have been real but insufficient.

The engineer who finds the next one will also need luck. They will need to be looking at the right benchmark at the right time on the right system. They will need to care enough to trace an anomaly to its source. They will need to publish their findings before the operation's principal has already shipped the payload to stable releases.

They will need, specifically, the five hundred milliseconds.

That interval is what stood between the internet in March 2024 and a single cryptographic key held by an unknown actor that would have unlocked every Linux server running SSH on Earth.

Fragment Zero will track the case file.

The case file does not close. It waits.