That nobody is talking about the person's IP addresses (the xz project was hoste...

miohtama · 2024-04-13T08:07:29 1712995649

Based on working hours Israeli is likely

https://rheaeve.substack.com/p/xz-backdoor-times-damned-time...

There are other countries on the same time zone, but only Israel has history of using and selling hacks of this level.

fl7305 · 2024-04-13T11:22:35 1713007355

Or someone further west who did this after work during the evenings.

Or someone further east with a classical hacker "let's get up late in the afternoon, and start the serious hacking late at night."

cesarb · 2024-04-13T11:48:42 1713008922

From that article, "To further investigate, we can try to see if he worked on weekends or weekdays: was this a hobbyist or was he paid to do this? The most common working days for Jia were Tue (86), Wed (85), Thu (89), and Fri (79)." That makes it more likely this work was done during working hours; someone doing things outside of work hours would be more likely to produce the same amount (or more) on weekends and holidays.

fl7305 · 2024-04-14T10:09:13 1713089353

Yes, that would point towards regular office hours and not hacking hours.

tonypace · 2024-04-13T11:43:20 1713008600

Moscow is the same time zone as Israel.

willvarfar · 2024-04-13T06:16:22 1712988982

Whilst the ip addresses and email headers etc should be examined meticulously, in the distant hope that they lead somewhere, the chances are that they won't. Very basic opsec.

cdelsolar · 2024-04-13T05:35:26 1712986526

I thought it was on GitHub pages?

codezero · 2024-04-13T06:06:33 1712988393

Before pages the project was hosted on the server of the original maintainer.

rwmj · 2024-04-13T06:40:59 1712990459

CISA is investigating it.