| Recurring |
multiple_organization |
(a) The software failure incident of adding malicious code to an open-source package leading to wiped files on computers in Russia and Belarus happened with the node.ipc package, where the author deliberately sabotaged computers in those countries as a form of protest [125627].
(b) The incident of adding malicious code to an open-source package as a form of protest is part of a trend called protestware, where other open-source projects are also releasing updates to call out the brutality of Russia's war. For example, the es5-ext package added a new dependency that broadcasts a "call for peace" if the user's computer has a Russian IP address [125627]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in Article 125627 can be attributed to the design phase. The incident occurred when the developer of the open-source package node.ipc intentionally added malicious code to sabotage computers in Russia and Belarus as a form of protest. The new version of the library included a function that checked the IP address of developers using the package and wiped files on machines located in Russia and Belarus, replacing them with a heart emoji. The malicious changes were base-64 encoded to make it harder for users to detect the sabotage, indicating a deliberate act introduced during the development phase [125627].
(b) The software failure incident in Article 125627 can also be linked to the operation phase. The malicious code added to the node.ipc package led to the wiping of files on computers in Russia and Belarus when the package was used in projects by developers located in those countries. This operation-related failure resulted in significant damage, including the loss of messages and files detailing war crimes committed in Ukraine by Russian army and government officials. The impact of the operation of the sabotaged software was devastating for the affected users, leading to considerations of filing criminal charges federally due to the loss of critical data [125627]. |
| Boundary (Internal/External) |
within_system |
(a) The software failure incident reported in the articles is within_system. The failure was caused by the deliberate addition of malicious code by the developer of the node.ipc package, which led to wiped files on computers located in Russia and Belarus [125627]. The malicious code was added as part of a protest, demonstrating that the contributing factors originated from within the system itself. |
| Nature (Human/Non-human) |
human_actions |
(a) The software failure incident in Article 125627 occurred due to human actions. The developer of the open-source package node.ipc intentionally added malicious code that wiped files on computers located in Russia and Belarus as a form of protest against the countries' involvement in the Ukraine invasion. The deliberate sabotage involved adding a function that checked the IP address of developers in Russia or Belarus and then wiping files and replacing them with a heart emoji [125627]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in Article 125627 was due to contributing factors that originated in software. The incident involved the deliberate addition of malicious code to an open-source package called node.ipc by the developer, resulting in wiped files on computers located in Russia and Belarus. The malicious code was designed to target developers with IP addresses geolocated to Russia or Belarus, leading to the deletion of files and their replacement with a heart emoji. The incident highlighted the risks associated with open-source software and the potential impact of a single individual's update on numerous downstream applications [125627]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in Article 125627 was malicious in nature. The developer of the open-source package node.ipc intentionally added malicious code that wiped files on computers located in Russia and Belarus as a form of protest against the countries' involvement in the Ukraine invasion. The malicious code was designed to target developers with IP addresses geolocated to Russia or Belarus, leading to file deletion and replacement with a heart emoji. The intentional sabotage was a deliberate and dangerous act aimed at causing harm to specific users based on their geographic location [125627]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was deliberate and malicious, indicating poor decisions made by the developer. The incident involved the deliberate addition of code to sabotage computers in Russia and Belarus as a form of protest related to the invasion of Ukraine. The malicious code wiped files on machines located in these countries and replaced them with a heart emoji. The changes were base-64-encoded to make it harder for users to detect the sabotage [125627]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in Article 125627 was not due to development incompetence but rather a deliberate and malicious act by the developer of the node.ipc package. The malicious code was intentionally added to sabotage computers in Russia and Belarus as a form of protest against the countries' involvement in the invasion of Ukraine. The act was described as a deliberate and dangerous supply chain security incident [125627].
(b) The software failure incident in Article 125627 was accidental in the sense that users who unknowingly downloaded the malicious version of the node.ipc package had their files wiped without their consent. However, the introduction of the malicious code was not accidental but a deliberate act by the developer, who encoded the changes to make it harder for users to detect the sabotage [125627]. |
| Duration |
permanent, temporary |
(a) The software failure incident described in the article is considered permanent as the malicious code added to the node.ipc library by the developer resulted in wiping files on computers located in Russia and Belarus. The malicious function added to the library would wipe files and replace them with a heart emoji when the IP address of developers geolocated to either Russia or Belarus. This action was intentional and had a lasting impact on the affected systems [125627].
(b) The software failure incident is also temporary in a sense that the developer released updates that removed the malicious function after the outcry over the wiper. This indicates that the impact of the failure was temporary as the developer took corrective action to address the issue and remove the malicious code from the library [125627]. |
| Behaviour |
omission, value, other |
(a) crash: The software failure incident in Article 125627 did not involve a crash where the system loses state and does not perform any of its intended functions.
(b) omission: The software failure incident in Article 125627 involved omission as the system omitted to perform its intended functions at an instance(s). The malicious code added to the node.ipc library omitted to perform its intended functions correctly by wiping files on computers located in Russia and Belarus when certain conditions were met.
(c) timing: The software failure incident in Article 125627 did not involve a timing failure where the system performed its intended functions correctly but too late or too early.
(d) value: The software failure incident in Article 125627 involved a value failure as the system performed its intended functions incorrectly. The malicious code added to the node.ipc library performed the function of wiping files and replacing them with a heart emoji when it should not have done so.
(e) byzantine: The software failure incident in Article 125627 did not involve a byzantine failure where the system behaved erroneously with inconsistent responses and interactions.
(f) other: The other behavior observed in the software failure incident in Article 125627 was intentional sabotage by the developer of the node.ipc library, which is not covered by the options (a) to (e). |