A 38-year-old software engineer for Microsoft was apparently curious, eagle-eyed, and lucky enough to have discovered a pernicious bit of code in the widely used Linux operating system, that someone, somewhere, had gone to some lengths to hide.

His name is Andres Freund. He's originally from Germany, lives in San Francisco, and for his job at Microsoft he works on a piece of open-source database software known as PostgreSQL. The New York Times has the story of how, over the last several months, he rooted out the cause of some odd errors he was seeing while running certain tests, which led to a discovery with massive implications.

Per the Times:

The saga began earlier this year, when Mr. Freund was flying back from a visit to his parents in Germany. While reviewing a log of automated tests, he noticed a few error messages he didn’t recognize. He was jet-lagged, and the messages didn’t seem urgent, so he filed them away in his memory.

It was a few weeks later that Freund found an application used for remotely accessing computers was using more processing power than normal, and then he discovered some odd code buried in a set of data compression tools called xz Utils. All you need to understand, as the Times explains, is that this is a part of the Linux operating system, "which is probably the most important piece of open-source software in the world."

The operating system is updated and policed by a group of volunteers worldwide, and someone, possibly a high-level Chinese hacker, had over years gained the trust of these Linux caretakers and infiltrated their ranks. This person had then, fairly recently, inserted code that would have given them a backdoor into servers worldwide, including the backbone systems of major banks, hospitals, corporations, you name it.

Freund found enough evidence that he compiled it and sent to to a group of Linux developers last week, and his memo reportedly "set the tech world on fire," per the Times. A fix was developed within hours and rolled out — and while the backdoor code had been recently added in an update to Linux, the update had not been widely adopted.

The culprit, according to researchers, was a hacker who went by the name Jia Tan or JiaT75, and began suggesting updates to xz Utils two years ago. This person, who could have come from China, Russia, or elsewhere, slowly worked their way into the ranks of Linux overseers known as "maintainers," and inserted the pernicious backdoor code sometime earlier this year.

Ars Technica first covered the hack in great detail last week, reporting that the malicious code had not yet gone out to "production" version of the Linux software, but it would have eventually. It didn't, says Will Dormann of security firm Analygence, "only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”

And, as Ars Technica reports, JiaT75 had in recent weeks gone on the developer site for Ubuntu to lobby for their updated code to be incorporated into the production versions of the software.

Alex Stamos, a former security officer at Facebook and Yahoo and now the chief trust officer at cybersecurity firm SentinelOne, spoke to the Times, saying, "This could have been the most widespread and effective backdoor ever planted in any software product," and calling the code like "a master key to any of the hundreds of millions of computers around the world" that run this widely used remote-access software.

The code also would have enabled the person, and by extension whatever entity they're working for, to do widespread damage without getting caught.

Freund's employer, Microsoft, should probably be giving him a raise. And the CEO of the company, Satya Nadella, has publicly praised his "curiosity and craftsmanship."

It is certainly scary to think that other efforts like this could be happening at any time. And the story goes to show how the modern internet is, in fact, "held together with the digital equivalent of Scotch tape and bubble gum," as the Times puts it, and often by ragtag volunteer coders.

Photo: Hackers, United Artists, 1995