WEBVTT 1 00:00:05.440 --> 00:00:08.919 Hello everybody, Welcome to another thrilling episode of JavaScript Jabber. 2 00:00:08.919 --> 00:00:10.960 I am Steve Edwards, the host with the face for 3 00:00:11.039 --> 00:00:13.039 radio and the voice for being a mine. But I'm 4 00:00:13.039 --> 00:00:16.160 still your host, and sirih thinks I'm talking to her 5 00:00:16.160 --> 00:00:19.440 for some reason. With me today we have a special 6 00:00:20.000 --> 00:00:22.760 returning Yes, mister Farross, a book a DJ. 7 00:00:22.839 --> 00:00:23.960 How you doing, Fross? 8 00:00:24.239 --> 00:00:26.199 I'm doing good. Thanks for having me here. 9 00:00:26.960 --> 00:00:30.559 Yes, for those of you that wonder how to say 10 00:00:30.559 --> 00:00:32.840 his name, it's think about like booking a DJ for 11 00:00:32.960 --> 00:00:34.840 a show or something like that. 12 00:00:34.840 --> 00:00:36.560 That's what he told me, and it still works for me. 13 00:00:36.840 --> 00:00:40.439 I'm impressed you remember that, Steve, because yes, it is 14 00:00:40.439 --> 00:00:41.560 pretty memorable ized pose. 15 00:00:42.039 --> 00:00:45.679 Yes, yes, so Fross. 16 00:00:45.960 --> 00:00:49.359 Before we get into our lovely dark world of internet 17 00:00:49.399 --> 00:00:51.960 hacks and people trying to steal cryptocurrency, why don't you 18 00:00:51.960 --> 00:00:54.200 give us a little background on who you are and 19 00:00:54.240 --> 00:00:57.159 why you're famous, and your company and what it does 20 00:00:57.200 --> 00:00:58.240 and all that good stuff. 21 00:00:58.679 --> 00:00:58.880 Cool. 22 00:00:58.920 --> 00:01:00.880 Yeah, I wouldn't say I'm famous, but I'm happy to 23 00:01:00.920 --> 00:01:02.280 give you a background on. 24 00:01:02.399 --> 00:01:03.000 What I would. 25 00:01:03.240 --> 00:01:06.040 But that what I've done today. Yeah. 26 00:01:06.079 --> 00:01:10.079 So I started off kind of writing open source software. 27 00:01:10.079 --> 00:01:11.239 That was kind of what I did for most of 28 00:01:11.280 --> 00:01:14.599 my career. I found the early no JS community to 29 00:01:14.680 --> 00:01:17.879 be like a really welcoming and awesome place. Kind of 30 00:01:19.239 --> 00:01:22.519 found my way to the early node con conferences in 31 00:01:22.640 --> 00:01:25.959 the one in in San Francisco that Michael Rodgers organized, 32 00:01:26.439 --> 00:01:31.079 as well as the note Confee you and kind of 33 00:01:32.000 --> 00:01:35.480 just got really addicted to publishing NPM packages. Published a 34 00:01:35.480 --> 00:01:38.640 bunch of those over the years, some projects like webparrent. 35 00:01:38.280 --> 00:01:39.480 And standard js. 36 00:01:40.120 --> 00:01:43.239 Uh and uh, yeah, I just learned a lot about 37 00:01:43.280 --> 00:01:46.200 the you know, the supply chain, the way that open 38 00:01:46.200 --> 00:01:51.120 source software is used by companies, the way that you know, 39 00:01:51.159 --> 00:01:54.239 open source development happens, and and I got really addicted 40 00:01:54.239 --> 00:01:55.120 to it and it was really fun. 41 00:01:55.159 --> 00:01:56.159 It's an amazing community. 42 00:01:56.799 --> 00:02:01.840 Uh And ultimately that kind of to me starting Socket 43 00:02:01.879 --> 00:02:04.879 in twenty twenty, after seeing a ton of attacks happening 44 00:02:05.200 --> 00:02:09.520 against JavaScript packages, I got kind of obsessed with like 45 00:02:09.560 --> 00:02:10.520 trying to fix the problem. 46 00:02:10.759 --> 00:02:13.960 I was like, why why do we accept that. 47 00:02:14.080 --> 00:02:16.879 Packages are just going to keep getting compromised and every 48 00:02:16.919 --> 00:02:18.560 time that happens, we're just going to have to hope 49 00:02:18.560 --> 00:02:21.000 that we were lucky and not affected by that in 50 00:02:21.039 --> 00:02:23.840 some way or another, Like, can't we actually be proactive 51 00:02:23.840 --> 00:02:24.199 about this? 52 00:02:24.439 --> 00:02:28.240 Scan for this prevent this, and so I. 53 00:02:28.159 --> 00:02:30.000 Started a company Socket to do that, and now we're like, 54 00:02:30.840 --> 00:02:33.039 it's a big company now, I mean we're like seventy 55 00:02:33.120 --> 00:02:36.560 five people. We have a ton of big customers, a 56 00:02:36.560 --> 00:02:39.159 lot of companies you probably recognize, and just trying to 57 00:02:39.159 --> 00:02:40.639 help people use open source safely. 58 00:02:42.199 --> 00:02:44.360 So just to clarify for us and I were talking 59 00:02:44.400 --> 00:02:47.080 about this ahead of time, his website is socket dot dev, 60 00:02:47.199 --> 00:02:51.080 not socket dot io, if you make that mistake. Socket 61 00:02:51.120 --> 00:02:54.639 io is Girmo Rouscher's old library for doing web sockets. 62 00:02:55.280 --> 00:02:59.919 Socket dot dev is Frost's entity that helps keep supply 63 00:03:00.280 --> 00:03:07.000 chain stuff safe. So for us, that's quite the list 64 00:03:07.039 --> 00:03:11.879 of recent compromises and attempts to compromise the NPM supply chain. 65 00:03:12.960 --> 00:03:13.840 I know that. 66 00:03:15.240 --> 00:03:16.919 The most recent one that comes to my mind that 67 00:03:16.960 --> 00:03:18.960 we got hit with was the one, and we'll get 68 00:03:18.960 --> 00:03:23.120 to this, the Chalk Library and all those libraries by 69 00:03:23.120 --> 00:03:26.400 that same author that got compromised with a crypto trying 70 00:03:26.439 --> 00:03:29.759 to steal cryptocurrency stuff. And fortunately for us, we weren't 71 00:03:29.840 --> 00:03:35.000 using those libraries, so we were okay. But apparently that's just 72 00:03:35.080 --> 00:03:38.960 one in a string of recent compromise attempts. 73 00:03:39.000 --> 00:03:40.319 So with further Ado. 74 00:03:40.439 --> 00:03:43.000 I'll let Frost take over and talk about what's been 75 00:03:43.039 --> 00:03:43.800 going on lately. 76 00:03:44.719 --> 00:03:45.000 Yeah. 77 00:03:45.039 --> 00:03:47.120 Sure, So we've seen a bunch of attacks over the 78 00:03:47.199 --> 00:03:49.400 last couple of months. I'll try to give you like 79 00:03:49.439 --> 00:03:51.560 a high level summary and then we can dig into 80 00:03:51.599 --> 00:03:54.639 the the different details if that's interesting to you. 81 00:03:56.319 --> 00:03:56.520 Yeah. 82 00:03:56.520 --> 00:03:59.719 So we saw a phishing campaign that started about two 83 00:03:59.759 --> 00:04:03.280 months to go back in July where a lot of 84 00:04:04.240 --> 00:04:06.960 kind of popular MPM maintainers got this phishing email that 85 00:04:07.159 --> 00:04:10.680 was impersonating npm and asking them to like add to 86 00:04:10.840 --> 00:04:13.879 FA to their account. And it turns out that that 87 00:04:13.960 --> 00:04:16.759 email was actually sent from well, it appeared to be 88 00:04:16.800 --> 00:04:19.639 sent from support at npmjs dot org, which is like 89 00:04:19.920 --> 00:04:23.879 a real email that npm uses, but actually it wasn't 90 00:04:23.879 --> 00:04:24.439 sent from there. 91 00:04:24.480 --> 00:04:25.360 It was just spoofed. 92 00:04:26.240 --> 00:04:32.399 And unfortunately the npm js dot org domain didn't have 93 00:04:32.439 --> 00:04:34.720 the proper like email headers set up d mark and 94 00:04:34.839 --> 00:04:38.600 SPF headers that would would have helped different email clients 95 00:04:38.639 --> 00:04:42.199 to know that that that email, you know, wasn't legit 96 00:04:42.439 --> 00:04:45.680 from from npmjs dot org. Turns out like they send 97 00:04:45.680 --> 00:04:49.160 email from npmjs dot com, uh, and that had the 98 00:04:49.199 --> 00:04:52.399 headers set up, but npmjs dot org is a real 99 00:04:52.439 --> 00:04:56.399 domain that NPM uses, so it was still quite convincing 100 00:04:56.439 --> 00:04:59.720 to get an email from that for people. So Lesson 101 00:04:59.800 --> 00:05:01.160 learned there is like you need to set up these 102 00:05:01.160 --> 00:05:04.680 email headers in these email these DNS records that help 103 00:05:05.199 --> 00:05:09.480 you know, block spoofed emails even on domains that you're 104 00:05:09.480 --> 00:05:11.399 not sending email from. As long as they're like a 105 00:05:11.399 --> 00:05:14.199 domain that your users recognize that you use, you know, 106 00:05:14.199 --> 00:05:14.639 you got. 107 00:05:14.519 --> 00:05:17.519 To protect them with those same with those same GNS records. 108 00:05:18.600 --> 00:05:20.720 So what happened is if people clicked on the link 109 00:05:20.800 --> 00:05:23.519 in the email, it would take you to a website 110 00:05:23.560 --> 00:05:26.959 that looked exactly like NPM, but it was a proxy, 111 00:05:27.120 --> 00:05:29.319 so it sort of anything you clicked on would work, 112 00:05:29.360 --> 00:05:31.199 and it would let you navigate through the whole site 113 00:05:31.560 --> 00:05:34.399 just like you were on the real site, but the 114 00:05:34.480 --> 00:05:36.879 domain was off by a letter, so it wasn't the 115 00:05:36.879 --> 00:05:39.199 real site. And then of course if you logged in 116 00:05:39.199 --> 00:05:41.720 it would it would steal your credentials. So that that 117 00:05:41.800 --> 00:05:44.879 was something that was going around back in July, and 118 00:05:46.399 --> 00:05:49.439 we kind of noticed it over at Socket because some 119 00:05:49.600 --> 00:05:51.040 of the folks on our team got this got this 120 00:05:51.079 --> 00:05:53.240 fishing email, and we were like, oh, this is interesting, 121 00:05:53.360 --> 00:05:55.839 So we wrote about it, tried to warn people about it, 122 00:05:56.600 --> 00:05:59.319 but nonetheless, a couple of days later there was kind 123 00:05:59.319 --> 00:06:02.240 of the first prolific maintainers that were starting to get 124 00:06:02.240 --> 00:06:06.120 affected by this, and that started with a Prettier project. 125 00:06:06.160 --> 00:06:08.720 So the Prettier package, a. 126 00:06:08.680 --> 00:06:11.879 Couple of Prettier packages were compromised, including yes lint can 127 00:06:11.879 --> 00:06:16.360 fike Prettier, which is the reusable yes link configuration that 128 00:06:16.480 --> 00:06:20.040 kind of has the the rules for es lint in 129 00:06:20.120 --> 00:06:24.319 it that you can kind of apply to to to 130 00:06:24.480 --> 00:06:27.360 yes lint, and so that was compromised with a with 131 00:06:27.000 --> 00:06:31.600 a like a Windows specific DLL file. So for those 132 00:06:31.639 --> 00:06:33.560 who don't know, that's basically just like a kind of 133 00:06:33.560 --> 00:06:36.800 a compiled code file that that you know, you can 134 00:06:36.879 --> 00:06:40.519 run on Windows machines, and that when that ran, it 135 00:06:40.519 --> 00:06:44.079 would it would steal a bunch of system system information 136 00:06:44.279 --> 00:06:48.360 like your environment variables. Uh, and then it would open 137 00:06:48.360 --> 00:06:51.360 a web socket, speaking of web sockets, uh, It would 138 00:06:51.360 --> 00:06:55.240 open a web socket to the attacker and it would 139 00:06:55.319 --> 00:06:59.519 leave that connection open. And so then the attacker could 140 00:06:59.560 --> 00:07:02.160 have base to be like an interactive shell, so they 141 00:07:02.199 --> 00:07:05.120 would any text that they sent over that web socket 142 00:07:05.360 --> 00:07:08.480 would be received on your your computer, your machine, or 143 00:07:08.519 --> 00:07:11.279 your server and it would get run like in a shell, 144 00:07:11.639 --> 00:07:13.680 and then the output would get sent back to the attacker. 145 00:07:13.959 --> 00:07:16.199 So it's like they were almost acessation into your system, 146 00:07:16.319 --> 00:07:19.160 but using a web socket to kind of run commands 147 00:07:19.160 --> 00:07:24.000 on your computer or on your server. That's bad, right, Yeah, 148 00:07:23.279 --> 00:07:28.480 it goes out saying that's bad. Yeah, yeah, they so, 149 00:07:28.480 --> 00:07:32.000 so I think, you know it was it was cross 150 00:07:32.040 --> 00:07:33.800 platform in that way, so there was the Windows piece 151 00:07:33.879 --> 00:07:35.399 that the doll file, but then it was also like 152 00:07:35.639 --> 00:07:38.199 it would also affect you on Mac and Linux because of. 153 00:07:38.160 --> 00:07:40.639 The web socket, and yeah, not good. 154 00:07:42.000 --> 00:07:44.240 They also kind of tried to hide their tracks through 155 00:07:44.360 --> 00:07:47.879 through different like anti analysis techniques, so they would encrypt 156 00:07:47.920 --> 00:07:51.240 the data going across the web socket, so if you 157 00:07:51.240 --> 00:07:54.240 were like looking at the text, you wouldn't see, like, 158 00:07:54.560 --> 00:07:55.519 you know, what was going. 159 00:07:55.360 --> 00:07:57.480 Across that that socket. 160 00:07:59.079 --> 00:08:00.879 So that was kind of the first first sort of 161 00:08:00.920 --> 00:08:03.279 effect of this fishing campaign was it actually hit you know, 162 00:08:03.560 --> 00:08:08.279 this popular library. Then it was kind of all quiet 163 00:08:08.360 --> 00:08:10.839 for a little while for about a month there until 164 00:08:10.879 --> 00:08:17.680 August when the popular NX build system was had one 165 00:08:17.680 --> 00:08:22.800 of their packages compromised. And this this attack was interesting 166 00:08:22.800 --> 00:08:25.800 for a couple of reasons. I'd say the first reason. Well, 167 00:08:25.839 --> 00:08:27.519 for first of all, it just it was similar and 168 00:08:27.519 --> 00:08:29.560 that it still just tried to steal credentials. So it 169 00:08:29.600 --> 00:08:32.080 would like search your system for you know, s s 170 00:08:32.240 --> 00:08:35.960 H keys, NPM tokens, basically any file that you might 171 00:08:35.960 --> 00:08:37.960 have on your system that contains like a key or 172 00:08:37.960 --> 00:08:39.559 a token in it. It was it would just hunt 173 00:08:39.559 --> 00:08:41.600 through the file system looking for that and send it 174 00:08:41.639 --> 00:08:43.840 off to the attacker. But what was interesting about how 175 00:08:43.879 --> 00:08:46.080 they did it was it didn't just use like it 176 00:08:46.480 --> 00:08:50.240 you know, just code to do that. It instead abused 177 00:08:50.279 --> 00:08:53.440 AI tools like Claude and Gemini to scan your file 178 00:08:53.480 --> 00:08:56.240 system for sensitive data, which is a technique that we 179 00:08:56.279 --> 00:08:59.600 had never seen before. So this means that it would 180 00:08:59.639 --> 00:09:03.519 look for or uh Claude or Gemini installed on your 181 00:09:03.519 --> 00:09:05.919 system like this the cli tool that lets you interface 182 00:09:05.960 --> 00:09:08.720 with these AI agents and these AI tools, and it 183 00:09:08.720 --> 00:09:13.120 would use them to with a prompt asking the agent 184 00:09:13.200 --> 00:09:16.519 to go and like search your file system for interesting files, 185 00:09:16.759 --> 00:09:18.440 and then it listed out a whole bunch of file 186 00:09:18.480 --> 00:09:21.600 extensions in the prompt like dot t x T, dot log, 187 00:09:21.720 --> 00:09:25.519 dot n you know, uh, dot back, you know, just 188 00:09:25.519 --> 00:09:28.799 different different kind of interesting extensions that could have keys 189 00:09:28.879 --> 00:09:31.519 or data in it. That might be interesting to the attacker, 190 00:09:32.000 --> 00:09:33.759 and then the agent would go and find all those 191 00:09:33.759 --> 00:09:36.679 files and then collect them in one in one place 192 00:09:37.000 --> 00:09:39.519 that could then be sent off to the attacker. So 193 00:09:39.639 --> 00:09:41.480 I'd never seen like an LM being used in this 194 00:09:41.559 --> 00:09:44.440 way kind of kind of you know, as a like 195 00:09:44.600 --> 00:09:46.840 like effectively that the payload of the attack is not 196 00:09:47.279 --> 00:09:49.600 like some malicious code, it's actually just a couple of 197 00:09:49.639 --> 00:09:53.279 sentences in English. So that was that really blew my 198 00:09:53.320 --> 00:09:54.399 mind when when I saw that. 199 00:09:57.200 --> 00:09:59.919 So why is that effective? Then you find it wor 200 00:10:00.080 --> 00:10:01.720 inner or just that that was the attempt. 201 00:10:02.279 --> 00:10:03.399 Oh no, it was effective. Yeah. 202 00:10:03.399 --> 00:10:04.480 I mean if you had if you had to have 203 00:10:04.559 --> 00:10:06.279 claud or Gemini on your system for it to work, 204 00:10:06.320 --> 00:10:08.279 if you didn't, it wouldn't do anything. So that was 205 00:10:08.639 --> 00:10:10.320 that was kind of the funny part was that it 206 00:10:10.399 --> 00:10:12.559 wasn't you know, it wouldn't affect you if you didn't 207 00:10:12.600 --> 00:10:13.960 have those CLI tools installed. 208 00:10:14.279 --> 00:10:16.120 So they kind of limited their reach a little bit. 209 00:10:16.200 --> 00:10:19.720 But I suspect they did it because it it was 210 00:10:19.720 --> 00:10:22.159 an attempt to get past code scanning tools that look 211 00:10:22.240 --> 00:10:25.679 for you know, suspicious code and if you know, if 212 00:10:25.679 --> 00:10:27.240 it's just a string, then a lot of those scanners 213 00:10:27.200 --> 00:10:28.480 will skip it, skip it. 214 00:10:29.519 --> 00:10:29.759 That's it. 215 00:10:29.919 --> 00:10:33.960 Socket socket wasn't wasn't tricked by this because we use ourselves. 216 00:10:34.039 --> 00:10:35.799 We use l ll ms to look at the code, 217 00:10:36.000 --> 00:10:37.960 which is a newer technique. 218 00:10:38.039 --> 00:10:38.159 Right. 219 00:10:38.159 --> 00:10:40.240 A lot of the sort of other security tools do 220 00:10:40.360 --> 00:10:43.080 static analysis on the code alone. But if you actually 221 00:10:43.159 --> 00:10:46.039 use an l M to look at the code, an 222 00:10:46.120 --> 00:10:48.440 l N isn't going to be tricked by a sentence. 223 00:10:48.639 --> 00:10:50.440 You know, you can ask the l M like what 224 00:10:50.559 --> 00:10:52.200 is this code doing, and it'll look at the prompt 225 00:10:52.200 --> 00:10:53.679 and it will tell you. So this, you know, with 226 00:10:53.679 --> 00:10:57.639 with the right prompting that actually it's possible for like defenders, 227 00:10:57.720 --> 00:10:59.679 for the good guys to also you know, use these 228 00:10:59.679 --> 00:11:02.879 AI tools to catch the bad guys. 229 00:11:02.720 --> 00:11:03.480 Using a tools. 230 00:11:03.519 --> 00:11:05.360 So it's it's it is a cat and mouse game 231 00:11:05.600 --> 00:11:09.159 some extent. But but I think you know, it didn't 232 00:11:09.200 --> 00:11:11.039 get past us. But but I would say it was. 233 00:11:11.080 --> 00:11:13.159 It was effective in that that if you actually ran 234 00:11:13.200 --> 00:11:19.840 the code, it worked as it was intended to. Okay, yeah, 235 00:11:19.879 --> 00:11:21.759 so that's uh, that's we're still not to the chalk 236 00:11:21.799 --> 00:11:23.720 attack yet. But but I wanted to say one other 237 00:11:23.720 --> 00:11:26.080 thing about this one. So NX, I don't know if 238 00:11:26.080 --> 00:11:28.240 you're familiar with. It's this build system, so it's it's 239 00:11:28.320 --> 00:11:30.279 kind of an open source it's an open source project. 240 00:11:30.360 --> 00:11:32.759 They have a GitHub repo that folks can contribute to. 241 00:11:33.759 --> 00:11:35.759 It's just a kind of a standard you know, NPM 242 00:11:35.840 --> 00:11:38.720 open source project like people are familiar with, and so 243 00:11:38.759 --> 00:11:40.559 they accept pull requests from the community. 244 00:11:41.039 --> 00:11:45.200 And one thing that was interesting about the uh. 245 00:11:44.320 --> 00:11:46.200 The way that this attack happened was it didn't use 246 00:11:46.240 --> 00:11:48.279 the phishing email, so that's not how they got the 247 00:11:48.320 --> 00:11:51.559 attack or got access. They used a different method, and 248 00:11:51.600 --> 00:11:53.039 so I wanted to talk through that because I think 249 00:11:53.120 --> 00:11:57.519 that the method was quite quite impressive. So they they 250 00:11:57.600 --> 00:12:01.159 used a get of action workflow that the an X 251 00:12:01.240 --> 00:12:04.600 project had, you know, added to their EPO, and it 252 00:12:04.679 --> 00:12:07.039 had some vulnerabilities in it that the attacker was able 253 00:12:07.080 --> 00:12:07.480 to use. 254 00:12:07.960 --> 00:12:09.720 And so I want to walk through that because I 255 00:12:09.720 --> 00:12:10.000 want to. 256 00:12:09.960 --> 00:12:12.639 Make sure people are aware that get up actions are, 257 00:12:13.360 --> 00:12:15.440 like they're very powerful, they're very useful. I use them 258 00:12:15.440 --> 00:12:18.440 all the time, but they're also very dangerous if you 259 00:12:18.440 --> 00:12:21.679 don't use them correctly. And there's a lot of foot guns, 260 00:12:21.720 --> 00:12:23.960 like just ways that you can just think you're doing 261 00:12:23.960 --> 00:12:27.120 something very innocent, very very very you know that looks 262 00:12:27.159 --> 00:12:30.679 doesn't look dangerous, but it's actually like a like a trick, 263 00:12:30.720 --> 00:12:32.840 like you're you're you're actually doing something very dangerous and 264 00:12:33.240 --> 00:12:35.960 it's just it doesn't seem that way. So the thing 265 00:12:35.960 --> 00:12:37.320 that they did, so they did a couple of things. 266 00:12:37.360 --> 00:12:39.960 But the first one was they they were trying to 267 00:12:40.000 --> 00:12:43.039 print out the PR title in the action. So they 268 00:12:43.080 --> 00:12:45.960 had this echo command that just said like echo PR 269 00:12:46.039 --> 00:12:49.240 title and then it put the variable you know, into 270 00:12:49.279 --> 00:12:51.399 the command that that was that would print out the 271 00:12:51.399 --> 00:12:55.679 PR title. The way they did that with echo, right, 272 00:12:56.000 --> 00:12:58.600 and by putting the variable in there created a shell injection, 273 00:12:59.120 --> 00:13:02.000 which is it's very similar to a SQL injection if 274 00:13:02.000 --> 00:13:04.759 people are familiar with probably more familiar with SQL sql 275 00:13:04.759 --> 00:13:09.000 injection attacks, and that just means that an attacker can 276 00:13:09.480 --> 00:13:15.240 effectively insert their code into the command, so it's your 277 00:13:15.639 --> 00:13:19.000 instead of the instead of something being treated as data, 278 00:13:19.240 --> 00:13:22.399 it is inadvertently treated as code and executed. And so 279 00:13:22.480 --> 00:13:24.240 the way you do that here is you as an attacker, 280 00:13:24.279 --> 00:13:27.759 you'd just open a PR to this an x open 281 00:13:27.799 --> 00:13:30.480 source project, and you'd put your attack code in the 282 00:13:30.480 --> 00:13:33.039 title of the PR, but you'd start it with like 283 00:13:33.080 --> 00:13:36.720 a double quote to sort of close off the quote 284 00:13:36.720 --> 00:13:38.519 that they had in their command and then and then 285 00:13:38.559 --> 00:13:41.879 the rest would be kind of run as runs as 286 00:13:41.919 --> 00:13:44.080 a command, So you could get code effectively running in 287 00:13:44.159 --> 00:13:47.480 the in the environment of the you know, of the project. 288 00:13:47.639 --> 00:13:51.480 Now that is in and of itself not that like interesting, 289 00:13:51.559 --> 00:13:54.559 because like there has to be some something in that 290 00:13:54.679 --> 00:13:56.240 environment that you want to take or you want to 291 00:13:56.279 --> 00:14:00.440 steal as an attacker. And uh so that this is 292 00:14:00.480 --> 00:14:02.000 the kind of where you get to the second part 293 00:14:02.159 --> 00:14:06.720 where get of actions support two ways of responding to 294 00:14:06.759 --> 00:14:10.960 pull requests. So they have these triggers where you say, effectively, 295 00:14:11.000 --> 00:14:13.399 when this thing happens, run my git of action right. 296 00:14:13.840 --> 00:14:15.879 And so the thing that happens is the pull request 297 00:14:15.879 --> 00:14:19.000 has been opened, right, And they have two ways to 298 00:14:19.080 --> 00:14:21.240 react to pull requests that are being opened. One of 299 00:14:21.279 --> 00:14:23.320 them is called pull requests and one of them is 300 00:14:23.320 --> 00:14:26.919 called pull request target. And for many years, pull request 301 00:14:26.919 --> 00:14:29.159 target was the one that was recommended in the getub 302 00:14:29.159 --> 00:14:32.120 docs and was what a lot of tutorials and code 303 00:14:32.159 --> 00:14:34.000 samples were using. So it's probably the one that a 304 00:14:34.039 --> 00:14:36.720 lot of people chose to use. The problem with that 305 00:14:36.759 --> 00:14:40.679 one is that, unlike the standard pull request trigger, the 306 00:14:40.720 --> 00:14:44.519 poll request target one will will run the workflow with 307 00:14:44.559 --> 00:14:49.320 elevated permissions, and it includes this get up token environment 308 00:14:49.399 --> 00:14:52.720 variable that gives you full read and write access to 309 00:14:52.759 --> 00:14:53.559 their pository. 310 00:14:54.240 --> 00:14:56.519 So that token is just sitting there in the environment. 311 00:14:57.320 --> 00:14:58.240 And so if. 312 00:14:58.080 --> 00:15:01.000 You use pull request target in your project, it means 313 00:15:01.000 --> 00:15:03.919 now anyone can open a PR on your project, and 314 00:15:04.840 --> 00:15:06.799 if they can run code in that environment, you know 315 00:15:06.840 --> 00:15:09.240 that can look at the environment vables. There's going to 316 00:15:09.279 --> 00:15:11.840 be a really juicy environment vable there that lets them 317 00:15:12.039 --> 00:15:15.679 effectively commit to your repository. So the combination of those 318 00:15:15.720 --> 00:15:18.639 two things meant that an attacker could put code into 319 00:15:18.679 --> 00:15:21.240 the title of a PR, send it to just just 320 00:15:21.279 --> 00:15:22.960 open it on, you know, send a PR to the project, 321 00:15:23.000 --> 00:15:24.919 and then that code would run. And they made that 322 00:15:24.960 --> 00:15:28.399 code basically look for that environment variable and steal it 323 00:15:28.440 --> 00:15:31.240 and send it off to them via an HTTP request. 324 00:15:31.519 --> 00:15:33.600 So now they have the get up token, they can 325 00:15:33.679 --> 00:15:37.240 commit to this, you know, important open source project, even 326 00:15:37.240 --> 00:15:38.360 though they're not supposed. 327 00:15:38.000 --> 00:15:39.840 To be able to do that. So what do they 328 00:15:39.840 --> 00:15:42.960 do with that, Well, they were trying to get onto NPM, 329 00:15:43.000 --> 00:15:44.679 They're trying to compromise the NPM. 330 00:15:44.480 --> 00:15:48.519 Package, but they only have the get up token. So 331 00:15:49.720 --> 00:15:53.799 this project like a lot of projects have a published workflow, 332 00:15:53.960 --> 00:15:56.320 which is just another get of action that they've set 333 00:15:56.399 --> 00:15:59.960 up that will published NPM, and they made sure that 334 00:16:00.080 --> 00:16:03.039 the NPM published token was only available to. 335 00:16:03.000 --> 00:16:08.799 That publish workflow, so it was isolated over there, which 336 00:16:08.840 --> 00:16:10.600 is great. They did a good job of that. But 337 00:16:11.840 --> 00:16:14.879 now the attacker can write to the entire repository. 338 00:16:14.919 --> 00:16:16.320 So all they had to do was going and they 339 00:16:16.360 --> 00:16:19.279 just they just edited the publish workflow file and just 340 00:16:19.320 --> 00:16:22.159 added an extra step that would I think print out 341 00:16:22.480 --> 00:16:24.960 or send the NPM token to them, because once you 342 00:16:25.000 --> 00:16:26.919 can write to the repo, you know, then you can 343 00:16:27.000 --> 00:16:29.440 just edit any of the workflows and just it doesn't 344 00:16:29.480 --> 00:16:31.679 matter that the NPM token was only available to some 345 00:16:31.720 --> 00:16:33.679 of the workflows. They can just edit the workflow and 346 00:16:33.919 --> 00:16:36.320 print out the tokens and stuff. So that's how they 347 00:16:36.639 --> 00:16:39.799 they basically stole the NPM token and then published the 348 00:16:39.840 --> 00:16:42.440 malicious packages. So that was a lot of information, but 349 00:16:42.559 --> 00:16:44.000 I just wanted to walk through it because I think 350 00:16:44.279 --> 00:16:46.600 I don't know if you were following all of it 351 00:16:46.679 --> 00:16:48.480 or it was interesting to you, but I think it's 352 00:16:48.519 --> 00:16:52.000 fascinating because it's just like you're just using gid of actions, 353 00:16:52.000 --> 00:16:53.720 you like don't think about like I'm going to like 354 00:16:54.159 --> 00:16:55.879 my entire repo was going to get hacked and my 355 00:16:55.960 --> 00:16:58.399 NPM package is going to get a compromise because I 356 00:16:58.639 --> 00:17:03.279 just like you know, printed out a PR title like 357 00:17:03.519 --> 00:17:05.519 in my in my get of action, Like that doesn't 358 00:17:05.559 --> 00:17:08.960 seem like it should lead to that. So it's, uh, 359 00:17:09.079 --> 00:17:09.839 it's pretty wild. 360 00:17:10.799 --> 00:17:11.799 So a couple of things. 361 00:17:11.839 --> 00:17:16.160 One, for those who want a good example of sequel 362 00:17:16.200 --> 00:17:20.359 injection attacks, look up xk CD number three twenty seven, 363 00:17:20.480 --> 00:17:26.000 otherwise titled Exploits of a mom and you're recognized Bobby Tables. 364 00:17:26.599 --> 00:17:28.240 Yeah, just leave that to you to look up. 365 00:17:28.480 --> 00:17:30.960 That's one of the few xkcds that I have memorized, 366 00:17:32.240 --> 00:17:37.039 the number that and nerd sniping. But so a question 367 00:17:37.119 --> 00:17:42.440 for you then regarding how you know, like you just said, 368 00:17:42.440 --> 00:17:47.440 you wouldn't think that a GitHub action could expose you know, 369 00:17:47.519 --> 00:17:48.839 you just somebody stealing your token? 370 00:17:48.960 --> 00:17:51.839 Is that on the is that on GitHub? 371 00:17:52.000 --> 00:17:54.000 Is that on the creator of the action they have 372 00:17:54.039 --> 00:17:56.720 to know the finding security details of creating a GitHub 373 00:17:56.759 --> 00:18:02.279 action or is it just the nature of you know 374 00:18:02.680 --> 00:18:06.400 what it is that you can everybody's looking for vulnerability 375 00:18:06.519 --> 00:18:10.119 somewhere and somebody happened to be created creative or how 376 00:18:10.119 --> 00:18:10.759 do you look at that? 377 00:18:12.079 --> 00:18:14.880 I mean, as with security, all things in security, it's 378 00:18:14.920 --> 00:18:18.440 it's a complicated answer. I think there's blame to be 379 00:18:18.519 --> 00:18:21.279 shared on all sides. But I put probably more of 380 00:18:21.279 --> 00:18:24.960 the blame on the design of get of actions because it, 381 00:18:26.279 --> 00:18:28.240 you know, it's not fair. I don't think it's fair 382 00:18:28.359 --> 00:18:33.079 to you know, have kind of a bad design or 383 00:18:33.119 --> 00:18:36.440 bad defaults and then just say, oh, well I documented it. 384 00:18:36.519 --> 00:18:38.200 You know, go read the docks. The docks tell you 385 00:18:38.279 --> 00:18:40.599 how how you know how not to use this. 386 00:18:40.880 --> 00:18:42.519 If it's if it's too if it's if you have 387 00:18:42.599 --> 00:18:45.599 too many like booby traps or you know what sometimes 388 00:18:45.599 --> 00:18:48.559 called foot guns in the design of of something, then 389 00:18:48.799 --> 00:18:50.400 you know, you you definitely have some of the blame 390 00:18:50.440 --> 00:18:52.400 on the creator of that design. So there were a 391 00:18:52.440 --> 00:18:54.079 few things in the design here that we're just that 392 00:18:54.119 --> 00:18:57.400 we're not obvious to people. I think, you know, the 393 00:18:57.440 --> 00:18:59.759 fact that they were recommending pull request target for a 394 00:18:59.839 --> 00:19:03.599 year instead of the safer pull request trigger is definitely 395 00:19:03.599 --> 00:19:07.000 on GitHub. They've now documented that very well. So it 396 00:19:07.039 --> 00:19:09.559 is all documented. But you know, there's a lot of 397 00:19:09.559 --> 00:19:12.279 tutorials and guides and things that are going to still 398 00:19:12.319 --> 00:19:15.839 have the old information, so, you know, and then I 399 00:19:15.880 --> 00:19:19.759 think the other part of the design that is probably 400 00:19:20.640 --> 00:19:23.319 not that obvious is so that the I mean the 401 00:19:23.400 --> 00:19:25.839