• @Potatos_are_not_friends
        link
        28
        edit-2
        9 months ago

        Can’t confirm but unlikely.

        Via https://boehs.org/node/everything-i-know-about-the-xz-backdoor

        They found this particularly interesting as Cheong is new information. I’ve now learned from another source that Cheong isn’t Mandarin, it’s Cantonese. This source theorizes that Cheong is a variant of the 張 surname, as “eong” matches Jyutping (a Cantonese romanisation standard) and “Cheung” is pretty common in Hong Kong as an official surname romanisation. A third source has alerted me that “Jia” is Mandarin (as Cantonese rarely uses J and especially not Ji). The Tan last name is possible in Mandarin, but is most common for the Hokkien Chinese dialect pronunciation of the character 陳 (Cantonese: Chan, Mandarin: Chen). It’s most likely our actor simply mashed plausible sounding Chinese names together.

        • @fluxion
          link
          English
          59 months ago

          That actually suggests not Chinese due to naming inconsistencies

          • @ForgotAboutDre
            link
            29 months ago

            Could be Chinese creating reasonable doubt. Making this sort of mistake makes explanations that this wasn’t Chinese sound plausible. Even if evidence other than the name comes out, this rebuttal can be repeated and create confusion amongst the public, reasonable suspicions against accusers and a plausible excuse for other states to not blame China (even if they believe it was China).

            Confusion and multiple narratives is a technique carried out often by Soviet, Russian and Chinese government. We are unlikely to be able to answer the question ourselves. It will be up to the intelligence agencies to do that.

            If someone wanted to blame China for this, they would take the name of a real Chinese person to do it. There is over a billion real people they could take a name from. It unlikely that a person creating a name for someone for this type of espionage would make a mistake like picking an implausible name accidentally.

            • @fluxion
              link
              English
              19 months ago

              I’m not suggesting one way or another, only that the quoted explanation taken at face value isn’t suggesting China based on name analysis.

              There’s also no reason to assume a nation state. This is completely within the realm of a single or small group of hackers. Organized crime another possibility. Errors with naming are plausible just as the initial mistakes with timing analysis and valgrind errors.

              Even assuming a nation state, you name Russia as a possibility. Russia has shown themselves to be completely capable of errors, in their hacks (2016 election interference that was traced back to their intelligence base), their wars, their assassination attempts, etc.

              And to me it doesn’t seem any more likely that China would point to themselves but sprinkle doubt with inconsistent naming versus just outright pointing to someone else.

              It’s all guesses, nothing points one way or another. I think we agree on that.

              • @ForgotAboutDre
                link
                29 months ago

                A big part of it is also letting other people know you did it. China and Russia are big on this. The create dangerous situations, then say they aren’t responsible all while sowing confusion. The want plausible deniability, confusion and credit for doing it.

        • @jaybone
          link
          29 months ago

          So this doesn’t really tell us one way or the other who this person is or isn’t.

        • Possibly linuxOP
          link
          fedilink
          English
          29 months ago

          It is also hard to be certain as they could be a night owl or a early riser.

          • @[email protected]
            link
            fedilink
            19 months ago

            Yeah - The post goes into a lot of detail, and they did take that into account. It’s worth reading.