Chinese hackers exploiting ‘fully weaponised’ software vulnerability

MailOnline logo

© Provided by Daily Mail
MailOnline logo

Chinese hackers are already exploiting a ‘fully weaponised’ software vulnerability which is causing mayhem on the web, with experts warning that it is the ‘most serious’ threat they have seen in decades. 


Load Error

The flaw was uncovered earlier this month in a piece of software called Log4j, which helps applications interact with one-another across computer networks. 

By exploiting the flaw, dubbed Log4Shell, hackers can take control of servers which run the network and repurpose them for their own ends.

That could mean stealing data on those servers such as medical records and photos, plundering company databases for people’s bank details, or locking up servers and extorting firms in so-called ‘ransomware’ attacks.

And there is little that most ordinary users can do to stop this from happening, or any way to tell if data has been stolen in this way.

As one cybersecurity source who spoke to MailOnline put it: ‘This is where you put your faith in the lap of the computer Gods and hope it gets fixed soon.’  

© Provided by Daily Mail

What is Log4J, how does it work, and what does the hack do? 

Log4J is a piece of software that logs user activity and app behaviour on a computer network. It is an API, or ‘application programming interface’, which fetches and carries data across the network – essentially one of the invisible cogs that makes the computer world turn.

Most APIs are open-source, meaning they can be accessed by anyone and are frequently built into networks by engineers constructing them, often without their customers knowing.

The flaw that has been exposed in Log4J gives hackers a back door into networks which use the program. It allows them to drop malicious pieces of code on to servers running the network, which can then be repurposed to do the hacker’s bidding.

In practice, this means that hackers would be able to steal any data stored on those servers or use them to carry out tasks – provided they know how to write code to do the particular task. 

For users, it could mean having medical records and bank account details stolen, along with files and photos that…