The criminal conspiracy laws don’t apply to the organizations that write this kind of code, just like murder laws don’t.

Sure they do. Getting the perpetrator into your jurisdiction is the tough part.

Putin is, for example, unlikely to go anywhere willing to execute an ICC arrest warrant.

Nah, the CIA assassinates people in MLAT zones all the time. The laws that apply to you and I don’t apply to the privileged operators of the state’s prerogatives.

We don’t even know that this specific backdoor wasn’t the NSA or CIA. Assuming it was a foreign intelligence service because the fake name was asian-sounding is a bit silly. The people who wrote this code might be sitting in Virginia or Maryland already.

> Virginia or Maryland

Eastern Europe, suggest the timestamp / holiday analysts. https://rheaeve.substack.com/p/xz-backdoor-times-damned-time...

Note that while “Eastern Europe” has firm connotations with countries of which some are known for having corrupt autocracies, booming shady businesses, and organized crime and cybercrime gangs in varying proportions, the time zone mentioned also covers Finland, from which the other author is supposed to be.

Eastern Europe - 25th? Not 24th?

> The people who wrote this code might be sitting in Virginia or Maryland already.

Sure, that’s possible. They will as a result probably avoid traveling to unfriendly jurisdictions without a diplomatic passport.

>They will as a result probably avoid traveling to unfriendly jurisdictions without a diplomatic passport.

First of all, it's not like their individual identities would ever be known.

Second, they would already know that traveling to a hostile country is a great way to catch bullshit espionage charges, maybe end up tortured, and certainly be used as a political pawn.

Third, this is too sloppy to have originated from there anyways—however clever it was.