18 comments

[ 2.7 ms ] story [ 52.1 ms ] thread
I'm now considering whether to move away from JetBrains IDEs... I like CLion, but potential vulnerabilities intentionally injected into software like this makes me worry.
Are you thinking JetBrains was complicit? The article doesn't suggest that. State actors are going to attack any popular software used in a way that is useful to attackers (like TeamCity)
Can't read the article due to paywall but from the subtitle it appears JetBrains is a Czech company, not a Russian one. Even in the days of the Soviet Union, Czechoslovakia was not part of Russia.
I also object to this classification, but it seems to be based on the fact that they were founded by Russian founders and have a huge presence in Russia.

Which still doesn't make them a Russian company, IMO. The article is rather sloppy in other respects too, like the fact that Jetbrains isn't "obscure". Just because the author has never heard of them, doesn't mean they aren't well-known.

It is extremely well-known that JetBrains is really a Czech company and not a Russian one at all. It is run primary by Czech nationals and even named its Kotlin language after a scenic island in the country. The article from this American magazine is a slander.
I work for JB.

In my perception 85% of all employees are Russian. Yes the company is officially registered in Czechia and has an office there, but this is more due to legal reasons because it's much simpler to sell Software internationally from EU than from Russia. Consequently, the Czech office mainly contains Legal, Marketing, HR and only few devs. The by far biggest office is in St. Petersburg and the "Kotlin island" lays near to St. Petersburg and is visible from JBs office, hence the name.

First time I've heard someone other than Zeman use the name "Czechia" outside of a joke.
JetBrains is a Czech company that is founded by Russians and has offices in Russia
Is there any published technical evidence to look at which actually implicates JetBrains? CVE or a POC? Publication of the poisoned build of the CI software? Indicators of compromise?
Has there even been evidence presented that the hacks were from Russia?
This ^^^ -- I am hard pressed to find any credible evidence about Russia's involvement, except for US politiciansm and main stream media screaming at the top-of-their lungs.

Note the widely publicized Cambridge Analytica connection Russia turned out to be false, as per UK ICO's report [1]. This leads me to believe Russia is made a scapegoat to cover up layers of incompetence!

[1] https://ico.org.uk/media/action-weve-taken/2618383/20201002_...

Depending on the headline, week, angle JetBrains is Russian, Czech, European, …
nytimes headline now reads:

> Widely Used Software Company May Be Entry Point for Huge U.S. Hacking

> Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to federal government and private sector systems in the United States.

HN headline should perhaps be changed.

Article says the software in question was teamcity.
Aww shiiiit. I was wondering when this shoe was going to drop.