Everybody is always under the assumption that cyber attacks are
stealthy and cleverly subtle. But like Michael Hayden, former director
of the NSA, described in one of his talks, when the military wants to
shutdown the electric power in enemy territory the best course of action
is not always to plant a backdoor in the control room a long time in
advance during peacetime and hope it's never discovered before they have
a chance to use it and risk a diplomatic incident. The military can
just wait for wartime and drop a missile on the power plant and the job
is done quick and dirty.
Same in this situation, no dicking around planting backdoors in open
source software that can be discovered before it paid off. Just drop a
bomb on the project, disperse its users to weak backdoored products like
Bitlocker, and the desired devastating effect is immediate.
Our online privacy and open source security is under attack.