Injecting exploits into oss code is, I believe, a crime. 'Jia Tan' is likely an alias, and one login as 'Jia Cheong Tan' is suspected to be a diversion. There's been speculation that the h4x0r is unlikely to be a state actor, because they are unlikely to create backdoors like this, since when they're found they raise a foul stench that causes great distrust of the state discovered doing it, so they just buy exploits from the ebil h4x0rs that sell them when they need to achieve a particular goal.

I dunno about any of that. It seems to me to be speculation without much basis. One interesting thing about police investigation is jurisdiction. The internet isn't confined to any one jurisdiction, which make crimes committed online sort of outside all jurisdictions. Since no one seems to have been hit by this attempt, most LEA's don't have much motivation to go after this guy.

The more I read about it, however, the more impactful people that know say it would have been if it had been rolled out. Overall, then, the fact a guy investigating a slowdown looking for a random bug in oss code found this instead is a great advertisement for oss software, and a dire warning about blobs like m$, Apple, and etc. sell. If linux was proprietary, this hack would have potentially very severely compromised possibly millions of systems, people, and commercial and government entities, as many have before.

Hurray for oss!

Thanks!