{
	"id": "7805ed36-e8fe-418c-ad4e-1ec59057d556",
	"created_at": "2026-04-06T01:29:36.874013Z",
	"updated_at": "2026-04-10T03:21:27.421069Z",
	"deleted_at": null,
	"sha1_hash": "42a131dec7d2e52d3255e64a5688372b78914fc8",
	"title": "Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 149352,
	"plain_text": "Open Source Maintainer Sabotages Code to Wipe Russian,\r\nBelarusian Computers\r\nBy Joseph Cox\r\nPublished: 2022-03-18 · Archived: 2026-04-06 00:55:04 UTC\r\nA technologist and maintainer of a popular piece of open source software has deliberately sabotaged their own\r\ncode to wipe data on computers that used the program in Russia and Belarus, and has faced a massive backlash for\r\ndoing so, according to messages posted on coding repository Github.\r\nThe news signals the potential downsides of digital hacktivism, with the move likely impacting ordinary people\r\nthat were using the code.\r\nRIAEvangelist is the maintainer of the software called “node-ipc,” a networking tool that’s sometimes\r\ndownloaded over a million times a week. RIAEvangelist released two modules called “peacenotwar” and\r\n“oneday-test” recently, Bleeping Computer reported on Thursday. Peacenotwar, which RIAEvangelist has\r\ndescribed as “protestware,” was then included as a dependency in node-ipc’s code, meaning some versions of\r\nnode-ipc may come bundled with peacenotwar.\r\nDo you know about any other instances of hacking taking place around the Ukraine invasion? We’d love to\r\nhear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44\r\n20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.\r\n“This code serves as a non-destructive example of why controlling your node modules is important. It also serves\r\nas a non-violent protest against Russia’s aggression that threatens the world right now. This module will add a\r\nmessage of peace on your users’ desktops, and it will only do it if it does not already exist just to be polite,”\r\nRIAEvangelist wrote in the description for the peacenotwar code. RIAEvangelist’s description also explained how\r\nother people could add the module to their code in order to take part in the digital protest.\r\nOn the GitHub page for peacenotwar, RIAEvangelist included a link to a YouTube video and lyrics from the peace\r\nsong “One Day” by Mattisyahu, the Jewish American reggae musical artist.\r\nBut then some versions of “node-ipc,” the much more popular piece of software that RIAEvangelist maintains,\r\nstarted overwriting files on computers based in Russia and Belarus with a heart emoji, according to a post on\r\nGitHub. \r\nhttps://www.vice.com/en/article/dypeek/open-source-sabotage-node-ipc-wipe-russia-belraus-computers\r\nPage 1 of 2\n\nA screenshot of an analysis from GitHub user MidSpike. Image: MidSpike.\r\nRIAEvangelist told Motherboard in an email that “There was no actual code to wipe computers. It only puts a file\r\non the desktop.” He then pointed to a Twitter account he said belonged to him and which had now been targeted\r\nby hackers.\r\nHis LinkedIn profile is no longer available. Six hours ago, RIAEvangelist updated the node-ipc page to read\r\n“Thanks for all the free pizza, and thanks to all the police that showed up to SWAT me. They were really nice\r\nfellas.”\r\nThe GitHub page for node-pic is now full of reactions to RIAEvangelist’s apparent sabotage.\r\n“You’re a stain on the FOSS [free and open source software] community,” reads one. “You just destroyed your\r\nwork, career and probably your online life,” another adds. Others include links to RIAEvangelist’s social media\r\naccounts.\r\nUpdate: This piece has been updated to include a response from RIAEvangelist.\r\nSubscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.\r\nSource: https://www.vice.com/en/article/dypeek/open-source-sabotage-node-ipc-wipe-russia-belraus-computers\r\nhttps://www.vice.com/en/article/dypeek/open-source-sabotage-node-ipc-wipe-russia-belraus-computers\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.vice.com/en/article/dypeek/open-source-sabotage-node-ipc-wipe-russia-belraus-computers"
	],
	"report_names": [
		"open-source-sabotage-node-ipc-wipe-russia-belraus-computers"
	],
	"threat_actors": [],
	"ts_created_at": 1775438976,
	"ts_updated_at": 1775791287,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/42a131dec7d2e52d3255e64a5688372b78914fc8.pdf",
		"text": "https://archive.orkl.eu/42a131dec7d2e52d3255e64a5688372b78914fc8.txt",
		"img": "https://archive.orkl.eu/42a131dec7d2e52d3255e64a5688372b78914fc8.jpg"
	}
}