Cybercrime today is no longer driven by lone hackers in hoodies. It is operated by well-funded, highly organized, and in some cases state-backed groups that function like global technology companies. Their marketplace? The Darknet. Their targets? All of us — from critical IT infrastructure to the CMS sites we build every day.
Open-source software like Drupal relies on something attackers have learned to exploit: the trust within our communities. The recent xz backdoor demonstrated that the biggest vulnerabilities often don’t start in code, but in the people maintaining it: often overworked, isolated, and underfunded.
This talk explores how these two worlds collide and why our strongest defense isn’t a patch, but a more resilient and connected community.
Cybercrime is now a global industry run by organized, well-funded groups targeting the open-source projects we rely on every day. The xz backdoor proved that our biggest weaknesses are human — and our strongest defense is a resilient, engaged open-source community.
Participants should have a basic understanding of Drupal or open-source development workflows. No deep security expertise is required.
Outline:
- The Evolution of Cybercrime – How modern threat actors operate like global tech organizations.
- When People Become the Weak Point – Lessons from the xz backdoor and maintainer burnout.
- Why Community Is Our Security Layer – How collaboration and engagement reduce risk.
- Understand how modern cybercrime networks operate.
- Recognize how human factors—such as burnout, lack of support, and community pressure—can create security risks.
- Explain the lessons learned from the xz backdoor incident and how they apply to Drupal and other OSS projects.
- Identify ways in which strong, engaged communities improve security and resilience.
