I heard a software security expert from a large defense contractor relay this week an interesting tidbit from a discussion he recently had with someone from a top security-level agency in the U.S. government. They were discussing the fact that many of the bad guys, i.e. terrorists, the world over use Linux. So do many non-U.S. governments. And, of course, Linux source code is open, and many folks from many places can make code contributions.
The wink and nod of the discussion was that, sure, the good guys, i.e. U.S. government security agencies, can and almost certainly have slipped subversive code into the base of the Linux kernel amid the bloat unbeknownst to users. Such code allows the G-men to identify and "sniff" out certain nefarious activities, or to gain secret entry into what the kernel users may consider secure servers.
Are Linux users living in the equivalent of a barn with the doors wide open to those holding the right key? Such back-door server "access" amounts to a wiretap on a telephone. It could be used to gain evidence to thwart or prosecute a crime. But it could also be Orwellian in its ability to snoop on all types of users and activities. And such subversive code may not necessarily be confined to open source code, it might also have been planted into popular commercial kernels and code. Right?
Either way, it gives some pause to how private and secure any server or application is on a public network. At least the purported insidious code-borne access seems to be in the hands of the "good guys" ... for now.