Big Brother or Uncle Sam?

Big Brother or Uncle Sam?

Summary: At least the purported insidious code-borne access seems to be in the hands of the "good guys."


I heard a software security expert from a large defense contractor relay this week an interesting tidbit from a discussion he recently had with someone from a top security-level agency in the U.S. government. They were discussing the fact that many of the bad guys, i.e. terrorists, the world over use Linux. So do many non-U.S. governments. And, of course, Linux source code is open, and many folks from many places can make code contributions.

The wink and nod of the discussion was that, sure, the good guys, i.e. U.S. government security agencies, can and almost certainly have slipped subversive code into the base of the Linux kernel amid the bloat unbeknownst to users. Such code allows the G-men to identify and "sniff" out certain nefarious activities, or to gain secret entry into what the kernel users may consider secure servers.

Are Linux users living in the equivalent of a barn with the doors wide open to those holding the right key? Such back-door server "access" amounts to a wiretap on a telephone. It could be used to gain evidence to thwart or prosecute a crime. But it could also be Orwellian in its ability to snoop on all types of users and activities. And such subversive code may not necessarily be confined to open source code, it might also have been planted into popular commercial kernels and code. Right?

Either way, it gives some pause to how private and secure any server or application is on a public network. At least the purported insidious code-borne access seems to be in the hands of the "good guys" ... for now.


Topic: Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I've thought about this actually...

    Particularly with China embracing the development of Linux and such like. The issue with it is this, in my opinion. By the nature of open source, people can actually see what is implemented in the source code. While there is quite a lot of code to examine, it is possible catch nefarious behavior. And given enough time, it is likely, I think, that it would be discovered.

    Of course this is not quite true with closed source software. It is possible, and probable, that more is going on that one realizes, whether big brother (government) or little brother (Business) is doing it. Why? Because it is very unlikely would could be found out.

    Infecting Linux like that is almost asking to be found out.
  • Trust no one

    Linux is just catching up to Windows. The concept is far from new: many security analysts over the years have speculated that a number of MS-Windows "vulnerabilities" discovered over the years were actually backdoors intentionally built in at the direction of the Feds and the CIA.

    Their are a couple of roadblocks in the Linux community: one is that the source code *can* be read, even if it is a chore. The other is that many Linux distributions are managed by non-US companies who might not look so favorably on meddling by the Feds. These issues are not insurmountable for people with the money and power of the US government; backdoors may be implanted in common utilities instead of the kernel, and developers in any country can be bribed into cooperation.

    In the end, such tactics may serve to capture the ignorant and the lazy, but the serious spooks will always take steps to protect themselves.
    terry flores
  • the "good guys"? I hope that was tongue in cheek

    I'm going to assume that the quotes around "good guys" represents at least a nod to the massive anti-US sentiment around the world.

    The idea that that any government feels it within their mandate to spy on their people, en masse, is abhorrent. No government doing such a thing should be considered "good".
    • Can you say "National Security Letters'

      When the President says on TV that 'any action in defense of the country is acceptable..' then none of us are safe. Under the 'Patriot Act' the FBI can investigate anyone, anywhere, at any time, without getting a warrant, judicial permission, or apparently review. They issue a letter that is secret about a secret investigation and the results of that secret investigation go into secret files which NEVER go away.
  • Sounds Like A Good Talking Point For Linux

    Use Linux and the US Govt won't be able to spy on you. Use Windows and have built in backdoors for the NSA, FBI, CIA, or [Insert US Agency Name Here].
    Edward Meyers
  • Big Brother or Uncle Sam?

    "The wink and nod of the discussion was that, sure, the good guys, i.e. U.S. government security agencies, can and almost certainly have slipped subversive code into the base of the Linux kernel amid the bloat unbeknownst to users." How about the bad guys slipping subversive code into the base? You should be more worried about this. Do you know where most of the real Internet attacks come from? I'll tell you, China. As for wink and nod, the people involved in that conversation know better than to talk around classified issues. A half-whit can figure out such a conversation. I wish their special security officer heard them.
  • So what's new ???

    Why do you people think the DoJ was sooooo lenient with MS ?
  • Hiding any door is not that easy

    Wink, wink, nudge, nudge - Did you hear the one about. NSA (used to be NoSuch) has a backdoor in all approved encryption standards. NSA invents security procedures that they cannot patent and release because the DOD wants the knowledge restricted. R, S, & A were threatened with arrest and imprisonment for creating their encryption programs. NSA publishes the best step by step guides for securing systems onlune and free.
    All of these have varying amounts of truth and conspiracy theory - the more truth the less conspiracy, unless it is to obscure the truth.
    Which operating system is more likely to be full of backdoors - one with open source and millions of people who read bits and bytes to learn how it works, or a 'closed source' system whose programmers work hand in fist with their own application developers creating shortcuts and internal hacks?