[nlh]

So let's speculate about what the article almost-but-doesn't-quite propose:

The NSA, or related parties, was responsible for the breach. There was an investigation and postmortem, but because of an NSL or other gag-type order, they couldn't accurately publish what they discovered. So they figured that not releasing a report was better than releasing a report that either intentionally misled or pretended not to have figured out what happened.

I know, this is a pretty big leap. But regardless -- what does it mean? What are the ramifications if this is what happened?

[rgbrenner]

What are the ramifications if this is what happened?

I strongly suspect they were able to get a copy of the kernel source code... They could be doing anything with it.. Porting it to a new platform.. Compiling it with unsafe GCC flags.. Or worse..

[woah]

The people need an answer. Does the NSA have a copy of the linux source code or not??!

[jeresig]

There was a discussion about this recently saying that it was highly unlikely. All the source was in Git and every git commit references the previous commit, making it highly challenging to modify an old commit without also modifying the commit id. More details: http://archive.is/Khq7R

[rgbrenner]

Yes, it's unlikely they modified the source in git.. But it's possible they were able to download a copy and modify it locally... Possibly adding comments to document certain blocks of code.. Or adding unofficial patches for zfs support... Or worse..

[adamnemecek]

Isn't that against the Geneva Convention?

[SimHacker]

Like enabling ReiserFS??!

[joeyh]

Here's how to do it:

1. Contribute a driver to the kernel. A network driver would be ideal, but any driver will do. Include a binary firmware blob, because including binary firmware blobs in drivers is how linux kernel devs roll (or how they used to roll). When creating the binary firmware blob, use a SHA1 preimage attack to actually create two versions with the same SHA. One is benign, and one runs your back door.

2. Root git server. Replace object containing firmware blob with the alternate version.

This attack should be detectable by comparing blobs from old git clones with blobs from new ones, using a hash that has better preimage resistance than does SHA1.

There are other ways to get your SHA1 colliding binary blob into a git commit in ways that are unlikely to be noticed. I demonstrated one (without actual SHA1 preimage attack) here: http://github.com/joeyh/supercollider But a binary firmware blob is pretty much ideal.

[rgbrenner]

except there are no practical preimage attacks on sha1

[meowface]

Right.

His comment reads as "ok, do all these simple things then just put in your backdoor but make sure it has the same SHA1 hash as something benign, and that's it!"

[jeffreyg]

whoosh :)

[spangled]

This reminds me of a friend's response to the idea that the TouchID in the new iphone could be a way for the NSA to get your fingerprints: "Just imagine the shitstorm if they put a camera in there. Or a microphone."

[ris]

There's no good way yet to uniquely identify a person based on a (dodgy) picture of them or sample of their voice. Whereas fingerprints are used for this daily* and a quickly searchable database of these (or just their "hashes") would be incredibly useful to _somebody_.

*I'm not raising the issue of whether they _should_ be or not here, just that they are.

[contingencies]

There's no good way yet to uniquely identify a person based on a (dodgy) picture of them or sample of their voice

Surely this is sarcastic. We can easily identify with great certainty from a relevant set... as Facebook does, for instance. You have a relevant set if you are many governments (the local government, and in many cases Israel via AMDOCS and its intelligence allies - primarily the US, but in some cases possibly their intelligence allies) or a motivated attacker (eg. with an insider, or hiring an insider via a private investigation firm), because you have the device call/messaging/physical location records from which to cross-match. Even if it's a land-line. You also have easy access to additional voice data (voicemail recording, 'this call may be recorded' records at large companies such as banks or wings of government, etc.). Public data sets on non-secret government telephone interception frequency even in 'free-ish' countries like Australia suggest extremely broad cultures around acceptable collection. (For .au I read a raw statistics report I can't seem to relocate recently, but http://www.smh.com.au/technology/technology-news/be-careful-... is a good overview.)

[r4pha]

Or a GPS.

[dmix]

> WELCOME TO THE CRAPTOPOCLYPSE: From now on, every security discussion wastes 15 minutes on “but did the NSA DO IT?!?!’ no matter how absurd.

https://twitter.com/grahamvsworld/status/375793987992715264

I'd be more curious to see the actual report before speculating.

[6cxs2hd6]

I think the point was, why hasn't the report been released yet, 2 years later?

Could be they're lazy. Could be they're embarrassed. Could be they're legally prohibited from reporting it -- which in turn could be due to a NSL.

Lots of "could be". But not entirely crazy to list all the possibilities... while waiting for the report, which we can probably all agree ought to be released by now.

[marcosdumay]

My bet is on "lazy", but I think it's much easier to buy into the NSL explanation than the embarrassement one.

[beernutz]

At this point, I think you basically HAVE to assume it was NSA involvement. Most of the people who were considered paranoid before seem to have been underestimating things based on what we now know.

[kbenson]

Let's just agree that from now on the NSA is responsible for all future security and privacy problems. If proven otherwise, we will assume the NSA is willing to share the blame. Then we can move forward with the rest of the discussion.

[fnordfnordfnord]

It's not a big leap.

The report hasn't been disclosed because they are under legal obligation not to disclose.

The report hasn't been disclosed because they are corrupt.

The report hasn't been disclosed because they are embarrassed.

The report hasn't been disclosed because they are lazy.

The report hasn't been disclosed because they are incompetent.

What other possibilities exist? Which one is most likely?

[bdonlan]

How about:

The report hasn't been disclosed because they are busy with normal operations.

The report hasn't been disclosed because they were pulled away from it to do some more urgent business, and since then it has been forgotten and/or important evidence has been lost.

The report hasn't been released due to turnover in whatever group would be responsible for producing the report, which has caused the loss of important tribal knowledge regarding the event.

As an outside observer, it's hard to say which it would be. However, I do find it unlikely that there would be a gag order - there is little surveillance data to be directly obtained from kernel.org, and attempting to backdoor the kernel itself would have a high risk of exposure and an extremely high risk of blowback from other governments who use Linux. Even if the NSA or CIA or some other TLA were behind it, they would have taken steps to ensure their identity would not be exposed in any investigation in the aftermath of a successful backdooring; there's no sense then effectively telling people who they are with a gag order (and then risking that someone might choose to violate the gag order).

[zokier]

If that were the case why would gregkh say that "There will be a report later this year".

[mustapha]

You're so far off :)