back to article Anatomy of suspected top-tier decade-hidden NSA backdoor

Pangu Lab has identified what it claims is a sophisticated backdoor that was used by the NSA to subvert highly targeted Linux systems around the world for more than a decade. The China-based computer-security outfit says it first spotted the backdoor code, or advanced persistent threat (APT), in 2013 when conducting a forensic …

  1. VoiceOfTruth

    The real reason why the USA banned Huawei

    It doesn't have this backdoor.

    'Germany, Japan, India'. Ostensible friends and allies.

    No matter how much anyone tries to dress this up, this is the USA spying on anyone it feels like.

    1. b0llchit Silver badge
      Flame

      Re: The real reason why the USA banned Huawei

      No matter how much anyone tries to dress this up, this is the USA spying on anyone it feels like.

      And you think any country is "better" than the USA? They all have their tentacles in the electronic cookie-jar. Computing and the internet would be a much safer place if all secret services in the world would actually protect the public and not their own interests and the ruling class.

      1. Anonymous Coward
        Anonymous Coward

        Re: The real reason why the USA banned Huawei

        But not any country is giving lessons as much as the USA do, are they? Doing it is one thing, being mightily hypocritical about it brings it to a whole different level.

      2. Anonymous Coward
        Anonymous Coward

        @b0llchit - Re: The real reason why the USA banned Huawei

        You're right. No country can beat US at this game.

    2. Anonymous Coward
      Anonymous Coward

      Re: The real reason why the USA banned Huawei

      "It doesn't have this backdoor."

      Oh...you think this is installed by the manufacturer?

  2. HildyJ Silver badge
    Big Brother

    Two things - neither of them comforting

    First, if you don't think the NSA and other intelligence agencies don't have similar code to backdoor any and every OS, you're naive. They've gone well beyond the days wheen they had to collaborate with Cisco to install a backdoor.

    Second, once the attack is found, anybody can use it. I assume China released it (probably after using it for a time) because they have their own version that will not trip the antivirus patterns that are now being written.

    1. Tom 7 Silver badge

      Re: Two things - neither of them comforting

      If you have the resources these things aren't too hard to discover if you're patient.

      A honeytrap machine can be duplicated and left running exposed and monitored for any unusual traffic or at reasonable time intervals and then a cross check with the duplicate can reveal the new code.

      Then the fun starts - do you report or exploit?

  3. innominatus

    "The Register asked the National Security Agency to comment. As you might expect, we've not heard back."

    Perhaps that's for the best? Maybe avoid dark alleys...

    1. Anonymous Coward
      Anonymous Coward

      *You*'ve not heard back. But maybe some code activated on ElReg's PCs and *they* did.

      1. Anonymous Coward
        Anonymous Coward

        While it is risky to start wild conspiracy theory in this day and age, has no one noticed this was written by Thomas Claburn?

        Thomas CIAburn....

        *queue spooky music as I am silently killed*

  4. oiseau Silver badge
    Facepalm

    Then ... And now?

    If this very complex and evidently undetectable exploit was going on 10 years ago ...

    I dare not ask just what is going on now.

    O.

  5. Anonymous Coward
    Anonymous Coward

    Both Solaris *and* SUN? My, my.

    It's been capitalized "Sun" for decades before it changed to "Oracle", too. Old habits, I know, but still.

  6. Anonymous Coward
    Anonymous Coward

    So if I run a Linux system ...

    does this leave me with any TODOs ?

    1. trindflo Bronze badge
      Linux

      Re: So if I run a Linux system ... install updates

      If for some reason you are not installing Linux updates, start doing that. Updates should run automatically, but will often start then ask permission. Updates for most security related bugs are released very quickly and do not wait for a weekly or monthly patch release cycle.

      If you are on an older distribution of Linux, you may have lost your connection to updates in which case upgrading is particularly important. Your Linux installation version should be no older than 5 years. In most cases you should try to keep your installation version to no older than 2 years. Upgrades are usually painless these days unless your system is very old, although backups are always recommended.

      You will get best results by searching for the particular type of Linux you are running (for instance "Ubuntu") adding keywords like "updates" and "upgrades".

  7. Chris Clawson

    So, did this rely on some previously undisclosed exploit? Has it been found and patched?

  8. sreynolds Silver badge

    As opposed to your Chinese Shit....

    Which leaves the freaking front door wide open.

  9. Anonymous Coward
    Anonymous Coward

    Backdoor??? Private ciphers DON'T HAVE BACKDOORS!!!

    1SjSHAJixubk9IvuPyTMhOzMFMR4z2HwP216D0twRg1wlmjMfUlyF0t0pAPMDK98zkDC18Jwv2Jy

    9cBmbw9ozSfGlS7G1eBW1EbyTk9YxY3WJOPi3i9yPQDWfQH2Z69UToFq3Sf852ziXm3utUlkNGr8

    zYFGvaJGNerYhQTU9SFEtMJMf01i1WXiXcVK1YPSjQB0tUlQJm783GVSZwDcbOPYv0F4r2bKjExK

    DUxc7epQtUZOFqfQR4BC3CbgrgT2VszCz01KpCHkJ0HOLybMD0ZyluNG9etQdmtohGZMZQ18jShE

    lGjoPQ7GD0rwnyRadKxGbQ3SnwJ6dUJwvytKxUzoZsBQpc9Sbi3chaV2BkrgnSPObgX2HuhyJaNW

    HM96VATKx23If8Jsh6naJKJUrq1ytEla7kfulQHqfAPsp09crijEXKp29MjqLsTezolA9gjgtibg

    3ohCF4B89ut2x6zQRM1A7e7oXYT8bgFOXgR6d8BoZ6PUdetsVujKpybWP4HCL8rQ1EdiVePKFilQ

    5gjuhOh2d2VAxwhQxCnWlwzYbQHsl6DQXavgZcZS58PCdQTYFeXwFC5cFEbUxU5EboFMhG1IbcTI

    JubUFeVqL8V4XcTsj0HKj4XwBG9iV6z2NEP4FAdWfknkXQTIr0JQhadgb8rwJEn6xajm7i7oLch2

    zwjcNeBuz8v6XWDIJ8fijoZ8HQpAf8hkZIfI14Nk3EV4Jm94BElQ9ehqZctqHSDWladUN89cdcrg

    Z8P4XmHItwd6NaDIfMV2Xs9oRMfIReV6jk18hsjK5udmBG50j0h2vQJ6rkLWnOTs107mvmZAh0lc

    NcBijAvmpsHQJATklwH6dwxodUXeXixSJOl6XMRIvGTuhCdkjcBOjYf4h6fitO5qRkTWNm9M92hu

    TOLYPGLyNstQ3C523QnmxmP0Z2L4PozcZIFOjOfObqdYbO9Y1gvohy5GF0PchqrQ1CnMJazIPCJm

    zClyjy9snqBg32JMlKPobQDcN6xilud6DW1OnOha5E1sjk3C1MVG9kry7az0vCXQtSpenOpQfMXm

    X4lwrSTE9UHwrCV6PKP0Lo1SZq58

  10. Anonymous Coward
    Anonymous Coward

    Is it AES...or Salsa20...or Chacha20....or something else again??

    4uJWtHMLPix8K0Os89phTUpC3QEOsJ+LDrV7cytiYcp/ca8mGqpXe/mK3ii884lQ9Qy+J74KXeJX

    WsgQrWfHRRGOJAHk+yeJpC0T5Uve2ZfLR+DodvdBkjwC6/8jF5Fe5pERyDHB1MPIz9clMhKpuBYy

    kF5bwrWCbpei3QNNXHDhir0afUwB8BRwX7A+E6FvGYaJEgPTD2YQMBHCpbDINDpFyts0FU1vzdK3

    a2yc6RNNSU7+MA4/h99sYRxmY99yz/rIf4xgD0w0rbOLrEh19dCOEBgHhAvLvVa78Hk3xcOfvLgV

    nsrL+4yOgD5IBu6jgacbu0o4zDibr/fiL4vF193EgqLYhoOTKOBsKeAKOTxFAiRyP/5hLRgM8TJ+

    yhcKX8/rspXJzIAqwAL884iR/Fn19/zCpDwgCGLELgsb6nGTTIJHH/RJXdUF3Ph7UoP3zKU5v/AZ

    ndQmz+pNrlVIdUv3paU+BNpBfWpuhvgQca8LfgvLetJ8QQJfL/uOpresIeikN4OFHdZtVXYmxBAy

    RZ7/ttu7SCyRWigU9DXonMydjXd2g9nZYtONGwacML7jq+1UI3KcfDvtLewC9A6rcs6x+2PDp2o6

    TeMbeH+seNY=

  11. This post has been deleted by a moderator

  12. Captain_Cretin

    You dont say!

    CISCO, oh what a surprise.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022