back to article Anatomy of suspected top-tier decade-hidden NSA backdoor

Pangu Lab has identified what it claims is a sophisticated backdoor that was used by the NSA to subvert highly targeted Linux systems around the world for more than a decade. The China-based computer-security outfit says it first spotted the backdoor code, or advanced persistent threat (APT), in 2013 when conducting a forensic …

  1. VoiceOfTruth

    The real reason why the USA banned Huawei

    It doesn't have this backdoor.

    'Germany, Japan, India'. Ostensible friends and allies.

    No matter how much anyone tries to dress this up, this is the USA spying on anyone it feels like.

    1. b0llchit Silver badge

      Re: The real reason why the USA banned Huawei

      No matter how much anyone tries to dress this up, this is the USA spying on anyone it feels like.

      And you think any country is "better" than the USA? They all have their tentacles in the electronic cookie-jar. Computing and the internet would be a much safer place if all secret services in the world would actually protect the public and not their own interests and the ruling class.

      1. Anonymous Coward
        Anonymous Coward

        Re: The real reason why the USA banned Huawei

        But not any country is giving lessons as much as the USA do, are they? Doing it is one thing, being mightily hypocritical about it brings it to a whole different level.

      2. Anonymous Coward
        Anonymous Coward

        @b0llchit - Re: The real reason why the USA banned Huawei

        You're right. No country can beat US at this game.

    2. Anonymous Coward
      Anonymous Coward

      Re: The real reason why the USA banned Huawei

      "It doesn't have this backdoor." think this is installed by the manufacturer?

  2. HildyJ Silver badge
    Big Brother

    Two things - neither of them comforting

    First, if you don't think the NSA and other intelligence agencies don't have similar code to backdoor any and every OS, you're naive. They've gone well beyond the days wheen they had to collaborate with Cisco to install a backdoor.

    Second, once the attack is found, anybody can use it. I assume China released it (probably after using it for a time) because they have their own version that will not trip the antivirus patterns that are now being written.

    1. Tom 7 Silver badge

      Re: Two things - neither of them comforting

      If you have the resources these things aren't too hard to discover if you're patient.

      A honeytrap machine can be duplicated and left running exposed and monitored for any unusual traffic or at reasonable time intervals and then a cross check with the duplicate can reveal the new code.

      Then the fun starts - do you report or exploit?

  3. innominatus

    "The Register asked the National Security Agency to comment. As you might expect, we've not heard back."

    Perhaps that's for the best? Maybe avoid dark alleys...

    1. Anonymous Coward
      Anonymous Coward

      *You*'ve not heard back. But maybe some code activated on ElReg's PCs and *they* did.

      1. Anonymous Coward
        Anonymous Coward

        While it is risky to start wild conspiracy theory in this day and age, has no one noticed this was written by Thomas Claburn?

        Thomas CIAburn....

        *queue spooky music as I am silently killed*

  4. oiseau Silver badge

    Then ... And now?

    If this very complex and evidently undetectable exploit was going on 10 years ago ...

    I dare not ask just what is going on now.


  5. Anonymous Coward
    Anonymous Coward

    Both Solaris *and* SUN? My, my.

    It's been capitalized "Sun" for decades before it changed to "Oracle", too. Old habits, I know, but still.

  6. Anonymous Coward
    Anonymous Coward

    So if I run a Linux system ...

    does this leave me with any TODOs ?

    1. trindflo Bronze badge

      Re: So if I run a Linux system ... install updates

      If for some reason you are not installing Linux updates, start doing that. Updates should run automatically, but will often start then ask permission. Updates for most security related bugs are released very quickly and do not wait for a weekly or monthly patch release cycle.

      If you are on an older distribution of Linux, you may have lost your connection to updates in which case upgrading is particularly important. Your Linux installation version should be no older than 5 years. In most cases you should try to keep your installation version to no older than 2 years. Upgrades are usually painless these days unless your system is very old, although backups are always recommended.

      You will get best results by searching for the particular type of Linux you are running (for instance "Ubuntu") adding keywords like "updates" and "upgrades".

  7. Chris Clawson

    So, did this rely on some previously undisclosed exploit? Has it been found and patched?

  8. sreynolds Silver badge

    As opposed to your Chinese Shit....

    Which leaves the freaking front door wide open.

  9. Anonymous Coward
    Anonymous Coward

    Backdoor??? Private ciphers DON'T HAVE BACKDOORS!!!
















  10. Anonymous Coward
    Anonymous Coward

    Is it AES...or Salsa20...or Chacha20....or something else again??










  11. This post has been deleted by a moderator

  12. Captain_Cretin

    You dont say!

    CISCO, oh what a surprise.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022