Security The Digital Arms Race: NSA Preps America for Future Battle

[J65nko]

From http://www.spiegel.de/international/...a-1013409.html :

Quote:

The NSA's mass surveillance is just the beginning. Documents from Edward Snowden show that the intelligence agency is arming America for future digital wars -- a struggle for control of the Internet that is already well underway.

[shep]

In the above article there are links to a report on a backdoor in the portable version of OpenSSH. It would be interesting from the standpoint of the validity of the document to see if the exploit of 2007 (date of report) has since been recognized/corrected.

[ibara]

What you linked to is nothing more than a hacked binary on one single machine. Someone would have to go install that hacked binary on your machine. There is nothing to "recognize" or "correct."

Please see:
http://marc.info/?l=openbsd-misc&m=142153459330039&w=2
https://news.ycombinator.com/item?id=8905581

[jggimi]

shep, please take a few minutes to read the actual report (as published in Der Spiegel) describing the steps taken to create the modified daemon. It wasn't simple, as there were many double-checks that had to be bypassed or evaded.

Note that this was intended for use by Tailored Access Operations (TAO), who are focused on specific targets. Whether it was deployed in the field is not mentioned in this particular SIGINT report.

Hope that helps.

[shep]

I did not mean to imply that OpenSSH had been compromised. What impressed me was the time line, from 2007, the targets and lastly, the reporting employees account about how much fun New Zealand and Tasmania were.