Re: "Debian owned by the NSA"

To: debian-security@lists.debian.org
Subject: Re: "Debian owned by the NSA"
From: an.to_n-73@riseup.net
Date: Thu, 19 Jun 2014 14:25:17 +0200
Message-id: <[🔎] 53A2D6AD.3020109@riseup.net>
In-reply-to: <[🔎] 20140619103649.3fd67334@compul-debian.me.org>
References: <[🔎] 20140619103649.3fd67334@compul-debian.me.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody!

I think, that the linked blog entry of IngnorantGuru is just another
conspiration theory.
In addition the author really seems to be afraid of being watched by
"them". Just read the paragraph in another post (1), starting with
"The other event also left an indelible memory." No dates, names or
details, just the unproven tale of being contacted by strange people.
So I guess that the claim "Debian Is Owned By The NSA" is wrong, also
it was a false quote ...

Anyway, surveillance agencies surely try to put backdoors into
software (open and closed source) and encryption standards
(2)(3)(4)(5)(6).
In 8/2013 and 1/2014 serious discussions took place on this mailing
list, how adversaries could compromise Debian or at least some
packages by default (7)(8). To sum up: Yes, they can!
To my mind it is not necessary to "own" a whole OS to spy on persons
of interest (although it would be very practical :-) ... ). The
surveillants just need a possibility to enter the victims server, PC,
tablet or smartphone. Professional players have many such options in
terms of zero day exploits. They just search themselves or buy them
with their huge budget (9). The US officially committed to store
0-days for serious cases (10). /Every/ professional cracker
organisation, governmental or criminal, does this!

=> I am sure that some of the security flaws discussed on this and
other lists were known to the Chinese / Russians / Americans /
Europeans and exploited before, to enter Debian systems. You can't do
much against this. Just think of a Quantum attack with their shadow
servers on your browser (11).
So don't use connected computers for really important stuff! And don't
use browsers outside VMs. I am only a hyprocrite, because I do both
things.

But have at look at the Chinese official OS Kylin (12). Their
computers are surely monitored by the NSA. In 2002 they started with a
FreeBSD based system (13) for governmental use. This year they switch
to Ubuntu Kylin (14)(15), which bases on Linux+Debian. Now one can
surely ask for Guoanbu's standard backdoor in Kylin, by that is
another topic :-).

*=> To conclude: A country, which is surely monitored by the NSA, runs
an Linux/Debian-based operating system.*

I think, there can't be a better advertisement!

Best regards, and stay wiretapped!

Anton

1)
http://igurublog.wordpress.com/2014/02/17/biography-of-a-cypherpunk-and-how-cryptography-affects-your-life
2)
http://www.aftenposten.no/nyheter/uriks/Sources-We-were-pressured-to-weaken-the-mobile-security-in-the-80s-7413285.html
3) http://www.heise.de/tp/artikel/2/2898/1.html
4) http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor
5) "Torvalds was also asked if he had ever been approached by the U.S.
government to insert a backdoor into Linux. Torvalds responded 'no'
while nodding his head 'yes', as the audience broke into spontaneous
laughter."
http://www.eweek.com/print/developer/linus-torvalds-talks-linux-development-at-linuxcon.html
6)
http://securitywatch.pcmag.com/security/319544-what-it-s-like-when-the-fbi-asks-you-to-backdoor-your-software
7) https://lists.debian.org/debian-security/2013/08/msg00000.html
8) https://lists.debian.org/debian-security/2014/01/msg00021.html
9)
http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees
10)
http://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities
11)
http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329.html
12) https://en.wikipedia.org/wiki/Kylin_%28operating_system%29
13)
http://web.archive.org/web/20070729215013/http://2006.eurobsdcon.org/talks-wu.php
14) http://www.ubuntukylin.com/index.php?lang=en
15)
http://www.zdnet.com/china-switches-on-to-ubuntu-in-hunt-for-windows-xp-successor-7000026355

- -- 
an.to_n-73 at riseup dot net , PGP:
0B4C DF2C CB22 5DF4 25EA F212 49D1 ABF2 A2A9 7D7D
Bitmessage: BM-2cTY8fuXGGXmh3fVgfQMaRCqTpgqp479ux

On 19/06/14 04:36, Niklas Lemcke - 林樂寬 wrote:
> What's the deal with this?
> 
> http://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJTotarAAoJEEnRq/KiqX19eS8P/RcG3wSMiugu1vFqa6mhPVEL
s9M991jXXwUaBxkGEpXh8FYerlQDSU9AvQmEXxxgTjbBVDTB605lRRmP8im+FFy8
NKRrpfxPPHWBl4MFKcFSCqW8dVn+N2KIkZRiFqW1E5ODo5iemgyd7jy5Xh6NVj0J
b1zBzYx9dOzvf/yBOo3PGXwZyK3BYkg3OpHvGM9RbcAK39sSDR6qF+0PKZIn62qw
ig00yfSSZN3+Ab+P9HsGu0ej/e+yQDv3q/7NB0I7+QoYwj8nA4qqGTSq0HxLSqAK
PRXgnErCQvCRFgD2DhPDXsUwnrIAdfymR//MvnuMF29UQ9CwLhy3ug+JK7dkRi1W
8TdlUHUQATff3iCsVghXx/Z2/BVHSy9QaAMq1yPWrPCr7o9XZeHJZIGh9F9X3+Bg
rkXso83hSp/eUVFqDsjjnMbjszQslxGqe+fKFm2dVuOaAyrgltKQlDY1b0j5rkfr
+QtFUKGop6OfEEZdK8FNrlk0J3VDq8cmLkrmwWbtxaEGS2WXvKm7fAfZHvqNGoVI
mr8+nvVjobqtZvlzaoU5LkN3cFF9TSqy1X2CJkz8r3jITZmjlhp0dhFmpOMueYSS
NbFuMm1YjxOOggzFfhxR8QfANmcRB4vLXwJsLXiRpJ0t/OmYeJF672VDP+EuYTIX
AZRUnLmfZ0ebgxfr+bXb
=wmTs
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: "Debian owned by the NSA"
  - From: Niklas Lemcke - 林樂寬 <compul@coletteral.net>
- Re: "Debian owned by the NSA"
  - From: Andrea Zwirner <andrea@linkspirit.org>

References:
- "Debian owned by the NSA"
  - From: Niklas Lemcke - 林樂寬 <compul@coletteral.net>

Prev by Date: Re: "Debian owned by the NSA"
Next by Date: Re: "Debian owned by the NSA"
Previous by thread: Re: "Debian owned by the NSA"
Next by thread: Re: "Debian owned by the NSA"
Index(es):
- Date
- Thread