Assange: Debian is Owned by the NSA

Douglas Lucas dal at riseup.net
Thu Apr 10 11:35:01 PDT 2014


Contrary to reports, Assange didn't say Debian is owned by the NSA, but
rather that it is easy to backdoor operating systems:
https://twitter.com/wikileaks/status/454261872704094208

On 04/10/2014 11:48 AM, rysiek wrote:
> Hi there,
> 
> so this has come to my attention. Whaddya guys and gals think?
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> http://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/
> 
> 
> In his Q&A to his keynote address at the World Hosting Days Global 2014
> conference in April, the world’s largest hosting and cloud event, Julian
> Assange discussed encryption technology in the context of hosting
> systems. He discussed the cypherpunk credo of how encryption can level
> the playing field between powerful governments and people, and about 20
> minutes into his address, he discussed how UNIX-like systems like Debian
> (which he mentioned by name) are engineered by nation-states with
> backdoors which are easily introduced as ‘bugs’, and how the Linux
> system depends on thousands of packages and libraries that may be
> compromised.
> 
> I recommend watching his 36 minute Q&A in its entirety, keeping in mind
> my recent warnings about how GNU/Linux is almost entirely engineered by
> the government/military-affiliated Red Hat corporation.
> 
> The Voice of Russia website has an article on Assange’s address with a
> few quotes:
> 
>     “To a degree this is a matter of national sovereignty. The news is
> all flush with talk about how Russia has annexed the Crimea, but the
> reality is, the Five Eyes intelligence alliance, principally the United
> States, have annexed the whole world as a result of annexing the
> computer systems and communications technology that is used to run the
> modern world,” stated Julian Assange in his keynote address…
> 
> Don’t just read the short article, listen to the address yourself,
> because Assange goes into many areas, and the work being done in these
> fields.
> 
> Assange mentions how Debian famously botched the SSL random number
> generator for years (which was clearly sabotaged – a known fact).
> Speaking of botched security affecting Red Hat, Debian, Ubuntu, Gentoo,
> SuSE, *BSD, and more, the nightmarish OpenSSL recently botched SSL again
> (very serious – updated comments on how a defense contractor in Finland
> outed the NSA here?) It’s very hard to believe this wasn’t deliberate,
> as botching the memory space of private keys is about as completely
> incompetent as you can get, as this area is ultra-critical to the whole
> system. As a result, many private keys, including of providers, were
> potentially compromised, and much private info of service users. Be sure
> to update your systems as this bug is now public knowledge. (For more on
> how OpenSSL is a nightmare, and why this bug is one among many that will
> never be found, listen to FreeBSD developer Poul-Heening Kamp’s
> excellent talk at the FOSDEM BSD conference.)
> 
> From the start, my revelations on this blog about Red Hat’s deep control
> of Linux, along with their large corporate/government connections,
> hasn’t been just about spying, but about losing the distributed
> engineering quality of Linux, with Red Hat centralizing control. Yet as
> an ex-cypherpunk and crypto software developer, as soon as I started
> using Linux years ago, I noted that all the major distributions used
> watered-down encryption (to use stronger encryption in many areas, such
> as AES-loop, you needed to compile your own kernel and go to great
> lengths to manually bypass barriers they put in place to the use of
> genuinely strong encryption). This told me then that those who
> controlled distributions were deeply in the pockets of intelligence
> networks. So it comes as no surprise to me that they jumped on board
> systemd when told to, despite the mock choice publicized to users –
> there was never any option.
> 
> A computer, and especially hosting services (which often run Linux), are
> powerful communication and broadcasting systems into today’s world. If
> you control and have unfettered access to such systems, you basically
> control the world. As Assange notes in the talk, encryption is only as
> strong as its endpoints. eg if you’re running a very secure protocol on
> a system with a compromised OS, you’re owned.
> 
> As Assange observed:
> 
>     “The sharing of information, the communication of free peoples,
> across history and across geography, is something that creates,
> maintains, and disciplines laws [governments].”
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 



More information about the cypherpunks mailing list