Snowden and Compilers

CypherPunk cypherpunk at cpunk.us
Tue Feb 11 13:05:10 PST 2014


On 02/11/2014 01:32 PM, Rich Jones wrote:
> In all of the Snowden docs that have been released so far, has anybody
> seen any mention of any NSA programs designed to subvert compilers?
> 
> Compilers seems like an extremely prime target for manipulation, but as
> far as I am aware there hasn't been anything mentioned about this yet.
> Has anybody here heard anything that I haven't?

Given that compilers are both a fairly easy to attack and amazingly
convenient target, it wouldn't surprise me if the NSA has subverted a
few specific compilers that are in common use. An attack of this nature
has been hypothised since the early to mid-1980's. They would have to be
amazingly dense not to have at least considered it.

On the flip side, the NSA likes to do things where it has the least
opportunity to be caught. Compiler subversion, while not "easy" to catch
by any means, might offer too big a risk of being caught for them to do
it. Being that they have a multitude of weirdly named programs
specifically set up to compromise software, the evidence would lean
towards they haven't done it but I'm sure it was, at the very least,
discussed.



More information about the cypherpunks mailing list