Snowden and Compilers

Rich Jones rich at openwatch.net
Tue Feb 11 17:51:33 PST 2014 

> GCC would be a lot harder and people would be looking for it.

GCC yes, but what about Visual Studio? The LLVM which ships with XCode?
Javac?

Those are much jucier targets than say, Debian's GCC. If I worked at the
NSA, I'd make backdooring Visual Studio my 20% project.

If anybody with Snowden cache access who is reading this could do me a
quick favor and grep for 'compiler,' and then publish the output, I'd
really appreciate it.

Thanks,
R

On Tue, Feb 11, 2014 at 2:17 PM, Troy Benjegerdes <hozer at hozed.org> wrote:

> All the 'NDA'/proprietary/confidential information that goes with chip
> designs
> provide plenty of cover to insert backdoors.
>
> GCC would be a lot harder and people would be looking for it.
>
> But your USB chip, graphics card, hard drive, or two factor authentication
> token, on the other hand...
>
> The chinese are probably even copying the subverted chip designs without
> even knowing it's there.
>
> On Tue, Feb 11, 2014 at 02:47:01PM -0700, Kelly John Rose wrote:
> > I could see them more easily subverting chip designs themselves then
> trying
> > to subvert the entire compiler ecosystem.
> >
> >
> > On Tue, Feb 11, 2014 at 2:05 PM, CypherPunk <cypherpunk at cpunk.us> wrote:
> >
> > >
> > > On 02/11/2014 01:32 PM, Rich Jones wrote:
> > > > In all of the Snowden docs that have been released so far, has
> anybody
> > > > seen any mention of any NSA programs designed to subvert compilers?
> > > >
> > > > Compilers seems like an extremely prime target for manipulation, but
> as
> > > > far as I am aware there hasn't been anything mentioned about this
> yet.
> > > > Has anybody here heard anything that I haven't?
> > >
> > > Given that compilers are both a fairly easy to attack and amazingly
> > > convenient target, it wouldn't surprise me if the NSA has subverted a
> > > few specific compilers that are in common use. An attack of this nature
> > > has been hypothised since the early to mid-1980's. They would have to
> be
> > > amazingly dense not to have at least considered it.
> > >
> > > On the flip side, the NSA likes to do things where it has the least
> > > opportunity to be caught. Compiler subversion, while not "easy" to
> catch
> > > by any means, might offer too big a risk of being caught for them to do
> > > it. Being that they have a multitude of weirdly named programs
> > > specifically set up to compromise software, the evidence would lean
> > > towards they haven't done it but I'm sure it was, at the very least,
> > > discussed.
> > >
> >
> >
> >
> > --
> > Kelly John Rose
> > Toronto, ON
> > Phone: +1 647 638-4104
> > Twitter: @kjrose
> > Skype: kjrose.pr
> > Gtalk: iam at kjro.se
> > MSN: msn at kjro.se
> >
> > Document contents are confidential between original recipients and
> sender.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3801 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140211/ab00a464/attachment-0001.txt>

More information about the cypherpunks mailing list