Presentations, tutorials, etc. by Samba Team members are listed in our:
One of the most disturbing news items of the past few days was watching the Chinese President Hu Jintao meeting with Bill Gates at the Gates's mansion, even before he met with President George Bush. A smiling Hu Jintao mentioned how he used Mr. Gates operating system every day, and Bill promised to help him out with technical support.
But Bill and the Redmond crowd might be helping out with more than just technical support, and not to help the Chinese government either. Humor me a moment while I take a little diversion back to 1982.
The largest non-nuclear explosion ever recorded by satellite took place in Russia in 1982, and was an explosion in the Siberian gas pipeline. The shocking, and little-known truth about this catastrophe was that it was directly caused by the CIA by deliberately giving the Soviet Union modified software (in binary only format of course) that was engineered to destroy the pipeline. Lest you think this is a paranoid fantasy (it sounds like one, I know) this was documented in the book "At the Abyss: An Insider's History of the Cold War", by Thomas C. Reed, a former Air Force secretary who served in the National Security Council, reported on by the Washington Post in 2004, and even mentioned in a 1996 article in the CIA journal “Studies in Intelligence”.
This wasn't just an attack on the Soviet Union, but indirectly affected Western European gas prices (the pipeline destroyed was designed to feed gas to Europe), as a side effect of the US attempt to disrupt Soviet hard currency earnings. I wonder if the Chinese are students of this particular part of history ? Judging by their eagerness to embrace Windows in their infrastructure, and the recent promises by Chinese PC makers to include “genuine Windows” on PC's shipped in China, it would seem not. This single incident of modified binary-only software causing massive economic damage should be required reading for the decision makers of any nation that might have conflicting interests to the USA. That's everyone else in the world, just in case you were wondering. Even that normally docile American pet the UK has balked at accepting binary-only control software for the new Joint Strike Fighter aircraft and threatened to cancel the order if they don't get access to the source code. Maybe the UK isn't so docile after all, as the UK military certainly seems to understand the need to control the software in at least some critical parts of their own infrastructure.
So who can you trust in computing, and why ? I'd love to say that Open Source code companies can be trusted as they give you the source code, and proprietary companies can not, as source code isn't available, but it's not as simple as that. Microsoft loudly proclaim they already make the Windows source code available to China and any other countries who complain about the possibility of such binary-only threats. Do you imagine that any US Linux distributor would say no to the US government if they were requested (politely, of course) to add a back-door to the binary Linux images shipped as part of their products ? Who amongst us actually uses the source code so helpfully given to us on the extra CDs to compile our own version ? With Windows of course there are already so many back-doors known and unknown that the US government might not have even bothered to ask Microsoft, they may have just found their own, ready to exploit at will. What about Intel or AMD and the microcode on the processor itself ?
Even with access to Windows source code, it is still not safe to trust it unless you compile that code yourself and only install the binary versions you create on your own machines. Having source code that claims to match a product proves nothing about the binary version of the product you're using unless you've created it yourself. How many versions of Windows installed on Chinese government computers were actually compiled by the Chinese themselves. None, I'd guess. The same of course is true for the UK. What this means is that governments around the world who accept binary packaged software from US software companies are at the mercy of the US intelligence services who may or may not have decided to add just that little “extra” into the code. If you think I'm being paranoid about this just ask the Russians.....
Just for completeness for the truly paranoid even compiling the source code yourself actually isn't enough to ensure you're getting “trusted” computing. In his landmark 1984 paper “Reflections on trusting trust” Ken Thompson, one of the original UNIX authors, tells a tale of how he hacked the C compiler on the UNIX system, the software used to create new binary code from source code, to add a completely undetectable back-door into UNIX. Once set up there was no trace of the back-door he added in any of the publicly available UNIX source code, it was cleverly hidden in the binaries and was designed to propagate itself into any new binaries created on the system. This was a theoretical attack, not something he actually did, but something he could have done. At least I hope so, but then I'm inclined to trust him. The only way to get trusted code is to design the processor yourself (yes there can be back-doors in processor microcode as well as ordinary binary code), write your own compiler and audit all the Open Source code you create yourself for use in your command and control systems. Anything else is trusting the untrustworthy.
I'll leave you with some words from Ken Thompson's paper that are just are true today as in 1984.
“The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.”