al Qaeda Hacks XP? 736
acaird writes "According to this article at Newbytes, members of al Qaeda may have worked for Microsoft and planted "trojans, trapdoors, and bugs in Windows XP"."
This stuff screams of hoax to me, but it is showing up on the Washington
Post.
not as easy as you might think (Score:5, Interesting)
Code generally goes through peer reviews and quality assurance before it is accepted into the main stream. Say waht you want about MS, but I'm sure they do these things (they can afford it!)
To bypass these failsafes would require a lot of people along the line allowing it to slip through.
Right idea, wrong perps. (Score:2, Interesting)
I'm starting to believe the FBI are actually the good guys these days... YIKES!
--Mike--
*sigh* (Score:4, Interesting)
Re:not as easy as you might think (Score:5, Interesting)
QA generally does not read any code at all, they take the specs for how a routine works, and maybe write some regression tests to make sure it does what it's supposed to, and breaks properly. There's no digging around in the code itself.
As for peer review, when it happens (which it doesn't for every line of code by a long shot) they don't make sure that nobody ever updates that code again without more peer review.
While I don't believe the allegation for a second, it's definitely extremely possible.
Re:not as easy as you might think (Score:2, Interesting)
This thing is clearly a hoax, but..
I don't think this would be all that difficult. It's not like the hack has to be obvious. You wouldn't put something like:
if( strcmp( username, "osama" ) ) { uid=0; }That would be too obvious.
But something more subtle in the logic could easily get through, given the number of such bugs that have made it through without deliberate sabotage.
Not as easy as you might think (Score:4, Interesting)
In the first place, I notice that man is a "suspected" Al Qaeda member. From what I've been seeing lately, anyone who has the wrong kind of accent or a copy of the Koran is a suspected Al Qaeda Member.
Secondly, if this man really is a member of the organization, it should be noted that bravado and misinformation are prime terrorist tactics. It's a lot easier to spread rumours about having planted bombs, or for that matter created software bugs, than it is to actually do it. And you still get the result of people being afraid to fly or afraid to use Windows.
Thirdly, as you said, even if some programmers with less than noble intentions did manage to get employed at Microsoft, the chance that they would be able to intentionally slip in a trojan horse without it being caught in testing are pretty low.
On the other hand, i suppose they couls just sabotage the american way of life by writing bad code, but then Microsoft pays people to do that anyway.
Re:not as easy as you might think (Score:2, Interesting)
likely to be daunted by the Microsoft interview process.
What's next? You guessed it... (Score:2, Interesting)
It's a good thing Skylarov got out of the country when he did. With Bin Laden nowhere to be found in Tora Bora, the hawks have GOT to be hungry for whatever scapegoats they can get their hands on.
Re:Where the hell is Microsoft's PR agency? (Score:3, Interesting)
> Well the way I figure it, they are paranoid enough that someone at MS will try to find out if this is ture or not
> And they will find that there is no way to tell...
Yes, but at least they will qualify for 3 or 4 billion dollars of disaster relief funding, and a play for sympathy may get them a reduced wrist slap from the DoJ.
Re:not as easy as you might think (Score:3, Interesting)
Re:not as easy as you might think (Score:3, Interesting)
That lead me to some considerations:
1- The sabotage would have to be enough so it's usage (or saying I would use it) would cause terror
2- The sabotage would have to be small enough it would pass quality assurance without arousing a flag
3- The sabotage would have to be generic enough so nobody would spot it at a first glance
4- The exploit would have to be complicated enough so nobody else would be able to exploit it before I do
5- This sabotage would have to take a form, or permit some kind of use, that would let me claim responsability for the terrorist act
6- If I could do something misleading, so that when I first attacked, the the original sabotage
would not be found, even after the attack, the better
So, considering all this point, I want to reduce my rating from "Very Probable" to simply "Technicaly Factible".
Unless they are very stupid. Which maybe they are, just like me posting this kind of thing with the FBI sensors and such monitoring everything.
If they arest me for this post, please, let the slashdotters know about it.
Or could it be I'm simply violating the DMCA ?
Re:not as easy as you might think (Score:3, Interesting)
>software company, it's unlikely that anything
> like that would be able to get through.
Speaking as a director of the Federal Aviation Authority, it's unlikely that four planes could be simultaneuously hijacked and . . .
hawk, not really an FAA official
Re:Doesn't work this way (Score:3, Interesting)
> Al Qaeda members aren't supposed to know what the other members
> are doing. Their own mission is revealed to them at the last moment.
That is exactly right. Bin Laden himself said that none of the 9/11 groups (except the leader) knew the others existed or what they were doing. They didn't know what they themselves were doing until they were getting on the plane.
> This guy is probably not even a member of Al Qaeda, he's just a crazy
> guy who's probably too dumb to even be a terrorist.
Oh, he's a terrorist alright, and if Walker is saying what he has been reported to say (attack yesterday), then he is one too. When one of these people have been captured and can do nothing else to support their cause, they use their mouths in one last terrorist attack: spreading wild (but at least remotely believable) rumors to terrify their enemies. After all, the real business of terrorists is not high body counts, but *TERROR*.
Afroze's claims are false, but Microsoft's all consuming greed was leading them to engage in terror marketing (those "buy more or be audited" postcards) prior to 9/11. Greed, terror, and cruelty are all three heads of one terrible monster.
Wisdom overcomes greed.
Courage sends terror running.
Compassion, the greatest power, conquers cruelty.
Mothra, you were right! Heart can reach!
Al Qaeda Tactic? (Score:3, Interesting)
Perhaps these guys have been instructed that if they feel the need to "spill the beans" they should spill 3 or 4 phony beans along with the real ones. That way, our security has to track multiple potential threats. I'm sure nothing would please them more than to see us spend the time and money required to audit all of the Windows code.
Perhaps there is a rational way to tell which threats are real; some kind of "threat profiling".
Re:Two counterpoints take two (Score:2, Interesting)
I don't think they would have had to put a backdoor into the kernel for them to cause problems.
.
Re:*barf* (Score:3, Interesting)
Yeah, be sure and keep that advice in mind the next time you see FUD coming from Microsoft. The only way to stop problem behavior is by pointing it out. You think the antitrust case would have been filed if people just "moved on"? Are the Slashdot editors immune from scrutiny simply because they're anti-Microsoft?
Hypocracy, see above.
Don't believe this!! (Score:3, Interesting)
Bugs?! ... (Score:2, Interesting)