07.08.15
Red Hat and NSA: This is Not News
Red Hat and back doors: poll from FOSS Force
Summary: The return of XKEYSCORE to some media outlets (not news anymore) brings us back to debating Red Hat’s role (also not really news)
QUITE a few sites (see [1-3] below) seem to be talking about Red Hat’s special (but no longer secret) relationship with the NSA, which is not at all news. The NSA uses a lot of RHEL (and also Fedora) on some malicious spying equipment, based on various NSA leaks. We already wrote a great deal about this back in 2013 [1, 2, 3, 4]. The only new thing we learn from the latest articles is that Red Hat continues to refuse to remark on the subject, even when asked by journalists (see the first article below). █
Related/contextual items from the news:
-
NSA runs its spying activities on Red Hat Linux
A little over two years ago, the first disclosures about the massive surveillance operation being carried out by the NSA were made in the Guardian, thanks to an intrepid contractor named Edward Snowden.
Now comes the rather disturbing information that the NSA runs its XKEYSCORE program — an application that the Intercept, the website run by journalist Glenn Greenwald, describes as NSA’s Google for private communications — for the most part on Red Hat Linux servers.
-
Evil NSA runs on saintly Linux, Apache, MySQL
If report is correct, Red Hat’s marketing department has a very tricky customer reference
-
Red Hat Used by NSA Spies, SELinux Possibly Bypassed
SELinux is a product of the NSA and some worried when it was added to Red Hat, Fedora, and later many other distributions. Even before Snowden revealed the massive government spying, having the NSA anywhere near Linux activated certain Spidey-senses. Now we learn that SELinux may have had an exploit for bypassing the security enforcements. Italian software company Hacking Team, who admits to providing “technology to the worldwide law enforcement and intelligence communities,” has been selling technology to governments (most with bad human rights records) to assist in gathering surveillance data on citizens, groups, journalists, and other governments. Recently Hacking Team was hacked and their information has been leaked onto the Internet. Besides the SELinux exploit, it’s been reported that the FBI, U.S. Army, and the Drug Enforcement Agency are or were customers of Hacking Team’s services.