Red Hat Used by NSA Spies, SELinux Possibly Bypassed

by Ostatic Staff - Jul. 08, 2015

Sam Varghese, grumpy Linux and Open Source journalist, today wrote that the NSA is using Red Hat to spy on the world and asked, "Should Red Hat be dealing with an organisation like the NSA and helping it to spy on the world at large?" In related news, a big hack of Hacking Team revealed an exploit for bypassing SELinux security enforcements; a service reportedly used by the FBI and DEA. Elsewhere, Debian begins switch to GCC 5 and a new site for KDE activity reports is launched.

Sam Varghese today wrote that "the NSA runs its XKEYSCORE program for the most part on Red Hat Linux servers." The report he sourced said, "The sheer quantity of communications that XKEYSCORE processes, filters and queries is stunning. Around the world, when a person gets online to do anything there's a decent chance that the Internet traffic her device sends and receives is getting collected and processed by one of XKEYSCORE’s hundreds of servers scattered across the globe." They have hundreds of servers collecting over 20 terrabytes of data a day (and that's an old estimate). They employee a search engine much like Googles to search for key words, phrases, and whatever.  The passage Varghese is concerned about reads:

XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.

Varghese tried to get a comment from Red Hat but was told no one was available to speak on the subject at the moment. He also noted that SUSE always gives a direct answer when asked about similar topics.  Red Hat openly posted in 2012 of its collaboration with the US government. It said then:

To this day, the U.S. Army remains one of Red Hat’s largest customers by volume. The city of Chicago, the Federal Reserve, the states of Tennessee and North Carolina, the U.S. Courts, the U.S. Census Bureau, and the California Public Employees’ Retirement System and hundreds of others switched to Red Hat. This development helped open the doors to the DOD and intelligence communities. Red Hat is proud of the critical role Red Hat Enterprise Linux has played in this deep and meaningful collaboration with our government customers.

SELinux is a product of the NSA and some worried when it was added to Red Hat, Fedora, and later many other distributions. Even before Snowden revealed the massive government spying, having the NSA anywhere near Linux activated certain Spidey-senses. Now we learn that SELinux may have had an exploit for bypassing the security enforcements. Italian software company Hacking Team, who admits to providing "technology to the worldwide law enforcement and intelligence communities," has been selling technology to governments (most with bad human rights records) to assist in gathering surveillance data on citizens, groups, journalists, and other governments. Recently Hacking Team was hacked and their information has been leaked onto the Internet. Besides the SELinux exploit, it's been reported that the FBI, U.S. Army, and the Drug Enforcement Agency are or were customers of Hacking Team's services.

In other news:

* KDE project activity reports

* Penguin-powered Pretend PCs

* Debian Will Soon Make GCC 5 Its Default Compiler