What is Linux & BSD ?

Linux is a free operating system which is widely used. BSD Unix is a less known free operating system which is used in specialized areas. One of the most popular uses is by Netflix for their CDN system.

What is xz backdoor ?

Both Linux and BSD use xz which is a widely used compression utility.  However, the xz project had rogue developers who spent months crafting a backdoor/spyware/malware to activate it in several popular distributions including Ubuntu. On BSD, it wouldn’t have worked right away and required an additional setting present (see this link: https://www.wired.com/story/xz-backdoor-everything-you-need-to-know/)

Reverse engineering the xz backdoor/malware/spyware

By reverse engineering the xz backdoor, a discovery was made which caught the attention of cyberstorm.mu members: the xz backdoor used arc4random with a twist ! Common wisdom was dropping 2048 bytes out of the rc4 output stream. Several members of cyberstorm.mu had worked on improving RC4 code when the CIA/Vault7 leak came out back in the days. Now, this sophisticated malware/backdoor/spyware had a better RC4 code which dropped 4096 bytes out of the output stream.

We spoke to a couple of cryptographers regarding our discovery and proposed patch forward.

 

Hackathon started

We audited several open source  implementations and we started fixing them. Libevent, a widely used library on Linux, BSD, android and iphones has its own arc4random implementation. We proposed our initial fix to the libevent developers who decided to merge it until we come up with a better replacement for rc4 which is showing its age.

 

 

Cyberstorm.mu is one of the few tech user groups in africa which took concrete actions following the xz backdoor incident. Talk is cheap, show us the code :- )?

 

Article by Loganaden Velvindron, member of cyberstorm.mu