SE Radio 630: Luis Rodríguez on the SSH Backdoor Attack

Luis Rodríguez, CTO of Xygeni.io, joins
host Robert Blumen for a discussion of the recently thwarted
attempt to insert a backdoor in the SSH (Secure Shell) daemon.
OpenSSH is a popular implementation of the protocol used in major
Linux distributions for authentication over a network. Luis
describes how a backdoor in a supporting library was recently
discovered and removed before the package was published to stable
releases of the Linux distros. The conversation explores the
mechanism of the attack through modifying a function table in the
runtime; how the attack was inserted during the build; how the
attack was carefully staged in a series of modifications to the
lz compression library; the nature of “Jia Tan,” the entity who
committed the changes to the open source project; social
engineering that the entity used to gain the trust of the open
source community; what forensics indicates about the location of
the entity; hypotheses about whether criminal or state actors
backed the entity; how the attack was detected; implications for
other open source projects; why traditional methods for detecting
exploits would not have helped find this; and lessons learned by
the community.


Brought to you by IEEE Computer Society and IEEE Software
magazine.