Slashdot Mirror

← Back to Stories (view on slashdot.org)

al Qaeda Hacks XP?

Posted by ryuzaki0 on from the conspiracy-theories-and-bears-oh-my dept.

acaird writes "According to this article at Newbytes, members of al Qaeda may have worked for Microsoft and planted "trojans, trapdoors, and bugs in Windows XP"." This stuff screams of hoax to me, but it is showing up on the Washington Post.

6 of 736 comments (clear)

  1. For once, I'm sympathising with MS by Rogerborg · · Score: 4, Insightful
    • A suspected member of the Al Qaeda terrorist network claimed that Islamic militants infiltrated Microsoft and sabotaged the company's Windows XP operating system, according to a source close to Indian police.

    Look at the effect they've already had on the global airline and tourist industries, based on a net increase in danger that's insignificant compared to road deaths. Score one for the terrorists.

    And here come the ill considered security measures and infringements of civil liberties. We defend Freedom by taking it away. Score two.

    Then it was time to target the the government, postal service and law enforcement with a few packets of a not particularly lethal virus (sympathies to the victims though). Again, the big impact is from the FUD, as law enforcement chase hoaxes and benign packages all over the country. Score three.

    Now it's software. "All your code base belong to us!" they rant. Expect the hoaxers to jump on this and a new rash of bin Laden themed virii and worms to appear. It's pure FUD, but the problem is reassuring easily frightened and confused non-techies that it isn't true. How do you disprove the existence of allegedly hidden code?

    And so for once I'm actually going to get on the bandwagon with Microsoft and give this zero credibility. This pathetic piece of bluster should not be allowed to put anyone off using XP. There's plenty of real reasons for not using it, but this isn't one of them.

    --
    If you were blocking sigs, you wouldn't have to read this.
  2. Re:not as easy as you might think by morcego · · Score: 5, Insightful

    I'm not sure.
    You see, I work for a not so big software company right now, but I used to.
    It's not that hard to sneak some malicious code into the final product. Quality Arrusance is usualy made only by using the software, not by analising the code. And even if they do analise the code, it's quite trivial to introduce some obscure buffer overflow.
    Also, we are forced to remember about that hacking of microsoft internal network some time ago, which they "claimed" give the hackers no access to the code base.
    I hate bin Laden as much as the next guy, and think he should die. But, even being a fanactic, the guy is inteligent. And has recources, both personel and money. I think it's very likely he would attempt something like this. I know, in his shoes, I would.

    --
    morcego
  3. Two counterpoints by Mr.+Fred+Smoothie · · Score: 5, Insightful
    In a million-plus line codebase for a product under deadline pressure, while official policy might be that "every line is checked", in reality this is highly unlikely to happen. The coders and their managers may assure the suits, "Yeah, we reviewd every line of code," but they'd be lying. It just doesn't happen. It's one of those things that everyone knows is *supposed* to happen and most people know doesn't *really* happen.

    Secondly, while I agree that it's unlikely that a terrorist would approach a 13-year old kid and say, "Hey, you should start excelling in Math and then attend college to get a CS degree so that 10 years from now you can go work at Microsoft for 4 years or so (enough to gain the confidence of your managers) and then start putting back doors and bugs in their OS," it's far more plausible that a terrorist would approach a already working programmer who's naive and idealistic -- and perhaps *already* working at and trusted by managers at Microsoft -- and say, "Hey, here's how you can really help your faith..."

    --

  4. Re:Where the hell is Microsoft's PR agency? by GTRacer · · Score: 5, Insightful
    That may be the Al-qeada plan to destroy America. make sure all MS products stop working after a certain date...

    What, you mean Microsoft Product Activation and Passport subscriptions?

    GTRacer
    - How much for WinXP Corporate?

    --
    Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
  5. Doesn't work this way by WildBeast · · Score: 4, Insightful

    Al Qaeda members aren't supposed to know what the other members are doing. Their own mission is revealed to them at the last moment.

    In the article they mention the following : "authorities find some of his claims inconsistent and "too theatrical to believe.""

    This guy is probably not even a member of Al Qaeda, he's just a crazy guy who's probably too dumb to even be a terrorist.

  6. Re:not as easy as you might think by Jason+Earl · · Score: 5, Insightful

    That's assuming that the terrorists would actually have to plant backdoors. It would be far less dangerous, and far easier, to simply look for buffer overflows and then not report them to management. What good is a peer review if your "peer" is actually looking for exploitable code for their own ends. A remotely exploitable buffer overflow is every bit as good as a backdoor, and if they were in QA they wouldn't even have to write it themselves, they would simply have to let it slide through.

    Now, I am not saying that the Al Qaeda has penetrated Microsoft, but I can't imagine that someone working at Microsoft hasn't been tempted to simply overlook a buffer overflow. Especially now that Windows is being used to run some very tempting targets.