Backdoor Found In Hacked Version of Anti-Censorship Tool Simurgh

wiredmikey writes "Simurgh, a privacy tool used in Iran and Syria to bypass Internet censorship and governmental monitoring, is being circulated with a backdoor. The compromised version has been offered on P2P networks and via web searches. Research conducted by CitizenLab.org has shown that the malicious version isn't available from the original software source, only through third-party access, so it appears that Simurgh has been repackaged. The troubling aspect of the malicious version is that while it does install the proxy as expected, it then adds a keylogging component, and ships the recorded information off to a server hosted in the U.S. and registered to a person in Saudi Arabia. In response to this attack, the team that develops Simurgh has instituted a check that will warn the user if they are running a compromised version of the software. At present, it is unknown who developed the hijacked version of Simurgh, or why they did so."

Break the trust network

[girlintraining]

Censorship is ultimately about breaking trust networks. Pro-censorship governments almost always want the citizens to trust them above all other sources. Cryptography, anti-censorship proxies, and other communication mediums provide an external point of view. This is only dangerous to governments that aren't telling the truth -- in which case, their reaction to such communication mediums is from an understanding of how much that trust would be damaged if word got out about what they're really doing. What this means is, it's obvious that such a government would poison pill any alternatives by making them appear (or interfering with them in such as a way as to cause them) to be untrustworthy. The malware may or may not have been released by the government; It's doubtful we'll ever know the truth, but it is obviously in the government's best interests to damage the reliability of any kind of 'bypass' software.

Disclaimer: Many governments, including those who claim to be "free" engage in similar behavior. Your government is not exempt from this behavior.

Re:Break the trust network

[cheekyjohnson]

Your government is not exempt from this behavior.

But... land of the free! My government would never abuse its citizens! That's why censorship, the TSA, warrantless wiretapping, questionable wars, indefinite detainment, and torture are all perfectly acceptable. If they claim doing those will stop the terrorists or protect the children, of course.

Re:Break the trust network

[localman57]

perhaps there may be some useful evidence as to the authors' identity. I'm willing to wager that Citizen Lab and others are working on it now

Who cares, though, really? I mean, if the guy was in the US, I suppose you could prosecute him. Maybe. But in the grand scheme of things, it's pretty clear that Assad is using artillery against civilians on a regular basis, and the Green movement was put down in Iran by force. Given the international response we've seen for these things (I'm not implying that there was a clear course of action to take, just that there was a lot of inaction), who's gonna give a shit about a keylogger?

Obviously, this is Slashdot, and people enjoy thinking through the technical aspect of these things--how to solve the mystery. But even if you solve it, the solution isn't worth much, I'm afraid.

Mr. Potato Head!

[Lucas123]

Mister Potato Head! Back doors are not secrets!

Re:Pffft !!

[John+Hasler]

That's bullshit. The Register