Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet/Flame/Duqu Uses GPL Code

Posted by Unknown on from the state-sponsored-piracy dept.

David Gerard writes "It seems the authors of Stuxnet/Duqu/Flame used the LZO library, which is straight-up GPL. And so, someone has asked the U.S. government to release the code under the GPL. (Other code uses various permissive licenses. As works of the U.S. federal government, the rest is of course public domain.) Perhaps the author could enlist the SFLC to send a copyright notice to the U.S. government..."

4 of 221 comments (clear)

  1. Clever idea, actually. by drinkypoo · · Score: 4, Interesting

    Someone with gigantic balls of steel should file a FOIA on this basis.

    It would be interesting to see if the request would even be acknowledged.

    What makes the idea clever is that it's a public request (and publicise the hell out of it!) and it's powered by copyright. This is why the GPL is so effective...

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Re:is the CIA selling these viruses? by TheSpoom · · Score: 4, Interesting

    Distribute, not sell. (Though you absolutely have the right to sell GPL code as well, as long as you abide by the rest of the license and release your source.)

    In any case, I'm guessing that one of the following things will happen:

    - Some sort of secrecy / national security provision is given as a reason source cannot be released (1% probability)
    - Changes to the GPL portions are released (0.01% probability)
    - Stone-cold silence (98.99% probability)

    Remember, the US Government hasn't even acknowledged that they created these worms. We're still firmly in the "plausible deniability" phase.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  3. Re:Who gets to request code? by samkass · · Score: 4, Interesting

    Also, you'll have to prove in a court of law that the Government did, in fact, distribute the software; that the recipient requested and was denied the source code; and that the owners of the Copyright have standing to sue. That's even before Sovereign issues. I'm not optimistic.

    --
    E pluribus unum
  4. Re:Not gonna happen by T.E.D. · · Score: 4, Interesting
    I have three issues with this:
    1. Does a virus spreading itself really count as "distribution" under the GPL? It could be argued that copying itself (sometimes to places it isn't wanted) is just the normal execution of this particular program (which the GPL always allows), not a proper "distribution". It's not like Iran called up the DoD and asked for its latest malicious virus.
    2. Legally you have to hold the party you got your distribution from liable for a GPL violation. That's the way the license is written. Thus to hold the DoD liable, you'd have to be the person who got your copy of the virus direct from them, not from another infected party. In other words, you have to be "patient zero". Who could prove that in court?
    3. The USA has laws against copying classified programs. So its quite possible the DoD could decide to turn around and arrest the litigant for posessing and/or distributing classified material.