Lunduke
News • Science & Tech
The creator of UNIX built a Trojan Horse which let him log in to any UNIX machine.
And nobody knew about it for years.
May 05, 2024
post photo preview

Back in 1984, the Association for Computing Machinery presented Ken Thompson with a “Turing Award” for his many contributions to the world of computing.

And for good reason.

Ken worked on Multics, co-created UNIX, created multiple programming languages (Bon and B — which directly led to C), co-created the Plan 9 operating system, UTF-8, and on and on.  If anyone deserves an award for advancing computing... it's Ken Thompson.

But we’re not here today to talk about those extraordinary contributions to computing.

No, sir.

We’re here to talk… about his acceptance speech.

Because that speech revealed a truly fascinatin computer virus that Thompson had created years earlier… for the C compiler.  One which gave him a backdoor into UNIX itself.

The Speech

He titled his speech “Reflections on Trusting Trust”, and the basic premise is this:

“To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.”

To prove his point, Ken told the tale of how he had — years earlier — created what was, essentially, a computer virus that infected the C compiler (cc) and the UNIX login program.

Seriously.

This is real.

Ken could gain control of most UNIX systems

It worked, essentially, like this:

Ken modified cc (the C compiler on UNIX systems) so that — only when it was compiling UNIX’s “login” program — it would inject a small “backdoor” (into “login”) that would allow him to log in as any user on the system if he used a predefined “password”.

Which is, obviously, a pretty big security hole.

However…

That sort of "universall password" code would be likely to be found during even a rudimentary code review of the C compiler. Or, heck, even by any casual programmer who happened upon that section of the code.

What Ken did next was… devious.

Hiding his UNIX backdoor

He needed to make sure that, should anyone find his nefarious code in “cc”… that his backdoor would live on.

So he then added functionality to “cc” so that it would detect if it was compiling itself (because the C compiler was compiled… in the C compiler)… and insert code into the compiler that would add… itself.

Which means…

Even if the source code is removed from “cc” project… the code (for adding both the login backdoor and the “keep adding this to the C compiler” bits) would get “invisibly” injected into “cc” every time it got compiled by an already infected build of the compiler.

So… as long as there was an unbroken chain of using the C compiler from that point onward, the UNIX login backdoor was unlikely to be effectively removed.

Brutal.

According to Thompson:

“The actual bug I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.”

The Moral of the story

As Ken Thompson put it…

“The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.”

Did this make it out into the wild?

I know what you're thinking.  "Is this code still out there?  How many systems were impacted by this?"

What we know: This bit of naughty code was released to at least one machine (used by a UNIX support group). This has been confirmed by Ken, himself.

However, it is believed that the code went no further than that machine.

But... do we know for sure?

Do we actually have a high level of confidence that the modified “cc” and “login” went no further than that support group UNIX box?

No. No, we do not.

In fact, according to Eric S. Raymond

“[I have] heard two separate reports that suggest that the crocked login did make it out of Bell Labs, notably to BBN, and that it enabled at least one late-night login across the network by someone using the login name “kt”.”

BBN.  That's Raytheon.  A critical DARPA researcher -- one which was instrumental in the early days of ARPANET.  A huge amount of software came out of BBN.  Heck, even the first Text Adventure game came from there.

If UNIX machines at Raytheon BBN were infected... the possibility of infected versions of those files making it to other sites is incredibly high.

Truly wild

Which leads to a (rather amusing, and mildly terrifying) bit of historical trivia:

Ken Thompson — one of the co-creators of UNIX — intentionally created a trojan horse that infected both the C compiler and the “login” program of UNIX systems.

What’s more… it went undetected for years.  We wouldn't even have known about it, if he hadn't told us he created it.

And we truly have no clue how widespread that trojan became.

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
22
What else you may like…
Videos
Podcasts
Posts
Articles
October 29, 2025
KDE Says X Users Are Nazis

GNOME & Fedora call Jews "Nazis". Canonical, Debian, & GNOME call XLibre "Nazis". NixOS calls Conservatives "Nazis". And now KDE says Elon Musk, and all X users, are "Nazis".

More from The Lunduke Journal:
https://lunduke.com/

00:18:42
October 28, 2025
Python Says Discriminatory DEI Policies More Important Than $1.5 Million Dollars

The Python Software Foundation has turned down a $1.5 Million Dollar grant from the US government, as it would require them to cease discriminatory Diversity, Equity, & Inclusion practices.

More from The Lunduke Journal:
https://lunduke.com/

00:19:23
October 27, 2025
$20,000 Bounty Offered to Bribe FFmpeg Team to Fire Contributor

A popular YouTuber named Theo Browne offered $20k to the Open Source FFmpeg team if they remove their social media person, who Theo calls a "motherf***er".

The X Thread:
https://x.com/LundukeJournal/status/1982569289237352620

More from The Lunduke Journal:
https://lunduke.com/

00:26:32
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

@Lunduke this seems like it would be in your wheelhouse. wordpress did a sudden TOS change, and used it as an excuse to nuke the site of this arms accessory maker. https://x.com/L6_Underground/status/1983966847977341066

🤔 If A.I. Is So Great at "Vibe Coding" - then Let It Prove Itself with 100% DevOps in PHP.
😼

post photo preview
5 hours ago

Windows 11 tracking runs deep...

Your Windows 11 Computer’s Hidden Spy: The Dark Truth About TPM Chips - YouTube

50% Off The Lunduke Journal through Oct 31

Holy moly, there’s a lot of new Free Subscribers to The Lunduke Journal!

As a way of saying “Welcome!” to all of you new people, here’s a little (well… big) discount on full subscriptions.

50% off all types of Subscriptions (Monthly, Yearly, and Lifetime) through October 31st (Friday).

All of these discounted Subscriptions come with all of the perks:

  • DRM-Free MP4 Downloads of all videos.

  • Full access to the exclusive forum.

  • And a bunch of nerdy eBooks.

Scroll down. Pick whichever subscription type makes sense to you — ranging from a $3 monthly sub… to a Lifetime subscription (I highly recommend picking one up, it is so choice).

Then grab some of those perks and pat yourself on the back for keeping truly independent, Big-Tech free Tech Journalism alive and kicking!

50% Off Yearly or Monthly Subscriptions:

Available via both Locals and Substack. (This includes full access the community Forum, and all other perks.)

That means $3 / Month. Or $27 / Year (which works out to $2.25 / Month).

Via Lunduke.Locals.com:

Via Lunduke.Substack.com:

Note: You can also grab a Monthly subscription via X, YouTube, or Patreon. There’s no way to offer a discount on those platforms. But those are still good options!

The Famous Lifetime Subscription:

The “World Famous Lunduke Journal Lifetime Subscription” is exactly what it sounds like. Pay once and get full access to The Lunduke Journal. For life.

Now, through Monday, October 31st, you can snag one at a crazy discount. Normally these are $300… but you can grab one for $150. (You can also pay more if you’d like to donate a little extra.)

The Lifetime Subscription can be obtained via Locals, Substack, or using Bitcoin. All three options work great and are super easy (& all three include access to all of the perks). Scroll down and choose your option.

Note: The Lifetime Subscription only applies to Substack and Locals. Other platforms (such as X, Patreon, & YouTube) do not provide the functionality necessary to create Lifetime Subscriptions.

How to get a Lifetime Subscription via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Select “Give Once“.

  3. Enter “150“ (or more) into the amount field.

  4. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

How to get a Lifetime Subscription via Substack:

  1. Go to Lunduke.Substack.com/subscribe.

  2. Select the “Lifetime Subscription” option.

  3. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):

  1. Make a free account on Lunduke.Locals.com.

  2. Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).

  3. Lunduke will toss you an email once your account is set to full lifetime status on Locals.

How to get a Lifetime Subscription with Bitcoin:

You can also obtain a Lifetime Subscription via Bitcoin.

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email “bryan at lunduke.com” with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com (or both).

No matter which type of subscription you choose, thank you for your support! Every subscription goes directly towards keeping The Lunduke Journal running well into the future.

-Lunduke

Read full Article
October 15, 2025
post photo preview
The Unpublished Anti-Lunduke Hit-Piece
A Tech Journalist interviewed me for a hit-piece article. But the questions made them look bad, and they shelved the story. So I'm publishing their hit-piece for them.

Back in September, shortly after the assassination of Charlie Kirk, I was contacted by a Tech Journalist writing for FossForce.com (a smaller, Open Source focused publication) who was working on an article around Open Source, Antifa, and the Lunduke Journal’s coverage of those topics.

This particular outlet had, several months prior, run an “anti-Lunduke” hit piece without first reaching out for comment — which resulted in their most popular article (at least on social media) in quite some time.

With that in mind, it seemed reasonable that they’d want to repeat that success with another “anti-Lunduke” story.

This time they were doing the responsible thing. They reached out to the subject of the hit-piece article with questions. I like encouraging Tech Journalists when they do actual journalism, so I answered each and every query with easy-to-quote responses.

But, it would appear that the answers they received were not conducive to creating the hit-piece they were hoping for — my guess is they realized their questions made them look like the villain in the story. The villain they, clearly, hoped to portray me as.

They opted to not publish the piece.

So I’m publishing their hit-piece for them.

Below is every question — and every answer (with no edits) — which I was asked, on September 19th, by a Tech Journalist by the name of Christine Hall, writing for FossForce.

Fair warning: This is very, very politically charged.

Enjoy.


September 19th

Hall:

The last time I mentioned you in an article, you castigated me for not reaching out to you beforehand. Well, I’m reaching out now. We’ll see what comes of this.

You do recognize that the vast majority of organizations using the term antifa as a descriptor are not in the least bit terrorist and pose no threat to society -- and indeed, the only threats they might pose to fascist groups are not physical or life-harming?

Lunduke:

Hello Christine! Nice to hear from you!

Many, if not most, of those proclaiming support for Antifa (within Open Source) have also made statements encouraging or supporting violence and discrimination.

Regardless of that fact -- which I have documented extensively in Lunduke Journal coverage -- when violent acts are committed (such as murder, riots, and lynchings) in the name of “Antifa”, to turn around and immediately declare yourself to be “Antifa” is a clear declaration of support of that violence.

Hall:

And why did you feel it necessary to call out Danielle Foré’s [the founder of the elementary OS Linux Distribution] trans status in such an ugly manner?

Lunduke:

There is a noteworthy overlap between “Trans activism” and support for political violence -- including in the recent murder of Charlie Kirk (the murderer’s boyfriend was “Trans”).

In the case of Daniel Fore, he, a leader of an Open Source project, regularly calls for discrimination (and violence) against people he disagrees with -- often in conjunction with his self-declaration as “Trans”.

Thus, his declaration of being “Trans” becomes a part of the overall story.

It is worth noting here that The Lunduke Journal has never -- and would never -- call for discrimination or violence against someone because of how they identify or who they may (or may not) vote for.

This is in stark contrast those, such as Mr. Fore, who consider themselves “Trans” or “Antifa” -- who actively advocate for both discrimination and violence.

Hall:

Mentioning a person’s trans status in ways that are pertinent to your argument necessates rudeness such as calling her a “dude who likes to wear dresses”?

Lunduke:

Dan Fore is, in fact, a dude who likes to wear dresses.

The only reason to view that as a negative is if you view dudes wearing dresses as a negative.

Hall:

I’ll quote you on that, which I’m pretty sure won’t bother you in the least.

Lunduke:

Absolutely! Quote anything I say here. In fact, I suggest quoting absolutely everything I’ve written to you here, today.

Hall:

You also understand, don’t you, that voicing disagreement with an assessment made by POTUS is not only legal but a healthy part of the national dialog.

Lunduke:

Absolutely! Did I say somewhere that it was illegal to disagree with a politician? It seems unlikely that I have ever said that.

Hall:

Also, how would you reply to this:

There have been very few murders linked to individuals associated with Antifa, some incidents of rioting attributed to Antifa supporters, and no credible evidence of lynchings conducted in the name of Antifa. Compared to far-right groups, violence attributed to Antifa is much less frequent and lethal, with only one suspected kill—Aaron Danielson in Portland, by an anti-fascist activist—officially confirmed in recent U.S. history.

Lunduke:

Murder is bad. I am opposed to all murder.

In the context of these discussions, bearing in mind the Kirk murder is important (as many statements were made in response to it). The murderer of Kirk appears to have been pro-Trans and pro-Antifa (based on all available information).

Hall:

Is there any evidence that the suspect was part of an antifa group? I haven’t seen any.

Lunduke:

I have seen some reporting to this effect (including statements from family and messages he wrote).

But, far more important to this story, is the response to the murder among Antifa supporters (including those within Open Source). A large portion of Antifa supporters have celebrated the murder as justified because it killed someone they considered to be a “fascist”.

Hall:

Also, no group should be held responsible for what some deranged person who identifies with the group has done.

Lunduke:

I agree that a broader group should not be held responsible for the actions of a small number of individuals.

However, and this is critically important, it is entirely appropriate to hold people responsible for their own statements and actions.

With that in mind: The overall messaging of Antifa (and Antifa supporters) tends heavily towards violence. Punching, killing, molotov cocktails, etc. are all common messaging used by Antifa (including by those I quote within the Open Source world -- many of whom have advocated violence against myself).

Advocating for violence, then celebrating when violence is committed, are not good things.

Yet we see a great deal of that among Open Source supporters of Antifa.

Read full Article
October 13, 2025
Sale ends in a few hours, Lifetime Subs set up.

Holy moly, you guys are amazing.

A few days ago I published a “50% off” sale for Lunduke Journal subscriptions… and all of you showed up. In a big way.

To everyone who grabbed a Lifetime Subscription over the last few days: All of you are set to full Lifetime access. You should have a confirmation email in your inbox. If not, email me and I’ll make sure you’re setup properly.

That “50% off” sale ends tonight at midnight. So you have a few hours to snag a discounted subscription, if you haven’t already.

A huge thank you to everyone who supports this work. Couldn’t do it without you.

-Lunduke

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals