Slashdot Mirror
Leaked Memo Says Apple Provides Backdoor To Governments
Voline writes "In a tweet early this morning, cybersecurity researcher Christopher Soghoian pointed to an internal memo of India's Military Intelligence that has been liberated by hackers and posted on the Net. The memo suggests that, "in exchange for the Indian market presence" mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as "RINOA") have agreed to provide backdoor access on their devices.
The Indian government then "utilized backdoors provided by RINOA" to intercept internal emails of the U.S.-China Economic and Security Review Commission, a U.S. government body with a mandate to monitor, investigate and report to Congress on 'the national security implications of the bilateral trade and economic relationship' between the U.S. and China. Manan Kakkar, an Indian blogger for ZDNet, has also picked up the story and writes that it may be the fruits of an earlier hack of Symantec. If Apple is providing governments with a backdoor to iOS, can we assume that they have also done so with Mac OS X?"
The shiny backdoors the US government was so keen on to spy on its own citizens are also used by foreign governments to spy on the US government. Maybe security and privacy is worth something after all.
I think we can safely assume any closed operating system is backdoored. If I was a foriegn government I'd never use an operating system that I couldn't compile from source myself. I think this is one reason that MS was let off from the Fedreal Lawsuit so easily, so they could aid in surveillance. It makes sense, if I was in their shoes I'd do the same.
And because they're guilty of one type of bad act, they're guilty of all types of bad acts? Like when I shoplifted last week, got caught, and am now on death row for murder, because being guilty of shoplifting makes me guilty of all other crimes.
Let me know when you find the article that says MS sold access to their phones and operating systems to open up a lucrative market. Anti-trust is bad, but it's not remotely related to selling backdoors for market access.
$_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
Everyone has done something illegal. They might not know it and it might not have been immoral. As long as you can monitor everything they do you can find a reason to send them to jail if they start to express 'undesirable' opinions.
I can be more specific. All programmers violate patent law every time they code, whether they release their code or not.
question:
How is it we've accepted a set of laws that guarantee we'll be lawbreakers subject to enormous civil fines and seizure and what can we do?
answer: publicly funded elections.
puzzler: explain the answer
Question: We've given way too much power to the government and we are about to be trapped in a dystopian police state. What can we do to stop it before tos too late?
Answer: Give the government control over campaign finance as well.
Puzzler: Why do I have a bad feeling about this?
The Stasi is a very interesting example. That deserves a closer look, to dispel any notions that any of the current *** outfits is remotely comparable.
First, the Stasi might not have been all that well paid in monetary terms. But the sum total of what a full Stasi employee in good standing had access to (by local standards very nice holiday opportunities for the family, better housing, sometimes even a car, and whatnot) arguably pretty much made them a separate class within the East German state. Not as well off as the actual party apparatchiks, but far ahead of any normal citizen. In a communist society, money couldn't buy you all that much anyway, so one has to look at the broader picture to assess how "well off" someone was in that sort of society.
Second, the Stasi was never the same thing as the regular police of East Germany. They were always a separate entity that was tasked with things such as (counter-)espionage both at home and abroad (by all means, including dirty ones), and the silencing of political dissenters (again by all means deemed necessary) - but never with regular policing as such. This distinction, and in particular their refreshing openness about "any means necessary for the job" being acceptable, is, at least in my opinion, an important point to note. The Stasi never had any pretensions about being an organisation that deemed itself entirely above the law. They were the "sword and shield of the party" (that was actually their official motto) - and to them, no moral or legal standards applied, except their own.
Which is a *huge* difference from even a very corrupt U.S. police department, or the bad parts of, say, an alphabet soup agency. Nowhere in the U.S. will you find members of the intelligence community who are openly contemptuous of the rule of law. Corrupt and evil things unfortunately do happen in law enforcement circles, but they are never an *accepted part of the organisation's official culture* like they were with the Stasi.
And by extension, there is also a third point that follows from what I just said. The Stasi was an organisation which actively recruited persons who were, well, fairly "special" in that they felt right at home in that sort of environment. The only really valid criticism of the (otherwise fantastic) film "The Lives of Others" that I have head so far is that someone like the protagonist (a Stasi officer who develops second thoughts about his "work") would never have been recruited in the first place, because the Stasi was very good at avoiding anyone who might be liable to start asking questions later. During the entire existence of the DDR, there were practically no defections worth mentioning of anyone within the Stasi. Which is a pretty impressive track record, given the huge size of that organisation.
This has implications for the existing U.S. intelligence services insofar as running an outfit like the Stasi apparently required active psychological monitoring to seed out dissenters, in order to build up the very special cadre of people you need for such a psychopathic organisation. For instance, the Stasi reputedly had an extremely anti-intellectual "work culture", which, amongst many other things, helped to get rid of anyone who was likely to think too much on his own.
The existing U.S. intelligence services are all *not* built on such psychopathic foundations. Recruitment happens pretty much from the general population (pending security clearance, and all that, but still), so the personnel base of the *** agencies is nowhere near the kind of pathological personality mix you would need to run a Stasi. Or, even more importantly, to transform an existing *** agency into a Stasi. Even with the more or less scary developments of the past few years, this should give some consolation to those of you who worry where all this will lead to. Something like the Stasi does not happen easily, and not overnight. And it does *not* grow out of the institutions of a normal society. The *** agencies might not all be very nice and cuddly, but fortunately, there is a world of difference still.
2 weeks after my wife and I bought our house in 2001, I was laid off. After 3 months of searching 9/11 happened, and the shit really hit the fan. Silicon Valley for a time looked like a ghost town. Moving trucks were moving east (getting the fuck out of dodge so to speak)
A year later I wound up getting a crappy job at a bar. 10 years later I'm still here, working on my own software that runs certain aspects of the bar (very profitably I might add) When we bought our house in 2001 interest rates were sky high, and the wife and I thought our futures in tech were pretty secured. I think we were at 10% interest. We refinanced twice over the 10 years trying to keep payments down so we could stay in our house.
In the last 2 years the ARM on our loan got so high we were paying over $1600@mo for the new interest charges alone. We were virtually on the brink of losing our house. Then the "Obama Affordable home" plan was passed. Bank of America didn't make it easy. My wife had to call them every single day for a year. (like calling your AT&T subcontractor when your T1 goes down) At one point they denied us because "We couldn't verify your identity" (one of the loan modders wrote my social security number down wrong)
Despite what you might think of Obama.. He's just doing the best he can. He's no Bill Clinton, but having to clean up after GWB can't be easy. He stopped the banks from bending over hardworking people. Osama was killed during his term. Troops are withdrawing from Iraq.
I have to wonder how "ahead of the game" the average law enforcement is when it comes to crypto simply because talking to a friend in the state crime lab (he keeps trying to hire me but...damn i don't think i could handle that shit 5 days a week) I have learned that even internet criminals are like most criminals and just very very very very...dumb. I mean stupid on whole never before seen levels of dipshit, just ignorant like you wouldn't believe. I had to cook up a batch file for my buddy last year because all his tools are based on NTFS and he couldn't recall off the top of his head the old DOS commands and they had found a braintrust still using Win98SE! Sure enough Mr Dipshit had hidden enough CP on his drive to get himself 300 years by dropping it in a subfolder in the Windows folder. no crypto, hell not even a password protected zip file, just dropped in a damned folder.
So while I'm sure the NSA and Interpol have some chops simply because they have to deal with foreign powers and spies I have to wonder if the rest simply are up on their game because the "cyber criminals" they have to deal with are about as smart as the dipshit we had rob a bank last year while wearing his workshirt with his name and the name of the company in bold letters right on the front. Hell the lettering was big enough they could just read the shirt right off the security cam and sure enough Mr braintrust showed up for work the very next day and was shocked! Shocked I tell you! That they had managed to catch his brilliant ass.
ACs don't waste your time replying, your posts are never seen by me.
A smart backdoor would look like a bug and could easily be explained away as such...
Tee hee. A while ago, one of the hacker sites had a competition to see who could hide a "backdoor" -- the idea was to take an image in a script compatible form (all the numbers were in text, rather than in binaries), black out a certain region (think redaction), and still have some way to have the redacted area be recoverable when the right inputs were given.
The catch? The code would be given a peer review, so you had to come up with something that would pass most attempts at oversight.
A lot of people tried to hide stuff in "error detection" routines.
The winning code had no bugs of any kind. It did perfect redaction of the specified area. No flaws, no errors, nothing to be spotted in code review.
Except for one oddball usage of fetching and writing individual characters -- getc() and putc(). The author explained that as an attempt to make sure that no matter what was in the input data, no matter how messed up the graphics were in an attempt to break the code, it would not have any overruns, no undefined behavior, etc.
Result? The "black" would be written out as "0", "00", or "000", depending on the light level of the source. For all three color channels.
Absolutely unnoticeable when viewed on a viewer. There was no hidden alpha channel, no slight alternation between black-0 and black-1, etc.
Yet you could still recover readable text, almost perfect pictures, etc.
Security hole back door? Very doable.
Hm, I wonder if a smart keyboard ran its own OS, like Android, running an X client over a network to the main PC's X server, if that would secure the aggregated workstation better against keyloggers and other similar devices. Not trusting the local buses, which seem harder to secure. An Optimus keyboard might have the HW to run the OS and X client. A monitor that's just an OS and X server over a gigabit ethernet to the main PC might complete the picture. And maybe the whole thing would then run even faster.
Or maybe that all just kicks the can a little down the road, to where a keylogger or other spyware just infests the "app host" PC at the core.
--
make install -not war