Slashdot Mirror
NSA Says It Foiled Plot To Destroy US Economy Through Malware
mrspoonsi writes "Business Insider Reports: The National Security Agency described for the first time a cataclysmic cyber threat it claims to have stopped On Sunday's '60 Minutes.' Called a BIOS attack, the exploit would have ruined, or 'bricked,' computers across the country, causing untold damage to the national and even global economy. Even more shocking, CBS goes as far as to point a finger directly at China for the plot — 'While the NSA would not name the country behind it, cyber security experts briefed on the operation told us it was China.' The NSA says it closed this vulnerability by working with computer manufacturers. Debora Plunkett, director of cyber defense for the NSA: One of our analysts actually saw that the nation state had the intention to develop and to deliver — to actually use this capability — to destroy computers."
...and subprime lending really DID destroy the U.S. economy.
Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
But we cant show it to you, its a privet.
Dear aunt, let's set so double the killer delete select all
they are trying to justify their unlawful behavior.
I don't know the history of this, and the linked article is vague on timelines, but it always did seem like UEFI came out of nowhere...
A bios attack? Really? You mean the best cripling attack they can come up with is updating my bios to a copy of doom? NSA attempts to not be seen as the axis of evil yet fails once again
They call themselves the 'intelligence' community, but even that is a lie.
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
Once those pesky real journalists that insist on facts and sources start digging into this, I'd expect the cataclysmic claims will be slowly walked back to something much less sinister, like almost all other claims of thwarted plots.
And this rock keeps tigers away.
so that's a step
Dupe, full of FUD and propoganda. All in one handy to go sized container.
"Spy agency claims world saved by spy agency during week of intense scrutiny of standard operating procedures."
China holds a huge amount of our debt. They want us to buy their stuff and to borrow money from them. Why cripple our economy? Or, even worse, why do something like this that will point a finger back to them and stir up the pot against them? (and possibly lad to embargos, and so on)
NSA wrote the malware and implicated China, because "everyone" "knows" not to trust China.
Please, won't the NSA protect me? It's become clear to me now that the only way to save our cherished freedoms is carpet bombing them.
If these attackers the NSA supposedly thwarted (the Chinese it is speculated), managed to gain control over large numbers of computers with access enough to damage their firmware, it would make far better sense to keep those machines alive and working for them instead. You could cause far more damage to the US economy by keeping those machines alive and pwn3d than if you simply bricked them. A bricked machine will cost a few hundred dollars to fix. A pwn3d machine is a gift that keeps on giving!
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
Does this strike anyone else as being utterly ridiculous? "Cataclysmic"?? I mean, if a bunch of bricked computers could bring down our economy (and possibly the global economy) then isn't the whole thing in need of some serious attention? Maybe we've built an unreasonable amount of dependence on something that is entirely too frail to warrant such trust? - both the computer systems and our current economic system.
Alex, I'll take keybindings not used by Emacs for $400....
I would really like to have a global database accessible to anyone where everyone who actually believes this and other utter nonsense and obvious BS stories is registered. Forum owners and people interacting with such people are then automatically informed by their software whenever they read information from one of those people, and they will have to wear a t-shirt that says "I'm really gullible".
Basically, I don't mind Facebook, Google or the NSA - I *do* mind that they keep the data to themselves and that they exempt themselves. Put everything in the open - and I mean *every thing*. Ooops, that 2nd sentence went off on a tangent...
There's stuxnet, too. Who made that one again?
we need the phone metadata and complete internet activity history and future of every american.
Right, sure they did. A BIOS attack of the sort hinted at in this interview is difficult to believe.
If they worked with computer manufacturers to close some such massive security hole, then they can easily point to the historical vulnerability. The technical community can verify their claims. Failing that, no, I do not believe such an attack ever existed outside the overheated imagination of some technically illiterate NSA bureaucrat.
In other news, I have a bridge I'd like to sell you.
Enjoy life! This is not a dress rehearsal.
FTFY
Here comes Bullshit man to save the day!
http://youtu.be/1lRIQGU2RRk?t=15s
Sorry, I'm not buying it. Despite the NSA's best efforts, Microsoft did release Vista.
Koans and fables for the software engineer
By "stopped" they mean, didn't press the go button
Have been known for years. The problem is you have to gain admin access to the machine first, so basically you are bricking your own botnet.
LOL.
So we have to become like China in order to prevent us being destroyed by China.
(1) What would China gain by this?
(2) How would China prevent this from spreading and destroying their own computers?
Finally!
What about the EFI attack?
Here is what the Guardian has to say about the report http://www.theguardian.com/world/2013/dec/16/nsa-surveillance-60-minutes-cbs-facts
The NSA is keeping us about as safe as the Mars rovers do from martian attacks.... which really is the reason we all know they are there. amiright?
http://en.wikipedia.org/wiki/CIH_(computer_virus)
ps. It didn't destroy the US economy.
Why would China want to destroy US economy? China has a big pile of USD on its hands. It does not make sense!
because I can't imagine the scenario in which they uncovered that plot by looking at the metadata from American cellphones.
NSA needs to stop back pedaling and trying to prove they are a legitimate organization. It's their job to protect us from all types of stuff the general public has never heard of. Maybe they should watch some more Hollywood action films because those actors in the movie are more concerned about OPSEC then the NSA.
Ah the Chinese are so helpful ... oh wait!
I'm sure, due to their hard work, all new computer have hardware jumpers to write protect the BIOS....
A more dangerous cyber threat would be malware that collects all the users personal information and stores it until the malware writer is ready to use it against the victim.
Oops!
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
People don't trust NSA anymore. After all the spying (National and International), declared non-constitutional, they're trying to have better communication? Too late guys ...
Oh my...!
People need to remember when seeing a story like this that the US Intelligence Agencies along with NATO have been implicated in human trafficking, money laundering, extrajudicial murder and we know now domestic espionage with permanent data retention. This story is just a legend they're feeding to the public in relation to the judge's ruling upholding the fourth amendment to the American constitution. We don't need the NSA for any purpose, FISA or the National Security Act. They are labeling nationalists who don't want world government as extremists and these are the people they are tracking for extrajudicial killings in their case management systems.
China has discovered NSA's backdoor into computers, and worked with computer manufacturers to build a much more better and newer back door for NSA.
Hope is the currency of fools
If the concern is "national security" - why are the Nations Leaders(TM) allowing the importation of electronics from China then?
Why "attack" the BIOS - why not just pre-load it with a "phone home" like LG TVs?
Extraordinary claims require extraordinary evidence and there is not one shred of evidence referenced in this article.
So, "China" planned to brick America's computers with a BIOS updating virus. But, the NSA was able to foil the attack by working with computer manufactures? So, they were able to prevent "China" from attacking all the BIOSes that come from... China?
I'm going to give the NSA the benefit of the doubt. I'm going to assume that it was the individual interviewee that was a clueless asshat and that the Agency as a whole is neither that stupid nor stupid enough to think that the public would fall for that lame-brained and fallacious attempt at currying favor.
Microsoft should get the blame for the entire thing.
And should pay for fixing it.
And the prize for The Most Credulous Claim goes to...
If we really cared about viruses destroying the US economy, we wouldn't be still running XP in the business world.
Please. I saw this on 60 Minutes and that entire pandering two-parter on Sunday night was a such a load of bullshit, I could smell it through the TV.
And this segment of it was the worst, because it made no sense. I mean, they dumbed the story down for Ma and Pa in Pigsknuckle Arkansas, but for anyone with even a hint of technical acumen, it came off as complete tripe.
Why *exactly* would China want to destroy the global economy? Such a move would hurt them more than us, because they are in a period of crazy growth, and their entire stability *depends* upon that growth or they'd have rioting.
Secondly, if a nation wanted to destroy us, why use "malware"? A better way would be to use lobbyists to force more deregulation and let us cut our own throats as we've already seen. Our own greedy bastards will happily destroy the global economy if it means 6 more dollars in *their* pockets.
The whole thing is fishy and smells of NSA desperation to look good to the average american, and paint the Chinese and Edward Snowden as bad guys we need to be afraid of so that the NSA can "protect" us, by of course, stripping us of all our rights.
If telephones are outlawed, then only outlaws will have telephones.
Suppose it's true. So they stopped this "cataclysmic" event from occurring. Bully for them. But I want to know: how and when? If you're going to stop an attack, you either destroy the "enemy" or fix the problem. If they destroyed the enemy, I'm pretty sure the enemy would be shouting it from the rooftops that the USA was attacking them. Oh, right, it was "covert". Maybe they fixed the problem, then. Did anyone see the NSA come over to their place recently to change the BIOS on their computer? Perhaps the NSA called and scheduled it for a future date? Yah, didn't think so.
This is PR 101. Don't like the narrative about you? Give them something else to talk about instead.
This doesn't pass the sniff test. What would China gain by *destroying* our economy?
Sure, China planting surveillance software on every computer, I can believe that. But bricking all the computers in the US doesn't make sense as an espionage move, it doesn't make sense as an economic move (do you think anyone would trust Chinese-made computers when rebuilding?), it doesn't make sense as a propaganda move. It might make sense as a military move as a prelude to invasion, but a) China doesn't want that, b) China probably couldn't do it if they wanted to, and c) even if not fired, the risks of such a weapon being uncovered outweighs any benefit.
So it doesn't seem like something China would do. So who could it be? Even the NSA is explicitly calling it a nation-state, so it's not a terrorist group like al-Qaeda. If it's a nation-state, it has to be one that thinks (correctly or not) that they can beat the US when it is inevitably discovered (either before or after the attack). Russia's on that list, but I don't see how they would benefit except, again, as a pre-invasion attack, and our relations aren't that bad yet. North Korea might be dumb enough to think they can get away with it, but for the same reasons they probably don't have the capabilities of developing an attack like this. Iran is probably smart enough not to provoke the US with a direct attack, but maybe I'm wrong, or maybe they thought framing China would work.
Honestly, if someone in the Chinese government got on TV and said "yeah, we made that as a training exercise for defense drills, how the hell did you guys find it in the wild?", I'd believe them more than I'm believing CBS/NSA right now, because that at least makes sense with all the other information.
Especially since it's REAL FUCKING CONVENIENT for the NSA to suddenly have a major "victory" when they're being revealed as basically a bunch of puppy-kicking freedom-hating fascists.
Honestly, the Chinese have more than a trillion dollars of our debt and the fact that we prop up their entire economy by buying stuff from them. The Chinese government wants our country to succeed, otherwise their economy goes in the toilet. And, frankly, we would survive that far easier than they would. They wouldn't even be able to pull a pyrrhic victory out of that one.
This is just like when the FBI catches a "terrorist" who turns out to be some loser who was goaded into trading his stereo speakers for a couple of grenades that he could throw into a mall.
It's really time for congress to set up in the budget that every single time these people come up with some total bullshit they lose 10% of their funding. It's pretty clear at this point that these agencies are more interested in concocting reasons for them to stay in business.
Do you have ESP?
The NSA is a cataclysmic cyber threat destroying the economy. (And the country too.)
...grasping for straws.
You are working hard to destroy the few bits of credibility left.
This is a criminal organization. It should be disbanded.
Further, with their biggest customer deep in the mire, who would they sell their goods to? The same goods they depend on for revenue to keep their own growth moving forward?
This has got to be the dumbest scare story, no: xenophobic, boogy-man, fiction to come out this year (and it has lots of competition). Although the american debt is a big drag on its economy, it's also so large that it's a problem for the debt holders, too. They are in just as much trouble if the value of that debt drops and therefore have an interest in making sure the USA does not crash and burn - despite what some scared, bigoted and ill-informed media commentators might think.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
"We had to destroy the village in order to save it."
And if you believe any of this I've got a bridge over troubled waters I'll sell you! But the real problem is there are way too many Americans out there who will fall for this lame tactic.
I routinely stop alien invasions. Their lazors are no match for my hands (and let's not mention my other weapon... in my pants).
Your move NSA - what have you done lately?
The White House/NSA PR campaign is in full swing with all these feel-good NSA stories coming out in a period of only a few days. We should recognize this for what it is -- PR.
This is just bullshit! If they stopped this attack by "closed this vulnerability by working with computer manufacturers", this would only fix the vulnerability on new computers built after the fix was created, but not on machines already produced and sold.
This sounds more like a PR campaign to garner positive support after all the negative impact of the releases of the documents Edward Snowden leaked.
- "Every demand is a prison, and wisdom is only free when it asks nothing." Sir Betrand Russell
In other news yesterday, CBS 60 Minutes Pelley Award for reporting on the electronics industry, "2008 "The Wasteland", was discredited by the 5th major exhaustive study of "e-waste" exports (this one done by MIT) which shows CBS report that 80% of all "e-waste" exports are not recycled but dumped overseas. From the report, "Quantitative Characterization of Domestic and Transboundary Flows of Used Electronics 12/2013":
""The results show that approximately 258.2 million units of used electronic were generated and 171.4 million units were collected in the US in 2010. Export flows were estimated to be 14.4 million units, which is 8.5% of the collected estimate on average. On a weight basis, 1.6 million tons of used electronics were generated in the US in 2010 and 0.9 million tons were collected. Of the amount collected, 26.5 thousand tons were exported, which is 3.1% of the weight collected."
It is not that CBS 60 Minutes gets the story wrong that bothers me so much as the organization's stonewalling of these studies, after 41 export traders were arrested just in the past year, and after the source organization in Seattle who told them "80% of all e-waste is exported" not only abandoned the "statistic" but claimed never to have said it. http://tinyurl.com/lr7z5n3 What relates this to TFA is that both the ability by the manufacturing country to "brick" PCs they have made and sold, and the original hype about export for reuse, is PLANNED OBSOLESCENCE. If the PCs were bricked, would the economy really collapse? Or would there be a bunch of PCs ready to sell which had a different bios chip? Want to know about OEMs bricking the secondary market, and where "waste" comes from? Read Vance Packard's 1960 book "The Waste Makers", available both in print and on Kindle.
Gently reply
The NSA has become the Ministry of Truth.
Proverbs 21:19
... i foiled a global internet attack that would have caused routers the world over to explode. just prove i didn't, right?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
> Called a BIOS attack, the exploit would have ruined, or 'bricked,' computers across the country, causing untold damage to the national and even global economy.
This is stupid. Malware writers learned a long-long time ago not to kill computers, because virus code cannot run on paper or thin air. They need living but ill computers, whose processing and communication capabilities can be exploited by the infection, to spread spam or mine Bitcoins, etc.
The black plague killed some 33-40% of medieval european population within weeks. It did that trick 3-4 times during history. Where is yersinia pestis nowadays? It is a Level-4 biohazard lab curiosity, displayed in vials. In contrast, common cold is still with us and successfully exploits your nose to produce green soya, year after year.
Furthermore, it is not possible to destroy computers by overwriting the BIOS. There is a unwritiable "brain stem" part of the BIOS, which knows only one thing: if the main BIOS mass fails to boot, read first file from floppy disk and overwrite BIOS with it. Even if the BIOS chip is soldered onto the motherboard (say laptop) and cannot be removed for re-writing in an external EEPROM programmer, this trick will save the computer.
Honestly, NSA is making a Rigoletto of itself, in public. Or maybe it's Yorick, with NSA threatrically proclaming "To be or not to be..."
Is not saving the US economy.
You mean, you got richer while the poor got poorer and infrastructure needed maintenance, protecting us from a trivial to defend against and non-existent threat.
It's time the American people said fuck no we don't need no big brother to watch over us. I know were about a centaury 2 late, but it's never to late to effect change.
Brick not computers, but computers with Microsoft's Windows operating system. That's a big difference.
Internet would be safe, it does not run Microsoft's Windows at all.
Big companies would be safe, they do not use windows for anything more than workstations replaceable within half of an hour.
Only morons who use Microsoft's Windows would suffer.
You are my heroes now... ... ... Geeee....
I came to see if NSA took credit for giving TPP reports to Wikileaks, and that's not their claim. I think we'd agree that the NSA is full of sh^$ on their claim of being heros.
That said, NAFTA did more to destroy the US economy than subprime lending and derivatives markets. TPP puts the nail in the coffin if it's passed. Sub-prime lending and derivatives take property from people, NAFTA and TPP make sure they can't afford to replace it or fight the gangsters^Wbankers that take things away.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Sure they did...
These NSA sacks of shit are getting more and more bold with their lies. It's time they were disbanded. Maybe we could put the manpower to better use shovelling actual manure.
"The NSA says it closed this vulnerability by working with computer manufacturers."
Aren't most computer part manufactured in China?
I hear there is a tribe of super-weathy elites running the U.S. behind the scenes who have effectively succeeded in making it rain-bullshit on the American people. Foil that one for me.
There have been BIOS destroying viruses before. Now the NSA is in the antivirus business? And by doing so, they save the U.S. economy? Even Norton and McAfee don't make this claim.
There's this moment when you're acting out when you cross from plausible belief to total, in-your-face disbelief. Does NSA seriously imply that such an attack would have lasting consequences? Do they really think that there wouldn't be many BIOS recovery solutions popping up left, right and center literally within hours? My bet is that within a week there'd be a thriving BIOS recovery business going on all around us, and the damage would be well contained in spite of whatever bullshit the clueless media would be spewing around.
A successful API design takes a mixture of software design and pedagogy.
Now that they have committed themselves to the role of protecting the country, can they track down the people who wish to bring down our country by exploiting our fears?
"Hi [insert computer bios maker here], I'm with the NSA - we've detected a BIOS damaging malware and we would like to you implement these changes to prevent it - No, we totally aren't actually just making shit up to get you to install a backdoor for us, okthxbie"-
The Digital Sorceress
The essential American leadership secret does not depend on particular intelligence. Rather, it depends on a remarkably stupid thick-headedness. The American follow the principle that when one lies, one should lie big, and stick to it. They keep up their lies, even at the risk of looking ridiculous.
[...] and thus in the primitive simplicity of their minds they more readily fall victims to the big lie than the small lie, since they themselves often tell small lies in little matters but would be ashamed to resort to large-scale falsehoods. It would never come into their heads to fabricate colossal untruths, and they would not believe that others could have the impudence to distort the truth so infamously.
Source (yes, I replaced "English" by "American")
See also noble lie.
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
So, the NSA has justified the existence of their computer security teams, but haven't shown they need any more capabilities than those available to a well funded private law-abiding security research business with no special government privileges or powers.
This doesn't justify anything about the NSA at large. You could spin the computer security teams off into a separate gov't funded entity without surveillance powers. If you slapped on a directive to be an active, publicly-sharing participant in the computer security community everyone would be better off for it (except the warhawks getting off to cyberwar fear mongering).
... this wasn't a Microsoft plot to advance UEFI Secure Boot, while implicating Chine?
Maybe it could use one of the backdoors or zero-day exploits that NSA keeps under its belt. They don't tell computer manufacturers about those threats because they want to use them themselves. Yeah, you guys are real heroes.
Am I wrong to assume that this is just a ploy by the NSA to try to save some face? To justify the fact that their still violating our privacy and spying on us? To somehow prove that we need to keep sacrificing our freedoms for a sense/illusion of security that only they can provide?!
BIOS attack? Beyond not likely on a scale where you would have to target such a multitude of vendors running at different patch levels. This was aimed at the technically less inclined (most people).
As a lot of people have already pointed out, our economies are intimately intertwined. Such an attack on us would equal the same level of damage on them. Further, if this would have thrown the entire world into economic chaos, it would have been a double whammy against China. Triple since we would attack. Again: the Chinese are not so short sighted or stupid.
Fact: The NSA lied to the government about what they are up to. Lying to the American people is a cake walk compared to that.
Two things here:
1. My sig becomes more relevant with every passing day.
2. Yes the NSA effectively did say it was China - through "cyber security experts" instructed to say so and that are likely NSA contractors if they could have known that in the first place. The NSA accusing China of nearly pulling of an attack of military escalation proportions is so extraordinary reckless it scares me that they would do it at all.
This is so fucked up. If you don't have a passport get one now and plan where you're going to escape to while there is still time.
Brought to you by Carl's Junior.
How about we declare the fine for such action is a cancellatin and voiding of all US debt owned by China. Hmmm, I like it!
The NSA clearly searched without probable cause. This is what happens when create an organization without checks and balances. If we have any justice in this country arrests will be made.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
https://www.youtube.com/c/BrendaEM
Since we can never trust anything the NSA says, they might as well be making this up. And since they might as well be making this up, why not be more creative?
Might as well copy the plot of Die Hard 4, that's what I had in mind when I read the article title. And wouldn't this attack require specific code for each model of computer mainboard in existence? I don't think it would get far before instructions for enabling BIOS write protection were being spread through the media anyway.
"When information is power, privacy is freedom" - Jah-Wren Ryel
They're the TMZ of the business reporting world. And the company's CEO is Henry Blodget, the disgraced analyst who was banned for life from the securities industry for dumping stocks to the public while privately ridiculing the companies. The fact the publication is named "Business Insider", a thinly-veiled homage to the insider ways that got him banned from the securities industry is just a big middle finger to his readers.
http://www.theinquirer.net/inquirer/news/2290640/germany-warns-against-using-windows-8-due-to-security-risks
You just revoke the keys and suddenly the machine can't boot.
It's funny how the NSA accuses China of inserting back doors but Snowden shows how the NSA inserts back doors. China hacks into systems but Snowden shows the NSA has hacked into tens of thousands of networks. And now the NSA is bragging about preventing a shutdown button when we already know it did the exact same thing.
1) China supposedly destroys most pc's (and servers), we have our pants down. Insurance companies probably say not paying over terrorism clause but government stops that with "executive order" 2) i go on a hiring spree and sell more PC's than i can make, as does everyone else 3) service sector goes nuts installing and re-updating infrastructure 4) even homeless drunks with no skills can unwrap keyboards and set out system units for more skilled people 5) people get short-lived (1-2 years) but paying jobs and training 6) I make tons of money and blow it on strippers, houses, cars, and whatever i can think of, putting it back into the economy 7 most every small and medium business makes out on this deal. Sure, some insurance companies go bankrupt, but it would trigger some much needed liquidity oversight in that industry. THANK GOD YOU STOPPED ALL THAT!
I knew it, the NSA is the reason that our compooters didn't crash.
Am I wrong to assume that this is just a ploy by the NSA to try to save some face? To justify the fact that their still violating our privacy and spying on us? To somehow prove that we need to keep sacrificing our freedoms for a sense/illusion of security that only they can provide?!
"Chancho, when you are a man, sometimes you wear stretchy pants in your room... Just for fun." Nacho Libre
The NSA has been involved with NIST and industry to produce a series of NIST Special Publications ( http://csrc.nist.gov/publications/PubsSPs.html ) which include BIOS security. This includes 800-147, 800-147B, 800-155, 800-164 etc.
I have no idea how many manufacturers implement these -- but there are some really gnarly issues there. It isn't even clear what BIOS means in the context of a blade server with multiple processors, management engines etc.
The TL;DR for these specs is that a BIOS update should not be accepted by the system if it is not signed by the BIOS manufacturer. This is a step in the right direction. Of course, it doesn't protect you from someone with access to the BIOS signing keys for a particular BIOS vendor (and there aren't many BIOS vendors around). I don't think that if 800-147 is implemented that it makes anything easier for the NSA, except that it might engender a false sense of security.
But in his a 68-page, heavily footnoted opinion, Leon concluded that the government didn't cite a single instance in which the program 'actually stopped an imminent terrorist attack.
Time to offend someone
NSA starts making up and spouting off all kinds of outlandish bullshit to try tojustify their anti-constitutional... and often downright criminal behaviors.
.. or it never happened. ;)
Pigsknuckle, Arkansas....lol. I didn't realize they had TVs there.
destroy the US economy given that the US is its biggest trade partner and given that it is the single largest investor in US bonds. Hitting the US economy would be like hitting themselves. Just plain stupid.
I don't always agree with Techdirt, I think they exaggerate, omit and sometimes distort for effect. That being said, they do good stuff also. They have a pretty good take down of the whole 60 Minutes puff piece, including the interviewer (hint- when you've never seen that interviewer before, you might be interested to know more about him) and also claims about the whole BIOS attack thing.
http://www.techdirt.com/articles/20131216/12580425582/cbs-airs-nsa-propaganda-informercial-masquerading-as-hard-hitting-60-minutes-journalism-reporter-with-massive-conflict-interest.shtml
I am sure there's more out there that's even more damning. This is the problem with the people running this organization. They've somehow enabled themselves to lie lie lie and think they're doing everyone a favor so it's OK.
That's just not how a democracy is run. If you've given up on democracy, like say Peter Thiel apparently has
http://techcrunch.com/2013/11/22/geeks-for-monarchy/
then that's cool. But you don't need to be running the organs of that democracy in that case. Have a nice retirement. It's on us.
My PC has two BIOSes. If I brick it, I load a fresh BIOS from the backup. Surely any mission critical PC has at least that capability. Mine isn't even anything special - I got it from a regular online retailer and such models have been around a long time.
With all the information that is flowing around, it would be a shame if our open-ness was used against us.... As if the folks that would rather see us fail/suffer/die wouldn't take advantage of any exposure??...Used to be that you would have to travel to a destination to fiddle with it. Now, there are tendrils every second that could be benign... but some are not. We need strong protocols that are not deployed without proper testing and analysis... between cell phones, smart browsers, and vendors back doors, we are not as secure as we used to be...
They're the TMZ of the business reporting world.
Except TMZ actually makes me laugh non-ironically from time to time.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
NSA claims to have foiled a cataclysmic cyber threat (likely from China) to exploit a BIOS attack.
First off, there are a number of bios manufacturers, not all will have the same bug. Second, there are numerous bugs still existent. And even when known it is extremely hard to get manufacturers to fix them.
This sounds like the NSA found someone in China using an exploit in a BIOS to hack computers. Alerted the manufacturer who was probably already aware of the fact after numerous Linux users had reported it years ago.
http://www.businessinsider.com/nsa-says-foiled-china-cyber-plot-2013-12
Edward Snowden claims to have uncovered a plot to subvert our constitutional rights by a super secret organization. Both claims are far fetched... which do we have more proof of?
.. all about their dastardly plan
I mean, Russia contacted us twice. That was an international conversation. And thus was monitored by the NSA. Sure the FBI, and CIA (both of whom Russian contacted) dropped the ball. But so did the NSA.
That case alone proved that this is not about terrorism but populace control. If you can't bother monitor those individuals whom another country has deemed a significant threat. Why waste your time monitoring the rest of your populace.
Our program is under scrutiny as being unconstitutional, so lets spread FUD.
60 Minutes is really going in the tank.
Way to go guys
Computers, manufactured in China. Had a defect that led large number of machines to crash and brick. These were sold to the NSA. Who pointed the flaw out to the manufacturer. And received an update, and a scathing email addressing the NSA sysadmin for having updated all the machines with the wrong BIOS firmware.
...The plot to fuck up basic CSS on the article. Seriously, half the header is off the fucking page. I've seen better CSS on Geocities pages.
... or is someone reading too much Mark Russinovich?
shit.
Signature intentionally left blank.
There is none.
They have made it up so that NSA will not be abolished after recent scandals.
They made everyone switch to UEFI and now the world is safe, right?
All consumer PCs and similar equipment should have a "safe BIOS boot mode" which does nothing but allow re-loading of the BIOS from a specific source (e.g. USB port #1, CDROM, etc.).
It would be fine to required that the user hold down a switch or install a jumper or some such to enable this mode, but it must be there for mass-produced consumer devices.
For companies and individuals who don't want this feature, a hardware fuse (NOT "blowable" in software) or something similar could be blown rendering the "safe BOOT mode" useless. Vendors who cater to corporate customers could pre-blow this fuse.
To prevent "compliance in name only" (sorry, sir, we are out of stock of model XYZ except for some from an order that was canceled, but oh by the way the fuses were blown), vendors and retailers would be prohibited from offering machines "pre-blown" unless they also offered the "non-crippled" version at the same or better terms or they sold them as "used" goods.
--
Note: This suggestion is not meant to address the the "locked down bootloader" problem (which IMHO is a real problem). Unless that issue is also addressed, vendors would still be able to set the "safe BIOS boot mode" so that only signed BIOSes would load. But at least a computer that got bricked by either a corrupt BIOS or a bogus one signed by a compromised signing key would be over-writable by one obtained from a known-good source.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
That all those BIOS chips are made and programmed in China in the first place. So why would they need to launch a virus.
The lack of logic is astounding 60 Minutes, I'd say a lot less than 60 minutes went into that story.
a better response than my previous...
If such a virus was found that affected a large portion of the computers out there. If that is so, stopping a single virus deployment attempt is worthless; the virus still exists, and more importantly the vulnerability still exists. If they are being truthful in any way, then they have done absolutely nothing useful. As you say, where's the CVE? Where's the details? Without details this is useless.
With a terrorist attack or something, "trust us, it happened!" can sortof work...I guess. For this though - it's useless without details. More, without details - we're forced to believe that the NSA is just making crap up. Did they think about getting a person with any sort of compsci background to help the marketing/PR at NSA person come up with a valid "threat" that was being stopped? In theory there should be one or two there....
And so it ever was
Are you so f**king thick, you do not know NASA is the space arm of the US armed services? In "I Dream of Genie", the popular sitcom of the late 1960s, viewers were confused as to why the two lead astronauts wore the uniform of DIFFERENT branches of the US military. Of course, as (fictional) NASA employees, they were making the point that NASA efforts were designed to serve the war machine of the navy, army AND air-force.
NASA's so called civilian FRONT is a standard propaganda operation designed to make the thickest of sheeple (ie., people like you, phrostie) give unthinking support to NASA's pioneering work placing military technology in space. Yes, you morons, space 'exploration' is simply the 'sugar' that allows the insanely more expensive military space 'medicine' happily trickle down the 'throats' of the US sheeple. For every dollar the US spends 'going to Mars' and the like, it spends 1000 dollars+ expanding the military use of space.
The current highest priority at NASA is perfecting Obama's space based weapons program designed to hit any target on Earth with massive non-nuclear strikes within one hour. So far, more money has been spent on this genocidal ambition than the entire combined 'civilian' budget of NASA across the last SIX+ decades.
http://it.slashdot.org/story/13/11/01/0120220/airgap-jumping-malware-may-use-ultrasonic-networking-to-communicate
Airgap-Jumping Malware May Use Ultrasonic Networking To Communicate
"Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It's too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer's lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can't be detected. It's even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. 'It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was,' says Ruiu. 'The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they're faced with sophisticated attackers.'"
On the other hand...
And Iraq had WMDs.
The truth is that no one KNEW on way or the other whether Saddam had WMD or not. He had them at one point, he used them on his own people, he agreed to get rid of them in the first Gulf War cease fire and then he kept the world GUESSING. He hampered the UN inspectors. He worked to maintain the IMPRESSION that he still had WMD.
Yes. Saddam worked to maintain the IMPRESSION that he still had WMD. His WMD may have been lost in the desert (hastily buried as US/UN forces approached during the war and the precise location lost), degraded over time without maintenance, or in fact been destroyed. He fostered rumors about programs and capabilities that did not exist.
How do we know this? Saddam told us after his capture. He explained it to his FBI interrogator. A documentary was made about this interrogation. It was the "good" type of interrogation, again note FBI not CIA. Using psychology, not "enhanced techniques", to slowly gain the confidence of the prisoner and convince him to cooperate.
The truth is both sides were guessing, both the "he has WMD" and the "he does not have WMD" camps. No one outside of high ranking Iraqi authorities knew the truth. The UN inspectors failed to make a determination. Only US troops on the ground eventually made the determination on Iraqi WMD.
Don't confuse the SELLING of the war to the public with the actual facts of the war. The fact that the US government lied about evidence does not tell us anything about what Saddam actually had or did not have.
Among the reasons why a biological virus or bacteria is or can be successful, is that it can remain undetected for long so that it has a lot of opportunity to infect other hosts with itself. Viruses or bacteria that kill the patient quickly are rarely successful. A computer virus designed to quickly destroy the US economy would similarly have to act fast (execute, destroy BIOS, reboot, etc), but this aspect of it also goes against the virus' ability to spread and infect many other systems with itself. I conclude that this is a PR stunt by the NSA. Are rather silly one.
Are they referring to the badBIOS myth or what exactly ? Or just riding on the FUD wave of "OMG there are BIOS virii!" Maybe their PR department failed to read the thorough debunkings of it ?
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
Lies! Iraq had WMDs! Didn't you see the 3D renderings of the mobile port-potties that Saddam had?!?
How does the fact that the US government lied tell us whether Saddam had or did not have WMD? It doesn't. It merely shows that the US gov't did not know but wanted to sell the war to the public. The truth is Saddam worked to maintain the IMPRESSION that he had WMD, he was scared of Iran and thought the fear of WMD could keep them at bay. He was afraid to admit he no longer had any. He explained it all to his FBI interrogator. It was a proper humane interrogation where the interrogator builds confidence and trust and uses psychology to persuade. A documentary was made. Its often cited as an example that "enhanced" interrogations are not needed.
I blame Asrock.... /plot to sell more motherboards....
Our governments certainly lied but they did not know what Saddam had. Not until there were US/UK boots on the ground did we really know one way or the other.
Saddam in fact worked hard to maintain the IMPRESSION that he still had WMD. He feared Iran would attack if they knew how truly weak he was. So he fed the rumors that he had WMD stashed away, that he had secret programs under way and hampered UN inspector to give credibility to the rumors.
Saddam eventually admitted these things. He explained it all to his FBI interrogator who built confidence and trust with Saddam and used old fashioned psychology to persuade him to cooperate. There is a great documentary on Saddam's interrogation.
This sounds like a PR move in response to the Snowden leaks. I will give them the benefit of the doubt in this case that they did actually do something worth while. One thing to consider is that if they hadn't have figured it out, someone else might have. If they think an anecdote of them doing something good as a distraction from the domestic surveillance is a bit of an insult though. For all we know, this malware attack could be the exception, and not the norm. Even if its the norm and not the exception, it still doesn't excuse the bad things they have done. IMHO, someone like Snowden leaking this information was inevitable. I think it was a bit naive to expect NDAs to contain something so questionable that I am assuming a good number of people at the NSA knew about. I think the best PR move the NSA could do right now is to suspend some of these programs for now. In the future, if they can find a way to run these programs in a way that respects constitutional protections, then they can continue. For example, if they can track users anonymously and compartmentalize who has access to what pieces of information about a mark. Considering they are trying to get rid of sysads, this makes it harder to compartmentalize because inevitably the few remaining admins have a lot more systems they control.
NSA Says It Foiled Plot To Destroy US Economy Through Malware
What a coincidence. So did I!
I often don't like the choices people make, but I like the fact that people make choices. That's why I'm a conservative.
Seriously, they should be working hard to bring back manufacturing to America. Obama is, but the DOD should insist on all of their communications, including phones and networks, being made in the west. Just as China blocks goods from the west based on defense needs, we should be doing the same. This should include our telcos, utilities, etc. Ideally, we should push other western nations to do the same.
I prefer the "u" in honour as it seems to be missing these days.
Once those pesky real journalists that insist on facts and sources start digging into this ...
Been watching movies again? Dedicated and knowledgable journalists who are paid to dig into things in great detail, yeah right.
Why not just go to the source? Have a large number of geeks look at BIOS software from system that originated in China during the time period in question. Don't they have these old systems in their closets running Linux?
they should foil all the dam spam going to my inbox, a majority of which links to malware in the first place.
I had no idea... The Chinese wrote UEFI?
Did anyone consider that the whole thing with Snowden might just be a way for the NSA to focus its search database on the people that might protest the most against a constitutional coup
http://en.wikipedia.org/wiki/CIH_%28computer_virus%29
CIH, also known as Chernobyl or Spacefiller, is a Microsoft Windows 9x computer virus which first emerged in 1998. It is one of the most damaging viruses, overwriting critical information on infected system drives, and more importantly, in most cases overwriting the system BIOS. The virus was created by Chen Ing-hau (, pinyin: Chén Yíngháo) who was a student at Tatung University in Taiwan.[1] 60 million computers were believed to be infected by the virus internationally, resulting in an estimated $1 billion US dollars in commercial damages.[1]
Congress is ruining the economy faster than anyone!
Our governments certainly lied but they did not know what Saddam had. Not until there were US/UK boots on the ground did we really know one way or the other.
Sorry, but no. Many other foreign countries had a look at the evidence and they voted "no WMD". Only US lapdogs went along (coalition of the willing), everyone else took a pass. So people were able to tell "one way or another".
Operation McCall on CNN
IAEA Al-Tuwaitha site report
A little bit of critical reading of the two sources in conjunction with each other will show some discrepancies. I have a nice award from the OSD hung up in my basement that says I was at Al-Tuwaitha. My time in Iraq with dosimeter badges and looking at the abandoned fortifications atop the depicted berms (in the IAEA report) convince me that there was every appearance of a WMD program in Iraq. There may have been no nuclear weapon produced, but the theater was excellent.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
How pathetic!
Alexander and Co are on LSD and Vodka for sure. And 60 Minutes tries to blame Vietnam and Agent Orange for their brain failure.
Unless that malware involved bought and paid for politicians as well as corrupt bankers + real estate people, you got the wrong guy.
Join the Slashcott! Feb 10 thru Feb 17!
Arguably this goes for anything on TV; but I found myself keeping it particularly in mind while watching the NSA segment. You have to watch it thinking, "How much of this will later be revealed as a lie?".
I bet a lot of people took that approach. It's called "credibility" and the NSA has lost it. They can't get it back with one dog and pony show. At least... you shouldn't let them get it back that easily.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
If they were able to stop my PC from being bricked, giving up my Constitutional rights was totally worth it. Right?
Considering the audience that is likely still watching 60 Minutes (drivel) the vast majority have no clue what a BIOS is let alone what it would take to distribute a BIOS-based malware attack. The NSA knows this very well and just got a buy on their "heroic" twarting of an "imminent" attack on the US.
So, ah, the NSA is not to clear about Financial Terrorism? So what causes more damage? A bomb going off in an outdoor market? How about 1 family in 10 losing their home? In case the NSA doesn't read, it's the number of people in America during the 2006 financial implosion; or the Great Recession. Thanks NSA for all the good work you did being a part of that solution. Where was the NSA, helping, then? How about the Banking crap going on in the EU? That didn't affect Americans?
Public evidence shows that the general running the NSA knows a lot about lying to congress, and guns in his face. But absolutely nothing about the hand in his wallet that in his pants pocket, or does he. I won't ask, and he shouldn't tell.
China is waging cyberwar against the U.S.
Remember that next time you consider buying anything made in China.
Your money will be used against you and yours.
Does anyone believe what they say anymore?
They have no brights of their own.
To develop a weapon to be used in case of war is one thing. To set it loose upon the US when no war exists would make no sense at all. China is so heavily invested in the US that anything that harms the US economy would harm China severely. It is far more likely that some mad nation run by strange ideology such as Iran would attempt such nonsense. North Korea is another jackpot of insanity. I would not be shocked that China might roll over N.Korea if China thought the US was to be harmed. However the US is far more likely to self destruct than to be taken apart by an enemy. Greed and corporate corruption are the greatest threat to US national security.
Our governments certainly lied but they did not know what Saddam had. Not until there were US/UK boots on the ground did we really know one way or the other.
Sorry, but no. Many other foreign countries had a look at the evidence and they voted "no WMD". Only US lapdogs went along (coalition of the willing), everyone else took a pass. So people were able to tell "one way or another".
You are confusing "no evidence he has any" with "evidence he has disarmed". The two are not the same. In the first case, the case these countries support, there is still a question. The truth is that not even senior people in Iraq knew Saddam had no WMD. Here it is from Saddam himself:
"After several months, Saddam started to talk. There were no longer weapons of mass destruction in Iraq, he said, although the capability to build them remained. But Saddam said he kept up the ruse that those weapons still existed to preserve his power and protect Iraq against Iran, which Saddam viewed as his country’s biggest threat. Not even senior leaders within his government knew that there weren’t any weapons, Piro said."
http://www.phillyburbs.com/news/local/the_intelligencer_news/fbi-agent-saddam-interrogation-was-unique-historic-opportunity/article_6306f1c9-b9c0-5fc7-b4ff-398cf04ad103.html
This comment is NOT meant to defend the NSA. Most computer manufacturers today run their production lines in Mainland China. Consequently, any IP provided by the manufacturers, including system firmware (BIOS) can be easily tampered with during the manufacturing process. Mainboard (motherboard) BIOS is just one of the potential risk areas. How about hard disk firmware that has a back door to alter system behavior (load rogue code) ? When was the last time that anyone checked what your trusty, secondary storage system is doing while you are asleep?
You'd have to be fucking retarded to believe this shit. I'm talking drooling, poop eating, fart sniffing, pig fucking, incestuous fucking epic epic epic epic epic retard.
Too bad about half of America fits this description.
This world is fucked - time for the next iteration. We'll get it right eventually.
NSA Says It Foiled Plot To Destroy US Economy Through Malware
"Business Insider Reports: The National Security Agency described for the first time a cataclysmic cyber threat it claims to have stopped On Sunday's '60 Minutes.' Called a BIOS attack, the exploit would have ruined, or 'bricked,' computers across the country, causing untold damage to the national and even global economy. Even more shocking, CBS goes as far as to point a finger directly at China for the plot"
A BIOS attack that would computers across the country. For anyone with a hint of tech awareness, can you smell the utter bullshit and in-feasibility of such a premise? And why would China want to do that when it is joined to the hip to the US and global economies?
This reminds me of mediocre plot lines from moronic tech movies like "Eagle Eye" and shit like that. This is just another cry-wolf like "ZOMG WMD IN IRAQISTAN! 'MURIKA!", but this time is more like "ZOMG ZOMBIE BIOS FROM THEM JAPS... OR IS IT CHINKS??? NO MATTER, WE'LL BOMB THE FUCK OUT OF YOU INTO FREEDOM, 'MURIKA!"
I just wonder how many illiterati will actually fall for this tripe.
The logic of US economic (or wholesale) destruction is pure North Korea, who has used this kind attack before in the South Korea. Combined with their Chinese connections, the result results itself in a resolute way.
Chemical weapons are not weapons of mass destruction unless accompanied by an airforce or major artillery with custom-designed and manufactured (i.e. NOT 'improvised') technical capabilities. There needs to be significant infrastructure and training.
There is exactly zero chance that Saddam could conduct an aerial bombardement of the US or major allies with chemical weapons. If you have the ability to do aerial bombardment then cluster weapons are at least as destructive as chemical weapons. Chemical weapons are military weapons of modest usefulness against soft targets, like defenseless villages and human-wave armies of zero-technology conscripts, and with many complications and problems.
They are very, very poor terrorist weapons. A large truck bomb is much more reliable and easily deployable, and that's the reason that it's the weapon of choice of actual terrorist organizations.
Chemical weapons and radiological weapons are NOT weapons of mass destruction.
Professionally engineered biological (potentially) and fissile nuclear weapons are weapons of mass destruction with terrorist uses and deployability. There is no evidence Iraq had any significant capabilitiy after the Gulf War in these. To see the difference with nuclear weapons, witness Iran, which does have a fairly large scale dual-use infrastructure and weapons capability which is plainly obvious to everybody.
Just chiming in: I believe this is probably total horseshit, and more pathetic propaganda from the NSA, who have clearly gotten too big for their damn britches.
One day I feel I'm ahead of the wheel / the next it's rolling over me / I can get back on / I can get back on
Yeah, and I foiled a terrorist plot to blow up the White House single handedly! NOT!
The NSA can say they stopped some mastermind from ending the world all they want, where's the evidence? Does this even pass the stink test? I didn't see the 60 Minutes report but I'm guessing there wasn't really anything of substance to prove the NSA's story. This is just a marketing campaign to try to fix the NSA's image, I'm sure we'll hear more stories about how the NSA stopped the bad guys from destroying the world in their tracks, I bet they even help old ladies across the street & save cats from trees.
So NSA got nothing to show for it dragnet surveillance. Instead they just start making shit up in propaganda news that they spread with big U.S media companies. The reality is that such attack would never have worked and the people in China knows this already.
China also doesn't need to do this. All they need to do to ruin U.S economic is to stop exporting cheap stuff (among other things) to the U.S. In less then 8 months U.S would be on it's knees in terms of economic performance. Since it is already junk and is not improving thanks to the idiot bible ass-holes who know nothing of economics or facts.
Would have to be nukes. We almost all died.
The funny part is that the very next article, which is linked on the bottom of the page, talks about how one sided and overall terrible the interview of the NSA was. On top of that, the guy who did the interview used to be an FBI spokesperson.
... that they haven't foiled the real threats to the US economy, outsourcing, union-busting, austerity, etc.
Actually a university student in Taiwan actually write such a virus and it did 1b in damage. it was so terrible gigabyte started making dual BIOS motherboards and offering BIOS reflash services.
http://en.m.wikipedia.org/wiki/CIH_(computer_virus)
I suppose that this also means, is that all the Linux computers, installable on PCs without secure-boot, have by now been destroyed by China.
There's a (for now fictional) independent movie about China taking over the US through a cyber-attack: http://dragondaymovie.com
I don't believe this. Not for a second. Aside from the fact that the NSA is under fire and would say anything to save their precious surveillance programs, why would it make any sense for China to do something like this?
Think about it. China's interests are often at odds with ours, but they are also one of our major trading partners, and a huge chunk of their GDP comes from making goods for export. Their leaders may be ruthless, but they're not insane – quite the opposite, they seem to be very effective at advancing their geopolitical goals. But a "cyber-attack" on US civilian electronics by China would not advance their goals in any way. Instead it would be a dramatic setback.
Imagine that China did something like this and managed to pull it off. So, millions of US computers and other devices are bricked, causing billions of dollars in economic damages and other disruptions. But what then? First of all, sensitive US military equipment won't be affected, since it is deliberately designed to be a hard target. Secondly, once it comes out who is responsible (and it will come out, one way or another), China's whole export industry is ruined – they've just demonstrated in the most vivid way possible that their trade goods cannot be trusted. They're now dealing with a pissed-off US (and probably EU as well) that is boycotting them, passing trade sanctions, and considering military action. How exactly is this in their best interests, compared to business as usual?
One needs to consider, whether claims that we hear and read are plausible. Just where did the NSA fix a BIOS vulnerability, on one of my computers, which was built in 2005? I never flashed the BIOS on this machine, and neither did they. But we do know that very conspicuously, Microsoft came out with Secure-Boot more recently, and "in cooperation with manufacturers". It's likely that this is what the NSA is referring to - behind some obfuscated ways of speaking...
Windows is still available and widely deployed.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
None of that changes the fact that the WMDs were are hollow pretext for a war that GW Bush had decided was going to happen LONG before 9/11. The sexed-up dossiers etc were all fig leaves for an invasion that was happening no matter what anyone thought, specifically the electorate in some alleged democracies (UK/USA).
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
-- Alfred Bester (the Psy Corps one, not the author)
I, for one, am grateful to the the NSA for foiling the plot to magically upload and sudo execute a flash updater on my computers. I always find such updates to be such a pain in the ass, that I never bother. But since NSA has foiled the magic flash ray plot, I assume they have also siezed the magic ray and made its technology available to the American public.
Every good person is now a hero and every bad person is now a traitor.
They are treating the entire international economy as if it were a PSP
I think we've given the NSA far more credit then they deserve - they sound like a bunch of amateurs.
This kind of thing is exactly the sort of claim that I expect the NSA to bring up when attempting to justify its actions. And the thing is: there probably is a grain of truth to the whole thing. I bet that they could (if they were to declassify the documents) even put up some reasonable-sounding evidence to support the claim.
But I'd be willing to bet that if they did present their evidence, there would be legions of experts in computing and security that could poke holes in their logic. I'd be willing to bet they'd find their evidence to be flimsy at best (despite sounding superficially scary), and the actual plausibility of the attack to be minimal.
This, to my mind, is the real danger of keeping these kinds of investigations secret: even if you have well-intentioned people working on them, it's all too easy for them to mislead themselves into thinking they're fighting real threats, when nearly all of those threats never would have been dangerous in the first place. The only solution to this is to open up the investigation for a broad array of people to examine, so that the evidence can be criticized in the light of day.
There is precisely zero value in having an organization whose job it is to protect the US when that organization's activities are kept secret.
The selective evidence, exaggerations and such were certainly part of the SELLING of the war to the public.
However the underlying decision to go to war was the fact that no one really knew if Saddam had WMD or not. Given his past use of WMD and being in a post 9/11 environment the government decided to act as if he did. They had to either determine if he did (ala UN inspectors) or assume he did not or assume he did. Inspections were failing and it was unsafe to assume he did not. Furthermore, Saddam, by his own admission, still had the capability to build more once the inspectors leave.
Don't confuse the selling of the war with the decision to go to war.
Why is this post being buried while still being so active with all the comments? Hu? Hello? Slashdot...?
Oh that's right. Slashdot.
At least, if it's to produce a malware-running BIOS version. But wait a moment. What they wrote, is that the plot from China was only supposed to produce bricked computers. I've mainly heard of computers bricked because the user actually flashed his BIOS - and made some sort of mistake. So an attempt just to brick one could be targeted and might work, with Windows running. In any case, it would be hard for (China) to do this on my dual-boot laptop built in 2005, because I mainly run it in Linux mode, and Linux is so much more resilient to such things. And, I was able to install Linux on it, precisely because it *doesn't* have secure-boot.
What one needs to consider is a BIOS backdoor, loaded via the same vector.
See #badBIOS for example.
So, likely, what occured is that some skunkworks group inside the NSA found the exploit hole in Windows, and they got Microsoft to patch it.
It likely still exists in XP and will never be fixed.
Blaming China is Standard Procedure these days for NSA.
There always has to be a bogeyman so NSA can justify their 'programs'.
You are being MICROattacked, from various angles, in a SOFT manner.
"NSA Says It Foiled Plot To Destroy US Economy Through Malware"
Another spokesman for the NSA added, "And we find this outrageous because that's our job!"
Bush v. Gore
You are being MICROattacked, from various angles, in a SOFT manner.
You're absolutely right that there's some governmental agency that is writing and distributing malware.
How nice of you to "forget" to mention that it was you. Fuckin' lying scumbags. When does it ever stop?
http://www.pcworld.com/article/2066840/nsa-reportedly-compromised-more-than-50000-networks-worldwide.html
SecureBoot is an optional part of UEFI, you ignorant little faggot.
China wants the US economy to continue as strong as possible, because as long as the US economy is churning along, they are going to keep buying all the things China produces. There are plenty of countries, (both despotic and democratic), who have had serious interference from the US military and government over the years who would be more than happy to see the US go through a dark age.
China is without a doubt spying, but that doesn't mean sabotaging the US economy. Besides, China doesn't have to sabotage the US economy, they are more than willing to do it to themselves.
Well in addition to owning a dual-boot laptop that was manufactured in 2005, I own a Windows 7 -running PC, which urgently required a BIOS Flash. The reason was, the fact that this Windows-7 box was overclocked as shipped, which is now accomplished via a custom BIOS. Such a custom BIOS already likely has errors, other than the overclocking, causing obvious stability problems. Well in order to do this, I needed a USB Memory Stick, formatted with FAT32, even though this computer was built around 2011. The manufacturer was not able to do it with me, through a running O/S. How would a floppy disk be relevant? But, if all you want to do is brick the computer, then I'd say all you need is a successful attempt to flash the BIOS, while the O/S is running. It's done at that point. Besides which, my overclocked PC proved, that every MB requires its own, exact BIOS version. How did the NSA get all the BIOS versions straight, for presumably millions of computers?
AFAIK, result in a BIOS which no longer works. This will be different from a PC, which has been rescued by the NSA, in a way that's obvious to the user.
I have not seen the 60 mintues report, and details are scant in TFA.
Some questions come to mind:
How is this different from any other virus (that can brick a computer)?
What did the NSA actually do?
When was this?
Did anyone really install a system update labelled "NSA_WIN32_PATCH.exe" ? I certainly did not and would not.
LOOOOOOOOOOOOL ROFLOLOLOLMALOLOL then sadness sets in because people actually believe this
The Official Site of 1337 Pwnage
The NSA saved America's arse, whereas in every other country in the world who aren't blessed with NSA protection, there are now tens of millions of bricked computers.
Do people really have "stupid" written all over their foreheads?
No, your children are not the special ones. Nor are your pets.
Comment removed based on user account deletion
This *is* the real slashdot isn't it, the technology site?
What your comment suggests, is that a targeted attack is possible against commercially-critical computers, and which exploits a vulnerability for code injection into the BIOS, with the aim of just disabling them. But you are also implying (as was the NSA), that the solution to this vulnerability was with the BIOS itself, _or_ with the Motherboard. And so it's a bit of a foregone conclusion, that the solution is to enhance BIOS-level encryption. AFAIK, Secure Boot etc., limit what types of O/S kernels can boot, based on encryption. I've never heard of Secure Boot blocking an attempted BIOS Flash, only of the Motherboard manufacturers making sure on their end, that functioning BIOS versions re-incorporate Secure Boot. Hence, if you were able to find an incompatible BIOS version that _would_ brick your machine, Secure Boot won't prevent you from inserting the USB stick and doing so. However, if the goal is to prevent arbitrary code execution, that has access to the whole hardware - which it's not supposed to in general - then the responsibility lies with the O/S. Whether the NSA got involved or not.
Ok, that makes it not even worth reading. Morons.
---- Booth was a patriot ----
This story proves the NSA is really trying to protect us all the time, some people say they are spies, i call them teh protectors of liberty.
In order to let them help us, we should all download and install their new "anti-malware" software. If your are an important person they might even give you access to their custom assistance package where they remotely interact wit hyour system, for your protection !
My observation for the moment would be, that if this thing was disguised as a software- or a firmware-update, it would not seem to have been targeting the most secure servers. Because unlike personal users, server admins don't usually fall for that kind of trick. And thankfully, most of the servers that actually 'run the economy', so to speak, are in the hands of people who can distinguish between a real update, and a fake one. I'm not sure whether those guys actually tend to update their BIOS often though. I'd think that if one of their Motherboards was giving them trouble, they'd just replace a whole server rack - with MBs that did perform well from day 1. /That kind/ of server-room doesn't receive many fake update-requests, of the sort that would fool non-experts, because each server isn't managed by a user as such. In that environment all the servers are managed by something like ~a Hypervisor~ , and most of them don't actually have monitors, to display confusing graphics... But then, how would this request have crippled the Economy? What's described might at best have crippled a whole bunch of PCs, which was the starting assumption of this whole article.
That keybords might be Covert Transmitters of keypresses (always great to acquire symmetric keys, logins, pass phrases), that motherboards might leak crypto keys and that CPUs might contain cockoo circuits which can do ALL SORTS OF FUN with your entire system, as soon a Coockoo Mothership Calls (not necessarily NSA, there is another dangerous party in this). The cost for "extra" circuits is almost NIL, when you have a budget of 1000 Million transistors for the CPU alone.
How do we know we are not 100% fucked at this point ? We put way too much trust into opaque commerical hardware.
If the British fuck with Belgacom, who knows who fucks with Intel circuits ? YEAH, LOOKING AT YOU NSA and YOUR PALS.
After Belgacom we know that "anything goes" for NSA-GCHQ. It is almost certain they have a huge cache of Windows exploits (like on of these TIFF parsing bugs) and each of them can be used to wipe or overwrite your BIOS, if it does not have write-protect.
The command to do this comes over an http or (more probably) Flash movie stream. And it will sure as hell be used on all dissident computers to get cipher keys and to index the harddrive.
I think that is rational to assume if one NATO nation cyber-fucks another NATO nation's telco. Yeah Brits, you wage cyber-war against your allies, DUMB FUCKS !
I've heard Bush called many names, but never "malware".
Table-ized A.I.
That is bullshit and a total fucking lie.
Search it and you'll see that this so called BIOS virus never existed, that no company ever worked with the NSA to 'solve' this problem. It's a total propaganda story to make you believe in the good tooth fairy.
Don't underestimate the average American. By doing so, you threaten to fall victim to the fallacies you belittle in them. It's easy to elevate your beliefs above everybody else's, but that's neither right nor beneficial to anybody. I think if you'd give people more of a chance, you might notice that you're not the only one fed up with being lied to.
Is this slashdot or the onion?
What your comment suggests, is that a targeted attack is possible against commercially-critical computers, and which exploits a vulnerability for code injection into the BIOS, with the aim of just disabling them. But you are also implying (as was the NSA), that the solution to this vulnerability was with the BIOS itself, _or_ with the Motherboard.
No, that's the opposite of what I said:
The article also states that the NSA worked with computer manufacturers to close "the vulnerability" but it doesn't say the vulnerability was actually in the BIOS itself. And in fact you don't need a vulnerability in the BIOS to *replace* the BIOS with malware. The logical conclusion is if this attack existed at all, it was more likely to be a vulnerability in the BIOS update workflow, perhaps someone managed to penetrate the signing keys of most of the major BIOS manufacturers which would have allowed them to push out apparent BIOS updates to a wide range of computers. Or perhaps the attack involved vulnerabilities in the patch deployment servers of a significant number of motherboard manufacturers.
OK, just playing devil's advocate here... But what if:
1. Infection doesn't brick the computers, only a later payload in it
1. The malware self-patches the BIOS to prevent removal or duplicate infection
3. The malware was set to take instructions or be-triggered by some remote IP or site, which the NSA (or related agencies) were able to disrupt or occupy?
Still unlikely, but amusing to contemplate.
NSA, Supreme Protector of the UNITED STATES (Best STATES) composed six operas in two years,
NSA, Supreme Protector of the UNITED STATES (Best STATES) invented THE HAMBURGER In the year 2000
NSA, Supreme Protector of the UNITED STATES (Best STATES) was born under a METEOR and a DOUBLE RAINBOW
NSA, Supreme Protector of the UNITED STATES (Best STATES) Shoots 38 under par,5 hole in ones on first try at Golf.
This concludes tonight's propaganda broadcast.....
Oh and we forgot, NSA also foiled a plot by shameless criminals to destroy the economy.
If my comment didn't sound as good in your head as it did in mine, then I guess we all know who's to blame
It is called "C and C++ based software". Who did invent and then "give away" C and C++. Yeah, NSA contractor Bell Labs.
Never call the military guys stupid. 90% of time they screw over their civilian opponents. Then and now they even get the last laugh on the Banksters.
Since a legitimate BIOS Update, which leads to a working BIOS, takes place between a USB Stick, physically connected to a computer's Motherboard, whose O/S has been shut down, where exactly did the BIOS Update Workflow need to be fixed?
Trust when damaged, destroys security in 'free' societies.
When people and organisations lie, trust is damaged.
Perhaps a certain agency has lied* and perhaps they require a great deal of trust to operate in the manner in which they have chosen and in turn allow the trust to be found to be deserving of their efforts.
It's never too late, to be honest.
It is the American way , if you TRULY seek redemption, to
Firstly ; Admit the wrong doing.
Secondly: You must say sorry for the wrong doing and actually mean it and understand the WHY behind that which you did was wrong.
Perhaps some compulsory study of the constitution would reveal the why.
What happens beyond that differs with regards the scenario, however the trust will not be solid or real ever again without the first two things occurring.
Please don't bother to rail at me about 'how the real world determines this shall never happen given their line of business.'
The same goes for the Tech companies crying foul after they knowingly participated in immoral and probably illegal activities against their customers.
*: gone far beyond the traditional lies of omission of the truthes that the elected representatives seek of them.
I'd rather have dead computers than have the NSA around.
This sounds like the attack in South Korea from March this year. That targeted the MBR for the system crash delivery but the strategy is the same. originating IPs for that were in China, so experts would mention that whilst hastily trying explain the difference between an IP and a person. North Korea was considered the responsible state in that attack and would be a more likely culprit for developing this kind of tech. No criticism of the NSA for doing this work, it is what they exist for.
Could someone tell me what this has to do with the world wide information gathering program? Seems completely unrelated to me.
You have suggested we look at the hash-tag #badBIOS , to see the system in action, that deploys PC firmware updates via Windows. This is one of the several articles written on the Web about this, all from the same guy, who goes by the name "Ruiu": Suggested Link What I find the most dubious about all this, is the ability "to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed." Also note, "(badBIOS) has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps." Can I be forgiven for not taking such claims seriously? To the best of my own knowledge, (1) Actual BIOS updates are infrequent, not a part of any routine workflow. (2) Even though virus-writers can use them to cripple computers - via a running O/S - SysAdmins can't use them unless they shut down the computer first, precisely because they do not work as described in this article. (3) Attempts are frequently made to bypass Protected Memory on the O/S, to result in viruses gaining access to all the hardware. But this cannot - presently - be used to produce a changed BIOS which works normally. (4) Instead of using floppy disks, we use USB sticks today. We put a file onto that USB drive, which has the filename extension .ROM . It stands for 'a ROM Image'. And because some advanced File Systems require than special drivers be loaded, even in this day and age we format those USB sticks with FAT32, just in case.
(5) It's considered gauche, if there is even more than one .ROM File on the stick, even though technically, the BIOS itself, booted into admin mode, displays the .ROM Files in a list, for the user to choose from.
Since a legitimate BIOS Update, which leads to a working BIOS, takes place between a USB Stick, physically connected to a computer's Motherboard, whose O/S has been shut down, where exactly did the BIOS Update Workflow need to be fixed?
These days manufacturers, particularly for systems with UEFI BIOS, provide utilities that can update the BIOS of your system without booting special update software from physical media. For example, Dell offers BIOS updates that run from within Windows (although they do require reboots).
Besides that, there's the question of how you got the BIOS update in the first place, how you transferred it to a USB stick, how you verified the BIOS update was the correct one for your system. There is a workflow to updating BIOSs that begin with getting the update in the first place and doesn't end until you verify your system can boot from the new one. Modern BIOSs also tend to have built-in verifiers that can reject incorrect or false BIOSs. So even if I were to give you a BIOS update of my own creation, odds are without a deliberate attempt to defeat those security and integrity checking features your computer would not allow you to load my custom BIOS.
NIST SP800-147 specifically refers to standards to protect BIOS integrity, particularly against tampering or unauthorized upgrading. It also covers some of the whole of BIOS update workflow and process, both on the meatware side and the internal technical side.
In any case, if you think updating the BIOS on modern hardware requires a person taking special action with a USB stick and explicitly running a special flashing process, that's no longer true. Theoretically speaking, an attacker could craft malware that ran under Windows or Linux, reflashed your BIOS behind your back, and that BIOS would then take effect the next time you rebooted or power cycled your computer, and it could be crafted to occur without any obvious signs of tampering. *If* the attacker was capable of defeating the security measures designed to prevent such things from occurring, none of which are foolproof.
The logical conclusion is if this attack existed at all, it was more likely to be a vulnerability in the BIOS update workflow, perhaps someone managed to penetrate the signing keys of most of the major BIOS manufacturers which would have allowed them to push out apparent BIOS updates to a wide range of computers.
What you're telling me, is that when I booted my BIOS into Admin mode, after I had given the command to Windows to reboot, when I told the BIOS to Update to a .ROM File, which it finds in the root directory of the USB stick I just inserted, the existing BIOS should have checked the signature of that (new) ROM Image, before accepting it. And so a failure to enforce a signature, would become a failure in the existing BIOS. Which has already been shipped in millions of computers.
Well while this type of signature-checking does exist with Secure Boot, (a) it requires hardware-support at that, and (b) applies to operating systems, not BIOS ROM Images.
c'mon cold fjord, tell us what to think
patched...? ;)
with what??
actually, maybe it wasn't patched.
maybe the 'bug' is already fully deployed "in the wild"
and they just blocked the/a trigger en mass/en route.
I'm sorry that I argued against your idea so energetically - and ultimately falsely.
.EXE File, which is by far different from what I had to do (only in 2011, for a contemporary computer) using a USB stick and an .ROM File.
I suppose that my information is grossly out-of-date. In response to your most recent posting, I looked up this subject on the Web, and found an article which confirms what you are saying:
External Reference
In particular, this article states that a BIOS update can be performed in some cases, by double-clicking on an
But then I must also admit, that the possible answers to the whole NSA question change completely as well. Since the BIOS can be flashed behind our backs, there is indeed little allowing the general public to know whether 'The BIOS Plot' as such was real, nor what the NSA could have done about it. At that point there is some slight plausibility, even for the idea of the NSA having used that - or having used some other back door - to get into our computers.
But only by ruining the economy first.
Look, maybe you can find some nuance to where a branch of the military running an intelligence operation against the People it is sworn to protect and defend, does not qualify as treason. Rest assured the NSA is equally concerned with the subject, so you may want to let them know if you have some discovery there.
I happen to call that treason, and the documents of whatever nation in question are not particularly relevant to my definition. It is purest folly to have military specialists employed against their own society, in whatever form. The persons responsible for this program deserve to hang as traitors, and Justice will not be served by any lesser charge. May God have mercy on their souls.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
.. is a Cuckoo clock
We only need to respond with 2 words: Citation Needed.
Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com)
The U.S. economy has been increasingly and exponentially destroyed for decades now thanks to the Ronnie "Rape America" Reaganites and the glutenous elitist excesses of globalizing corporapists and banksters. How could malware destroy something that's already been nuked?
Malware isn't needed to destroy our economy. Our legislative & executive branches are up to the task.
Wolf! Wolf!
We can't allow malware to destroy the US economy. That is the job of the FED!!!!! And a fine job they are doing!
If China was behind the BIOS plot, aren't most all of the motherboards and their BIOS chips made in China anyway?
If a computer is "bricked" because the BIOS is faulty, have people forgotten that in the old days we could physically remove the BIOS and replace it with another. Looking at a new PC motherboard, BIOS chips are no longer replaceable. Maybe it is time American companies made the BIOS chips in America and made it so we can once again replace as needed.
Agrisea Tsunami - Epyc Servers... https://agrisea.net/products
Cyber terrorisism is not a surprise, in fact it should simply be expected. So long as countries see some advantage to attacking others either physically, or digitally such practices will continue. It is simply another form of warfare. The intention of doing harm in this way is only marginally less sinister than using actual bombs and bullets. Both such behaviours are in the long run counterproductive, costing billions in either inception of defense. When people starve or shelter in camps to escape civil war. When mistrust and malcontent create chaos and stimulate violence, it this kind of foolishness doesn't say much about the human condition.
There appears to be a lot of paranoid people on this site, paranoid about our own government. They should worry about the ChiComs and the other states that can take down our infrastructure, easily.
First off, a BIOS attack? Really? Welcome to the 1980's!
Secondly, Request for software update to attack BIOS? Have you tried to update your BIOS? It aint that easy and any bios made since the late 80's has safeguards to prevent BIOS updates in the way that's described.
Thirdly, to brick enough computers to ruin the US economy using a bios update would be practically impossible. Never mind that such an attack would have to target people stupid enough to apply updates to systems in locked server rooms. Good luck with that!
Quidquid latine dictum sit, altum sonatur.
But then I must also admit, that the possible answers to the whole NSA question change completely as well. Since the BIOS can be flashed behind our backs, there is indeed little allowing the general public to know whether 'The BIOS Plot' as such was real, nor what the NSA could have done about it.
The only way we would know, I think, is if someone at an actual computer manufacturer or other first-hand witness comes forward with knowledge that the NSA, or a proxy like NIST, actually contacted computer manufacturers about and advised a response to a security issue, or there's documentation somewhere about that effort somewhere in the public domain (even if the original reasons for the activity are obfuscated). I'm still not sure if the NSA isn't at least exaggerating in their assertions, something even security companies regularly do, I'm just not willing to dismiss the entire idea as impossible. What is possible today from a security vulnerability perspective is often apparently implausible until demonstrated. Cryptolocker would have been impractical in the days before untraceable Bitcoins. Modern IP PBXs make essentially untraceable phone calls possible for phishing attacks. Stuxnet would have been laughed off as science fiction ten years ago. I think BadBIOS is going to turn out to be a false positive, and not a supervirus, but the fact that people are actually debating whether its possible at all - and not coming to a general consensus - is in and of itself demonstrative of how we've become very conservative in the security community about declaring things to be impossible.
We once thought the NSA put a backdoor in DES, only to discover twenty years later they actually strengthened it against a form of attack we didn't even know existed outside of the NSA back when DES was invented, an assertion that would have been completely implausible until it was demonstrated. Its a shame the NSA irrevocably destroyed that goodwill a billion times over, because ultimately in the long run trust was the most valuable thing they possessed, and nothing they've accomplished or even claimed to have accomplished will compensate for that loss. There were always people who thought the NSA was evil, but at least most of us thought they were on our side. Regardless of whose side they think they are on, they've convinced the majority of people they are not on theirs.
Windows 8
The government in general believes the average american is either stupid or just plain gullible. Look at out secondary school math, science, history, etc. scores compared to other nations including those who are educated in communist china. Let's not forget the communist ideology still exists, particularly in china. They finally wised up to "capitalism" but have not (and are not to thus day) willing to abandon their communist political system. They still have the goal of conquering the world. Be it for the validation of the communist ideology or for global hegemony. They've just got smarter about how world domination is achieved, just watch the West. Money equals power. With powered comes domination. Why would china care if they undermine the western economies if their ultimate goal is ideological? To be able to claim they "defeated the west", regardless of how it's done makes no difference. Economically of militarily success is success. Look at how the U.S. bragged about defeating the "communist soviet union". It was one of Reagan's favorite claims. How was the soviets defeated? Financially. The Chinese are a little more "wise". They realized they could "allow" a freer economy while maintaining a communist power structure. What does debt mean to them if they are aiming for global domination in which they can call the shots as opposed to the U.S. Domination merely requires money and military. Whose the latest to land on the moon? Sure, the U.S. did it 30 some years ago, but then we abandoned space development (thanks to Nixon, Carter and Reagan). Why? Too costly. Well, whose got the money now? The Chinese have publicly stated they plan to put people on the moon. The moon has significant resource and strategic advantages. We don't have the money for it because the U.S. spends billions on "policing" the rest of the world. And the Chinese live us for it. They more resources they can "force" the U.S. to spend on global conflict, the fewer resources we can devote to space development. The U.S. doesn't even have the launch capabilities to put people into space. We have to pay the Russians millions of dollars every time they put one of our astronauts up to the International Space Station. Imagine that! The communist threat of past generations are now being paid by the "free world" to put humans into space. While the NSA spends billions on surveillance of everyone on the planet, for "national security". The real national security lies in self reliance and forward looking national goals.
"Those who can make you believe absurdities can make you commit atrocities." - Voltaire
Everything nice and dandy... but aren't almost all motherboards actually made in China?
so... what need would there be for the bad Chinese to create extra malware? They could just have dropped backdoors into each mobo and done.
And now that we talk of China: Why in Hell's name would they want to fuck up the economy of their own customers? I don't get it.
-- 29A the number of the Beast
This makes no sense whatsoever. Why on Earth would China want to destroy the US economy?! China is not at war with the US. On the other hand China has huge financial interests in the US (I believe China owns most of the US these days), and even if it didn't, the hit to the world economy if the US economy collapsed would be so large that China would be dragged down as well. There is no reason for China to want to harm the US economy and every reason for them to want to bolster it.
Could the NSA really not have come up with a more believable story?
"The attack would have been disguised as a request for a software update. If the user agreed, the virus would’ve infected the computer." Technically, this wouldn't be a virus, but a trojan horse. Imagine that - people involved in computer security found a trojan horse. Our tax dollars at work. Big friendly brother and all that.