Slashdot Mirror
Have a Privacy-Invasion Wishlist? Peruse NSA's Top Secret Catalog
An anonymous reader writes with a link to Der Spiegel, which describes a Top-Secret spy-agency catalog which reveals that the NSA "has been secretly back dooring equipment from US companies including Dell, Cisco, Juniper, IBM, Western Digital, Seagate, Maxtor and more, risking enormous damage to US tech sector." Der Spiegel also has a wider ranging article about the agency's Tailored Access Operations unit.
The NSA has been "secretly back-dooring" the American people for years.
The NSA will achieve the opposite for the USA, not more security but less, with the rest of the world now keen to do their own thing, the NSA are a loose cannon on a rolling ship.
Don't use US service providers. It should be obvious by now, but the reason why the US warn about all kinds of subversion and attacks is that they know what they themselves are doing to the rest of the world.
I own a Dell system and since purchase, once in a while, the hard drive starts churning. Perhaps this is why.
Jokes on them, though. I use the system for work and often read the news -- and that's about all I do.
The dangers of knowledge trigger emotional distress in human beings.
I know this is likely a done deal, but what thoughts do any of you have on Fedora Linux and its SELinux internals? This is worrisome because Fedora is the upstream for Red Hat and CENTOS and the basis for several distros. Can it be trusted despite the code being open? What about OpenBSD or FreeBSD. The BSD guys like Theo seem loathe to participate in anything approaching this kind of thing.
Thoughts?
If you actually go to the referenced article and read it you will see that these are exploits, not backdoors, and they apply to equipment from non-US manufacturers as well as from US manufacturers, for example Samsung and Huawei.
Good job slashdot. NOT. A nice raspberry for Der Spiegel too.
Even the delusionals that thinks of this is ok because "it is the NSA after all", it means that more people and agencies have access to those backdoors too, and more chances that it end in the hands of the guys with bad intentions, wherever they are or work for, using them for fun, profit or whatever.
I wonder what will do companies where their first line of "protection" is tools and hardware from cisco, juniper, dell or IBM (or engineers certified on them), now that is official that they are remote access tools for others, bury their heads on the sand or try something else.
At earlier convenience we need to tell to IT non-savy senators and congressmen. The backdoor is like an all purpose key. Now all the criminals and agencies will exploit this.
Such a simple explanation and analogy should be adequate to deliver the point.
I was working for a software company specializing in network security back in the post 2001 period. I recall that we had more than a few discussions with the unskilled egomaniac in charge of the marketing of that firm that many competitors were using their Canadian branch office addresses 'front and centre' in their marketing to the European market.
Why? Because one doesn't always want to be perceived as an American.
The myth of Americans with Canadian flag stickers on their passports is not completely false.
Well, he was horrified at the notion. In fact, if you want to see how existential angst can be suddenly manifest in someone's behaviour in an unexpected setting, try this. I expect that we'll see more of the same in the next year. Ultimately, countries will roll their own code, and have their own Silicon Valleys because of the national security issue. A few years ago I remember seeing an ad from I believe a Swedish firm selling routers and switches that were 'designed and built' in Europe with each unit only delivered to a physical address in Europe. Does anyone else remember this outfit?
---- The above post was generated by the Turing Institute. Maybe.
Looks like this is a loud and clear call for more intensive open source BIOS development.
Don't think for a second that these back-doors that companies put in at the behest of the NSA aren't also being used to the benefit of those companies.
So, if the NSA were shuttered tomorrow, what makes you think those back-doors are going to go away? How much is it worth to those tech companies to know exactly what their customers are doing? How much is it worth to their institutional shareholders?
See, the ugliest part of this is that it's a two-headed monster. Fight one head and the other one will come around and bite you. Both government and corporations have come to believe that they are beyond our reach, above reproach and entitled to everything you have.
You are welcome on my lawn.
How is the summary wrong, though? U.S. companies were apparently affected, and so the summary lists U.S. companies. That's perfectly correct. Omitting the fact that non-U.S. companies were also affected doesn't make the summary incorrect in any way. You can't "correct" a completely truthful statement like that in the summary.
And backdoors are merely a form of exploit. Really, "the eric conspiracy", and you to a lesser extent, are merely being pedantic dickwads with your comments, weeping like little nancies because your sense of nationalistic pride has been bruised. Get over it.
The summary is perfectly fine, and "the eric conspiracy"'s comment should not be at 4, Informative. It's -1, Flamebait at best.
Unfortunately I don't have the skill set and there doesn't seem to be any other way to support them.
If you have a machine that supports it, Coreboot could be a very interesting solution.
Learning HOW to think is more important than learning WHAT to think.
So all those shows we have mocked, like 24, csi, etc, because their tech "hacks the firewall" in 15 seconds were actually accurate? Crap. That changes some things..
What are we going to do tonight Brain?
All HDDs support ATA security. Its standard, its in hardware and it appears to be secure. ALL HDDs on the marked have those curious "bugs" that let you recover or bypass this password. All by accident Im sure :)
Who logs in to gdm? Not I, said the duck.
I'm not sure if the NSA seeking to exploit technology is particularly damaging to US firms. The NSA is seeking to exploit all technologies, not just American-based ones.
I think the part that does damage American firms, was the end of the second article. It read that the NSA has been redirecting the shipping of some computers to their address, installing software or hardware, repacking the device, and shipping it to the purchaser.
Strangely, complaining about government misbehavior doesn't fix anything.
Also, complaining to your elected representatives doesn't fix anything, since they're part of the problem, right?
So do you have any options left? Yes: one. Remove the elected representatives and build a consensus-based form of governance. While that is extremely difficult and time-consuming to do, it is the ONLY practical answer.
(I'll bet slashdotters can come up with 50 other potential solutions: but none that can be done without the help of politicians. So none of those count.)
So what do you say? Keep getting nailed from behind by your own government, or start working on the only possible solution. Which appeals to you more?
I didn't know about the backdoors in any of these so why would I know about the backdoors in anything else. I have no real problem assuming there are backdoors in anything and everything.
I think you guys deserve praise for fighting the good fight trying to expose and stop all the nefarious activity that the NSA partakes in but this is too exhausting for me. I care, but not enough to alter my buying decisions. Good luck to you guys but I'm out.
The biggest exploit the NSA ever created was a time portal back to the cold war.
Every country modernize their infrastructure will look inward to build their own because of paranoia of "the other side".
Those who think the answer is to not buy American should think again. For decades after WWII, a host of countries bought their teletype-like encryption gear from a Swiss company, thinking that as a neutral, it had to be free of backdoors.
Not so, many say. Money speaks very loudly. The U.S. and others apparently bought off the company's owners and were reading the coded traffic of dozens of countries. You can find a few details at:
http://en.wikipedia.org/wiki/Crypto_AG
Slashdot Poll: Which country is going to be first to call all the US/NSA actions by their true name?
I'd rather have the world's best spy agency than second or third best... You go NSA......
Do you want to nudge us when Snowden delivers something on China (regarding which he has claimed considerable expertise), Russia, or Iran?
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
I wondered why you hadn't joined the forces of people whining about how the antiamerican summary only refers to US companies while other countries' were listed (including China), but I guess if you harped on that you wouldn't be able to whine about how Snowden only releases dirt on Americans.
Man, it must suck to be wrong all the time, doesn't it?
They, along with the Koreas and Japan , and all other nation-actors, are completely irrelevant to the internal domestic threat that the NSA and their alphabet cohorts pose to our Constitutional rights and liberties.
Saying, "Everybody else does it." is absolutely no excuse. "Everybody else" can't attach my assets, get me fired, send thugs to ransack my home, or throw me in prison without trial.
We have lost the tech war. All our hardware are belong to them.
The only war left to wage is the legal/political one, and China and Russia have nothing to do with that.
Who cares about China? They can't send a SWAT team to my house. The US government can.
TFA does not give a link to this so-called catalog. Does anyone here have the link?
Why would the US government want to send a SWAT team to your house?
"loose cannon"? Bullshit.
Don't you think for one damn minute that the NSA is "off the ranch" with their programs. They were implemented at the behest of our beloved and benevolent leaders.
The "justice" branch (haha) just declared everything is just fine after all. The executive branch and legislative branch has already said time and time again that the NSA is doing useful and important work.
What really chaps my ass, is not that the government tells people these programs are for the so-called "war on terror" or that certainly, the government would never use it against non-terrorist, but the that nearly every poll indicates that most 'mericans fucking believe them!
I know they have done their best over the last 40 years to indoctrinate kids starting in kindergartener, but it is sad that so many folks just close their eyes and refuse to ask hard questions.
Think about it...forcing children to pledge allegiance to a government... It is fucking crazy. We are brainwashed never to question our masters, and it is working. Fuck, look at the shit your facebook friends post! That is a representation of America.
Disclosure, I feel I have the right to bitch. I did my 4 years in the services and about half that was in the shitty hotspots of the world keeping and eye on brown people.
You tell me.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
For both free and proprietary ROMs, we need checksums. Not just of BIOS chips, but of disk drives, ethernet cards, router flash memories and anything else one executes programs out of.
davecb@spamcop.net
To take his hard drives. Because they've put child pron on them, or some other "incrimination" using their toolz. And then to ruin his life... presumably because he knows something, said something, or pissed someone off enough to warrant that.
So; where's the pdf?
Who else are you going to buy a PC from? Are there other manufacturers in other countries that can match the US companies in output of machines? Being in the US, I don't see any information on other computer makers.
More misdirection. This tactic is so transparent and overused. Yawn.
> Get a clue, its not just the US/NSA that does this. They are just the ones that are getting beat up in the press.
Agreed. It's not just the USA. I guess it's OK, then?
Pffht.
Open Hardware. And NO. I'm not talking about smartphones or reprap controllers. From silicon, all the way to cli or gui. Open and freely distributable for the entire stack, and at enterprise level. Only variable then is your fab plant.
I know it won't happen within the next several years, but for trust at the infrastructure level to normalize, what other option is there to come back from such a position?
Another fail at reading and at editing.
NSA did not backdoor Microsoft/Cisco/Huawei... but did the most simple thing, same as worms/hackers do - they used exploits on various devices:
"it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei"
Backdooring was not wholesale for all equipment/software from a given vendor (which is what summary implies), but was installed for specific end users:
" intercept shipping deliveries. If a target person [...] agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies."
Slashdot editing jumped so many sharks it's largely worthless to read anymore, except for some insightful comments by users.
during 1999 when I applied for work authorization in the United States of America. Fortunately, my French-speaking girlfriend went La Femme Nikita (Peta Wilson) on them and we drove on through the international crossing.But I tell you that I was confused when she kept calling me Michael.
NSA's crack-job on Target to get account, credit card and pin numbers in order to harvest cash to bank role their "Panama Banana Plantations" in Maryland, Texas, Utah, London, Paris, Berlin, Beijing and Tokyo have come up dry.
Most accounts, cards and debit show typical balances over drawn to an average of 120% in a range of 10% to as high as 400%.
Dang. What's the use of a "Wish List" and no cash!
2014 is not looking any better as the illegal wars in Afghanistan, Pakistan and Somalia dry up with no cash return as well.
NSA should hire a Wall Street turn-around artist to give them a sustainable business model. Hay, Goldman Sacks!
There is a BIG difference backdoors and exploits.
In other news Spy agency actually knows how to spy.
You appear to be well conditioned. Snowden's misdirection seems to have worked on you. Have you learned how to jump through hoops on command yet?
This situation is insane there are so many controllers with field upgradable firmware and no meaningful security it is hard to make fun of overly paranoid who throw away perfectly functional hardware after having been hacked anymore.
I think one of three things needs to occur with my preference being option #1.
1. All firmware updates should be non-persistent applied by OS drivers when system/hardware boots.
2. Special boot menu and standardized interfaces provide exclusive avenue for firmware updates. Updates become impossible when system booted normally even with root access.
3. User controlled option to permanently blow a fuse preventing any firmware update functions without replacement of hardware.
Modern laptops and desktops come with remote administration tools built into the chips on the board. (The vendors tout this as a feature, simplifying administration of a large company's workstations. It's easier and cheaper to build it into everything than to be selective, so it's in the machines sold to individuals, too.)
One example: Intel Active Management Technology (AMT) and its standard Intelligent Platform Management Interface (IPMI), the latter standardized in 1998 and supported by "over 200 hardware vendors". This is built into the northbridge (or, in early models, the Ethernet) chip).
Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature.
You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.
If the NSA doesn't know how to use this to spy on, or take over, a target computer, they aren't doing their jobs.
Some of the things this can do (from the Wikipedia articles - see them for the footnotes):
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
The title / abstract seems to suggest (at least that's how I understand it) that the US companies are cooperating with NSA on planting backdoors into the systems, but that's not what the article says. The article says NSA is exploiting vulnerabilities in the products, which is something quite different. It also means the spy guys are probably attacking products from all main vendors, not just the US companies (BTW what portion of the main companies in this area are US based?), which IMHO significantly decreases the possible damage, which is yet another thing mentioned in the abstract but not in the article.
Backdoor into human mind through Remote Neural Monitoring/Electronic Brain Link to steal passwords and security certificates direct from the horse. Also hacks into PS/2, USB, DVI, WiFi, Ethernet, and Cellular signals remotely from space. Thank those "SIGINT/ELINT" satellites: http://www.oregonstatehospital.net/d/russelltice-nsarnmebl.html
Then there's the backdoor built into the Windows operating system itself since 1999, which is an actual NSA digital certificate: http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html
Then there's the backdoor that was exposed as being in AMD processors back in 2010, allowing all software and hardware security features to be bypassed, and unlocking secretive extra registers and other resources for use to run code in secret along side the actual operating system: http://hardware.slashdot.org/story/10/11/12/047243/hidden-debug-mode-found-in-amd-processors (nobody knows where the debug mode originated, or if it was really put there for the NSA to use.). Intel has similar debug modes, however no public information has been provided on how to use it yet.
Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature.
You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.
These things are quite spooky and potential security threat not many are aware of.
In most instances on Intel hardware you can effectively disable AMTs interface to the outside world by turning off the hardware virtualization (VT-d) feature in the BIOS. This feature is often the means by which physical wireless/wired interfaces are shared by AMT engine and main system. So while it is still there at least its not running an IP stack when the system is not booted or listening for TCP connections on ports the operating system has no idea exists.
One item on every computer user's wishlist would be to use some of that Internet metadata to identify the gang behind the Cyptolocker virus and have them rendered to some regime that will torture them to death live on Al Jazeera while the whole world applauds.
One critical aspect of the disclosures, court proceedings, congressional testimony and web debate is the true effectiveness of NSA. The latest judgical opinion starts off with presumptive assertions without factual support, just lots of nostalgic "what-ifs."
Truth be known, that NSA did not intercept nor warn of the Beirut Marine Base attack, Lockerbie 747 bombing, the 747 that went down of the Long Island coast, the Dept. of State Embassy bombing in Africa, 9/11, the bombing is Saudi, bombings in Russia (the most recent included), the "Shoe Bomber", the "Under-pants Bomber (ouch that gotta hurt)", the L.A. airport disturbance(s), oh remember the Boston Marathon incident, the Atlanta Olympics bombing, not even the Cessna that rammed the White House in 1994 nor 'Squeaky' attempt to shoot President Ford, and not even the Pakistani Mir Qazi who shot five CIA employees, two CIA officers were killed (1997).
Truth be told, NSA has a lot of explaining to do when it comes to the question, "where were you" during all of the above events, and just what the USA has gotten for all the dollars spent on the NSA.
These facts will be a bit inconvenient for the latest District Court Judge to swallow regarding NSA effectiveness. Yet the Judge's ruling levels the playing field: legal is as legal does and legal we can to them as well.
In most instances on Intel hardware you can effectively disable AMTs interface to the outside world by turning off the hardware virtualization (VT-d) feature in the BIOS.
But how do we KNOW this works? (As opposed to, say, the machine's AMT server no longer talking to remote clients unless the right encrypted hand-waving is done by the client to tell the server it's NSA calling - or the encrypted handwaving telling eavesdropping firmware to switch VT-d on and be cagey about it?)
If I understand it correctly, the AMT stuff is running on a separate ARM core. There's no reason (beyond software elegance) that this has to work through the normal virtualization mechanism, or that NSA wouldn't think ahead and either design it to work with its own mechanism or turn VT-d on but make it act like it's off, and spread the story about VT-d disablin a necessary underpinning of the feature.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
"When it comes to modern firewalls for corporate computer networks, the world's second largest network equipment manufacturer doesn't skimp on praising its own work"
..
Firewalls are next to useless given todays Oss that require randomly open ports and remotely downloading scripts/code in order to function, the security model is fundamentally broken
Where is this catalog? Link please?
At least let's make some money off these NSA programs by shorting tech stocks.
I have to wonder what the international repercussions of this are/can/will be? This seems to be growing from snooping on internet traffic (legality of which itself is a grey area for several reasons). Now, it seems that backdoors and exploits have been found and even developed in some software and hardware, which not only does damage to US firms responsible for implementing or being exploited by this, but it turns out that foreign nations were more or less being actively "attacked" in this way. I wonder how long it will be before someone equates an online attack, with a physical "bombs away" attack and responds accordingly, with real ammunition instead of hacking someone's PC (or probably including that as well). The US needs to be careful, and sadly, as much as I would like to see these programs shutdown, and re-constituted according to law, I have a feeling if that were to happen they would grow even bigger as a result...
Time to support the open router project! If we want to change the world we will need to rebuilt the internet from the ground up.. starting with the devices in our homes.
http://orp1.com/
A trustworthy, open-source software & hardware router
ORP1 is a high performance networking router that allows you to run a firewall, IPSec VPN (virtual private network), and a TOR server for your home network. Its easy-to-use web interface will make encrypted and anonymised communications for your entire network easier to set up and manage. Now you don’t need to be a geek to be able to ensure that every device you use at home uses the internet with privacy, whether it’s your home PC, smartphone or tablet.
You have a sick, twisted mind. Please subscribe me to your newsletter.
Dreams for the NSA - public leaks of
* affairs
* sexual exploits
* sexual oddities
* movie watching history
* tv watching history
* web browsing history
* email to/from/subject/date
* all text messages
* all official and non-official tweets
* checked out library books/references
for every Senator, Congress, Supreme Court, Federal and State judges, General in the Military, Captain and above of every Police Force, Major and all Presidents for the least 100 yrs.
Seems that if they want to spy on average citizens, then these "leaders" should be leading by example.
But how do we KNOW this works? (As opposed to, say, the machine's AMT server no longer talking to remote clients unless the right encrypted hand-waving is done by the client to tell the server it's NSA calling - or the encrypted handwaving telling eavesdropping firmware to switch VT-d on and be cagey about it?)
If I understand it correctly, the AMT stuff is running on a separate ARM core. There's no reason (beyond software elegance) that this has to work through the normal virtualization mechanism, or that NSA wouldn't think ahead and either design it to work with its own mechanism or turn VT-d on but make it act like it's off, and spread the story about VT-d disablin a necessary underpinning of the feature.
As far as I understand it AMT is defective by design all you need is a signed certificate from a CA recognized by AMT with a cert domain that matches DHCP advertisement to victim (Trivially accomplished) to establish full remote control there is not initially anything to latch/constrain to specific certificate identities therefore anyone who spends the money to obtain a certificate signed by a CA has ability co-opt any system not yet initialized (virtually all of them) which I find totally insane and very scary.
Obviously it is impossible to verify any of your points. To me it is enough that AMT is defective by design just as it is enough that Huawei router firmware is so poorly written as to be defective by design you don't really need secret backdoors when the systems can so easily be hijacked by design.
I can't verify CPU, HDD, GPU, NIC firmwares or the OS harbor intentionally compromised code planted by NSA or other intelligence agencies and bad actors. I would imagine the same coopting of the OS could be done via DPCs from a number of system internal sources without separate AMT infrastructure.
All I know if you disable VT-d the known established mechanisms by which you could interact with AMT over a wired or wireless network including any exploitable vulnerabilities in AMT's IP/TLS stack are not operative on systems I have tested. This is really what I personally care about.
I agree there ought to be a way to permanently disable AMT wholesale on all systems with the hardware and it should be disabled by default rather than enabled by default. We have other systems with IPMI which have this capability and get disabled via motherboard jumpers before the system is placed into production.
Technologies like AMT/IPMI are extremely dangerous by themselves even if you assume no NSA backdoors. Even if the operator is aware of their existence they are almost always neglected and forgotten by both users and hardware vendors alike.
So what. Have something to hide?
I agree with your points.
I also agree that, regardless of whether disabling VT-d keeps NSA out of AMT (or equivalent) or if they have some personal back door associated with it, shutting it down is still very useful: It closes this barn door to all the other bad guys who don't have any "extras" and use it as you describe.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way