Have a Privacy-Invasion Wishlist? Peruse NSA's Top Secret Catalog

An anonymous reader writes with a link to Der Spiegel, which describes a Top-Secret spy-agency catalog which reveals that the NSA "has been secretly back dooring equipment from US companies including Dell, Cisco, Juniper, IBM, Western Digital, Seagate, Maxtor and more, risking enormous damage to US tech sector." Der Spiegel also has a wider ranging article about the agency's Tailored Access Operations unit.

And that ain't all

[NoNonAlphaCharsHere]

The NSA has been "secretly back-dooring" the American people for years.

And Ultimately

[mrspoonsi]

The NSA will achieve the opposite for the USA, not more security but less, with the rest of the world now keen to do their own thing, the NSA are a loose cannon on a rolling ship.

Re:And Ultimately

The NSA has already achieve the opposite for the USA

There FTFY... Talking to non IT people, the thing that most people don't seem to have understood is that Snowdon and hundreds of administrators from private contractors like him had uncontrolled access to all of the data. Those people will for 100% sure include some spies from hostile powers like Russia, China and North Korea. Some of those people will have already extracted data. People working for the NSA and DOD wrote the orange book about this. They have no excuse to pretend they didn't know that gathering all this data together would be dangerous.

The real thing that the NSA and GCHQ are trying to hide, is not the spying. It is that they were caught seriously endangering their countries for profit.

Re:And Ultimately

Since the public record indicates that the vast majority of terrorist attacks that the NSA has helped stopped are overseas

You could even say 100% of them are overseas and be correct. 100% of zero is still zero, though.

The NSA has not stopped any attacks.

Re:And Ultimately

[cold+fjord]

You are quite wrong about that.

NSA helped foil terror plot in Belgium, documents, officials say

The Belgium plot, though not confirmed to be one of the 50 that relied on the recently revealed secretive NSA program to monitor online messages, appears to fit the bill.

On December 11, 2008, Belgian authorities arrested an al Qaeda cell in Brussels that they feared had been planning a suicide bombing attack.

An intercepted e-mail from one of the cell members to his ex-girlfriend indicated he was about to launch a suicide attack. A defense lawyer in the case told CNN that prosecutors at trial acknowledged that the United States intercepted the communication and passed it to the Belgians.

Re:And Ultimately

[paiute]

Belgian authorities arrested an al Qaeda cell in Brussels

They could have arrested four taxi drivers playing cribbage in the back room for all we know.

Re:And Ultimately

[gweihir]

The NSA has also pointed out this way how atrociously bad commercial "security elements" typically are. I foresee that the market will change and not for the better for the US. But overall, I disagree. This is going to make us all more secure (well, maybe not anybody in the US), because economic espionage by the NSA is now a clearly visible reality that everybody has to defend against. And the NSA is not using any magic, just standard criminal practices on a large budget. That commercial firewalls are not that secure has been obvious to experts for a long time.

Re:And Ultimately

[cold+fjord]

I see that Belgium seems to have a problem with "cribbage."

Belgium: Terror Suspects Convicted, Sentenced
Belgium | Al Qaeda's New Front

Re:And Ultimately

[GodGell]

Nice metaphor

Please don't tell me it's new to you...

Please, don't be an asshole, at least not for good reason.
Why you would think one particular ancient metaphor in one particular language must be known by all the 7 billion people in all corners of this planet is beyond me.

(You do know you're on the Internet, don't you?)

Re:And Ultimately

[GodGell]

*without good reason, that is. (Feel free to bash me for that one.:])

Re:And Ultimately

Not GP here.

While it's not new to me (thanks to my neurotic love for historical-fiction set in the day of Nelson)...

Yeah. Most people aren't even remotely aware of how many common phrases come from our maritime past, let alone are familiar with metaphors that have widely fallen out of use.

This is literally the first time I've seen "loose cannon on a rolling ship" in about five years. Sure, it's the full-length version of, "loose cannon" - but since the latter part has long been cut off, your average person hears, "loose cannon" and thinks, "Guy who's about to explode. Like a cannon. I dunno what the loose part is about."

Re:And Ultimately

[Jah-Wren+Ryel]

Since the public record indicates that the vast majority of terrorist attacks that the NSA has helped stopped are overseas, outside the US

Even a broken clock is right twice a day.

Let it be known that uber-con cold fjord has acknowledged that the NSA's domestic meta-data program (section 215) has stopped zero terrorist attacks inside the US and that the overseas meta-data interception program (section 702) has "helped" to stop one, perhaps two attacks in the US.

215: We Found None

702: Only One, Perhaps Two

Re:And Ultimately

[paiute]

Have we already acquiesced to the NSA's desired reality?
Were these criminal activities which could not have been prevented by old-fashioned police work done within the law or were Orwellian-scale intrusions absolutely necessary?

Re:And Ultimately

[VortexCortex]

A scientist would say: Prove their evidence is real.

They lied to congress, and have a a long history of evil. It would be foolish to trust anything they say. See, that's the thing with secrets and lies: You can never trust anything they say to be true. "Oh we're strengthening security." Prove it -- Could be weakening security instead, we don't know because: Secrets. Oh, so they say these guys are terrorists? Prove it. You'll have to use independent evidence -- not like digital records can't be fabricated, what with all the routers and systems backdoored or exploited. They could have written the damn email from the guy's system themselves at a whim. These spooks are real creeps, tasked with socio-political control, not safety. What they do is target "radicals". They thought the Civil Rights Movement was "radical". The Privacy Rights Movement is considered "radical" too, especially since it requires an end government secrets. Everyone knows the atrocities the CIA gets up to, you think any of theses guys have qualms about silencing "radicals" any way they can?

Anyone think these programs are beneficial? That's an unproven claim. Disprove the null hypothesis: No secret spy organization can be proven to be beneficial. They can't be proven to be telling the truth. A secret oversight committee just moves the problem around.

You're 4 times more likely to die from lightning strike. The flu kills six times more people than a 9/11 scale attack every ear. Cars and cheeseburgers have killed Four Thousand times more lives than a 9/11 scale attack since 9/11. The cost to benefit ratio of the spying programs is ridiculous. Life is dangerous: There are risks that are acceptable. If we're brave enough to drive the kids to get a Happy Meal, then what possible fear can we have of a minuscule in comparison terrorist threat? Even if all 50 of those supposed bombers would have gone off, they'd still wouldn't justify the cost to privacy, freedom, and trust in our governments -- Falling down in the shower is more dangerous than terrorists. Where's the free government bath-mats if terrorists are such a big concern? Mutually assured destruction means big countries are no threat. The cold war didn't end, the military industrial complex just turned on its own people in secret. Everything Eisenhower warned us about came true.

The very word 'secrecy' is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths, and to secret proceedings.
- John F. Kennedy

What a "radical" thought.

Re:And Ultimately

[ememisya]

Sure, and if you remember during WWII it wasn't just the Germans killing Jews, others also joined in, "others are doing it" is no excuse for a government agency but rather a teen trying to drink alcohol. The point is it seems to me like the agency is out of control, they aren't accomplishing anything and hoovering up billions to catch imaginary enemies. They are creating hatred within our borders by infiltrating World of Warcraft etc. it's just bunch of wannabe geeks when being geeks became cool, who simply use the tools given due to a really extensive budget.

Re:And Ultimately

[sumdumass]

That would be hollywood's rendition of the tale. The always used to label someone as a loose cannon (usually a cop of some sorts) who then goes against the rules and tears a bunch of shit up while trying to get one guy.

Re:And Ultimately

[sumdumass]

I seriously doubt it. Serious terrorist don't really break the law and become subjects of scrutiny by the authorities until after they break the law. In other words, they are meticulous and methodical in setting out to do what they are doing and you often will not know anything about it until after it happens unless some connection is created somewhere that draws attention to them.

Of course this is easier accomplished in some countries then others, but the end result would be the real old fashion type police work where they show up after the fact and look for someone to blame.

Re: And Ultimately

[Jah-Wren+Ryel]

Your local police don't stop crime, they respond to it, and deter some amount of it.

Secret programs don't deter anything.

Re: And Ultimately

[HiThere]

The difference is that the NSA is a single source where you can get everything. Like a shopping mall. It may be a bit harder to crack, but it's a lot more rewarding...so expect that some people who would find it rewarding have done so. Some of them just pass it on to their governments, others would sell it over and over.

And, of course, for the NSA there's already and existence proof.

Re:And Ultimately

[HiThere]

Sorry, but in that particular agency many of them ARE geeks. And they show all to poor judgement of young geeks in a social setting. But they do it with the power to commit major felonies (despite the current court ruling) rather than just smoking pot or drinking underage.

The whole damn agency needs to be disbanded, and the managers prosecuted for, at least misfeasance, probably both malfeasance and many other crimes (illegal wire-tapping comes to mind). Yes, we need an agency that does much of what they do, but not the illegal parts and not the unconstitutional parts. And I don't care what their privately owned "secret courts" say, much of what I've been hearing violates privacy and constitutes illegal search and seizure. (And, unfortunately, these garbage rulings haven't only been coming from their special courts, but even if the Supreme Court says it's constitutional, that doesn't turn black into white.)

Re: And Ultimately

[buck-yar]

They don't even have to respond. http://en.wikipedia.org/wiki/Warren_v._District_of_Columbia

Most of the school/mass shootings, they first set up a perimeter. Clearing the building comes later, usually after everyone is dead.

Don't buy from US companies

Don't use US service providers. It should be obvious by now, but the reason why the US warn about all kinds of subversion and attacks is that they know what they themselves are doing to the rest of the world.

Re:Don't buy from US companies

[Desler]

Huawei and Samsung are US companies? Because if you read the article these things are not limited to US companies despite the implication of the summary.

Re:Don't buy from US companies

[fatphil]

Alas it's rather hard to avoid intel & AMD for those who are tied to the architecture.

Now my Alpha's long dead, and my POWER is getting rather long in the tooth, I suspect my next purchase will be a Loongsoon-powered box.

Note that the mention of Samsung in the article is a little bit wrong - they sold their HDD division to Seagate (a US company, modulo tax-evasion) in 2011. Whether their SSDs are compromis{ed,able} is another matter.

Re:Don't buy from US companies

[Lunix+Nutcase]

How is it wrong? The article is about a 2008 document. It was merely reporting what was in it.

Re:Don't buy from US companies

[Desler]

Because all Samsung HDDs poofed out of existence once they sold the division? So, as mentioned this is a 5-year-old document being written about which clearly predates that sale.

Re:Don't buy from US companies

[mikael]

From what I remember, Samsung disk drives didn't implement SMART (Self-Monitoring, Analysis and Reporting Technology)
It would tell you useful things like how many times your disk drive had been powered up and down, longest seek time, number of bad sectors, highest temperature, longest spin-up time. Just about everything a sys-admin would ever want to know.

http://en.wikipedia.org/wiki/Comparison_of_S.M.A.R.T._tools

Re:Don't buy from US companies

[nurb432]

Get a clue, its not just the US/NSA that does this. They are just the ones that are getting beat up in the press.

Re:Don't buy from US companies

[Desler]

No, they aren't the only ones. Just the most insidious party.

Re:Don't buy from US companies

[fatphil]

OK, the article itself is not wrong. I just didn't want people to jump to the conclusion that because a modern HDD says "Samsung" on it, it's not a US device. (In the context of "Don't buy from US companies", i.e. this sub-thread.)

It was unfortunate that the article mentioned the US-iness of those manufacturers, so I conflated the two sentences and caused confusion.

Re:Don't buy from US companies

[AHuxley]

For this to work you would need a world wide network for the ability to get your code in and the information out. Very few countries have access to the telco networks globally to do that, to hide and keep upgrades in place.
Where is the "beat up" in the press? The exploit news? The way it gets in, the data out past firewalls? The ability to get past reinstalls/rebooting?

Re:Don't buy from US companies

Get a clue, its not just the US/NSA that does this. They are just the ones that are getting beat up in the press.

Yeah. Cut them some slack. Everyone else is doing it. A real patriot would understand that they, unlike the foreign agencies, are doing it for the good cause anyway.

Re:Don't buy from US companies

[noh8rz10]

naive. if US is doing this, then Chinese and Russians are doing it too.

Re:Don't buy from US companies

[noh8rz10]

cmon. nobody saying it's right what the NSA did, we're just saying that it is naive to think that US is alone in this regard.

Re:Don't buy from US companies

Samsun's SSD & HDD firmware was written jointly in US & Korea, with US code patches coming from Samsung Information System America (SISA) in Silicon Valley. This ended in 2013 when Seagate bought Samsung's HDD division in 2013 and fired all the HDD engineers at SISA. Samsung's SSD firmware is still a joint effort.

Re:Don't buy from US companies

[Deadstick]

No, they aren't the only ones. Just the most insidious party.

No, just the ones who got caught.

Re:Don't buy from US companies

[ebno-10db]

Or at least they're trying to. I wonder how good at it they are. The stuff described in the article seems mostly like sophisticated malware, which requires brains but no sophisticated hardware. That sort of thing is a traditional Russian strength, but I wouldn't be surprised if China is good at it too. It would be interesting if we could compare the capabilities.

Re:Don't buy from US companies

[houghi]

The rest of the world does not go around shouting how they are the land of the free and that they are the world police that will bring said freedom to others. (By force other any other means.)

Re:Don't buy from US companies

[Bert64]

Alpha was american too, as is POWER...

I have tried buying Loongson hardware, but very little of it actually seems to be available... Only some of the older stuff which is probably slower than your POWER and Alpha kit.

Re:Don't buy from US companies

[Carewolf]

i wonder if many companies were listed from around the world, but spiegel focused on US companies because the anti-american angle works well for them.

It is not the Spiegel that wrote the slashdot summary, it is the Spiegel that wrote the article that includes the non-American companies, and the American Slashdot that only included American companies. So how about rethinking your comment?

Re:Don't buy from US companies

[YumoolaJohn]

It doesn't matter what they go around shouting; if they do similar things, then they too have problems that need to be fixed.

Re:Don't buy from US companies

[Runaway1956]

Alright, Phil - help me to understand the logic here.

We've been told for a long time now, that all our hardware is made in China. And, that China is engineering back doors into all that hardware. It's been a common mantra, threaded into all sorts of news articles and doomsday prophecies.

So, now that we know the NSA is back dooring all sorts of hardware, you've decided that you would prefer to have China holding the keys to your back door?

It might be safe to bet that the hardware that China built their back doors into probably have duplicate keys, hanging on the key rack at NSA headquarters.

Not bashing you here, I just want to understand your point of view. Is longsoon really the best way to go?

Hey, we could check out what Siemens is selling - no one will mess with European chips, right? Oh, wait - the Israelis are all over that one already . . . .

Re:Don't buy from US companies

[drkim]

cmon. nobody saying it's right what the NSA did...

Well, one guy did, and he's a U.S. District Court Judge.

"Judge Rules NSA Phone Surveillance Is Legal"
http://www.nationaljournal.com/technology/judge-rules-nsa-phone-surveillance-is-legal-is-a-supreme-court-intervention-inevitable-20131227

We will have to say what the 9 supremes say.

Re:Don't buy from US companies

[fatphil]

> Alpha was american too, as is POWER...

Nor do I say otherwise. I was merely demonstrating my willingness to avoid x86.

Yeah, loongson's not exactly floodying the market with earthshattering specs and commodity pricing. However, for me, http://www.tekmote.nl/Loongson-3A-Notebook would be an upgrade laptop-wise. (But I wouldn't be willing to stretch to even that reduced price.) However, at my age, and with my interests, my main interest would be smaller-quieter-leaner rather than more raw grunt. I may never buy an actual "desktop" machine again. Rendering a dozen or so xterms is all I need most of the time.

Re:Don't buy from US companies

They did on their rotating drives; Both the drives in my desktop are Samsung (500Gb and 1TB), both are running with SMART enabled.

Re:Don't buy from US companies

But thinking is so haaaard! It's so much easier to simply assume that the whole world hates 'MURICA and that they're just america-bashing hippie treehugging socialists.

Re:Don't buy from US companies

[fatphil]

Much of the US-branded kit is fabbed and manufactured in China, yes. Occasionally ipods (iphones?) ship with MS Windows viruses because of this. However, that was sloppiness rather than malice.

The reason I'd be interested in a Loongson Lemote box is that it does have a remarkably open design at almost all levels. You could create your own version of the processor on an FPGA if you so desired. The same isn't true of intel, AMD, NVidia, Freescale, TI, Samsung (or any ARM SoC vendors) etc. I think several generations of Sparc are equally open too, you'd have to check opencores. The layer above the hardware - the BIOS - is also open in Lemote (Loongson) devices. And of course you can run your own (open) OS on top of that. I don't know of any more open device. It's the best way to go if you're Richard Stallman, certainly (it's what he's used and recommended for half a decade). For anyone else, YMMV.

If I was the NSA and I wanted to make sure there was a way to get into a Loongsn device - I'd aim at the AMD chipset that it uses. If you control the flow of all data, you effectively control everything.

Nothing's 100% trustworthy. I like strength through depth though.

I appreciate that this doesn't answer your question particularly well, but it just some closely related thoughts.

Re:Don't buy from US companies

[93+Escort+Wagon]

READ THE ARTICLE.

These aren't pre-installed back doors - the NSA is hacking their way in. And it's not just American equipment (and, interestingly, there's no mention of Apple).

Re:Don't buy from US companies

[newbie_fantod]

Thank heavens no German tech. companies were implicated.

Re:Don't buy from US companies

[Guy+Harris]

Thank heavens no German tech. companies were implicated.

No tech companies were explicitly implicated at all; the article says

A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.

Huawei is not at the top of my list of companies that would put in back doors for US access. ANT, from the Der Spiegel article, appear to be breaking into systems not necessarily designed to be broken into by the NSA.

Perhaps some of the tools exploit back doors put in deliberately for the benefit of the NSA. Perhaps some of them exploit back doors put in deliberately for the benefit of other agencies, including agencies that do not view the NSA as friendly. And perhaps some of those other agencies are exploiting back doors put in for the benefit of the NSA....

And perhaps other tools exploit security bugs not put in deliberately.

Re:Don't buy from US companies

[nurb432]

Did i say it was Ok? No. I didn't.

What i'm tired of is blaming ONLY the NSA, people need to wake up to the fact that its a global issue.

Re:Don't buy from US companies

[Guy+Harris]

READ THE ARTICLE.

These aren't pre-installed back doors - the NSA is hacking their way in.

That seems to be the implication of the article, although that doesn't rule out pre-installed back doors as well.

And it's not just American equipment

Including equipment from Huawei, which I suspect is unlikely to have back doors installed at the NSA's behest, unless the NSA and the The Ministry of State Security of the People's Republic of China are cooperating on that.

(and, interestingly, there's no mention of Apple).

There's also no mention of HP or Acer, so the lack of a mention of Apple might not have any special significance.

Re:Don't buy from US companies

[VortexCortex]

Get a clue, its not just the US/NSA that does this. They are just the ones that are getting beat up in the press.

Yep, it's too bad the NSA doesn't actually protect national security, and is instead just ensuring all the other state sponsored enemy spies can get at more info than a contractor like Snowed did.

Imagine what it would be like if the government wasn't allowed any secrets or wiretaps. Our public policy would be the same policy we actually furthered around the world -- We wouldn't have to worry about diplomats making secret arms deals behind our backs; If such things were actually required to save lives then we'd understand the circumstance. The only reason we can't trust their actions is because secrets mask their motives, even when they are on the up and up.

We have amazing spy satellites launched via the biggest rockets in the world already. They would simply have more funds to split with NASA and be more benefit to actual security, science, disasters relief, while ensuring no force can make a move against us without us knowing instantly. They could even map submarines from space with ground/water penetrating radar. Better space collaboration would ensure decommissioned tech helps the space exploration initiative. No spies can threaten a government without secrets.

If the NSA were actually protecting the national security of America then they could be tasked with finding all the backdoors in the hardware and software. No one could put backdoors in for fear the NSA would find out, publish it, and ruin their business. Today they stay silent and let the public purchase systems the NSA likely knows have been compromised by enemy spies -- This saves the NSA time: They can just use the existing backdoor instead of put their own in. If the NSA weren't allowed secrets, they'd be eliminating exploits instead of leveraging them and our hardware, firmware, and OS's would be more secure. Eventually other governments would have to start up their own programs of outing intentional exploits just to ensure their people they weren't compromising public security. In addition to the Space Race, we'd have a Privacy Race, where competition would be in building the most secure systems. Public and private sector security experts could be assisted with new tools to show where flaws lie. Security would be a selling point and methods of provable security would be devised (I have done so myself on small scales). Computers and programs have finite state, so provable security is not impossible: Instead of spying the data centers and supercomputers could be tasked with hardening all the hardware and software. People would buy the USA security endorsed systems with pride. We'd have less identity fraud -- one of the most prevalent crimes. Conspiracies could be silenced through truth not ignorance. If we outlawed government secrets and required scientific evidence that their programs were helpful not harmful then we could trust our governments more than any citizens ever could before.

Sadly, we're too primitive and politically oppressed to apply the simple Scientific Method to governance. None can have assured trust or security from prying eyes because we allow the government to have secrets. That the priority of secrets is valued above security by the spies is obvious and evidenced by the way they compromise security and do not inform the world that we are buying insecure products. They risk spies accessing more than Snowden ever dreamed due to the priority they place on secrecy over security in their digital spying programs. These secret programs aren't getting beat up nearly as bad as they should be in the p

Re:Don't buy from US companies

[BlueStrat]

Well, one guy did, and he's a U.S. District Court Judge.

"Judge Rules NSA Phone Surveillance Is Legal"
http://www.nationaljournal.com/technology/judge-rules-nsa-phone-surveillance-is-legal-is-a-supreme-court-intervention-inevitable-20131227 [nationaljournal.com]

We will have to say what the 9 supremes say.

well the other judge is saying it's not ok so your judge can stuff it

Well, since we had the "Dancing Itos" http://youtu.be/XQPVA2bGsB4

I guess now we'll get the "Goose-Stepping Pauleys".

Strat

Re:Don't buy from US companies

[rtb61]

When the leading target is political extortion, I don't want anyone to have the keys except the voting public. The reality here is the NSA was actively seeking to target as many foreign politicians as possible in order to extort compliance in favour of US military industrial complex partners, creating as many traitors as possible in order to cripple any country that competes in any way with US for profit interests, screwing over those countries citizens, regardless of the harm produced, in favour of US partner profits.

They have long since stopped being a US security organisation whose main focus was meant to be to secure US IT infrastructure and have become an all out criminal organisation who goals where more power for the organisation and it's partners and who declared war on other countries economies and democracy. They have become the enemy far worse than the terrorists they pretend target.

Re:Don't buy from US companies

[fatphil]

> READ THE ARTICLE.

I DID.

> These aren't pre-installed back doors - the NSA is hacking their way in.

YES. THAT'S WHY I WANT AN OPEN CORE DESIGN, AN OPEN BIOS, AND AN OPEN OS.

Dell

[mfh]

I own a Dell system and since purchase, once in a while, the hard drive starts churning. Perhaps this is why.

Jokes on them, though. I use the system for work and often read the news -- and that's about all I do.

Re:Dell

[K.+S.+Kyosuke]

How would a disk go about compromising my system? Does it contain a secret radio transponder?

Re:Dell

[daem0n1x]

Have you been working in "questionable" things? Have you been reading "improper" news? If you did, they know it.

Re:Dell

[worf_mo]

Jokes on them, though. I use the system for work and often read the news -- and that's about all I do.

I'm not sure who the joke's on, though. Now they know where you get your news from. And let me tell you, those commie articles don't go down too well with them!

Re:Dell

I'm surprised you couldn't come up with at least some possibilities on your own, K. S. Kyosuke. I always thought that you were a smart cookie.

One obvious one is that the disk's firmware is updated to detect and modify critical Windows executables, DLLs or drivers with some additional code to send out information to remote servers once a network connection is detected, or perhaps to introduce flaws that can be exploited easily. The same could be done for Linux kernel binaries or modules, too, of course.

Another pretty obvious one is that the disk's firmware alters log files to remove any traces of intrusions, making it appear as though no intrusion has occurred.

I'm sure there are many, many other ways that I haven't thought of.

Re:Dell

[peragrin]

randomly sends data to the network card without going through the CPU first.?

My 2009 macbook randomly wakes up and processes some data for about 5 seconds and shuts off.

two reinstalls, and I still can't track it down. fortunately I just turn off the wifi when I put the machine to sleep. it still does it, but at least I know it isn't sending anything to anyone.

Re:Dell

[AHuxley]

Its depend if your air gapped or networked. if you are networked, the code enters, easily getting past very expensive 'protective' firewalls and hides deep avoiding any reformatting, reboots.
Later information is passed back out the now 'open' network as with any malware.
If your air gapped, physical access might replace a USB cable (keyboard) that RF (transits) the data.

Re:Dell

[noh8rz10]

"commie" -> "slashdot

Re:Dell

[ColdWetDog]

My 2009 macbook randomly wakes up and processes some data for about 5 seconds and shuts off.

two reinstalls, and I still can't track it down.

Just watching a little TV while you sleep. You have a problem with that? It works hard for you all day and you're hassling it for getting a little R&R?

Re:Dell

[gweihir]

It can do any number of things, but they have to be pre-arranged, as the disk cannot access main memory. It can, for example, inject code into the boot-loader or compromise known executables. The firmware compromise is not really necessary, but it can help disguising things. For example, with a firmware compromise you can do things like boot-code compromise only if the power went up less than a minute ago or if there was a reset shortly before. Then anybody reading the bootloader to verify it will not see the compromise. A BIOS-attack would be doing something similar, but without the possibility to hide so easily. (If these things become widespread, I will start to verify my BIOS regularly with an SPI adapter. No way to hide from that.

Full disk encryption with boot from a non-writable medium (kernel and initrd on CD in a non-burner drive, for example) will neutralize a compromised disk firmware pretty effectively or alternatively protect the boot-loader against manipulation. Of course "they" could then try to compromise the CD drive...

Still, the NSA is not magic. They do not even have the best hackers, just those with the biggest egos ans smallest morals. These tend to be rather mediocre. No, the problem is that PC security sucks badly and that you can break into almost any standard installation if you throw enough money at the problem. My guess would be that even a restrictive firewall configuration on a Linux firewall keeps them out reliably. Of course, if you use Windows, they can just get past that with the update mechanism and with active help from Microsoft...

Re:Dell

[Bert64]

Modifying OS level files would be defeated by software based disk encryption, as the hdd would have no idea what data it was storing...
Ofcourse a backdoored HDD could always present the host system with a malicious boot sector, but again this would be defeated by having an unexpected system architecture...

Re:Dell

[Bert64]

You sure this isn't an Apple feature called "power nap", the system wakes up and downloads updates, checks for new email etc, then goes back to sleep.

Re:Dell

[deconfliction]

fortunately I just turn off the wifi when I put the machine to sleep. it still does it, but at least I know it isn't sending anything to anyone.

And you are 'turning off' the wifi exactly how? Disconnecting the antenna, or trusting the software switch? (as opposed to a hardware switch interrupting the power or antenna, wouldn't that be a nice feature...)

Re:Dell

[K.+S.+Kyosuke]

What would you need a boot sector for?

Re:Dell

[K.+S.+Kyosuke]

Airgap and encrypt. (The disk doesn't even need to know what gets stored onto it, now does it?)

Re:Dell

[Conqas]

Someone has actually done this: http://spritesmods.com/?art=hddhack The article describes (in great detail) how the author modified the firmware of a harddrive to monitor for certain data, which essentially works as a key. Once it receives that key, it starts to do nasty stuff.

Re:Dell

[93+Escort+Wagon]

Turn off "allow Bluetooth devices to wake this computer" - that will probably fix it.

Re:Dell

[robot5x]

thanks for the link, its fascinating stuff

But how on earth can I tell if my HDD is up to no good? Is it even possible?? I'm thinking like checking firmware revision or logging activity or something.

Honestly, the thought that my own hardware might be compromised is quite disturbing.

Fedora Linux Question

I know this is likely a done deal, but what thoughts do any of you have on Fedora Linux and its SELinux internals? This is worrisome because Fedora is the upstream for Red Hat and CENTOS and the basis for several distros. Can it be trusted despite the code being open? What about OpenBSD or FreeBSD. The BSD guys like Theo seem loathe to participate in anything approaching this kind of thing.

Thoughts?

Re:Fedora Linux Question

[slew]

Nearly all the stuff they are talking about requires your machine to be compromised somehow (virus/malware allowing malicious code execution). Once that happens, it's game over. It's just that the NSA has considerable resources to both attack a OS network access (looking for zero-day equivalent exploits to do that), and open source probably just makes it easier to look for likely problems in the source code (instead of trying to steal the source code from some company or disassembling the code).

The way to protect yourself is to make your own distribution that doesn't show up on their radar (they don't have infinite resources to attack everything, just the most common stuff).

The thing that they are actually talking about in this article is once the OS is compromised, the NSA has developed attacks on the firmware of many commonly available peripherals (e.g., routers, drives, etc) to insert compromises that live underneath the OS (and thus undetectable by the OS). The other articles talk about intercepting packages and actually physically compromising the firmware of these peripherals in transit.

Re:Fedora Linux Question

[mikael]

Where do you start explaining? You have a huge stack of software going from the GUI applications with plugins at the top, going all the way down to the NIC device drivers and firmware at the bottom. You can easily inspect network device drivers, they don't do much except read and write data out to ring buffers, but even then they had some issue with automatic scattering of data via virtual memory (an optimization that kernel security people didn't like). You can add hardware firewalls to your system, but then this article says they can be tunneled through.

Some PC hardware even has a wake-up feature using magic packets. The network card remains powered up even though the rest of the PC is powered down:
  http://en.wikipedia.org/wiki/Wake-on-LAN

You can disable all the server applications that open listening ports on your PC, but it's easy enough for hackers to tunnel network traffic through essential procotols like Ping and DHCP via a remote proxy server. Since the BIOS itself can be rewritten, any built-in system monitoring software could be compromised as well (game PC motherboards have a hardware based network traffic monitoring overlay that shows upload/download times).

Malware doesn't even need to be any particularly sophisticated. There are dozens of Linux applications that allow you to set up your own server for personal data (your video library available across the Internet) and are script controlled. It only takes one mis configured variable such as the root directory and anyone can take control of your PC. Even if an application is clean and has no bugs, the availabilty of a plugin service, allows anyone to write malware.

Re:Fedora Linux Question

[zAPPzAPP]

Assuming that the OS in question is often Microsoft Windows, what makes you think a virus/malware is required in order for the NSA to compromise it?

Re:Fedora Linux Question

[AHuxley]

You would need a trusted CPU, a new trusted open filesystem, a new trusted OS. That might just slow some of the code expecting a standard OS beyond a "firewall". Your keyboard, networking would still be fair game.

Re:Fedora Linux Question

[gweihir]

SELinux is not under suspicion. Putting backdoors in it would be glaringly obvious to anybody halfway competent doing an analysis, as it is just an access control layer and hence rather simple. Being hard to find is a critical characteristic of any professionally placed backdoor, and hence a backdoor in SELinux is very unlikely. You are barking up the wrong tree.

Re:Fedora Linux Question

[gweihir]

Hardware backdoors are a myth spread by wannabe hackers.

Except for the Intel CPU CPRNG, there is not indication any have ever been implemented. In the case of the Intel CPRNG, the design obviously is intended to hide any possible compromise, but that still does not mean there is actually one in there. More like, there will be special batches of CPUs shipped to specific targets that have a vulnerability. Still, any halfway competent security analysis sees that the design is malicious and will avoid using it. The developer of that CPRNG publicly lying about the design criteria or Intel pushing the Linux folks to use this thing as the only randomness source does not make things any less obvious.

Re: Fedora Linux Question

The NIC could have vPro and AMT in which case your machine can be remotely accessed without you being able to do anything.

Re:Fedora Linux Question

[Bert64]

Open source most likely makes it much harder for the NSA, because they're in the same boat as everyone else when it comes to looking for exploitable holes.
With US based commercial software they can compel the vendor to hand over the code, as pretty much all of the major vendors have already done. That way the only people looking for exploitable holes are people the NSA has leverage against.

Re:Fedora Linux Question

[gweihir]

Read your own statement. Then bash your head against the wall. Don't worry, there is nothing in there that you could damage...

Re:Fedora Linux Question

[bagofbeans]

With US based commercial software they can compel the vendor to hand over the code, as pretty much all of the major vendors have already done.

Citations for that claim?

Re:Fedora Linux Question

[gweihir]

So? You are putting all drivers under suspicion next? Or maybe the root-user that can do all what you said?

I think you have no idea what "security" means. And no, SELinux is not under suspicion by anybody with a clue because if would be an exceedingly bad place to install a backdoor into.

Misleading Summary

[the+eric+conspiracy]

If you actually go to the referenced article and read it you will see that these are exploits, not backdoors, and they apply to equipment from non-US manufacturers as well as from US manufacturers, for example Samsung and Huawei.

Good job slashdot. NOT. A nice raspberry for Der Spiegel too.

Re:Misleading Summary

[Desler]

A mix of US manufacturers and non-US manufacturers makes it all 'fine' in some way?

Well except that the GP made no such implication that either was 'fine'. They were simply correcting the summary because the article mentions the exploits cover equipment from non-US companies.

Re:Misleading Summary

[AHuxley]

The summary had: "companies including"

Re:Misleading Summary

[Desler]

No the summary had: "US companies including" and failed to mention any of the non-US companies that the article explicitly called out.

Re:Misleading Summary

[the+eric+conspiracy]

Do you think the NSA is somehow unique in possessing tapping and forensic tools for IT equipment?

Every police agency in the world will have some of this stuff. Heck, when I accidentally repartitioned a hard drive a couple of years ago I used some software to recover files by carving them. One of the items listed in the article was a splitter cable for crying out loud.

Backdoors are seriously different from exploits. One implies collusion between a national security agency and a manufacturer. An exploit is the work of somebody independent of the manufacturer.

The NSA is seriously a problem. However this summary states US equipment manufacturers are in collusion with them. Without presenting any evidence, and filters out information that contradicts that statement from the reference it cites.

This is not journalism. It's a troll.

Re:Misleading Summary

[the+eric+conspiracy]

Uh... "US companies including".

Re:Misleading Summary

[Desler]

Yeah AHuxley apparently thought we were illiterate and wouldn't notice his obvious quote mining.

Re:Misleading Summary

[Desler]

How dare you point out that difference! It clearly means you're trying to excuse the NSA!!! At least that's what AHuxley and his AC sockpuppet would have people believe.

Re:Misleading Summary

[cold+fjord]

So we are down to exploits vs backdoors?

Other people have discussed the rest of your post, so I'll just point out that there are different implications to the two possibilities.

Re:Misleading Summary

[vpness]

If there was a 10+ points score - and I had any mod points - I'd vote em all to this post. Try, slashdot, to at least maintain the appearances of impartiality. First, I'd like to know who wrote this article, and why the inaccurate meme of 'ooo, tech companies are f'd by NSA spying' was promoted as the lede. Second, I'd like to see the catalog or other evidence. Der Spiegel says 'you can't trust the gov but trust us to be unbiased.' I guess I'd accept something like "we'd share this catalog, with you but .... " and tell us why. I clicked through the Der Spiegel links and didn't find a link to the catalog, or a pic of it ...

Re:Misleading Summary

[AHuxley]

The way in past expensive hardware and software is going to exist for some time. This is not good for network security. The ability to get data out without been tracked or logged is also not good for network security. The ability for code to exist past reinstalls and re emerge is not good for network security...
The basic networking security implications seem clear as presented in the summery and the linked story.

Re:Misleading Summary

it is a good troll, though. it plays right into german sensibilities.

Re:Misleading Summary

[Bert64]

Exploits are really just clients for accessing a software vulnerability...

There is a very fine line between backdoors and vulnerabilities... After all, if you were creating a backdoor not only do you want it to be difficult to discover, but you want to minimise the resulting damage if it does get discovered. Having a backdoor which looks like a genuine coding error is therefore an obvious choice.

Re:Misleading Summary

[WaffleMonster]

THE NSA WORKS WITH THE COMPANIES. This is known.

They have BOTH exploits AND backdoors to choose from, with different levels of detectability.

There is nothing wrong with guessing especially if there is no practical way to obtain supporting evidence however it is never appropriate to confuse what may well be reasonable guesses and assumptions with facts or verifiable evidence.

The fact that open holes are left into products that the NSA is directly partnering with the companies that make them, then exploiting them?

It's a LITTLE BEYOND NAIVE to think they have nothing to do with making sure they exist in the first place, in some instances at least.

I guess my own personal view is that in most instances the bar for successful exploitation is still so low developing an independent exploit is safer than working with vendors who would also have knowledge of exploit and a relationship that could very well produce harmful blowback for both NSA and vendor upon discovery.

Just look at the landscape around you there is a constant steady stream of security patches for all major general purpose operating systems, browsers, networking equipment.. We have instances of single individuals (e.g. Luigi Auriemma) finding hundreds of security holes in all manner of products as a hobby just for fun. Imagine what a team of well paid world class talent is able to accomplish.

This reminds me of those who believe modern technology has been derived by reverse engineering alien technology. While it is impossible to rule out LGM influence completely nobody is ever able to produce the original alien gizmos as they are naturally super ultra top secret. It is often still possible to look at each instance and trace it back to the hard work or fuckup of some individual or team.

What it means that is a catalog

[gmuslera]

Even the delusionals that thinks of this is ok because "it is the NSA after all", it means that more people and agencies have access to those backdoors too, and more chances that it end in the hands of the guys with bad intentions, wherever they are or work for, using them for fun, profit or whatever.

I wonder what will do companies where their first line of "protection" is tools and hardware from cisco, juniper, dell or IBM (or engineers certified on them), now that is official that they are remote access tools for others, bury their heads on the sand or try something else.

Re:What it means that is a catalog

[AHuxley]

Re more people and agencies have access to those backdoors too:
http://en.wikipedia.org/wiki/SISMI-Telecom_scandal
An illegal domestic surveillance program in Italy, 5,000 persons (including politicians, magistrates, football players and referees)
http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004–05
Illegal tapping of more than 100 mobile phones of Greek government and top-ranking civil servants.

A good example to the lawmakers needs to be given

At earlier convenience we need to tell to IT non-savy senators and congressmen. The backdoor is like an all purpose key. Now all the criminals and agencies will exploit this.

Such a simple explanation and analogy should be adequate to deliver the point.

This will be a boon to other countries

[sandbagger]

I was working for a software company specializing in network security back in the post 2001 period. I recall that we had more than a few discussions with the unskilled egomaniac in charge of the marketing of that firm that many competitors were using their Canadian branch office addresses 'front and centre' in their marketing to the European market.

Why? Because one doesn't always want to be perceived as an American.

The myth of Americans with Canadian flag stickers on their passports is not completely false.

Well, he was horrified at the notion. In fact, if you want to see how existential angst can be suddenly manifest in someone's behaviour in an unexpected setting, try this. I expect that we'll see more of the same in the next year. Ultimately, countries will roll their own code, and have their own Silicon Valleys because of the national security issue. A few years ago I remember seeing an ad from I believe a Swedish firm selling routers and switches that were 'designed and built' in Europe with each unit only delivered to a physical address in Europe. Does anyone else remember this outfit?

Re:This will be a boon to other countries

[Desler]

How so? These exploits also cover non-US companies.

Re:This will be a boon to other countries

[AHuxley]

Re other countries will roll their own code, and have their own Silicon Valleys because of the national security issue..
This really depends on the support and power of their top staff and gov.
The privatised telco networks, domestic and foreign policies, mil, special forces, police, gov (political and bureaucracy), armament manufacturers (exporters) might all have a say in any hardware import policy changes.
Some might be very beholden to decades of signals intelligence sharing and the hardware/software and rank/clearance levels.
Some might be very concerned about decades of total domestic telco sharing with other countries, a few more countries, contractors and ex staff.

Re:This will be a boon to other countries

[davecb]

Cisco is moving software research and development to the Toronto, Ontario area. Not, please note, mere production, but development instead.

If things keep getting worse, I expect they will drew attention to this, to reassure customers that they are not necessarily an unwilling creature of the NSA.

Re:This will be a boon to other countries

[davecb]

Because US companies are in greater danger of subversion by the NSA than foreign ones.

BIOS

Looks like this is a loud and clear call for more intensive open source BIOS development.

Re:BIOS

[couchslug]

That and for UVPROM BIOS or other flashing method which cannot be done by the PCs own software.

Remote management = remote exploitation.

Re:BIOS

[gweihir]

Nonsense. The BIOS malware is just to keep the compromise persistent, i.e. it reduces attacker cost for longer-term surveillance. It only becomes an issue when your system has already been compromised, and that is the real threat.

Re:BIOS

[gweihir]

You can easily get rid of it, just re-flash. In an advanced compromise, that may need use of an SPI adapter, like the bus-pirate, but is it hardly difficult. Took me about 4 hours to re-flash an Intel NIC recently (same EEPROM as most mainboards), and that was only because I was very careful and wanted it to look nice for a possible show-and-tell with a customer that believes the MAC addresses are a security feature and hard or impossible to change. The most effort would likely go into removing and re-installing the mainboard. (If this ever becomes a real threat, I will just install an adapter...)

Verifying the BIOS should usually be possible with anything that is hard to compromise, e.g. a polymorphic boot-CD made for this or one it just does not know how to compromise. (Nice project, BTW. Any bright student looking for a master's thesis in IT security?) The BIOS is very limited in what it can do to the boot-process, just boot something it does not recognize and you are safe to diagnose the hell out of it.

Re:BIOS

[gweihir]

There are ways to compromise integrated circuits and proprietary ROMS that the userland@home doesn't have access to. Think TC module.

Easy: Disable and remove power from it. Takes 5 Minutes.

Power reg chips.

Even easier: They do not have storage or bus access. No way to compromise them.

Low level IO chips.

Huh? What would that be? The RS232 chip that does have less than 100 bytes in config registers and FIFO and only I/O-ISA bus access with no DMA? Don't be ridiculous.

All kinds of chips with functions that may or may not be documented at all, anywhere, and if they are documented you have no idea how trustworthy that is or isn't, edge cases, fuzzing susceptible, etc.

Bullshit. You should start to take your meds again. For a compromise you need bus access, processing power and a significant amount of persistent storage. Not many components in a PC have that. And, in addition, compromised chips cannot be deployed widely as people would find out. How often do you think do competitors remove chip casings and look at dies? Right, they do it _routinely_.

They have some resources to spend finding out.

There has to be something for them to find first. And then it has to have the capability to actually do anything.

Do you REALLY think you can compete with that? What a joke.

I can well imagine that _you_ cannot compete with that. You do have no real understanding how things work though. I have it. And no, what they do is not magic and not only can capable individuals compete, they do it regularly. Incidentally, not even all NSA people believe they are oh so great. Had an opportunity to talk to some a few years back.

For a well-secured system the only way to break in is physical access. There are ways to detect that, even on a budget, see what Jacob Applebaum said lately about him detecting that his apartment had been broken into clandestinely. The thing is that not only does the NSA not get the best and the brightest, they also suffer from numerous bureaucratic limitation, classical organizational stupidity, etc.

I only see 2 possibilities: 1. You are stupid 2. you are paid by the NSA to spread FUD. Option 2 would fit the AC posting.

Re:BIOS

[Agripa]

PCs and other devices used to include a hardware jumper which had to be switched to allow updating the Flash memory.

coin, sides, same

[PopeRatzo]

Don't think for a second that these back-doors that companies put in at the behest of the NSA aren't also being used to the benefit of those companies.

So, if the NSA were shuttered tomorrow, what makes you think those back-doors are going to go away? How much is it worth to those tech companies to know exactly what their customers are doing? How much is it worth to their institutional shareholders?

See, the ugliest part of this is that it's a two-headed monster. Fight one head and the other one will come around and bite you. Both government and corporations have come to believe that they are beyond our reach, above reproach and entitled to everything you have.

Re:coin, sides, same

[PPH]

How much is it worth to those tech companies to know exactly what their customers are doing?

And to the Chinese? Or Russians?

Snowden may have a guest pass in any one of these countries just to keep information surrounding these capabilities quiet. Russia did say he could stay so long as he quit spilling secrets.

It might be a mistake to think in terms of a 'them vs us' race. If the NSA says, "Backdoor the chips" to US companies and then shares that information with our 'enemies' in return for their backdoor exploits, that is worth more to all then trying to keep the capabilities to ourselves. They know we do it, we know they do it. But its still useful technology for keeping our respective populations under control. And that's what each of these governments fears more than an attack from the outside. The FBI/CIA/NSA might miss the occasional 9/11 or Boston bombing. But get on Twitter and try to amass public support for a "throw the bums out" movement and see how long that lasts.

Re:coin, sides, same

[TubeSteak]

Don't think for a second that these back-doors that companies put in at the behest of the NSA aren't also being used to the benefit of those companies.

RTFA next time.
No companies installed backdoors at the behest of the NSA.
TFA just says that the NSA has 0-day hacks for a lot of hardware, with a focus on ultimately leaving malware in the BIOS.

Re:coin, sides, same

[93+Escort+Wagon]

Don't think for a second that these back-doors that companies put in at the behest of the NSA aren't also being used to the benefit of those companies.

Read the article please. The companies didn't do anything (really, you seriously think Huawei or Samsung is providing back doors to the NSA?). The NSA is compromising them the same way other bad guys get in - by finding and exploiting flaws in the OS.

The few mentions of hardware in the article are things like special monitor cables which would have to be added to a targeted computer by an agent.

Re:coin, sides, same

[PopeRatzo]

We know there are companies that do in fact put in back doors or weaken security at the behest of the NSA. We have proof of this, as well as (belated) admissions.

I wasn't referring to every company on the list, I was speaking more generally. A whole lot of companies are cooperating with the NSA, from Google and Apple on down to RSA and many others. And if Samsung and Huawei want some of those lucrative government contracts (they do), they will certainly cooperate as well. Corporations have no country, no nationality. My point stands.

Re:coin, sides, same

[WaffleMonster]

Don't think for a second that these back-doors that companies put in at the behest of the NSA aren't also being used to the benefit of those companies.

There is no evidence from the article we are talking about intentional backdoors created at the request of NSA. Rather the kind of backdoors created by unintentional programming errors where once exploited allows foothold to be maintained by patching firmware of various hardware subsystems.

So, if the NSA were shuttered tomorrow, what makes you think those back-doors are going to go away? How much is it worth to those tech companies to know exactly what their customers are doing? How much is it worth to their institutional shareholders?

How much is legal trouble, bad publicity and resulting loss of customers worth to shareholders?

A (un)intentional backdoor actively exploited to gain market intelligence is a backdoor with high probability of discovery. Likewise any use of covert capability erodes that capability.

Re: coin, sides, same

[burki]

The German version of the article has a few more details. One of the best sources for creating these tools are the Windows error reports. Intercepting those gives you plenty of week spots to gain access.

Coreboot BIOS

[chill]

Unfortunately I don't have the skill set and there doesn't seem to be any other way to support them.

If you have a machine that supports it, Coreboot could be a very interesting solution.

Re:Coreboot BIOS

[VortexCortex]

Agreed. I use coreboot on all my systems. I put my /boot/ on the firmware, and used a saved configuration so there's no searching for IDEs, etc. at boot. I boot to the login in less than a second.

I do a little firmware / OS dev of my own. Coreboot is far superior than "Secure Boot". Here's why: An OS must kick off its own crypto chain to verify executables and maintain the security provided by signed boot loader. Instead of having to go into the BIOS and enter some long hex code that you and your users WILL mess up for UEFI, I just put the crypto stub of my OS in the firmware. The BIOS just needs an option to say:
[x] Allow OS install on next boot. Then the BIOS can load a stub of the OS into firmware.
That's far simpler, and just as secure -- I mean, if the (possibly PW protected) BIOS can be exploited beyond boot-time then Secure Boot isn't secure either. Bonus: You don't have to implement a FAT32 file system and risk getting sued by MS, like you do with UEFI.

Public key crypto means my OS stub in firmware doesn't have to change every time the kernel does. It can just validate the OS image signature. The benefit is that you don't have to pay the Microsoft tax to get the security features of secured boot sectors. Additionally, if your OS boot payload is small enough then you can deliver the whole thing, and use it as a fall-back if the up to date kernel is missing or corrupt. Let me tell you, today's firmware has space enough for a full OS already -- Complete with animated graphics, backgrounds, and sound effects on many systems. If an OS stub in firmware isn't enough then a second stage loader or data file can be loaded from storage and verified (especially useful for between-boot configuration stuff, to select what OS to multi-boot by default, etc. -- If missing, use sane defaults from firmware install).

An OS stub firmware loader far simpler, more flexible, has no vendor lock-in, and is just as secure (or more secure) than UEFI Secure Boot. Unfortunately, Coreboot isn't going to help if the HDD, GPU, etc firmware or chip microcode has been exploited by the Ken Thompson Hack. The answer is to demand the end of government secrecy -- We have no expectation of privacy outdoors, so we don't need wiretap spies -- Without it we still have more than enough spying. A government without secrets is immune to spies.

Re:The summary is not wrong.

[Desler]

Didn't say the summary was wrong. What it said was perfectly correct, but leaving out the fact that the article didn't just talk about US companies made it misleading.

Re:The summary is not wrong.

[Desler]

Really, "the eric conspiracy", and you to a lesser extent, are merely being pedantic dickwads with your comments, weeping like little nancies because your sense of nationalistic pride has been bruised. Get over it.

Riiight except neither of us believe that. And from eric's post below he even says:

The NSA is seriously a problem.

Poor trolling is poor.

Damn, the movies have been right all along

[QuantumRiff]

So all those shows we have mocked, like 24, csi, etc, because their tech "hacks the firewall" in 15 seconds were actually accurate? Crap. That changes some things..

Re:Damn, the movies have been right all along

[gweihir]

CSI does not get that stuff. Far too large risk of its existence leaking or it getting sold to the criminals. Also, it would show up in evidence and the capabilities would get known and worthless.

Re:Damn, the movies have been right all along

[gweihir]

The NSA has a lot less power than the Stasi. The Stasi could directly go out and arrest or vanish people as it was the enforcement arm of a totalitarian regime. While the US is on the way to a classical totalitarian regime, it is not there yet (but it will get there unless stopped very soon). For example, secret executions of US citizens are really not something the NSA can do, while the Stasi routinely executed citizens it did not like. All completely legal, incidentally.

But yes, I agree that totalitarianism is making a comeback and the masses are cheering it on. Just like the last time. Last time, it took a war with 60 Million dead (just over 2.5% of the world population) to stop it. The catastrophe will be a bit bigger this time though and last much longer.

 

Re:Damn, the movies have been right all along

[IamTheRealMike]

NSA doesn't but the CIA does.

Re:Damn, the movies have been right all along

[gweihir]

Domestically? I don't thing they would dare. Too much risk of it becoming public knowledge eventually. Now, luring US citizens abroad and killing them there, I have no doubt that is being done regularly, likely with elaborate schemes to be able to blame intermediaries or "faulty intel" or the like.

De- & Redamaged

[Rotworm]

I'm not sure if the NSA seeking to exploit technology is particularly damaging to US firms. The NSA is seeking to exploit all technologies, not just American-based ones.
I think the part that does damage American firms, was the end of the second article. It read that the NSA has been redirecting the shipping of some computers to their address, installing software or hardware, repacking the device, and shipping it to the purchaser.

Re:De- & Redamaged

[the+eric+conspiracy]

Why would shipping re-direction be restricted to American hardware? The critical step in the operation is interception of the shipment, which is independent of the hardware manufacturer.

Re: De- & Redamaged

[Rotworm]

It would be resource consuming for the NSA to redirect a computer assembled in Britain and shipped to a Brit, but it would be trivial for the NSA to redirect a computer shipping from America. Therefore, this news is more damaging to US firms.

Re: De- & Redamaged

[the+eric+conspiracy]

In Britain people buy from British distributors. They don't generally have equipment shipped directly from the US.

The NSA would have its partner in Britain implant whatever needed.

Redirection of shipped equipment for the purpose of installing bugs is not new or restricted to IT equipment. It's one of the oldest espionage techniques known.

Re: De- & Redamaged

[swillden]

Not a problem. GCHQ will be happy to take care of that for them.

What are you going to do about it?

Strangely, complaining about government misbehavior doesn't fix anything.

Also, complaining to your elected representatives doesn't fix anything, since they're part of the problem, right?

So do you have any options left? Yes: one. Remove the elected representatives and build a consensus-based form of governance. While that is extremely difficult and time-consuming to do, it is the ONLY practical answer.

(I'll bet slashdotters can come up with 50 other potential solutions: but none that can be done without the help of politicians. So none of those count.)

So what do you say? Keep getting nailed from behind by your own government, or start working on the only possible solution. Which appeals to you more?

Re:What are you going to do about it?

Well, if you put it that way... it certainly sounds easier to just let the government keep fucking me up the ass.
By now I'm used to it. And your way sounds like work. Yuck.

Re:What are you going to do about it?

Let's compromise. How about every now and then we turn over and let the government look us in the face while they fuck us?

Re:What are you going to do about it?

Hey now! this ain't New York.

Re:What are you going to do about it?

[davester666]

eeeewwww. they never shower at switch time...

Re:What are you going to do about it?

[ememisya]

Anonymous coward is it? Why do we have elected officials exactly if complaining to them doesn't work?

Re:What are you going to do about it?

[sumdumass]

It certainly will not work. The American people are largely malleable and will support the crap the NSA is doing because they believe it is either needed for security or not a complete violation of the 4th and wouldn't ever be used on citizens.

So in the end, all you would have is more of the same with a more powerful government. Just think about where progress would have taken us with a government like that, the consensus tolerated slavery despite a few vocal minority groups objecting to it, the consensus tolerated segregation, the consensus objected to gays in general years ago and without speech rights which the consensus always seems to be against when it is speech they do not like (war protests, the KKK and so one), so little to no traction on that could be gained. In short, it is a terrible form of government that does little but allows people to feel good.

Just buying lube by the barrel will get more accomplished in a good way then a meta government would. It is why it has never caught on despite being pushed as a savior to our woes around the same time Ron Paul for president yielded the torch (Note, I'm not considering Paul's 88 run as yielding the torch).

Re:What are you going to do about it?

[aminorex]

I don't trust der speigel. show us the docs or it didn't happen.

the biggest exploit

[slashdime]

The biggest exploit the NSA ever created was a time portal back to the cold war.

Every country modernize their infrastructure will look inward to build their own because of paranoia of "the other side".

The Swiss connection

Those who think the answer is to not buy American should think again. For decades after WWII, a host of countries bought their teletype-like encryption gear from a Swiss company, thinking that as a neutral, it had to be free of backdoors.
Not so, many say. Money speaks very loudly. The U.S. and others apparently bought off the company's owners and were reading the coded traffic of dozens of countries. You can find a few details at:
http://en.wikipedia.org/wiki/Crypto_AG

Act of War

[Rant-a-Holic]

Slashdot Poll: Which country is going to be first to call all the US/NSA actions by their true name?

Re:Act of War

[tomhath]

Espionage. If you think the USA is the only government up to it you might also be interested in a bridge I have for sale in New York.

Link to the source

[anorlunda]

TFA does not give a link to this so-called catalog. Does anyone here have the link?

Bullshit

[pablo_max]

"loose cannon"? Bullshit.
Don't you think for one damn minute that the NSA is "off the ranch" with their programs. They were implemented at the behest of our beloved and benevolent leaders.
The "justice" branch (haha) just declared everything is just fine after all. The executive branch and legislative branch has already said time and time again that the NSA is doing useful and important work.

What really chaps my ass, is not that the government tells people these programs are for the so-called "war on terror" or that certainly, the government would never use it against non-terrorist, but the that nearly every poll indicates that most 'mericans fucking believe them!
I know they have done their best over the last 40 years to indoctrinate kids starting in kindergartener, but it is sad that so many folks just close their eyes and refuse to ask hard questions.
Think about it...forcing children to pledge allegiance to a government... It is fucking crazy. We are brainwashed never to question our masters, and it is working. Fuck, look at the shit your facebook friends post! That is a representation of America.
Disclosure, I feel I have the right to bitch. I did my 4 years in the services and about half that was in the shitty hotspots of the world keeping and eye on brown people.

Re:Bullshit

[riondluz]

(middle-class) white is the new brown:)

The WOT is not a loose-canon, but a sign of the New World Order; which is why (most/many) pols, when so informed, just STFU and go along.

"last 40 years..."
Think about it. The PigInPython passed flat since Regan, to the point of looking like 'managed' growth.

What the WOT represents is a projection of the resource wars to come and the enevitable displacement of 300-400 million people world-wide.

What with blowback and all, its a view of a future I'd rather not entertain.
 

Re:Bullshit

[RabidReindeer]

Think about it...forcing children to pledge allegiance to a government...

Actually, first and foremost, we force them to pledge allegiance to a piece of cloth. A form of political idolatry that even our British counterparts never demanded. In fact, if some in Congress ever got their way, any desecration of this Holy symbol would earn the same kind of response you'd get if you urinated on a Quran in Afghanistan.

Then, if the original pledge wasn't enough, the McCarthy-era politicians added that verbal speed-bump "Under God" to the litany in defiance of the Godless Commies of the Soviet Union - and never mind also of the concept that the USA would not support a State Religion.

Re:Western Digital, Seagate, Maxtor

[gweihir]

I expect that is just common vendor incompetence with regard to security. Most of the people implementing crypto mechanisms did not even have a introductory crypto lecture. Hence most have no clue what they are doing and the vulnerabilities are just a result of that. I have seen some exceedingly incompetent "disk encryption" code by a vendor that everybody here would immediately recognize. There really is no need for intentional backdoor placement.

Re:NSA appears to be kicking butt...

[gweihir]

You mean the one that had all their crown jewels stolen by a contractor and does not even know what exactly was stolen a year later? I shudder to think how incompetent the second best must be, if that is the best one...

Re:Infidelity

[cold+fjord]

You tell me.

BIOS checksums

[davecb]

For both free and proprietary ROMs, we need checksums. Not just of BIOS chips, but of disk drives, ethernet cards, router flash memories and anything else one executes programs out of.

Who else?

[ISoldat53]

Who else are you going to buy a PC from? Are there other manufacturers in other countries that can match the US companies in output of machines? Being in the US, I don't see any information on other computer makers.

Re:Who else?

[currently_awake]

If the hardware design is compromised, then the NSA can get into everything. There are only a small number of chip fabs in the world, it wouldn't require recruiting that many people to compromise all the chip sets. On the bright side, this should push open hardware.

An oppurtunity presents itself.

Open Hardware. And NO. I'm not talking about smartphones or reprap controllers. From silicon, all the way to cli or gui. Open and freely distributable for the entire stack, and at enterprise level. Only variable then is your fab plant.

I know it won't happen within the next several years, but for trust at the infrastructure level to normalize, what other option is there to come back from such a position?

Wrong SD summary yet again.

[Moskit]

Another fail at reading and at editing.

NSA did not backdoor Microsoft/Cisco/Huawei... but did the most simple thing, same as worms/hackers do - they used exploits on various devices:

"it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei"

Backdooring was not wholesale for all equipment/software from a given vendor (which is what summary implies), but was installed for specific end users:

" intercept shipping deliveries. If a target person [...] agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies."

Slashdot editing jumped so many sharks it's largely worthless to read anymore, except for some insightful comments by users.

Firmware access controls

[WaffleMonster]

This situation is insane there are so many controllers with field upgradable firmware and no meaningful security it is hard to make fun of overly paranoid who throw away perfectly functional hardware after having been hacked anymore.

I think one of three things needs to occur with my preference being option #1.

1. All firmware updates should be non-persistent applied by OS drivers when system/hardware boots.

2. Special boot menu and standardized interfaces provide exclusive avenue for firmware updates. Updates become impossible when system booted normally even with root access.

3. User controlled option to permanently blow a fuse preventing any firmware update functions without replacement of hardware.

Hardware IS compromised - it's sold as a "feature"

[Ungrounded+Lightning]

Modern laptops and desktops come with remote administration tools built into the chips on the board. (The vendors tout this as a feature, simplifying administration of a large company's workstations. It's easier and cheaper to build it into everything than to be selective, so it's in the machines sold to individuals, too.)

One example: Intel Active Management Technology (AMT) and its standard Intelligent Platform Management Interface (IPMI), the latter standardized in 1998 and supported by "over 200 hardware vendors". This is built into the northbridge (or, in early models, the Ethernet) chip).

Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature.

You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.

If the NSA doesn't know how to use this to spy on, or take over, a target computer, they aren't doing their jobs.

Some of the things this can do (from the Wikipedia articles - see them for the footnotes):

Hardware-based AMT features include:

Encrypted, remote communication channel for network traffic between the IT console and Intel AMT.

Ability for a wired PC (physically connected to the network) outside the company's firewall on an open LAN to establish a secure communication tunnel (via AMT) back to the IT console. Examples of an open LAN include a wired laptop at home or at an SMB site that does not have a proxy server.

Remote power up / power down / power cycle through encrypted WOL.

Remote boot, via integrated device electronics redirect (IDE-R).

Console redirection, via serial over LAN (SOL).

Keyboard, video, mouse (KVM) over network.

Hardware-based filters for monitoring packet headers in inbound and outbound network traffic for known threats (based on programmable timers), and for monitoring known / unknown threats based on time-based heuristics. Laptops and desktop PCs have filters to monitor packet headers. Desktop PCs have packet-header filters and time-based filters.

Isolation circuitry (previously and unofficially called "circuit breaker" by Intel) to port-block, rate-limit, or fully isolate a PC that might be compromised or infected.

Agent presence checking, via hardware-based, policy-based programmable timers. A "miss" generates an event; you can specify that the event generate an alert.

OOB alerting.

Persistent event log, stored in protected memory (not on the hard drive).

Access (preboot) the PC's universal unique identifier (UUID).

Access (preboot) hardware asset information, such as a component's manufacturer and model, which is updated every time the system goes through power-on self-test (POST).

Access (preboot) to third-party data store (TPDS), a protected memory area that software vendors can use, in which to version information, .DAT files, and other information.

Remote configuration opt

I am backdoor expert.

[strstr]

Backdoor into human mind through Remote Neural Monitoring/Electronic Brain Link to steal passwords and security certificates direct from the horse. Also hacks into PS/2, USB, DVI, WiFi, Ethernet, and Cellular signals remotely from space. Thank those "SIGINT/ELINT" satellites: http://www.oregonstatehospital.net/d/russelltice-nsarnmebl.html

Then there's the backdoor built into the Windows operating system itself since 1999, which is an actual NSA digital certificate: http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html

Then there's the backdoor that was exposed as being in AMD processors back in 2010, allowing all software and hardware security features to be bypassed, and unlocking secretive extra registers and other resources for use to run code in secret along side the actual operating system: http://hardware.slashdot.org/story/10/11/12/047243/hidden-debug-mode-found-in-amd-processors (nobody knows where the debug mode originated, or if it was really put there for the NSA to use.). Intel has similar debug modes, however no public information has been provided on how to use it yet.

Re:Hardware IS compromised - it's sold as a "featu

[WaffleMonster]

Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature.

You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.

These things are quite spooky and potential security threat not many are aware of.

In most instances on Intel hardware you can effectively disable AMTs interface to the outside world by turning off the hardware virtualization (VT-d) feature in the BIOS. This feature is often the means by which physical wireless/wired interfaces are shared by AMT engine and main system. So while it is still there at least its not running an IP stack when the system is not booted or listening for TCP connections on ports the operating system has no idea exists.

Totally missing a chance to improve their image

[Applehu+Akbar]

One item on every computer user's wishlist would be to use some of that Internet metadata to identify the gang behind the Cyptolocker virus and have them rendered to some regime that will torture them to death live on Al Jazeera while the whole world applauds.

Lost In Hysteria

One critical aspect of the disclosures, court proceedings, congressional testimony and web debate is the true effectiveness of NSA. The latest judgical opinion starts off with presumptive assertions without factual support, just lots of nostalgic "what-ifs."

Truth be known, that NSA did not intercept nor warn of the Beirut Marine Base attack, Lockerbie 747 bombing, the 747 that went down of the Long Island coast, the Dept. of State Embassy bombing in Africa, 9/11, the bombing is Saudi, bombings in Russia (the most recent included), the "Shoe Bomber", the "Under-pants Bomber (ouch that gotta hurt)", the L.A. airport disturbance(s), oh remember the Boston Marathon incident, the Atlanta Olympics bombing, not even the Cessna that rammed the White House in 1994 nor 'Squeaky' attempt to shoot President Ford, and not even the Pakistani Mir Qazi who shot five CIA employees, two CIA officers were killed (1997).

Truth be told, NSA has a lot of explaining to do when it comes to the question, "where were you" during all of the above events, and just what the USA has gotten for all the dollars spent on the NSA.

These facts will be a bit inconvenient for the latest District Court Judge to swallow regarding NSA effectiveness. Yet the Judge's ruling levels the playing field: legal is as legal does and legal we can to them as well.

Re:Hardware IS compromised - Sold as a feature

[Ungrounded+Lightning]

In most instances on Intel hardware you can effectively disable AMTs interface to the outside world by turning off the hardware virtualization (VT-d) feature in the BIOS.

But how do we KNOW this works? (As opposed to, say, the machine's AMT server no longer talking to remote clients unless the right encrypted hand-waving is done by the client to tell the server it's NSA calling - or the encrypted handwaving telling eavesdropping firmware to switch VT-d on and be cagey about it?)

If I understand it correctly, the AMT stuff is running on a separate ARM core. There's no reason (beyond software elegance) that this has to work through the normal virtualization mechanism, or that NSA wouldn't think ahead and either design it to work with its own mechanism or turn VT-d on but make it act like it's off, and spread the story about VT-d disablin a necessary underpinning of the feature.

When it comes to modern firewalls ..

[codeusirae]

"When it comes to modern firewalls for corporate computer networks, the world's second largest network equipment manufacturer doesn't skimp on praising its own work"

Firewalls are next to useless given todays Oss that require randomly open ports and remotely downloading scripts/code in order to function, the security model is fundamentally broken ..

Open router project

[Hyperhaplo]

Time to support the open router project! If we want to change the world we will need to rebuilt the internet from the ground up.. starting with the devices in our homes.

http://orp1.com/

A trustworthy, open-source software & hardware router

ORP1 is a high performance networking router that allows you to run a firewall, IPSec VPN (virtual private network), and a TOR server for your home network. Its easy-to-use web interface will make encrypted and anonymised communications for your entire network easier to set up and manage. Now you don’t need to be a geek to be able to ensure that every device you use at home uses the internet with privacy, whether it’s your home PC, smartphone or tablet.

Re:Hardware IS compromised - Sold as a feature

[WaffleMonster]

But how do we KNOW this works? (As opposed to, say, the machine's AMT server no longer talking to remote clients unless the right encrypted hand-waving is done by the client to tell the server it's NSA calling - or the encrypted handwaving telling eavesdropping firmware to switch VT-d on and be cagey about it?)

If I understand it correctly, the AMT stuff is running on a separate ARM core. There's no reason (beyond software elegance) that this has to work through the normal virtualization mechanism, or that NSA wouldn't think ahead and either design it to work with its own mechanism or turn VT-d on but make it act like it's off, and spread the story about VT-d disablin a necessary underpinning of the feature.

As far as I understand it AMT is defective by design all you need is a signed certificate from a CA recognized by AMT with a cert domain that matches DHCP advertisement to victim (Trivially accomplished) to establish full remote control there is not initially anything to latch/constrain to specific certificate identities therefore anyone who spends the money to obtain a certificate signed by a CA has ability co-opt any system not yet initialized (virtually all of them) which I find totally insane and very scary.

Obviously it is impossible to verify any of your points. To me it is enough that AMT is defective by design just as it is enough that Huawei router firmware is so poorly written as to be defective by design you don't really need secret backdoors when the systems can so easily be hijacked by design.

I can't verify CPU, HDD, GPU, NIC firmwares or the OS harbor intentionally compromised code planted by NSA or other intelligence agencies and bad actors. I would imagine the same coopting of the OS could be done via DPCs from a number of system internal sources without separate AMT infrastructure.

All I know if you disable VT-d the known established mechanisms by which you could interact with AMT over a wired or wireless network including any exploitable vulnerabilities in AMT's IP/TLS stack are not operative on systems I have tested. This is really what I personally care about.

I agree there ought to be a way to permanently disable AMT wholesale on all systems with the hardware and it should be disabled by default rather than enabled by default. We have other systems with IPMI which have this capability and get disabled via motherboard jumpers before the system is placed into production.

Technologies like AMT/IPMI are extremely dangerous by themselves even if you assume no NSA backdoors. Even if the operator is aware of their existence they are almost always neglected and forgotten by both users and hardware vendors alike.

Re:Hardware IS compromised - Sold as a feature

[Ungrounded+Lightning]

I agree with your points.

I also agree that, regardless of whether disabling VT-d keeps NSA out of AMT (or equivalent) or if they have some personal back door associated with it, shutting it down is still very useful: It closes this barn door to all the other bad guys who don't have any "extras" and use it as you describe.