The only rational explanation: Elon burned a lot of karma with that SolarCity merger.
Now he's having tough times: both (Tesla and SC) companies are in cash crunch, plus this...
Yes, the common root of these failures is the same - it is mechanical stress.
Although Nvidia's (customers) problem was somewhat different - NV decided to save few pennies on BGAs by telling their foundry not to bother putting stress relieving layers on their wafers. Great writeup is here
BGAs in general are fine. Overtime, mechanical stress will kill anything not properly designed for it.
I'm still waiting for major US news outlets to cover the story. Are they being censored? The story has major political implications, e.g. often proposed mandate to allow government to access encrypted private communications, etc. BBC seems have no problem reporting on this.
It was 3 years ago. Importance of this detail is this: in pre-Snowden era NSA did not have access logs or other internal audit tools. Those were considered risk to security of operations. My speculation is that this is why the data dump is so old - to maximally complicate forensic team's job.
Interesting note: There are no frontpage articles about NSA hack among major American news outlets. It is/was on BBC, Guardian, etc. But not on CNN, WSJ, NYtimes...
That timing of deployment of logging tools might explain why files are 3 year old. Newer files are dangerous because they will expose the mole or access method used.
An important thing to note about NSA operations - they intentionally do not keep access logs. They do not allow for auditing tools or any other such nonsense. Claiming that such infrastructure will endanger security of operations. Now, they will try to figure out what/who/where. Good thing they know when: 3 years ago.
Go, read entire series of Snowden's twits on the subject. The whole point is: this disclosure is a warning shot. Imagine if the rest of the files will reveal targets, personally identifiable info on perpetrators, provable attribution etc. God forbid malware targets are in NATO countries or some such. This thing might explode into a serious international scandal.
Russians are mentioned simply because they might have better motives for pulling this off (with some tit-for-tat hacking going on right now). But that's beside the point.
In most places 5G (in currently envisioned form) will not happen at all due to economics of it. Outside of Japan and such we simply do not have population density to justify putting a cell unit at every lamp post (because signal is short range and does not go through walls very well).
So maybe New York and such, but that's probably it...
Couple years back I've revived a dead flash drive. I was following instructions I found on YouTube. The whole experience was disconcertingly painless - it was way too easy to reflash the drive with new, manufacturer supplied firmware.
So, may be the reason Symantec/Kaspersky didn't find the method used to jump the airgap is that the penetration code was in a flashdrive's firmware.
Scenario: Internet facing machine got breached by one of gazillion methods. Perpetrators sit there, collect login credentials. Then, one day, someone inserts a flashdrive. Firmware is replaced by attack code that makes the drive represent itself as a keyboard. Flash drive then inserted into an airgapped system...
Other scenarios: Given how much resources attacker has (attacks are waaay too, ahem, tailored), they might have done a postal intercept (NSA style) or even breached the flashdrive manufacturer.
There might be traces of reflashing left. Or it might be that the initial overwrite was destructive and that the poisoned flash drive was declared dead (after being plugged into a couple of other airgapped machines, just to be sure).
So it might be a good idea for Kaspersky to rummage through dead thumbdrives drawer.
Those planes were designed for low cross section at frequencies used by American AA systems. Remember, during last Winter Olympics, there were photos of Russians deploying their antiaircraft systems? And there was a weird, seemingly ancient rickety thing? That, my friends, is a modern long wavelength radar. That thing sees "stealth" planes just fine.
Basically, everybody and their dog, who heard about that woman's court case, will rush to enable recommended updates in order to screw up their system and go claim their $10000.
The difference is - you can't win invasion of privacy lawsuit when NSA does this because (apparently) you have no standing. But when the government does it in the open - it will have to defend its actions in court.
Slashdot Mirror
It also means that insurance rates for SpaceX launches just went up. Making really cheap rockets won't save any money if they're not reliable.
One billion files?! That's why adults use statistics. Relatively small random sample would have given the same result.
The only rational explanation: Elon burned a lot of karma with that SolarCity merger.
Now he's having tough times: both (Tesla and SC) companies are in cash crunch, plus this...
They're not contacting us. The signal was sent to their colonization fleet on route to earth.
Yes, the common root of these failures is the same - it is mechanical stress.
Although Nvidia's (customers) problem was somewhat different - NV decided to save few pennies on BGAs by telling their foundry not to bother putting stress relieving layers on their wafers. Great writeup is here
BGAs in general are fine. Overtime, mechanical stress will kill anything not properly designed for it.
Ok, abcnews does have it on front page, CNN, wsj, nytimes do not.
Go scan their front pages. Then return to me.
I'm still waiting for major US news outlets to cover the story. Are they being censored? The story has major political implications, e.g. often proposed mandate to allow government to access encrypted private communications, etc. BBC seems have no problem reporting on this.
It was 3 years ago. Importance of this detail is this: in pre-Snowden era NSA did not have access logs or other internal audit tools. Those were considered risk to security of operations.
My speculation is that this is why the data dump is so old - to maximally complicate forensic team's job.
Interesting note: There are no frontpage articles about NSA hack among major American news outlets. It is/was on BBC, Guardian, etc. But not on CNN, WSJ, NYtimes...
Hmmm....
That timing of deployment of logging tools might explain why files are 3 year old. Newer files are dangerous because they will expose the mole or access method used.
Does anybody know what's going on with that auction? Because it seems now that those crazy hackers do have some serious goods on them...
NSA _and_ Russians had access to to all thus firewalled networks for 3 years... Should Cisco and it's customers start lawyering up?
An important thing to note about NSA operations - they intentionally do not keep access logs. They do not allow for auditing tools or any other such nonsense. Claiming that such infrastructure will endanger security of operations. Now, they will try to figure out what/who/where. Good thing they know when: 3 years ago.
Slashdot is getting ADD.
Go, read entire series of Snowden's twits on the subject. The whole point is: this disclosure is a warning shot. Imagine if the rest of the files will reveal targets, personally identifiable info on perpetrators, provable attribution etc. God forbid malware targets are in NATO countries or some such. This thing might explode into a serious international scandal.
Russians are mentioned simply because they might have better motives for pulling this off (with some tit-for-tat hacking going on right now). But that's beside the point.
In most places 5G (in currently envisioned form) will not happen at all due to economics of it. Outside of Japan and such we simply do not have population density to justify putting a cell unit at every lamp post (because signal is short range and does not go through walls very well).
So maybe New York and such, but that's probably it...
Couple years back I've revived a dead flash drive. I was following instructions I found on YouTube. The whole experience was disconcertingly painless - it was way too easy to reflash the drive with new, manufacturer supplied firmware.
So, may be the reason Symantec/Kaspersky didn't find the method used to jump the airgap is that the penetration code was in a flashdrive's firmware.
Scenario: Internet facing machine got breached by one of gazillion methods. Perpetrators sit there, collect login credentials. Then, one day, someone inserts a flashdrive. Firmware is replaced by attack code that makes the drive represent itself as a keyboard. Flash drive then inserted into an airgapped system...
Other scenarios: Given how much resources attacker has (attacks are waaay too, ahem, tailored), they might have done a postal intercept (NSA style) or even breached the flashdrive manufacturer.
There might be traces of reflashing left. Or it might be that the initial overwrite was destructive and that the poisoned flash drive was declared dead (after being plugged into a couple of other airgapped machines, just to be sure).
So it might be a good idea for Kaspersky to rummage through dead thumbdrives drawer.
Those planes were designed for low cross section at frequencies used by American AA systems. Remember, during last Winter Olympics, there were photos of Russians deploying their antiaircraft systems? And there was a weird, seemingly ancient rickety thing? That, my friends, is a modern long wavelength radar. That thing sees "stealth" planes just fine.
What If they'll start busting people for not paying taxes for all of their torrenting? You know, Al Capone style...
So the next time Kaspersky finds a properly signed rogue driver we would know that the hardware vendor was cooperating. Would it create a liability?
Basically, everybody and their dog, who heard about that woman's court case, will rush to enable recommended updates in order to screw up their system and go claim their $10000.
The difference is - you can't win invasion of privacy lawsuit when NSA does this because (apparently) you have no standing. But when the government does it in the open - it will have to defend its actions in court.
Or a "not slashdot type person" traveling with wife will have to report his Ashley Madison account...
Good one! link for Google impaired
What the fuck?!!!!