This page has been archived and commenting is disabled.
Moscow-Based Security Firm Reveals What May Be The Biggest NSA "Backdoor Exploit" Ever
Since 2001, a group of hackers - dubbed the "Equation Group" by researchers from Moscow-based Kaspersky Lab - have infected computers in at least 42 countries (with Iran, Russia, Pakistan, Afghanistan, India, and Syria most infected) with what Ars Technica calls "superhuman technical feats" indicating "extraordinary skill and unlimited resources."
The exploits - including the 'prized technique' of the creation of a secret storage vault that survives military-grade disk wiping and reformatting - cover every hard-drive manufacturer and have many similar characteristics to the infamous NSA-led Stuxnet virus.
According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.
Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.
"The hardware will be able to infect the computer over and over," lead Kaspersky researcher Costin Raiu said in an interview.
...
Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.
The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.
Fanny was like Stuxnet in that it exploited two of the same undisclosed software flaws, known as "zero days," which strongly suggested collaboration by the authors, Raiu said. He added that it was "quite possible" that the Equation group used Fanny to scout out targets for Stuxnet in Iran and spread the virus.
Which, as Reuters reports, strongly suggests the "extraordinary skills and unlimited resources" were funded by the NSA...
The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.
That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.
Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.
The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.
A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.
The global coverage is clearly focused in a particular region (and not in the US)...
As Kasperskey exposes, victims generally fall into the following categories:
• Governments and diplomatic institutions
• Telecommunication
• Aerospace
• Energy
• Nuclear research
• Oil and gas
• Military
• Nanotechnology
• Islamic activists and scholars
• Mass media
• Transportation
• Financial institutions
• Companies developing cryptographic technologies
As an interesting note, some of the “patients zero” of Stuxnet seem to have been infected by the EQUATION group. It is quite possible that the EQUATION group malware was used to deliver the STUXNET payload.
So far, Kaspersky have identi?ed several malware platforms used exclusively by the Equation group. They are:
EQUATIONDRUG – A very complex attack platform used by the group on its victims. It supports a module plugin system, which can be dynamically uploaded and unloaded by the attackers.
DOUBLEFANTASY – A validator-style Trojan, designed to con?rm the target is the intended one. If the target is con?rmed, they get upgraded to a more sophisticated platform such as EQUATIONDRUG or GRAYFISH.
EQUESTRE – Same as EQUATIONDRUG.
TRIPLEFANTASY – Full-featured backdoor sometimes used in tandem with GRAYFISH. Looks like an upgrade of DOUBLEFANTASY, and is possibly a more recent validator-style plugin.
GRAYFISH – The most sophisticated attack platform from the EQUATION group. It resides completely in the registry, relying on a bootkit to gain execution at OS startup.
FANNY – A computer worm created in 2008 and used to gather information about targets in the Middle East and Asia. Some victims appear to have been upgraded ?rst to DoubleFantasy, and then to the EQUATIONDRUG system. Fanny used exploits for two zero-day vulnerabilities which were later discovered with Stuxnet.
EQUATIONLASER – An early implant from the EQUATION group, used around 2001-2004. Compatible with Windows 95/98, and created sometime between DOUBLEFANTASY and EQUATIONDRUG.
Although the implementation of their malware systems is incredibly complex, surpassing even Regin in sophistication, there is one aspect of the EQUATION group’s attack technologies that exceeds anything Kaspersky has ever seen before.
This is the ability to infect the hard drive ?rmware.
The plugin version 4 is more complex and can reprogram 12 drive “categories”
* * *
So to summarize:
1) US sanctions Russia
2) a Russian-based research group (Kaspersky Lab is an international group operating in almost 200 countries and territories worldwide. The company is headquartered in Moscow, Russia, with its holding company registered in the United Kingdom. Kaspersky Lab currently employs over 2,850 qualified specialists) reveals that through Equation group's code, there is NSA presence across the supply chain of the highest margin US products .
3) As Reuters notes, the exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.
4) And Peter Swire, one of five members of U.S. President Barack Obama's Review Group on Intelligence and Communications Technology, said the Kaspersky report showed that it is essential for the country to consider the possible impact on trade and diplomatic relations before deciding to use its knowledge of software flaws for intelligence gathering. "There can be serious negative effects on other U.S. interests," Swire said.
It appears the 'boomerang' is boomerang-ing...
* * *
Full Kaspersky Labs report below:
»
- 100091 reads
- Printer-friendly version
- Send to friend
- advertisements -
Does it stop the cntr P keys?
China is getting rid of US tech companies in it's market one by one.
Intel will be banned.
CPUs aren't the problem/threat vector, code is. Systems with code (BIOS, firmware, etc) are the primary threats and the way you control those is to bring design and manufacturing in-house and lock down upgrade mechanisms.
So Intel may or may not be banned, but no country that cares about its security will be using anything other than closely monitored domestically manufactured systems.
I predict a resurgence in ROM-based firmware for certain classes of systems, good luck infecting that across a reboot. And probably a return to some old-school analog or ladder logic control systems.
Most CPUs today have built-in microcode making them vulnerable to attacks like this. Such attacks may already be out in the wild, as they are harder to discover than the storage-based just exposed.
Just boycott American shit.
Which begs the question.....Why do the retards that make hard drives make their firmware writable?
Addendum. Now I know why I use a Blackberry
http://crackberry.com/blackberry-security-begins-endpoints
I bet this was created by Israel. An answer to that not naming which country was responsible.
"Hard drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up."
Which means you can pretty well guarantee it's in the BIOS, too. Why would you stop at hard drive firmware when you could do the whole shootin' match?
Toldja toldja toldja
Front and back end running
If it's connected to the ethernet, it's not yours.
I just don't understand why 0bombya loves exploiting everyone's back door?
There is no way AI is going to be kept out of this spy vs. spy fight.
The also rans will be forced to turn AI loose on issues such as these in an attempt to get ahead.
Elon and Stephen should be aware.
The genie has left the building.
If Roles were Reversed?
Headline reads Microsoft Security Essentials discovered hackers from Russia have taken over computers in 42 countries including the United States of America.
Mexico and Canada were targeted as well. Most all American hard drive manufacturers were hacked or compromised to become a virus breeder farm to infect and control computers worldwide.
Biggest and baddest hackers money can buy.
We know what you do as you do it. We make your Apple do what we want it to. Feel violated yet? Russians inside your bedroom or man cave, at work and Starbucks... baby!
WTF are you gonna do? Obama?
No surprise here.
Everyone knows Obongo LOVES "backdoor exploits".
Don't you wish he would use some Vaseline!
good work by Kaspersky. Given that this is a Windows-specific exploit, the two questions that come to mind: 1.) Was this developed with cooperation from Microsoft? and 2.) How long before Linux overtakes Windows on the desktop in China, Russia, India, Brazil, South Africa, everywhere else? Companies will soon realize that you don't need to rely on a fucking domain controller to centrally manage an IT infrastructure. There are LDAP alternatives to Active Directory.
"EquationDrug’s core modules, designed for hooking deep into the OS, do not contain a trusted digital signature and cannot be run directly on modern operating systems. The code checks whether the OS version predates Windows XP/2003. Some of the plugins were designed originally for use on Windows 95/98/ME.If the target is using a modern operating system such as Windows 7, the attackers use the TripleFantasy or GrayFish platforms. EquationDrug has an integrated countdown timer, presumably designed to self-destruct if commands are not received from the C&C for a period of time (several months).The information stolen from the PC and prepared for transmission to the C&C is stored in encrypted form throughout several fake font ?les (*.FON) inside the Windows\Fonts folder on the victim's computer"
It's a bare-metal infection platform and is not OS-specific, from what I gather from the article. Thus, Linux or MacOS specific modules could be written. Since the code starts above OS level, the only solution I see is to use non-standard OS. Plan9 anyone?
And my usual bitcoin plug: I can't see that affecting multi-signature bitcoin wallets where keys are distributed between multiple machines.
That’s it.
I’m breaking out the old 8088’s and Bell 103 modems.
Emails to mom must remain secure.
China has made its own OS
The homegrown OS, named China Operating System (COS), is essentially meant to compete with OS X, iOS, Windows, or Android.
Yes it is Linux based... bye bye Microsoft and friends. At least in China.
So, Linux gets a Chinese back door now.
All things being equal, I'd take a Chinese or Russian compromised device over a NSA compromised device because I live in 'Murika under DC's boot... just as long as they don't share information with DC.
>> I’m breaking out the old 8088’s and Bell 103 modems.
I'm removing all of my fonts...
OS2 Warp FTMFW
If you didn't compile it yourself, you don't know if it's safe.
Even then compilers can adjust the code and can inject anything they want into it. Bit of a chicken/egg problem in computers. How do you compile a compiler (yes, that's a thing) when the microcode in the chip or bios might be suspect? There is a whole chain of things that have to happen in order to make software, all relying on implicit trust of the previous step. Short of pressing the silicone yourself there is no truly secure, and even then there are processor bugs that can be exploited . . .
Did you also compile make? Did you compile th OS you are using to compile the new OS? Did you compile the various firmwares (as this entire article is about a firmware vector)?
YOU cannot win this battle, period.
As a staunch liberal, I am absolutely astounded by this report that more Americans watched the SNL 40 special than the NBA All Star game. We are truly a racist country. Something must be done!
The best thing is for everyone to do something a little different.
Even as the consumer electronics forward rush relatively slows, you can bet Moore's Law effects will be quietly ripping FORWARDs unseen by civilians. We will find out how far along it is one day via shock discovery, but the tech will remain hidden for as long as it can be hidden.
But you do get to pay for it....
"But the more you pay, the more it's worth..."
h/t Done McLean
These are definitely more than a little complex. I would have thought that a bios rewrite or drive firemware would be really tough via remote access but who knows now. Used to have to boot to external OS to apply a bios upgrade. I see the registry mod as alot more likely since that's accessible with the machine up.
American as Mom, baseball and apple pie.
How does this revelation make the average American safer?
The entity who did this should be given the cyber purple heart or sentenced for treason?
Guess the percentage of divided Americans and win a cupie doll.
They should be hanged---in the middle of the superbowl
Modern computers can upgrade almost all firmwares from the OS (usually a reboot is required - you have Windows Updates turned on automatic right?). My 2 year old monitor can be firmwared via the video cable from Windows.
>> Which means you can pretty well guarantee it's in the BIOS, too. Why would you stop at hard drive firmware when you could do the whole shootin' match?
Actually not. There is Chinese controlled BIOS - in the accepted meaning of CPU BIOS even with modern innovations. However, it may well be in the I-O chips firmware. So-called Northbridge chips and the like.
BIOS is the holy grail so to speak but its also relatively easy for a technically savy end user to erase and reprogram the BIOS with uncompromised firmware.
the part about the hard drive firmware that is particularly worrysome is its nearly impossible for the end user to "clean" the compromised firmware off of the hard drive circuit board- if its the firmware thats compromised in a hard disk the only option you realistically have is to physically destroy the drive and replace it with a hopefully "clean" hard disc.
If someone were highly concerned about thier hard drive firmware being compromised and they still needed secure communication, they should remove the hard drive completely and run Linux Debian from a CD/DVD, its an operating system on a disc. no hard drive- no possibility of you computer being compromised as everytime you turn it off any malicious code that made its way onto your computer instantly ceases to exist.
if someone was even more paranoid than that the next step would be to pop the BIOS chip(s) out of the suspect computer and use a dedicated chip burner to re-flash the BIOS before each use.
obviously that would not be practical for most people, but if you were in possesion of info that would endanger your life if you were found its the only way to be really secure..
https://tails.boum.org/
http://en.wikipedia.org/wiki/Tails_%28operating_system%29
McMolotv Tails = TOR= NSA Inside™
TOR is a US government creation. see https://newworldorderg20.wordpress.com/2015/01/03/nsa-claims-tor-is-a-se...
TOR, and any system utilising TOR is straight-to-NSA malware baked in.
Compilers are also a logical target (see projects that attempt double compilation binaries) see Reflections on Trusting Trust Ken Thompson (1984) and weep .http://cm.bell-labs.com/who/ken/trust.html
There are few to zero ways to escape the embedded SpyNet Inside. Back to paper, typewriters and white noise generators.
Computers are becoming more and more disposable. Just treat them like mobile phones. Keep a burnner, and be sure and BURN it.
A backdoor WORM!!!!!!!!!!
Called FANNY?
For real.... dude
Duplicate
I will tear them apart for the Gold and Precious Metals.
The Hard Drive platters go directly into the Hydrochloric Acid so that I am left with the Platinum Bearing Foils. They will not be readable when I am done.
I also destroy Cell Phones for the PMs.
There is nothing like the odor of HCl and HNO3 in the morning.
I enjoy destroying the NSA Espionage Tracking Devices.
It is theraputic...And it is a twofer. I get the satisfaction and the PMs.
All the while I am muttering "Fuck you NSA" while I am doing it.
Send them to me. You have my address.
12223B Woodside Avenue
Lakeside, CA 92040
We can go and hunt Cougars...
Hi. My name is Bob. I work for XYZ corp where we make motherboards. My job is design. I insert NSA chips into each new motherboard design so they come with NSA software out of the box. My real paycheck comes from Langley.
Face it, all the major tech companies are likely to be a melting pot of international spy agencies as everyone races to get designs and/or induce their tools into products. Who would really be surprised to see a lab with Americans working next to Russians next to Chinese next to Indians, next to Koreans next to Japanese next to Germans...
Doubt it? Try MIT or NASA for starters.
@NidStyles:
Jeebus fucking quadruple double "D" gravity challenged titties!
Is there no situation whatsoever where you pathetically ignorant, inbred, dimwitted- albeit well-trained and obedient- .gov useful idiots do not view as an opportunity to disseminate your statist NAZI propaganda?
The knee jerk Nazi calling is juvenile. There is no reason to believe that Israelis would not develop such a thing at the request of the US. It is a legitimate speculation. All your bluster is for naught.
Ahhh... one of the aforementioned 'useful idiots' I presume?
Or maybe not.
You, at least, concede the possibilty that the Isreali goverment is perhaps acting under the direction and/or coercion of the USA PTB-which is directly opposed to the ideas put forth via the constant flood of propaganda -here and elsewhere- which is aimed towards the goal of infecting the ignorant masses with the idea that Judaism is the root of all evil on this batshit insane ball of rock.
you seem to forget the well known fact that the isrealies worked directly with the NSA on Stuxnet and a few of the other zero day exploits that have come to light in the last couple years.
@BO The "Censor the Internet" thing is on another thread. Perhaps you need to go over there and help ZH weed out & eliminate the bad people, thereby bringing truth to us all. For the record, I personally believe that this caper has 'The Trekkies' fingerprints all over it!
Ahhh.... the stupid. It fucking burns.
Thirty thousand feet over your head.
Yes, I would agree. Look at the target groups and you can see that they are mostly adversaries of Israel. Who would trust Israel anyway?. They think that everyone is their enemy. And at the rate they are going, if they are not now, they will be in the future.
Correction: If you're not a willing sucker, then you're an enemy.
You're right, Mexico and Canada have hated Israel for years. They oppose Israel all the time.
Of course. The US and Israel have a "special" strategic relationship, established over time, no matter what the Llooney-in-Chief does.
Hi CIA shill.
"The Third World War must be fomented by taking advantage of the differences caused by the "agentur" of the "Illuminati" between the political Zionists and the leaders of Islamic World. The war must be conducted in such a way that Islam (the Moslem Arabic World) and political Zionism (the State of Israel) mutually destroy each other. Meanwhile the other nations, once more divided on this issue will be constrained to fight to the point of complete physical, moral, spiritual and economical exhaustion…We shall unleash the Nihilists and the atheists, and we shall provoke a formidable social cataclysm which in all its horror will show clearly to the nations the effect of absolute atheism, origin of savagery and of the most bloody turmoil. Then everywhere, the citizens, obliged to defend themselves against the world minority of revolutionaries, will exterminate those destroyers of civilization, and the multitude, disillusioned with Christianity, whose deistic spirits will from that moment be without compass or direction, anxious for an ideal, but without knowing where to render its adoration, will receive the true light through the universal manifestation of the pure doctrine of Lucifer, brought finally out in the public view. This manifestation will result from the general reactionary movement which will follow the destruction of Christianity and atheism, both conquered and exterminated at the same time." 4
Seems like fringe drivel until you find that enough people don't consider it drivel that it cannot be ignored strictly as such. The sad truth is that bullshit stops being bullshit de facto if enough people can be manipulated into believing it and are willing to give it power, one of the more infuriating, evil aspects of GWOT, Agenda 21, and other Big Lies.
The timing of this release seems significant, having the effect of shaming President Obama's latest "Cybersecurity" Executive Order (see here and especially here) and sending a message that meaningful progress has been made not just in developing an alternative to the SWIFT system, but also in protecting and defending it. I read somewhere that rollout is scheduled for this May, though that's probably just for public consumption.
I bet the people who wrote up this report could tell some fascinating and scary stories. THANKS to whoever brought it forward to ZH. It's a landmark development in the war. Somewhere, someone is tearing their hair out in frustration.
Bring back Confucianism, Shintoism and Taoism ! Not only they promote a good moral order, family value, etc... but have very interesting spiritual insight.
Just don't mistake obedience for morality.
It is so counterproductive in the longer run. What this does is promoting secure domestic hardware and software industries in target countries such as Iran, with a well educated and ambitious workforce.
But hey, who cares about tomorrow, when you can suck up information today? Maybe Israel thinks it does not matter, as they can always use their nuclear weapons if they feel the need.
BurningFuld - pretty sure NSA has a backdoor into ALL smartphones, including Blackberry.
Please note that the "hackers" mentioned are not super-duper-extremely-evolved-highly-intelligent "geniuses". They just have the right information and resources.
This shit will continue because 99.99% of the population are PROUD of their computer IGNORANCE!!!
This shit will continue because 99.99% of the population has no interest in learning anything about how their computers work and the computer industry is happy to oblige them.
This shit will continue because 99.99% of the population are quite happy to download and trust the latest "updates" with absolutely no questioning of whether or not those updates are good or bad or what the hell those "updates" actually do.
This shit will continue because 99.99% of the population are happy to blindly accept other peoples's solutions to their computer problems.
It is quite unfortunate that the computer industry is being totally fucked over because it is drowning in a sea of wilfully stupid customers who totally swamp the tiny bit of demand from those who like to know how their systems work. The majority of customers demand to be stupid and the industry is happy to cater to that demand.
Then again, in order for padlocks to work, customers had to choose to not know how padlocks work either. Next time you're bored, have a good think about that one.
Technology advances too fast for someone that doesn't spend their lives dealing with it directly to keep up.
Has nothing to do with being willfully stupid. Even the best programmers only have a few years of staying on top of the game before real life starts becoming more important.
What is really nefarious is this constant tendency for those of ill will and poor moral conduct to blame the victims for the acts of the criminals.
Twenty five years ago I used to write code. Now I have to get my son-in-law to help activate my new phone.
Lucky you, I'm still writing code. A lot of Perl these days... just because I'm tired of other people tking shortcuts when if it would have been done properly the first time around, I wuldn't need to be doing rewrites.
My condolences with Perl. That's nasty stuff, a true example of write only code (once you write it, a few weeks later when you read it you probably won't understand what it does.)
A couple of major Perl applications I had to write turned me catatonic.
Yaaaa!! Let's hear it for COBOL!!!!!
....
Anyone?
Cobol sucks. PL/1 rules.
Document...Document...and Document.
If you are going to code then do it "write". (Grammar error intended.)
"What is really nefarious is this constant tendency for those of ill will and poor moral conduct to blame the victims for the acts of the criminals. "
This requires repeating. +1
Some of those nefarious have something to sell. Security Softeware shelf is down row A.
Chrome tries to protect their own. Shame Microsoft does not do the same.
lul 99% of the computer industry's liabilities are user-created problems. And none of that shill cheech im a kid, besides no one knows the economy's gonna crash anyway. Maybe we will think of an algorithm to trade lots of corn from Bill to Jeff, instead of exacerbating insurance of useless securities. Such as the mortgage market.
I suppose that you are probably an expert in cardiovascular surgery too. They have been updating their abilities for some time now. We dont know anything about computers because our minds do not enter into that arena of thought. I wish I could understand them. However, I am an expert on another field and don't have the time to learn everything there is to know about such a complex field.
I suppose that you are probably an expert in cardiovascular surgery too. They have been updating their abilities for some time now. We dont know anything about computers because our minds do not enter into that arena of thought. I wish I could understand them. However, I am an expert on another field and don't have the time to learn everything there is to know about such a complex field.
99% would freely give up the information...... Good murikan's !!!!!
@PT :-
Bullshit. Taking that kind of logic, we would all be experts in everything in our lives. Be our own lawyers, doctors, engineers, architects etc etc. The whole purpose of specialisation is to acquire expertise well beyond the amateur.
A functioning society requires a minimal level of trust between its actors, tho' clearly that trust is being ever eroded through the criminal actions of government and their masters in the criminal/bankster/corporotocracy elites.
That is the principal reason why western civilisation is now reaching its nadir. Never a construct of integrity or high idealism, it is now descending into decadence, decay, depravity and dissolution. The sheeple have cast off personal responsibility, accepting an anything goes morality and turning their backs on what is being done in their names and with their taxes. The Beast stalks the earth, breathing fiery flames of hatred and fear, all being sucked up in panic by the vacuous drone populations enabling their political shysters in all that they wish to do.
The solution? As individuals, we need to change ourselves before we can change the world. If enough people would do this, (and enough is not really that many, certainly a lot less than a majority), we would begin to see change happening rapidly. Me? I think it's probably too late for that, this side of an apocalypse.
Firmware upgrades to resolve issues (both real and imagined) with the hard drive.That's why.
However, it isn't (at the moment) in someones best interest to attempt to alter the BIOS. BIOS firmware updates can be cumbersome at the best of times, and more than once have I seen a system completely fail from a BIOS update. It's a little too risky if you need the system to still be completely functional after the payload has been placed onto the machine.
BurningFuld > Which begs the question.....Why do the retards that make hard drives make their firmware writable
So they can ship product before some of the design defects are remedied.
Two thoughts here. The first is that writable firm ware will probably become a thing of the past now that this has been disclosed. Or, there will be fixes for virus infected firmware.
Clearly this is an asymetrical response to US sanctions on Russia over the Ukraine. The next step is to release fixes for this stuff to the internet community. Watch Washington howl about that sort of a response. Got your popcorn ready?
"Which begs the question.....Why do the retards that make hard drives make their firmware writable?"
To fix firmware bugs. Also some Vendors (aka HP) apply there own firmware so you have to buy "their" drives to work in their RAID controllers. That said, it would not prevent the NSA from demanding Manufacturers to embed spyware or backdoors into thier products. I am sure that most of the popular ethernet adapters, switches routers have NSA code, as well as most Operating systems Windows/Mac and probably Linux.
That said, I doubt the would use it to spy on ordinary citizens, They will likely only use thse tools to target foriegn gov'ts (ie Iran, China, Russia, etc).
If they weren't writable, there would be no way to update firmware. Encypted firmware... I would invest in that.
Why? Is there some component in your computer that you think is made in America?
The BIOS chip of Dell computers has always used encrypted firmware, allowing it to conceal all sorts of interesting 'features' if so desired. It's just rarely exploited. All BIOS chips have extra memory that can be expoloited by a reasonably-skilled hacker to own your machine. It's common now to jump out of the BIOS code on bootup and execute a disk-based version of your BIOS (EFI) instead. This allows another vector of exploitation and is generally undetectable by anti-virus software.
Almost all disk-based hard drives have had a protected system area loaded with firmware code in normally inacesssabe tracks of the drive for the last half-dozen years or so. More difficult to exploit, but nearly impossible to detect or remove. Seagate hard drives have had a history of quality control problems in manufacturing, but several models were plagued with premature death because of bad code in that inaccessable area. Large-capacity Seagate drives have had several problems with System-area firmware virus that the company refused (to this day) to acknowledge.
Solid-state hard drives? Yes, they have the equivalent of a system area that can be exploited as well. Worse yet, their memory cells can be marked as 'bad' and permanently ignored by the drive in normal operations. Large sections can be marked bad, loaded with virus code and accessed later on by much smaller programs that force the drive to read those 'bad' cells. This is a variation of a bad-sector table exploit used on disk-based hard drives.
Your CD/DVD drive has updatable firmware that can be exploited. Your network card has areas of firmware memory that can be loaded with a virus. Depending on the chipmaker, your Firewire, USB and Bluetooth ports are exploitable by firmware viruses.
The most fertile ground for exploitation is the huge amount of firmware in mid-range and especially high-end video cards. The video cards themselves can easily act as an independent computer.
Even your audio card or chip has firmware that can be exploited to do something evil.
All of the hardware exploits above are much more sophisticated than the average Windows virus, so they're unlikely to be written by a junior high school kid in New Jersey. It wouldn't be too difficult for, say, the Chinese government to have some backdoor placed in a CD/DVD player's firmware or a video card's programmable memory. It would be just as easy for the Israeli government to backdoor any Intel chip in your computer since they write the firmware for them in Israel and it's secret.
But then, you already knew how vulnerable Intel chips were to Israeli spying... didn't you?
+1 You definitely know what you're talking about. It reminds me of my own experiences almost 20yrs ago when I was fascinated by firmware code in HD, bios, and to a lesser extent their exploits. (As a hobby, not professionally).
GPUs and ASICS which, as you say, are such fertile grounds for exploits are predominant in one area: Bitcoin mining. That's yet another reason to be wary of this area.
"He who rules track 0, rules the universe!"
Russian hackers: "Yeah, but I rule tracks -16 through -1 and know how to put your drive in maintenance mode."
I always had to go to Russian sites to get the really 'interesting' inside info on drives. Those guys ruled. The on-line translators weren't up to the task, and that cost me a few 'test' drives.
At some point in time people will get so tired of this worm riddled virus ladened technology crap that they will just turn their backs on technology and go back to the House on the Prairie.
The article concentrated on what can be done on an individual computer. Equally outrageous is what happens once data leaves the computer. The NSA doesn't need to infect your computer to scan your emails or listen to your phone calls. What happens between your computer and some remote one is vulnerable to interested third parties. Mostly we never even know what's happening between the endpoints.
Back in the 80s I worked with lots of remote communications systems connecting stores with central data centers for various retailers. The communications was based on standard TTY protocols (think modems as once used to get to AOL), and worked fine most of the time. One store kept losing the connection, and neither the mainframe nor the store system seemed to be at fault. I got hold of a datascope, which connected between the modem and the point of connection to the phone system (ATT at the time). I watched, and after about 10 minutes I saw an unexpected character come across the screen of the datascope. It was the ASCII character that told the store system to cease communications, and was called XOFF. It was coming from the phone network itself. Things like that are beyond the control of most of us, and with the internet it's even more mysterious than ever.
Had an interesting one inside a large well known chip fab when I was a lad. Running backups would cause one of the networks to flip out, and take down half of the redundant DC. I traced it to a file on one of the unix boxen that when passed over any switch port in the facility caused it to jump into an engineering mode. There were about 10 bytes in a specific sequence in the file which would reliably take down the switches. It was clearly a "magic number" entry point which had been left behind. So their entire infrastructure from the switches upwards was compromised.
The fab produced military as well as civillian chips.
All I have to say is FW exploits, "internet of things", forget about it.
"At some point in time people will get so tired of this worm riddled virus ladened technology crap that they will just turn their backs on technology and go back to the House on the Prairie."
LOL, Does a Heroin Addict give up when they know its bad for them? Americans and just about everyone else with access to Technology is addicted. They would even give it up if they had to endure a mild electric shock everytime the picked up a device.
The govt will just make its use mandatory plus unable to be and illegal to be turned off - feature, not a bug. Notice how Windows already tries to dumb down users and enfeeble them by removing access to the full range of options on the file manager by default? We used to have incredible file manager tools and access on PCs, and now we don't. They don't want people to know their computer in the way we used to, to be able to manipulate the entire system. MS do their best to hide the system now, and limit user access. We are just users of their system, like a person renting a unit. It's 'your' Unit, but not yours at all. You are a user. And over time your privacy and rights are increasingly marginalized and impinged on. i.e not 'user friendly'. The user is now a captured dependent addict, more like a drug user, Apple is your pusher/pimp.
Is that like zh maintenance mode?
Well, at least online banking is safe. We're cool.
"Well, at least online banking is safe. We're cool."
Besure to use online Financial tools like Turbo tax. You can't find a more secure product than "Turbo Tax"! /sarc
One year Turbo Tax came with a key logger! The company said they wanted to know how people used their program.
Are you saying my new giant Samsung TV could have firmware surreptitiously embedded in it from the factory that can activate every time I turn it on and can change my configuration settings, without my knowledge or consent, and transmit my private life to a third party over NSA logged fiber, and be able to hide this fact from me, when I check the menu settings, so that I can't ever actually turn it off, even when I think it is off?
It can't do that, can it?
The freaky thing here is I actually have a huge high-res Samsung TV in front of me, as I type this, which is being used as a monitor that's hooked into my PC via a HDMI cable into a high performance video card.
No, I'm not joking. :-/
Big Brother is no problem.
Big Sister can be a real bitch.
Samsung company recently had a press release warning users to be careful what they say in front of their "smart" TVs. That's right, your smart TV can listen.
http://www.bbc.com/news/technology-31296188
Shortly after Hastings had that problem with his Mercedes, I watched a video describing how some researchers took control of a car by crafting a special CD. When the car's CD player read the disc the researchers were able to gain control of all the car's networked electronics, even stuff like electrical door locks, windows, etc. It's enough to make one want to install a master kill switch to disconnect the battery and alternator from the rest of the car.
Hmm, perhaps the Amish have the right ideas about modern Technology.
True Dat!
You can't hack a manual manure spreader.
Not true!
"If we understand the mechanism and motives of the group mind, it is now possible to control and regiment the masses according to our will without them knowing it." -- Edward Bernays
But that's virtually all CPUs, and microcode is a terrible vector for anything other than a bootstrap to compromise the full system. More importantly, microcode updates are typically hosted in the system firmware and not the CPU, and this research corroborates that firmware is the primary target.
From a purely practical point of view, there's simply not enough code storage for microcode to be a very useful payload carrier in itself, just a useful vulnerability to exploit.
The other thing that really interests me in some of these disclosures is how much of it is oriented at air-gapped systems, and that the implementation strongly hints at either having physical access to systems to extract the intelligence, or that someone is inserting/removing media. So either they're duping people and then somehow grabbing the systems later for analysis, or this is something that works hand-in-hand with actual spies.
I wouldn't be shocked if this information ends up getting a few moles outed and/or killed.
Yes, there is not enough code storage for microcode to be a very useful payload carrier in itself, but all that is needed is for a few specific instructions allowing a privilege escalation, making it easy for other code to take control.
I think that's settled. No need to look at processors. Nothing to see here, move along. The parasites are torn. They have compromised all of American high tech, and they know it will destroy the industry over time. All part of the big plan. I for one, welcome our NWO overlords.
Industry is but a way to make money. You make money building industry and destroying industry. But owning industry in the long run is not advisable. It's hard to move abroad or pass to your kids. Takes lots of chutzpah on a daily basis. So head my advice: make money instead and pass it to your kids. Start early, some say you should give them their first hedge fund at bar mitzvah. Even if it's just a zero hedge.
Firmware loaded from pure ROMs cannot be compromised. Any RAM implementations of ROM are vulnerable, which is pretty much every MCU Flash/EEPROM/etc.
Whoops, "forgot" to set that write protect bit...
Since the NSA already has a group dedicated to physically compromising those systems which they cannot electronically compromise, what's to stop them from outfitting their men in black with eeprom burners?
(I think I still have some burners in the basement for various antique security systems, a couple bays down from my old black boots & suits...)
Nothing at all. When you handle 'finished goods' as a 'consumer', you don't know what's in there and who handled the assembly and post-assembly processes.
When the "consumer" is a business that is advising governments that aren't 5-eyes-BFFs of Uncle Sam this becomes a real headache. I don't think aspirin is strong enough to fix the problem, but perhaps an EMP might.
It's a screaming pia (pain in arse) to update a system with ROMS. That's why no one uses them much these days. Much easier to do that firmware update dance with software. Now if the system is already hosting a bit of trigger code, then escalation and exploitation become much easier.
Having such code on your system is not the end of the world. To be useful, something else has to make use of it and then copy data to another location. Proper air gapped systems make this very difficult if not impossible without physical access. For the rest of us, install something on your outbound network that will report where all those bits area headed off to. Good luck with that...
This is actually what I do, there's a completely separate firewall system and then a second listen-only supervisor using a completely different architecture tied into a dumb hub watching the traffic just to be sure. The next level of paranoia after that is setting up two boxes and using SLIP and a serial cable that's tapped and monitored between them, in case you don't trust your ethernet controller.
Having done this and watched the output for several years, It's a given Microsoft doesn't have your best interests at heart, but question anything using Adobe Flash and say fuck no to OEM-supplied Android along with it, and never, ever use the WiFi that's built into a smart phone.
WTF, seek?
YOU'RE not allowed to listen in on your own network, for cryin' out loud. That's the GOVERNMENT'S job!
EO, seek, I have put Wireshark and Snort to use before. When you have an internal network where everything is relatively quiet, and the number of seemingly benign DNS queries is an order of magnitude or more than it should be... yeah...
I'm not a fan of smartphones, though I use a Nokia N900. It's at least not Android or Apple or Windows, and it's a bulky beast. Runs bash, and I can bring up the python shell.
Someday soon I hope to not use computers anymore. With systems already this compromised, the fight for technology is one that I don't care for any longer. The guitar and skateboard hold finer pursuits of time and passion. Meditation, perhaps, and control of one's own mind.
One day they'll come for the BIOS in your head.
Guitars as the next communications network could be neat. What did you say? They are playing the solo from Eruption followed by Stairway to Heaven? Launch the nukes!!!
Jimi once said that things would have been different, if slaves had electric guitars.
Excellent choice in "smart" phones, ahead of its time and still capable of unique things, but flashing the memory in that thing can be a FUCKING NIGHTMARE worse than resoldering the USB port.
I'm giving you an up arrow just for sounding smart even if its all BS
The TSA touches every laptop that enters the country.
Excellent point Seek.
The vector is also Social, data, like Mitnick too.
Today moles, tomorrow US.
National Security Threat?
You betcha.
That's why we need data rights.
Like the face on crapbook.
Wild wild west.
NSA causes monoculture, to our detriment.
I am looking at a micro SD chip in my desk drawer that holds 2GB. Smaller than one of my fingernails. And it is in my drawer because it's small, and I'm not using it... I have one in my pocket with a larger capacity.
Moore's Law, seek. Nowadays, they can cram a LOT into those firmware modules. And they are rewritable now, too. You know, so patches can be applied to the microcode.
Grayfish - The most sophisticated attack platform from the EQUATION group. It resides completely in the registry, relying on a bootkit to gain execution at OS startup.
This implies that Grayfish is written to exploit Microsoft OS's!
In Microsoft there is the registry. A monstrous mess of configuration information and hiding place for viruses.
In the Linux world, there is a giant hairball called systemd. I don't know exactly how it works, but suspect that systemd will be where malware resides in the near future. Some Linux developers are fighting it, but it's been included into all the major distributions.
Linux is open source, but nobody can read ten million lines of code and know what all of it does.
Most CPUs today have built-in microcode making them vulnerable to attacks
CPU's are pretty much blank memory and some hard pathed instructions. The difference between a true and a false, is .5 micro volts. CPUs load their boot instructions from BIOS, and the drivers load from registry pointers. Firm wear code is burned into a chip. There use to be DRAM EPROM and PAL chips that could be addressed (read and written) by high memory (user applications). BIOS is R/W firmware - if you've ever opened the bios setup interface, you are writing info to a chip.
When I first connected with DSL, a phone company (the ONLY phone comapant, the phone company that gave office space to NSA/DHS/OLIGARCH GESTAPO to facilitate the wonderful NARU and the 4ESS implementations), I spoke with a straight tech for THATT phone company, and he said to disconnect the modem from the wall jack when it wasn't being used because the phone line could be used to transmit instructions (re-program) the modem. Recalling the breakup of the phone giants, and then watched as the rule of law took it up the backside, with nary a whimp from the CSPAN "Eight Inches or Less" glitter queen crowd grab assing in their Joan Crawford Fark Me Quick Pumps. I had a baby bell privacy agreement. It said, if we ever share your personal information without a court order we'll pay you 1000$. SO I tried to collect. It was grandfathered, right? Called the legal department and asked for my 10 Ben Franks. The phone lady said we can't talk about it for national security reasons.
Now the reason I knew I was be fed to the NARU switching room was because an IP address pointing at the NARU facility, listed twice, one right after another, during a routine tracert.
The shill was we only monitor outgoing foreign connections. Then filter for known terrorist phone numbers. HAS ANYBODY HERE EVER SEEN THE TERRORIST WHITE PAGES ANYWHERE, ANYTIME, WITH LISTINGS OF THEIR CELL PHONE NUMBER? YELLOW PAGE TERRORIST LISTINGS? .The only way these public employee shyte heads could know a terroista's cell phone is because they are the terroristas. "The Toilet", our very famous Emanuel Goldstein of the moment, aka; Al KADA, and one (at least) of the 10 known Binny ringers, was served up by the now defunct EveryOne's internet on a state side rack. For your notebook - all one has to do is work at a mall cell kiosk to learn hown to make a cellphone call look like it origined from any number you want. And THATT phone company also has all it''s support in other countries. Most of the Fascioligarch Industries do. So just by calling THATT phone company's support number ggets ya on the "hot" list.
Ya gotta a MAC. Check out the "console". Mobile Me. iCloud. Dropbox, all with root authorizations, are constantly asking to send, or receive, stuff from offshore IP's. Do not ever sign up for those guys, If ya got it set right, the message will say denied and your system will run a lot faster. One trick, use "0" (zero) for the redirect IP,the hosts file. There's a lot of stuff you can do - turn off error reporting, updates, unnecessary port allocations in group policy, remote assistance all the little iPhone iLooney Tune helpers. Look at the cachs window under safari's debug menu. Shit is going on all the time. In Windows set all your INDEX.DAT files to read only files and browser history will not be recorded.
The first thing you should do when you install a router is block the router manufacturer's update DNS.
Wireless - get yourself an Airport router. Quit using 4GL cell phones.
Jjust revering a message string in an email will shunt it off to the "to do" stack. Say stuff in reverse. If you're going to the movie, write I am not going to the movie. These ain't the sharpest pencils on the block. The people we hire to perform public service just don't make sense. Instead of dot the "i" caretakers, we get bling addicted Law breakers.
Someone managed to get trojans into all the hard drive manufacturers which infected all their workstations and manufacturing facilities and then wrote itself to every hard drive ever made for the last 14 years AT POINT OF MANUFACTURE. When the bios chips got burned, the firmware burned in, this virus wrote itself into the firmware at point of production. Ditto for rom as well. Additionally, it wrote itself to the hard drive platters as backup. Because this virus exhibited itself as part of the root product, (which cannot be accessed by any virus scanner or read in any way) it remained totally immune to detection this entire time even when written to the hard drive platters. Kapersky finally hunted it down (most likely by taking new products and doing a linear read of hard drive platters they removed from the hard drives and put in their own custom box.)
http://www.jimstonefreelance.com/
You're right. But there is no such thing as "unaddressable memory". Ya just gotta use a tool, like BAL (assembly) to get at it. A hard drive's "stylus" cannot read, or write, where it is mechanically prohibited from doing so. Firmware can be read, reverse engineered and rewritten.
What is really freaky is the claim that military disk wipers cannot obliterate all the data. Hard to reconcile that unless there is some kind of Faraday contraption protecting the double secret data store. That is amazing
There are people looking at ways to service a dooms day internet using other, albeit slower, transmission frequencies. There are Hamm geeks that figured out how to convert TCP packets to a Hamm signal, then bounce them off a satellite, and then convert the signal back to TCP at the receiving node. The receiving node could then make the data available to a wifi mesh. Another approach might be something similar to Assange's "rubber hose", and flood the spooks watchers with meaningless data - problem is they'd probably use that as an excuse to extort more of our harvest to counter act. THe MIB whimps seem to get funding for stuff that is impossible, like "growing hair on a light bulb".
They're afraid. Very Afraid. And well they should be. We be the gorilla in the room and they be but a single pathetic skinny banana.
For now, best to use an old XP version 0, circa 2000, box without any of the service packs. Remembering TECH TV - no wonder M$ bought the rights - those guys were telling us everything.
> listed twice, one right after another, during a routine tracert
How does that work?
a tracert should hit an ip and then reoutes to the next IP in the chain. My event happened several years ago. The only reason it hit an IP twice, sequentially, was that it was shunted through another "switch" or "buffer" attempting to hide behind the router's ip before it was passed to the next link in the chain. When I saw it I called stateside support and echoed the tracert to a tech's support console. The tech was going wtf - just like I was.
Why are they afraid of us? Because we feed them. We take care of them. And, because there are so many of us. They're number amount to little more than a gnat on god's ass. If the American gentry collectively "shrugged" it's shoulder, they'd surrender in a NYC minute. We need a formal set of terms of surrender that does not involve squishing the brains out of their offspring's skulls and without capital consequences. Give them a chance to confess their sins, without all the carnage of Bastille. They're victims of little pee-pee complexes, reeducation internment and training for real jobs would take a while. People do change, despite the "mores" claiming otherwise. Only problem, has their self indulgence and their false self anointed sense of being "very special - or god's chosen", completely obscured their natural sense of survival.
Another obvious vector for NSA malware & control software is Microsoft's eternal gift to the US Deep Totalitarian State, the UEFI BIOS. Besides making life much more complicated for Linux users, this gem is a perfect vehicle for taking control over one's machine.
Bought a UEFI motherboard the otherday, a BIOSTAR I believe, that actually had a full TCP/IP stack ... in the BIOS. As in, it actually had a browser and you could WWW surf without even booting an operating system (!) At least its capabilities were not obscured...
There is no reason the NSA couldn't take control of your machine even when you think you are running another OS - it would be amazingly simple for the motherboard to occasionally pass control over to whatever code was desired in the BIOS to run in parallel to the real OS, and "borrow" the on-board NIC - this in turn could do whatever it wants with your machine, and send whatever results, to whereever it wanted to.
Thank yous to Bill Gates, George Soros and the rest of the NWO psychopaths...
The "Basic" I/O now involves a full TCP/IP stack lol. Most people forget or don't know that an OS is just a program and hardware utilization is multiplexed among 2+ control paths.
At least you can watch TCP/IP packets.
Not long ago a security researched reached tinfoil-hat level even for security researchers. Some suggested he was imagining things, but today's disclosure by Kaspersky almost exactly syncs up with was reported about BadBIOS. It was discovered that it was hacking the BIOS and communicating to other air-gapped systems via ultrasonic noise via the speakers and mic...
Is that why my speakers are buzzing all the time? ;-)
Badbios operates in the ultrasonic just above what you can hear.
Your dog may think your speakers are buzzing, though.
And put kiddie porn on your computer,
Funny, that TCP/IP stack doesn't do much if you don't plug it in.
...and yellow pads and No. 2 pencils.
Beware the blind guy at the corner selling pencils, the one with the sunglasses, pssst.....yea, him.
God damn, that's a great idea.
SPY PENCILS that record everything they write and transmit the daily results out through the transmitter in the eraser.
need a small gyro in the eraser. Lets brain storm this thing, have your people call mine.
Small transmitter, embedded in the pencil's eraser, would also] visa vi triangulating reads plotting the pencils movements from reads by smart TVs, smart electricity meters and intrusive Facebook bluetooth bots. An automobiles CCM could be substituted for one of the nodes.
Would that transmitter have enough power to continue broadcasting after someone stuck the pencil up a hooker's ass?
Just askin.
Depends on how much cooper a hooker ate and the last time she shat it out without a colon wash.
The CIA CPU microcode is compulsory!
The CIA CPU microcode is compulsory!
Battlestar Galactica baby, no networking! And no military grade security but Military security guarding all important computers with shoot to kill orders for anone found smugglng Stuxnet type worms into any installation.
Let us have an EMP party and just get it over with.
Wrong. If state thugs are aiming high they would want to backdoor the random number generators (RNG, or pseudorandom number generators - PRNG) that are integrated into every CPU. And there are strong suspicions that they have already done that (see RdRand). Why would they want to do that?
True random numbers are crucially important for cryptography. If your random numbers aren't really random, but predictable, then all your cryptography goes to hell. Remember this is probably one of the core things the NSA wants to have - to break cryptography. The one who knows the backdoor will be able to break cryptography even if the keys were generated on a clean, air-gapped machine, so long as the backdoored CPU is trusted as the source of random numbers. The potential damage is enormous and goes beyond just a complete loss of privacy. They could digitally sign their malware with the stolen keys of legitimate entities, impersonate anyone, steal money, etc.
Be careful who you trust even for the things that may initially seem so inconsequential such as 'mere' randomness or 'mere' hardware.
I'm no tech geek, but wouldn't it be possible to use these systems against the aggressor. If they are spying on their victims they certainly are sending information back somewhere, couldn't maliscious code be sent right back to fuck up the aggressor?
Yes, in theory. In practice, could be extremely difficult and if you fail too many times the aggressor might figure out that something is up and adjust. So, not likely to actually happen.
Actually, they begged Intel to come to China and build a CPU factory for them because they are unable to create such things for themselves.
I think it is now open or about ready to start up.
This great Chinese leap forward makes several-generations-old Pentium chips. Intel keeps all the crown jewels in either Portland or Tucson and will not let the manufacturing of their primary products out of the USA until they are obsolete or obsolescent.
Not every corporation is insane, in other words.
All good until the Chinese forced them to open up a Research and Development Center in China. Also dont forget that a bunch of those guys working in RandD for Intel in the USA are Chinese. The 'human' virus is what will do in the western world and lead to the resurgence of the East as the economic and power center of the world.
From a consumer's viewpoint, who cares if the malware embedded in my firmware comes from China or the NSA? All sorts of network stuff from at least one Chinese manufacturer was compromised before it ever hit the US. I'd probably prefer the Chinese malware actually, since they're less likely to send the IRS after me, or a SWAT team, or even a drone.