This page has been archived and commenting is disabled.
NSA Trojan Firmware Widespread, U.S. International Tech Reputation May Suffer. Tech Privacy Has Been a Myth.
MARKET UPDATE
Today’s AM fix was 1,221.75 USD, 1,072.56 EUR and 793.86 GBP per ounce.
Yesterday’s AM fix was USD 1,233.50, EUR 1,81.12 and GBP 801.91 per ounce.
The U.S. market was closed yesterday for a national holiday.
New NSA spying scandal emerges, highlighting the scale of cyber wars
- Agency can access hard-drives made by major U.S. producers
- Computers in over 30 countries, including NATO allies, were hacked
- Iran and Russia were main targets
- Revelations may impact technology sector in the U.S. as institutions around the world seek alternatives
Kaspersky Lab, the Moscow-based cyber security firm whose report into international hacking was previewed by the New York Times Yesterday, has exposed that the NSA has had the capacity to snoop on most U.S.-made computers since 2001.
The report claims that the NSA attained access to "firmware" code from all the major Western computer manufacturers - which runs every time a computer is switched on - and figured out how to lodge malicious software in the code.
The terminology may be foreign to you but imagine if you will what your world would be like if the digital records of your wealth and property titles simply vanished or became corrupted. Imagine the screen just going dark. It sounds alarmist but that is exactly the sum total of the high stakes games now being played out by the world’s superpowers - you and I are the pawns.
The global economy is thoroughly integrated and processes and knowhow are increasingly delivered on distributed architecture made up of lattices of public and private networks. This approach has wonderful benefits and can deliver scale and flexibility and speed in equal measure. But therein lies the risk, the physical spying infrastructure with engineered back doors must remain hidden in order to be effective and useful to the spies who placed them there. What the intelligence community has done has created the mother of all “single point of failures” and the potential for calamity and social disintegration is almost too great to countenance. They assume that with adequate controls these systems can be kept safe and used effectively. They said the same about nuclear procurement and weaponised viruses.
The fact is that in time marketable information will always eventually leak and be traded. Enemy interests would likely, as a priority action, seek to seize control of this infrastructure and either use it to attack American interest and allies or exploit its data collection capabilities - perhaps they already do. Remember, Snowden was a contractor and the access he had was incredible. The sheer arrogance of what they have done is staggering.
Reuters reports
Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.
A Kaspersky spokesman, Costin Raiu said "There is zero chance that someone could rewrite the [hard drive] operating system using public information," indicating that the NSA was given the sensitive code by manufacturers.
Over 30 countries were targeted, including NATO allies. Britain, France, Belgium and Germany all had systems violated.
The revelations that telecommunications systems were infiltrated in Germany will likely be met with interest in that country, following previous revelations that the NSA had tapped the cell phone of Angela Merkel.
Both Iran and Russia experienced a high level of NSA hacking, along with China, Pakistan, India, Afghanistan, Syria and Mali.
In Iran, a full range of systems were were targeted, including those of the government, diplomatic and energy agencies, finance, telecommunications and research institutions and universities.
Russia's military was targeted as were the energy sector and research and medical sectors among others.
The NSA declined to comment on the allegations. Reuters was able to get confirmation of the revelations from former NSA employees.
It is too early at this point to speculate on the implications of the report. It may be that the story will simply fade away. Or, as is often the case, it may be the tip of the iceberg with further, more damaging details to follow.
"Kaspersky on Monday published the technical details of its research, a move that could help infected institutions detect the spying programs, some of which trace back as far as 2001," the Moscow Times reports.
The revelations may have a negative impact on the U.S. technology industry. China has already been drafting regulations, requiring bank technology suppliers to submit their software code for inspection.
Why on earth would a foreign marketplace import American technology if they know that there is a very good chance the technology will be countermanded and the data use against the owner? It is akin to wheeling in a Trojan horse when actually knowing what lays hidden inside.
Ultimately this strategy could serve to severely hobble the American tech industry, the American economy and ultimately American jobs. This is an example of shortsighted leadership, militaristic thinking. The supporters will argue that industrial data can be traded and used to give U.S. companies a leg up on foreign competitors and perhaps this is true, but such help would be very time sensitive and probably slow in propagating given the speed of commercial development.
The case for low tech, old fashioned bullion ownership has never been stronger and if this story does not give you serious pause for thought ...well not much else will!
In previous updates we have detailed the threat that cyber-terrorism and cyber-warfare poses to western economies and to the western way of life. The Kaspersky report shows how pervasive the activity is.
The potential of the rivals of the West to collapse the western currency system - and with it savings and pensions - is real. Gold is not subject to to cyber warfare and will protect its owners from cyber warfare-induced currency crises.
Breaking News and Updates Here
Knowldege Is Power - Check Out Our Most Popular Guides
Protecting Your Savings In The Coming Bail-In Era
From Bail-Outs To Bail-Ins: Risks and Ramifications
Currency Wars: Bye, Bye Petrodollar - Buy, Buy Gold
Essential Guide To Storing Gold In Singapore
Essential Guide To Storing Gold In Switzerland
10 Important Points To Consider Before You Buy Gold
7 Key Storage Must Haves
»
- GoldCore's blog
- 12066 reads
- Printer-friendly version
- Send to friend
- advertisements -
So when it come to terrorist attacks:
1) Either this is fake, they can't spy on everyone and it's possible to hide yourself from those agencies.
2) The government knows about the terrorist attacks and by who, where and when they will be done but act complicity by letting them happen, then blame Islam and promote the culture chock and manipulate the public opinion to support Israel.
Gold looks like its about to resume its big dive
Is that so? http://flic.kr/p/oDXhhd
Nothing to hide, nothing to fear
Nothing to hide, nothing to fear
Nothing to hide, nothing to fear
Just repeat these words to yourself early and often and you'll start to believe it in no time or else the G-men Magicians will make you disappear, Copperfield style.
Remember George Orwell's 1984. It's getting even worse. The USA a democracy? Just a theater democracy, with some entertaining performances on stage, but what's going on behind is what really matters...
Remember George Orwell's 1984. It's getting even worse. The USA a democracy? Just a theater democracy, with some entertaining performances on stage, but what's going on behind is what really matters...
535+ICiC - uber American virus
The NSA has already spooked international trading countries to the point that they do not want to import/buy tainted American servers and other cloud services costing a loss of trade to the tune of hundreds of billions dollars
Naive people believe in TOR, VPN and other BS out there, which "supposedly" let you use the internet anonymously. I have a word for it ........ LOL !!!!! Unless you are a super genius capable of over smart the whole NSA, FBI,CIA tech team and overcome all the encryption and proprietary code from manufacturers you have NO PRIVACY while online. Actually even if you are completely disconnected the big boys can still scrutinize your life if they really wnat to. There is NOTHING you can do about it. So just relax and do what you have to do. If they are watching you so what? If the NSA enjoy peeping me and my wife in bed, good for them !! I honestly don't care, my wife either!! : ) )
The encryption, open-source: no.
The end-point connections: for sure.
Although they have some amazing capabilities (right now) they are not invincible and resistance is never futile. Only trolls, idiots or shills suggest otherwise.
You are wrong, resistance in this particular case IS futile. Not only futile but misleading. The naive feel safe behind a VPN or TOR when in truth it is just a bait. I believe the peepers are behind these kind of technology because when people feel safe they are more vulnerable. Anyways you have the right to believe in whatever you choose to believe.
It's all about your threat model. There are plenty of malicious actors outside of the NSA with much smaller (yet still deadly harmful) capabilities. Using TOR/i2p, VPNs, open source OS/software, virtual machines, firewalls, antivirus, etc are all still useful. The point is to make it as hard for them as you can.
"Believing whatever you choose to believe" will end up with your box getting pwnd when you leave your password to default, or worse...
This is an integrity issue all of us must deal with; moral decay and rot is reflected from the top down.
Whew, it's a good thing all them anti-virus companies are working rouind the clock to stop this kind of thing happening.
... what? ...
Can someone say over-valuation?
Ear shapes are a unique identifier so a mask on your face which exposes your ear is not really helping.
I have used use Kaspersky for a couple of years now since I believe that they are out of the reach of the NSA, while U.S. companies have probably been compromised like Verizon, AT&T, and probably Microsoft.
Anyone who would store their data "in the cloud" needs to have their heads examined. According to the Washington Post: As many as 4 million people hold "top security clearances" and multiples more have lower level clearance and most of these are "private contractors". Does anyone seriously believe that there will not be any "bad apples" in that huge number willing to sell your data to the highest bidder?
And poof! There went the cloud!
Good riddance I say. It was a scam from the get go.
How to block them a practical guide.
NSA comes into a sytem through a single point.
As an example grab a lantronix x-port put 2 back to back and a controller just to forward it through whilst logging all data passed (there are others).
You now know the backdoor because you got it logged.
Once done you now publicly disclose the data.
All systems IT people can then close the backdoor.
OR
you apply the backdoor for your own benefit.
or mirror the port
Anyone posting on ZH gets the special 10% NSA discount.
Discounts or cash lump sums are worthless.
Under the FIAT dollar hand me a million I CTRL-P 50 million makes it worthless!
With a standard they could not do this unless they had the resource like gold to back it up.
FUCK U NSA. let's see how many cum puter hours it takes them to decode that.
NO President has ever brought such respect to the US .gov. It's so cute the way he licks Holders cum off his lips.
I was so happy when I spotted this. President Obama you're a genius!!!!
After this NASDAQ to the moon!!!
Huh. I use a lot of uncompetitive German software.
If you are old and fat and ugly like me, fap in front of your webcam as often as possible. It will give them pause to dig further.
I have to assume, that every BIOS, be it on the MLB, VideoBoard, NI, or HDD, is bogged.
And set up the tcpdump and iptables. but still will have a lot of difficulties.
the best way is no USB sticks and two separate networks
God only knows what's in apple products.
And for sure competitors know the recipe for coke.
Everyone will need to disconnect their computers from the net. Any incoming or outgoing data will need to be keyboarded into or out from the system.
And say goodby to cloud computing.
Say goodby to wireless.
Wanna bet? The cloud was a stupid idea for most applications from the beginning and people (well managers actually) fell in love with the idea. Most of us know that an Ethernet cable is more secure and faster, but we still choose the wireless conection.
+ a bazillion.
This means that the operator of a computer fitted with one of these drives could suffer consequences even if never connected to a network -
If I were any country on the US hit list, and that's most of them, I would (1) never connect sensitive facilities to the public networks and ( 2) never use any standard platform or architecture to build sensitive computer systems. No PC, Mack, Linux , Windows etc etc..
In fact when an associate of mine worked for a , now somewhat tarnished allied security organization, which has turned on it's own people, his designs had to be based on new unique hardware and operating systems designed one-off for the system and precluding traditional storage. Only a "private" international network was used for distribution and receipt of product, and the data contained pretty elaborate interception detection and message verification.
Another advantage of this apart from the ones we are talking about, was that the radiated signature in or near the building could not be interpreted.
I'm surprised everyone doesn't do that.
This article is long on hysteria and short on factual examples. Do a search on this phrase Kaspersky fingers NSA-style and see what turns up. Many articles with the exact phrase and hype like this one.
And it's not "Breaking News" either. This has flaw has been know about for a long time. Here's more details on that. A bit technical, but lots more facts than hype.
http://spritesmods.com/?art=hddhack&page=1
.
New 9/11 Audio: FAA employees say Secret Service told them “Flight 93 hit Camp David”
Nonsense, everyone knows Flight 93 hit WTC7.
Nonsense, everyone knows flight 93 hit a time-warp and hit MH17
And where does the NSA send everything? Think of a little country whose brilliant people constantly make breakthroughs in medicine, engineering technologies...
All is stored in the Utah data center funded by taxpayers
The real point is I think: Do the HDDs come from the factory with this shit primed/enabled or do you have to be targeted and hacked?
If so, they more or less have won this round as every drive (at your home, your ISP, whatever..) is a snitch.
http://www.amazon.com/gp/product/0385539002?ie=UTF8&camp=1789&creativeAS...
Houston, we have a problem.
Even if you never use a network, your disk is ready to blow up your shirt if it feels uncomfortable.
based on what i've read, it comes in the HDD firmware, put in place during manufacture. i've updated bios motherboard firmware, and occasionally video cards, but never HDDs. maybe this is why. if HDD firmware were available to update, the code would be public and (though difficult) binaries can be deconstructed. not sure if firmware is even written in anything but assembly language - so there would be no higher level language source code.
‘
‘
‘
Here’s what bothers me about this new discovery.
So what they can hack a hard drive? This is not the point. It’s that the software is already on the drive. Which means…
How do they know, exactly what hard drive, who’s to hack? Who owns that drive?
Therefore…
Have all these HDs sent a signal at some point with identifying information back to the NSA and we’re all sitting there, on a database, waiting to be called up, ‘activated’, our drives to be erased, viewed, or child Porn put on to extort us to vote a certain way? Our financial records peered into?
Has the NSA used it’s vast resources to peak into the markets and front run the financial world, in order to fund their own offices?
That’s a question I think we need to explore.
•?•
V-V
More technical details here; arstechnica, securelist, wired
There's a truly alarming possibility you bring up. Park incriminating material on every drive which only they they can 'find' at any time to extort , blackmail or ruin you. You would nave no leg to stand on.
I wonder if a re-format would help? Doubt it.
It'd have to be low-level. And these aren't old school MFM or RLL drives. The newer high density/dual layer drives are tricky little buggers. And your code source is, well, the manufacturer for the most part.
The Kaspersky report, which I read on Scribd, indicated that the malware was directed to only selected PCs in places deemed worthy of hacking. The initial infection would 'look around' to see if it saw anything of interest. If nothing raised a flag, the malware deleted itself. Otherwise, the malware would arrange to download more comprehensive, more malevolent software. Not all the malware used hard drives, if I read the report correctly. A lot of the malware was inserted, in encrypted form, into the registry (I assumed it was the Windows registry when I read it.) The report was fascinating for someone familiar with computer internals.
BTW, the report said that the malware appeared to be able to delete itself if nothing of interest was found after an unspecified amount of time. It didn't seem to just hang around forever. So put your kiddieporn on a DVD and then turn off your PC for a year. That should make you feel safer. :-)
Does that make sense - deleting itself? You may have said anything naughty today, but what about tomorrow? Any of us here could one day become a threat to the State or start propogating the Truth.
No way.. That;s a feeble attempt to make you feel less billious.
Yes, from the NSA point of view. No sense leaving a lot of copies around if they don't have some purpose. That would increase the risk of being found by a malware scanner.
That they got away with it for more than a decade is an indication that self-deletion, in concert with other stealth strategies, worked.
Of course, if the NSA wants to know what you said on ZH, all they need is an account. Really not even that, you cen read it without an account, you just can't comment or up/down vote.