This page has been archived and commenting is disabled.
NSA Trojan Firmware Widespread, U.S. International Tech Reputation May Suffer. Tech Privacy Has Been a Myth.
MARKET UPDATE
Today’s AM fix was 1,221.75 USD, 1,072.56 EUR and 793.86 GBP per ounce.
Yesterday’s AM fix was USD 1,233.50, EUR 1,81.12 and GBP 801.91 per ounce.
The U.S. market was closed yesterday for a national holiday.
New NSA spying scandal emerges, highlighting the scale of cyber wars
- Agency can access hard-drives made by major U.S. producers
- Computers in over 30 countries, including NATO allies, were hacked
- Iran and Russia were main targets
- Revelations may impact technology sector in the U.S. as institutions around the world seek alternatives
Kaspersky Lab, the Moscow-based cyber security firm whose report into international hacking was previewed by the New York Times Yesterday, has exposed that the NSA has had the capacity to snoop on most U.S.-made computers since 2001.
The report claims that the NSA attained access to "firmware" code from all the major Western computer manufacturers - which runs every time a computer is switched on - and figured out how to lodge malicious software in the code.
The terminology may be foreign to you but imagine if you will what your world would be like if the digital records of your wealth and property titles simply vanished or became corrupted. Imagine the screen just going dark. It sounds alarmist but that is exactly the sum total of the high stakes games now being played out by the world’s superpowers - you and I are the pawns.
The global economy is thoroughly integrated and processes and knowhow are increasingly delivered on distributed architecture made up of lattices of public and private networks. This approach has wonderful benefits and can deliver scale and flexibility and speed in equal measure. But therein lies the risk, the physical spying infrastructure with engineered back doors must remain hidden in order to be effective and useful to the spies who placed them there. What the intelligence community has done has created the mother of all “single point of failures” and the potential for calamity and social disintegration is almost too great to countenance. They assume that with adequate controls these systems can be kept safe and used effectively. They said the same about nuclear procurement and weaponised viruses.
The fact is that in time marketable information will always eventually leak and be traded. Enemy interests would likely, as a priority action, seek to seize control of this infrastructure and either use it to attack American interest and allies or exploit its data collection capabilities - perhaps they already do. Remember, Snowden was a contractor and the access he had was incredible. The sheer arrogance of what they have done is staggering.
Reuters reports
Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.
A Kaspersky spokesman, Costin Raiu said "There is zero chance that someone could rewrite the [hard drive] operating system using public information," indicating that the NSA was given the sensitive code by manufacturers.
Over 30 countries were targeted, including NATO allies. Britain, France, Belgium and Germany all had systems violated.
The revelations that telecommunications systems were infiltrated in Germany will likely be met with interest in that country, following previous revelations that the NSA had tapped the cell phone of Angela Merkel.
Both Iran and Russia experienced a high level of NSA hacking, along with China, Pakistan, India, Afghanistan, Syria and Mali.
In Iran, a full range of systems were were targeted, including those of the government, diplomatic and energy agencies, finance, telecommunications and research institutions and universities.
Russia's military was targeted as were the energy sector and research and medical sectors among others.
The NSA declined to comment on the allegations. Reuters was able to get confirmation of the revelations from former NSA employees.
It is too early at this point to speculate on the implications of the report. It may be that the story will simply fade away. Or, as is often the case, it may be the tip of the iceberg with further, more damaging details to follow.
"Kaspersky on Monday published the technical details of its research, a move that could help infected institutions detect the spying programs, some of which trace back as far as 2001," the Moscow Times reports.
The revelations may have a negative impact on the U.S. technology industry. China has already been drafting regulations, requiring bank technology suppliers to submit their software code for inspection.
Why on earth would a foreign marketplace import American technology if they know that there is a very good chance the technology will be countermanded and the data use against the owner? It is akin to wheeling in a Trojan horse when actually knowing what lays hidden inside.
Ultimately this strategy could serve to severely hobble the American tech industry, the American economy and ultimately American jobs. This is an example of shortsighted leadership, militaristic thinking. The supporters will argue that industrial data can be traded and used to give U.S. companies a leg up on foreign competitors and perhaps this is true, but such help would be very time sensitive and probably slow in propagating given the speed of commercial development.
The case for low tech, old fashioned bullion ownership has never been stronger and if this story does not give you serious pause for thought ...well not much else will!
In previous updates we have detailed the threat that cyber-terrorism and cyber-warfare poses to western economies and to the western way of life. The Kaspersky report shows how pervasive the activity is.
The potential of the rivals of the West to collapse the western currency system - and with it savings and pensions - is real. Gold is not subject to to cyber warfare and will protect its owners from cyber warfare-induced currency crises.
Breaking News and Updates Here
Knowldege Is Power - Check Out Our Most Popular Guides
Protecting Your Savings In The Coming Bail-In Era
From Bail-Outs To Bail-Ins: Risks and Ramifications
Currency Wars: Bye, Bye Petrodollar - Buy, Buy Gold
Essential Guide To Storing Gold In Singapore
Essential Guide To Storing Gold In Switzerland
10 Important Points To Consider Before You Buy Gold
7 Key Storage Must Haves
»
- GoldCore's blog
- 12071 reads
- Printer-friendly version
- Send to friend
- advertisements -
When they claim we must become a cashless society for our safety I hope we all remember this article. If you do not want to be tracked by your purchases I suggest you take the cash you need for the week out of the bank. Not only will you be denying them an electronic trail you will be denying banks the charges they apply to merchansts and vendors for using charge or ATM cards.
Beware of new RF tech that will track even paper fiat coming in the near future. In the mean time it is good to screw MC and Visa out of thier skim.
Put your cash in a microwave on High for 10 minutes. See if that fixes the RF tech problem. Also, wear a mask to they can't use facial recognition. I don't know how good those facial recognition programs are now, but they once had problems with certain types of patterns. Perhaps applying makeup in certain patterns would make facial recognition much less successful.
Bullish cosmetics companies!
Well, they've been able to ID individuals by the way they walk for some time now - just by watching on camera.
They've also been able to ID individuals by voice print for even longer..
See that mute guy wearing a mask and traveling on a pogo stick? That's the RafterMan.
In all seriousness, Google the above technology; it makes for fascinating reading.
So.....where is Israel on the of hackee's? Don't see them on that list amazingly.........
Potent observation Dex
That is because their so honest.
Remember the USS Liberty
They also like to Dance
sanctions payback is a bitch, bitchezzzz
I am shocked, shocked, that our intelligence (sic) agencies could be this efficient.
I hear that - always kind of relied on the fact they were bumbling idiot bureaucrats to save us, but...........
More ends justifies means thinking. We're all in bondage for what, peace? I'd rather it be poontang.
Goldcore has two posts above the line now, one about the NSA cyberhacking and one about cyberhackers stealing $300,000,000 from the global banking system. I keep wondering if they are the same group. If we keep poking the bear the bear is going to bite, probably in a very radioactive way.
exceptional americans. lol
Goldcore says smart stuff only when he's not talking about Gold
lmao
It's sad how growing up, the USSR was the international pariah and the US was the shining bastion of freedom. Now that's reversed. Thanks, Hymie.
Right! I felt a so much better back then when I believed that.
They have cheated us of feeling any good.
Who wants to put hand on heart and sing for a sewer?
UPDATE:
Password cracking experts decipher elusive Equation Group crypto hash Mystery solved after crackers find Arabic word that dogged Kaspersky for weeks.
http://arstechnica.com/security/2015/02/password-cracking-experts-deciph...
Unraveling a mystery that eluded the researchers analyzing the highly advanced Equation Group the world learned about Monday, password crackers have deciphered a cryptographic hash buried in one of the hacking crew's exploits. It's Arabic for "unregistered."
Researchers for Moscow-based Kaspersky Lab spent more than two weeks trying to crack the MD5 hash using a computer that tried more than 300 billion plaintext guesses every second. After coming up empty-handed, they enlisted the help of password-cracking experts, both privately and on Twitter, in hopes they would do better. Password crackers Jens Steube and Philipp Schmidt spent only a few hours before figuring out the plaintext behind the hash e6d290a03b70cfa5d4451da444bdea39 was ??? ????, which is Arabic for "unregistered." The hex-encoded string for the same Arabic word is dbedd120e3d3cce1.
"That was a shock when it popped up and said 'cracked,'" Steube told Ars Monday evening. He is the developer behind the free Hashcat password-cracking programs and an expert in password cracking.
"Our idea was, if the first hash means 'unregistered' in English, would it be possible that the second hash means 'unregistered' as well, but in Arabic?" Steube said. "So we tried to download some Arabic expansion packs for [website comment app] vBulletin, which is the forum software that was attacked here."
Shortly afterward, Steube and Schmidt cracked the hash. Blocking attacks against visitors bearing the username unregistered is an indication that attackers didn't want to infect visitors who weren't logged in. Instead, the attackers appear to have had specific users in mind.
Equation Group included six other hashes in different exploits that remain unknown at the moment. They appear to be generated by the SHA1 algorithm. They are:
Kaspersky researchers are still seeking help in cracking those.
More here:
A Fanny Equation: "I am your father, Stuxnet"http://securelist.com/blog/research/68787/a-fanny-equation-i-am-your-fat...
The second Stuxnet exploit (MS09-025)If one piece of malicious software that used an exploit from Stuxnet before Stuxnet is a good catch, a second Stuxnet exploit makes it even more interesting.
The second exploit used to be a zero-day when Fanny was operational. This means that Fanny used two zero-days to replicate, both of which were later used by Stuxnet. The specific vulnerability used for privilege escalation was patched with MS09-025:
"The security update addresses these vulnerabilities by correcting the methods used for validating a change in specific kernel objects, for validating the input passed from user mode to the kernel, and for validating the argument passed to the system call. The security update also addresses a vulnerability by ensuring that the Windows kernel cleans up pointers under error conditions."The same exploit was later used in an early Stuxnet module from 2009, which was embedded into a large binary built using the Flame platform. That Stuxnet module, also known as "atmpsvcn.ocx" or Resource 207 was the technical link between Stuxnet and Flame. This story has previously been covered in our post.
I have topic that perhaps some here can address, at least in general terms. It pertains to development of a parallel internet connectivity, independent of ICANN, much the same ,manner as Russia is developing an alternative to the SWIFT sytem for interbank transfers.
I realize that this is a topic of tremendous complexity, but one of the root issues is having the Net naming servers in the US doesn't help privacy cocerns.
Once you surrender the moral high ground, your ass cheeks are wide open
Fuck you once, shame on you. Fail to fuck you at will thereafter, shame on me.
Making friends everywhere. Done right. (Do I need the sarc tag?)
apparently, every US hard drive maker except Western Digital was in on it.
It also raises real questions about device manufacturers' complicity in the program. It would take extensive and sustained reverse engineering to successfully rewrite a device's firmware. The NSA would certainly be capable of it, but it's also possible the NSA compelled companies to hand over the firmware code or intercepted it through other means. Reached by Reuters, only Western Digital actively denied sharing source code with the NSA; the other companies declined to comment.
http://www.theverge.com/2015/2/16/8048243/nsa-hard-drive-firmware-virus-...
It has been my understanding for a while that, if they are complicit and admit it, they face prosecution. Hard to google up verification just now however.
Just how many hard drives are manufactured here in the US? There's just as good a chance that an Asian group could insert compromised firmware into hard drives. There are numerous reports of Asian routers being compromised fresh out of the factory, so why not hard drives? There were instances in the past of 'new' floppies being infected. Probably the PLA can do this just as well as the NSA. This is just more of the same when you get right down to it - not that I approve, of course.
Regarding WD refusing to cooperate: what's a little industrial espionage if companies won't cooperate with the NSA to safeguard our freedoms? Kaspersky says WD drives can be compromised.
Well unless the NSA, FBI, Gov, et al, have a line on drives that aren't compromisable, surely this can come back and bite them in the ass... Now that it's in the open, how long before 'agencies hostile to freedom' work out their own exploits or even turn this one back on the creators?
They are crazy if they use standard commercial hardware and software.
Quite right. Except if Kaspersky made information available publicly, then they already made it available to Russian intelligence well in advance, so Russia would naturally have certain exploits developed and available to a willing bidder. Also, it's just a tip of the iceberg: if hard drive firmware could be compromised or worse, has predesigned backdoors, then the same could be done to a computer BIOS, firmware of network routers, printers and so on and so forth. American hi-tech sector from now on will be looked at as compromised by NSA by default, with all major powers trying to diversify away from it.
You seem to be unaware of the fact that there are BIOS-related malware examples. Get infected and your BIOS can be wiped clean. That exists. Routers out of Asia have been known to be compromised already. And have you ever heard of ransomware? It's not just American technology that has been or can be compromised. It's global.
Too bad some people with really intensive knowledge don't just show the whole world just how compromised our electronic existence is by releasing detailed explanations of all the malware exploits. Maybe that'd give someone the push needed to fix some of the existing flaws. They'd be labeled terrorists, of course.
I'm aware that I'm not fully aware. Though things like you've described are easy to come across. I guess what makes this revelation little different is the idea that backdoors are designed intentionally and are actually there on a systemic scale.
If my hard drive hasn't done anything wrong, why should my hard drive have to worry? - Boobus Amerikanus
if you like your hard drive you can keep your hard drive
And the collection of Jennifer Lawrence leaked nudes on it?
JLaw is an idiot that trusted the fruit to keep her pics of her privates...private; along with the 300 other idiot celebrities that made the same mistake. And then the fruit says they're not responsible because some nasty pervert hackers guessed all of the celebrities passwords. Maybe the next big thing that the fruit sells is an iBridge (in Brooklyn.)