Register - Login
Views: 87827742
Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users
Ranks - Rules/FAQ - JCS - Stats - Latest Posts - Color Chart - Smilies
12-14-17 03:12:00 PM

Jul - News - NSA leak reveals US government is leaving backdoors on lots of PC tech New poll - New thread - New reply
Next newer thread | Next older thread
FieryIce

Baby Mario
不知道该写什么
Level: 112


Posts: 3933/4088
EXP: 14977770
For next: 360435

Since: 12-17-08


Since last post: 11 days
Last activity: 16 hours

Posted on 12-29-13 09:30:01 AM Link | Quote
Top Secret NSA catalog reveals US government has been secretly back dooring equipment from US companies including Dell, Cisco, Juniper, IBM, Western Digital, Seagate, Maxtor and more, risking enormous damage to US tech sector.

Excerpts


The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on.

This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access.



Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.


Ie, If you buy from US companies, you get a permanent NSA backdoor in your firmware

USB cables are bugged:


Microsoft's Crash Report function is also spied on


When TAO selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft. An internal presentation suggests it is NSA's powerful XKeyscore spying tool that is used to fish these crash reports out of the massive sea of Internet traffic.

The automated crash reports are a "neat way" to gain "passive access" to a machine, the presentation continues. Passive access means that, initially, only data the computer sends out into the Internet is captured and saved, but the computer itself is not yet manipulated. Still, even this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer.


It's not entirely surprising; the extent is a bit more than I imagined and I'm sure this will have a terrible influence on US companies, especially abroad. People will not want to buy bugged US hardware anymore... This is a developing story so we'll see what comes out of it.
Lunaria

Moon Bunny! :3
Level: 128


Posts: 4975/5342
EXP: 24043638
For next: 338062

Since: 07-28-07
From: the everfree forest

Since last post: 15 days
Last activity: 1 hour

Posted on 12-29-13 09:40:32 AM Link | Quote
I'm not going to be that optimistic. :/
I doubt any real change will happen what-so-ever. ._.
But yes, this is hardly surprising for anyone who knows about technology in general.

*Lunaria sigh
Kak

gg photobucket
Level: 68


Posts: 834/1640
EXP: 2626002
For next: 102798

Since: 09-03-13
From: ???

Since last post: 44 min.
Last activity: 43 min.

Posted on 12-29-13 09:45:08 AM Link | Quote
In other words, it's essentialy like CIH, but with a different "payload" that works on every computer? Ouch... what a great publicity... (along the fact it attacks the BIOS - an already bad thing).

And that wouldn't be the only problem: how many international companies buy US hardware? That's also a good question.

Also, good thing I never allow to the crash report feature to send anything by killing off its executable. (even if the real reason here is to speed things up and have less crap on the screen).

LuigiBlood

Level: 14


Posts: 5/40
EXP: 12745
For next: 326

Since: 01-02-11


Since last post: 152 days
Last activity: 22 days

Posted on 12-29-13 09:50:36 AM Link | Quote
Well, as I buy my PCs as kits so I mount it and to not have DELL, Acer bullshit and so on...
The only US stuff would be my GFX card and CPU. But possibly the BIOS could be US made... I have no idea.

But it's not a surprise, and I just hope the US business just goes down as the trust wasn't that high to begin with...
Two possibilities can happen: Either the business just destroys itself, or they're moving to fix that and stop being watched, since the leak still tells a lot...
Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 160


Posts: 9232/9713
EXP: 52853553
For next: 99446

Since: 08-10-09
From: Santa Cruisin' USA

Since last post: 5 days
Last activity: 13 hours

Posted on 12-29-13 12:56:28 PM Link | Quote
Wasn't this discovered as an after effect of the whole Target fiasco earlier this month?
BMF54123

Rhea Snaketail
Slightly frazzled...
Level: 133


Posts: 5505/5798
EXP: 27277544
For next: 575123

Since: 07-03-07
From: Neither here nor there.

Since last post: 6 days
Last activity: 12 hours

Posted on 12-29-13 04:04:08 PM Link | Quote
And how do we know products from foreign companies are clean? Who's to say the Chinese government isn't inserting backdoors of its own, for example?
Kak

gg photobucket
Level: 68


Posts: 838/1640
EXP: 2626002
For next: 102798

Since: 09-03-13
From: ???

Since last post: 44 min.
Last activity: 43 min.

Posted on 12-29-13 04:24:44 PM Link | Quote
Originally posted by BMF54123
And how do we know products from foreign companies are clean? Who's to say the Chinese government isn't inserting backdoors of its own, for example?

Because we... wait, wasn't already known about the backdoors of the Chinese government?

Jokes (or not) aside, I'm curious about the response of all of this - the extreme difference between what people say and what the government actually does.
Lyskar
12210
-The Chaos within trumps the Chaos without-
Level: 183


Posts: 12090/12211
EXP: 83370042
For next: 1131061

Since: 07-03-07
From: 52-2-88-7

Since last post: 3.0 years
Last activity: 2.0 years

Posted on 12-29-13 07:27:27 PM Link | Quote
First, hoping all the companies go down in flames is pointless, as that'd just damage the economy more.

Second, these are a lot of specific cables that cost them money to make that they then have to install on your computer somehow.

Third, even if they didn't have backdoors, they'd just purchase zero-day vulns to get into people's stuff.

Pardon me for being a little dismissive, but this is sort of like if you look at any state intelligence agency's catalogue--generally they collect stuff like this. It's been this way since the start, just replace computers with telephone bugging devices.
FieryIce

Baby Mario
不知道该写什么
Level: 112


Posts: 3934/4088
EXP: 14977770
For next: 360435

Since: 12-17-08


Since last post: 11 days
Last activity: 16 hours

Posted on 12-29-13 07:41:39 PM Link | Quote
Originally posted by BMF54123
And how do we know products from foreign companies are clean? Who's to say the Chinese government isn't inserting backdoors of its own, for example?


Honestly I would not be surprised if a couple major countries are doing this (China, Japan, Russia, India, Brazil, and some in Europe like the UK and Germany)... I guess the main point of all this is the dismantling of the "land of the free and democracy" facades covering up the police state reality. And even this has been known about by a group of people.
Kak

gg photobucket
Level: 68


Posts: 843/1640
EXP: 2626002
For next: 102798

Since: 09-03-13
From: ???

Since last post: 44 min.
Last activity: 43 min.

Posted on 12-30-13 03:16:24 AM Link | Quote
With all the media coverage of the NSA spying on people and its results, what happens in the other countries is greatly not known/not cared about. Even here, while we know what the NSA did and people reactions, we don't know if there is anyone spying on us (on the internet at least we know they filter some websites).
Tamkis
Member
Level: 25


Posts: 112/146
EXP: 80903
For next: 8717

Since: 03-12-12


Since last post: 347 days
Last activity: 82 days

Posted on 12-31-13 01:58:26 PM Link | Quote
ArsTechnica wrote about and expanded upon the original article.

Originally posted by BMF54123
And how do we know products from foreign companies are clean? Who's to say the Chinese government isn't inserting backdoors of its own, for example?


The Arstechnica article talked about this, too



A frequent defense of what the NSA does with its bag of tricks is that in many ways it is no different from what other countries (including China, Russia, and France) try to do to the United States and other countries via their intelligence organizations. These documents show the key way the NSA is different—its vast technical resources and ability to essentially put itself into the supply chain for technology flowing to the rest of the world. US officials have long suspected China of doing the same thing with hardware from companies such as Huawei and ZTE, but these documents essentially spell out that "interdiction" is part of the US intelligence strategy, too.

The exposure of the techniques and capabilities of the NSA creates another problem for the agency, in that it provides those hard-to-get-at organizations the TAO was created to go after with an idea of how the NSA has targeted and will target them. It also creates a problem for companies like Cisco and Juniper, who now face the same sort of scrutiny the US and others put Huawei under for its connections to the Chinese military. Even if Dell, HP, Cisco, and Juniper had no hand in creating the backdoors for their products, the Snowden documents will undoubtedly be used against them the next time they try to sell hardware to a foreign government.



I'm not looking forward to the future at all and 2014, if all of this kind of activity increases without retaliation from the people and (what's left) of the honest parts of the courts fighting for us, the common people...
Kak

gg photobucket
Level: 68


Posts: 868/1640
EXP: 2626002
For next: 102798

Since: 09-03-13
From: ???

Since last post: 44 min.
Last activity: 43 min.

Posted on 01-02-14 11:49:19 AM Link | Quote
The future of technology will be based on government spying on people and restrictions... wait, we already have restrictions here (ugh... iOS, Windows RT...).

That's clearly not the best way to go, but they have everything in control and we can't do anything - we'll just continue to use technology like nothing has ever happened, which is even worse...
usr_share
70
Level: 19


Posts: 44/79
EXP: 32202
For next: 3575

Since: 03-12-12


Since last post: 2.0 years
Last activity: 223 days

Posted on 01-02-14 12:32:01 PM (last edited by usr_share at 01-02-14 12:33:52 PM) Link | Quote
I hope this'll lead to people learning about alternative firmware or open source software that isn't controlled like that.

...Come to think of it, maybe libertarians are right this time.

Maybe today's NSA is an inevitable result of the federal government's huge size. Of all the money the citizens pay into it as taxes. Maybe the best way to ensure stuff like that won't happen is to cut the budget to such a size these kinds of government privacy intrusion would become impossible.
Kak

gg photobucket
Level: 68


Posts: 869/1640
EXP: 2626002
For next: 102798

Since: 09-03-13
From: ???

Since last post: 44 min.
Last activity: 43 min.

Posted on 01-02-14 02:56:35 PM Link | Quote
Originally posted by usr_share
Maybe today's NSA is an inevitable result of the federal government's huge size. Of all the money the citizens pay into it as taxes. Maybe the best way to ensure stuff like that won't happen is to cut the budget to such a size these kinds of government privacy intrusion would become impossible.
The problem is we're talking about the goverment (and especially here) asking to reduce taxes would be impossible unless something very important happens. This means that way is very unlikely to happen.

On alternative firmware... that actually may be the best choice, but how?
Lyskar
12210
-The Chaos within trumps the Chaos without-
Level: 183


Posts: 12091/12211
EXP: 83370042
For next: 1131061

Since: 07-03-07
From: 52-2-88-7

Since last post: 3.0 years
Last activity: 2.0 years

Posted on 01-02-14 09:22:18 PM Link | Quote
Also the first thing to be cut when the budget is reduced is social programs--not spy programs.

Therefore, literally nothing relevant would be accomplished by cutting US taxes/funding here--they'd prioritize anything that helped people as the thing to cut vs. things like this.

Privacy laws and ant-snooping laws would have to be made to outlaw it plus more supervision of the NSA by non-military/non-controlled outside accountable people that report results to the public.

Of course even once that's solved, the other countries do it too.

So. Yeah.

I think people can probably kiss non-backdoored equipment goodbye, probably retroactively too since I highly doubt that this is terribly new. :p
Kak

gg photobucket
Level: 68


Posts: 881/1640
EXP: 2626002
For next: 102798

Since: 09-03-13
From: ???

Since last post: 44 min.
Last activity: 43 min.

Posted on 01-03-14 04:06:42 PM Link | Quote
There's also another set of problems which gets repeated every time by many people: with this type of hardware that steals private information and sends it to the government, what happens if, hypothetically, somebody "by accident" gets access to this sensible data?
That's not counting the exported hardware with that type of firmware, which also means...yeah...

Very nice...
Next newer thread | Next older thread
Jul - News - NSA leak reveals US government is leaving backdoors on lots of PC tech New poll - New thread - New reply




Rusted Logic

Acmlmboard - commit 2f1bc75 [2017-08-27]
©2000-2017 Acmlm, Xkeeper, Inuyasha, et al.

30 database queries, 6 query cache hits.
Query execution time: 0.145792 seconds
Script execution time: 0.015153 seconds
Total render time: 0.160945 seconds