Is Your Brand New PC Already Infected?

Let's combine a couple of "conspiracy theories" here. The NSA helped MS "secure" Vista and Win-7 and may have backdoored it in the process. This backdoored OS is running on hardware that might have been backdoored by the other side. 2 opposing forces both trying to control the same PCs. Throw in corporate greed, which will assist whatever side pads its wallet the most. Put it all together, make your infrastructure totally dependent on it, and what do you get? Our present reality?

 

Great question.

I consider most of the software on new store bought systems malware, so in that case, yes I have

Sul.

 

That's a nice way to look at it

 

No, my 9 month old desktop custom built in the UK - predominantly from Chinese parts - is OK.

 

Amen.

 

All very good points.

 

Good stories for forums, blogs etc but nothing until one proves any thing. Just my opinion.

 

So where in the article is there mention that it is in fact actually happening and where does it state the country that's perpetrating it? For that matter, I watched ~ 25 min of the video from 51:47 and not once does Schaffer say it is actually happening, and nor does he mention a country responsible for it, and he is clearly flustered and shaken when Chaffetz is probing him if it is happening.

The discussion actually veers toward combating cyber attacks in general, as opposed to specifically "hardware and software embedded" security-sabotaging components. Only in the first few minutes is the subject of hardware/software embedded malware even discussed.

BTW, if one is really concerned about what might be leaving their computers, just install Wireshark and monitor the traffic on the network interface for a while, and look for anything you think ought not to be leaving. I don't care how stealthy this alleged malware might be, the traffic still has to pass through the computer's NIC and onto the transmit pair, whether wired or wireless, of the transport.

Schaffer paused for about 10 seconds before replying:

Seems to me this is being blown way out of proportion in this thread.

Absolutely

 

yup... you could buy it and assemble it yourself, and there would be no way you would even know its on there...

 

Well, its entirely possible that firmware level backdoors would be immune to something like running wireshark. You'd need a separate machine put inline with the network connection coming out of that computer.

This has been done in practice, supposedly with fake Cisco routers. I think I remember Lockheed martin was possibly hit this way. Well designed firmware place in a knockoff Cisco router would have easily hidden any remote network access.

I've never heard of it being done in computers yet, but its entirely possible.

Despite all of this, I'm pretty sure you will only see this in a targetted attack of some kind. I'm not sure even the Chinese would waste the resources by selling to everyone... but I wouldn't put it past them if they are shipping to the department of defense..

 

If you take into consideration the 3-way handshaking involved in TCP comms, how on earth is it all immune to Wireshark or similar sniffer listening on the network interface?

that's in the router, but in no way does that veil what goes on at the client's network interface.

Okay, so it's not (possibly not) done yet, so until it is, I don't buy it.

 

If you are sniffing from the same computer with the backdoored firmware, then there are a number of ways this can be worked around. Basically, Wireshark operates at a high level, and a hacked firmware on the NIC, BIOS and other components could easily filter the information considering it controls operations at such a low level. I guess a good comparison is to again refer to bootkits that infect the MBR. Since its loaded earlier on then your OS, it can bypass almost all normal protection mechanisms.

Personally, I would not be worried about this on my own computer... but I'd be pretty certain that things like this may potentially occur in professional espionage... which is of course what the OP referenced.

 

I don't think it would be immune to wireshark monitoring, assuming that the hardware running Wireshark isn't infected as well. If the hardware, firmware, etc was listening for some specific inbound instructions, it wouldn't have to present itself as an open port or even listening for TCP or UDP packets specifically. If such a setup were devised, it would use something non-standard and probably not respond at all unless a specific "knock" was received. For all we know, it could be a specific set of fragments. Even if the PCs are listening on some level for covert instructions doesn't mean that instructions are being sent on a regular basis, or are being sent at all at the present time. If this is an attempt to assemble a cyber weapon that would attack from within, it would stand to reason that it would remain quiet and be as undetectable as possible until it's actually used.

I don't see where it would take any extra resources at all. If it's part of firmware, BIOS, network cards programming, etc, it would take no more resources to install a compromised version than it would to install a normal one. It would be part of the normal manufacturing process.

 

These things happen when corporations are allowed to run the country.

 

If your PC was already infected at the hardware level wouldn't that be game over?

 

Fast Company story:
http://www.fastcompany.com/1765855/dhs-someones-spiking-our-imported-tech-with-attack-tools

and ABC News (USA):
http://abcnews.go.com/Politics/us-s...eaten-cyber/story?id=14035692&singlePage=true

Too bad this story broke on a Friday. It would be getting better coverage.

 

Well, even if it wasn't in the hardware, it wouldn't be impossible to make it invisible to wireshark on the infected PC (a specially crafted driver is all it would take)... but I was speaking specifically at the hardware level, as well as running wireshark on the same machine.

Well, mass producing such hardware would undoubtedly lead to problems. I think the events with Cisco only turned up during firmware updates and component upgrades. There were incompatibilities, and the engineers figured out that it was not legitimate Cisco equipment. I would imagine the same thing would happen if we did this with 100,000+ computers. Not only that, but if a Chinese firm provided almost every computer with a backdoor, and it was discovered, that would lead to a serious foreign affairs backlash. It could possibly even be a pretext to war.

Then you have matters of keeping the whole thing secret. A couple hundred, or even thousand, devices might require one or two dozen people. When you convert such an operation into mass production, you will have many more people knowing about it... probably hundreds or thousands more..

Practically speaking, espionage is only useful if it remains covert. There is no advantage to infecting millions of people checking their email and looking at internet porn. The chances of being discovered grow exponentially, and the resources you need to monitor and deploy your super secret operation grow as well.

 

The people involved in the actual manufacturing would have no idea about the operations of the firmware, BIOS etc. I worked at a plant that produced motherboards for specialized equipment. Some of them needed programming during the assembly process. The individual doing the actual programming didn't need any actual programming or computer knowledge. They just put the board in a fixture, connected a couple of harnesses to a desktop PC that was part of the work station, and clicked on a couple locations on the interface. Unhook, repeat. About the only ones who would have to know are the senior coders/engineers, a couple of people. For everyone else involved in the manufacturing process, nothing would appear out of the ordinary.

As far as a pretext to war is concerned, that's exactly what this might be. Look at some of what's already happened and is happening. I'm inclined to believe that many of these hacks on the more sensitive parts of our infrastructure, government servers, industries, etc have been tests of our cyber defenses. If they (Chinese) believe that a conflict with the west over the dwindling global resources is inevitable, a large number of compromised PCs tied into your adversary's infrastructure would be a formidable first strike weapon. It's entirely possible that the west has done the exact same thing, but with the operating system instead of the hardware. If you look at current events with the nationalist rhetoric and other justifying excuses from all sides removed, most of our present wars (military actions, anti-terrorism, etc) are in places which have control over resources that are wanted by both sides and are becoming short in supply (oil, lithium, etc). IMO, this is the cyber equivalent of the cold war. New PCs and network hardware are potential weapons for both sides, both of which are largely influenced or outright controlled by big money. The combined attack power of these PCs would favor whoever used it first. Most of this might be kept secret from us, but I'd bet those in charge on both sides are very much aware of it and its potential. When you get to the bottom line, it's the same old story. People are pawns for governments in conventional wars. In a cyber or electronic war, PCs will be the pawns. The one constant in all this is that it's the people on all sides, the ones who want nothing to do with a war who be the casualties.

 

DHS: Imported Tech Tainted with Backdoor Attack Tools

DHS: Imported Tech Tainted with Backdoor Attack Tools.

-- Tom

 

Re: DHS: Imported Tech Tainted with Backdoor Attack Tools

If this has been known since 2005, it begs 2 questions:
1, Why has this not been made (loudly) public? Homeland security wants us to watch for and report suspicious activity while they turn a blind eye to a much bigger threat?

2, If they've been aware of this for the last 5-6 years, why is it allowed to continue?

The only answer I see that makes any sense is that protecting our nation and its infrastructure is not the main priority here. If it was, this would be on the mainstream news and the import of this compromised equipment stopped, with the full support of the people. If Joe Public was told this by our own government, the reaction would be loud to say the least. So, if our own national security and economic well being are not the priorities, what is, and who is making these decisions? The only benefactor I see here is the big money corporations that produce this stuff. With an example this blatant, it's hard to come to any other conclusion. If our own government and the DHS are turning a blind eye to this, it's clear that they are at a minimum influenced if not outright controlled by these corporations. I'd also suspect that the same is true in China, where these same corporations either control or have hopelessly corrupted the government there as well. No other answer makes any sense. As for why they'd do this, the answer is just as clear. They profit from war. In the end, there's only one question left:
What if anything can we do about this?