NSA has direct access to tech giants' systems for user data, secret files reveal

According to this article The Only Way You Can Delete This NSA Malware Is to Smash Your Hard Drive to Bits as evidenced by its title, has anyone considered the tactic of reflashing the drive's firmware with a pristine up-to-date firmware and preventing its firmware code from being reflashed? That would seem to be the only way to prevent this kind of attack.

What are your thoughts on this approach? Certainly, it must be possible unless the NSA would have a way of locking down the firmware from being reflashed - do you think that they have such a technique?

-- Tom

 

I read a discussion thread on the Sysinternals site the other night about these types of rootkits.
http://forum.sysinternals.com/gpu-based-paravirtualization-rootkit-all-os-vulne_topic26706.html
If the guy is correct it is a lot worse than just hard drive firmware, after reading it all I could say was wow.

 

That's also what I thought, however the danger is that most people aren't going to invest the absurdly tedious amount of time to keep watch on their devices' firmware 24/7, so it'd be hard. Then also, once infected by such a thing, well, damage has been done. Bout the only thing you could do at that point is send the samples to anti-virus companies, the EFF and the web.

RockLobster, I'll have to read through that. Sounds interesting.


Again, I stand by my possible solution that we need to have physical switches or jumpers on ALL devices to prevent firmware flashing. If they could put such a thing on floppy disks, why couldn't they add it to other devices? Just a simple jumper or switch. https://en.wikipedia.org/wiki/Write_protection

 

Zaddach et al. (2014) Implementation and Implications of a Stealth Hard-Drive Backdoor
http://www.s3.eurecom.fr/docs/acsac13_zaddach.pdf

 

http://www.reddit.com/r/IAmA/comments/2wwdep/we_are_edward_snowden_laura_poitras_and_glenn/

 

I think we need tools to examine the firmware on our devices, if we could do this we could hash the firmware code and compare it to known good ones. Might be an idea for an open source project it could be like a scanner.

 

The http://forum.sysinternals.com/gpu-based-paravirtualization-rootkit-all-os-vulne_topic26706.html link that RockLobster posted, was just one of the threads i was referring to in my Post # 2023. We had discussions about that thread on here, but as on SI, not much creedence was given to it ! Whether or not, it was actually an NSA etc infection ?

The fact is, nearly everbody thought it was impossible to such things !

 

Although it raises privacy concern, I have to say it's a right and natural decision for the intelligence agency.

 

It could be IF you had reasonable evidence that the huge amounts of money and opportunity costs were actually going to be effective at achieving the stated objective (as opposed to the known scope creep of criminalising everyone, and allowing those involved to empire build and get power and money for themselves.) The evidence does NOT point in that direction, the useful, actionable intelligence is from people who understand the situation, speak the languages, and put in the hard work to track people down using human judgement rather than machine algorithms and data mining.

AND IF you properly assessed the collateral damage (not only to privacy either) - this is never done when these programs are being proposed.

AND IF you trusted the people and organisations involved. Despite their track record.

Good luck with that.

 

I'm not saying about its legitimacy or validity. I know the report about NSA couldn't offer any valid evidence that their surveillance stopped terrorism.

Whatever people want or hope, intelligence agency won't disappear. It's just as much hard as achieving perpetual complete peace. If your country didn't put and devote large money on intelligence, sorry your country will be left behind in international competition in long run.

Until recently, major objective for U.S intelligence agency was economical war since end of the Cold War. There have been some evidence that they actually spied on other country, especially corporation. In the Cold War, they played quite a big role, not only direct operatives against communist but it's well known that their cultural strategy largely affected each side's literature. I know my country also did these tho much smaller extent. From an autobiography of a pre-agent of my country's agancy, I'm almost sure that those operatives made some sense to protect national security and national economy, tho he also made much of criticisms.

The thing is, situation is changing rapidly, and their old methods were not quite effective any more, OTOH too many survellance didn't fruit much as nobody can correctly process, relate, and integrate such too big data. They're surely struggling to keep up these shift, I don't know their direction is right but at least CIA which was mostly for HUMINT only to gain and integrate some SIGINT capability is necessary. HUMINT is still quite important even in current technology era, but obviously their old methods have limitations.

Again, I'm not talking about if those surveillance is good or not, the fact is regardless of if it is good, there's little hope that those activity, agency, and budget for them disappear. I also do not say protest or criticism is not needed, just saying we can't remove them from on earth or from your country. Ofc we should raise our voice and pursue as much as transparency, regulation, and human right including privacy. This is why we have international law to restrict what is allowed on war even knowing it is not always respected.

 

Yes some people doubted it but I believe that thread was started before the Snowdon leaks, I feel sure it would have been taken more seriously had it been afterwards. Did you read the proof of concept paper someone posted a link to it in that thread, it seems entirely plausible to me, especially when you consider the hidden processing power and memory of the average gaming gpu ?
I mentioned an idea for hashing the firmware then it struck me, why don't we do that to all the executables on our PC's instead of using lame definition file based scanners when we know a real adversary will not be using "known" malware. If we built a database of the hashes all known executable files and built a scanner to hash each file on our own computer and compare it to that database, we would have a anti malware scanner that would recognize any file that had been modified by a malware. The scan might take longer but what the hell at least we would know it is definitely going to find malware infection if there is one plus it would tell us exactly which files are affected. I really think the anti malware companies have failed us and we need a new approach.

 

Why Firmware Is So Vulnerable to Hacking, and What Can Be Done About It.

-- Tom

 

@ RockLobster

Yes, that thread was started well before the Snowdon leaks ! It wasn't the only one on there, or here either, also well before the Snowdon leaks

 

I wonder if writer has looked this thread.

 

How To Sabotage Encryption Software (And Not Get Caught).

Surreptitiously Weakening Cryptographic Systems (Download).

Chose the format (pdf or txt) and left-click on the Download button

-- Tom

 

Are Your Devices Hardwired For Betrayal?.

-- Tom

 

The “Snowden is Ready to Come Home!” Story: a Case Study in Typical Media Deceit
https://firstlook.org/theintercept/...ts-come-home-stories-case-study-media-deceit/

 

Great reading!
I wonder if there's other way to implement hidden constant trick in anything other than random generation algorithm. I have to admit my knowledge don't reach that degree.

 

Quote from the link: Firmware is not just limited to your computer either. There is firmware in most electronic devices that we use: cellphones, car components, printers, digital cameras, TVs, routers, etc., all contain firmware.

Can only image the cost to consumers if this malware were to hit smart TVs and cars. PC manufacturers will not replace your PC if you install a firmware upgrade that bricks your device, because the warranty only covers the physical hardware, and not the software or firmware. If malware infects the firmware, I would expect manufacturers to take the same stand. Car mechanics rely on pre-designed diagnostics to determine computer related problems in a car, but I doubt if they can determine if malware has infected the firmware. If the malware has bricked the computer, replacement cost would be pretty high and the replaced system would have the same vulnerability.

 

The Tricky World of Securing Firmware
https://blogs.intel.com/evangelists/2015/02/20/tricky-world-securing-firmware/

 

Documents Shine Light on Shadowy New Zealand Surveillance Base - The Intercept

 

iSpy: The CIA Campaign to Steal Apple's Secrets

 

Philip Hammond: time to 'move on' from Snowden surveillance revelations

Foreign secretary says debate sparked US whistleblower Edward Snowden ‘cannot be allowed to run on forever’

http://www.theguardian.com/world/20...urveillance-powers-debate-says-philip-hammond

I therefore implore you to close this thread immediately, and stop thinking any thoughts. Thoughts "cannot be allowed".

 

Until such a time as the governments consent to having a real and open debate instead of hiding behind national security, exaggerated threats of terrorism, etc, and accept responsibility for their actions, actions that declare all people as potential enemies and terrorists, the revelations and the discussions of countermeasures will continue.

 

Hammond's statement is a load of vague fluff, designed to assuage fears without actually promising accountability or offending anyone. IOW, absolutely typical.

The wording, though, makes me think he needs better PR people.

Edit: also, I really love this endless blather about national security. MIT Tech Review ran an article recently about the economic impact of NSA spying on American companies and their reputation abroad... hint hint, it wasn't good, and the economy doesn't really need further beatings, does it? But people like Hammond don't seem to get that there's more to national security than being able to find and kill the Bad Guys, whoever they happen to be.