NSA has direct access to tech giants' systems for user data, secret files reveal

Thanks, 142395

What do you think of this thread in qubes-users: https://groups.google.com/forum/#!topic/qubes-users/9cso2wnw8Bg

 

I personally think Qubes is much more secure than other VMs (or any OS on those VMs), it's not just compartmentalization but also trying to reduce attack surface as much as possible. So, to say the least, using Qubes will put quite high hurdle for attacker who're seeking to infect your firmware (but who knows what NSA can do?).
Also, when we hear such story we tend to think firmware rootkit can do everything. But actually what firmware can do is limited by its nature, so they install other malware on OS. Even when firmware rootkit itself can't be detected, still those malware may be detected, or you may be protected to some extent. I don't think we can't be protected from firmware rootkit in anyway and any effort is futile. I didn't know Storage Domain mentioned in your link, very interesting (to be honest, not yet fully understood), tho reliance on TXT might be Achilles' heel when attacker is NSA. I wonder if InkTag can mitigate those threats or not, but it's beyond my expertise.

 

True story I am going to share. I've shared it in the past with multiple people, and even on my Facebook..

A few years back when I worked as a contractor for a 'sensitive' firm I found what I thought at the time was malware on my home machines. The problem was I would remove it, and it would come back. I started wiping hard drives, and reinstalling windows, and it came back! Eventually I think I realized it was either Bios or HDD firmware that they were using to inject this. After much investigation we could only pin down the actual items being delivered, and things being altered, but not the delivery mechanism itself. When I contacted Panda Labs, and worked with them they 'speculated' it was something state sponsored, but didn't have any evidence to prove it. Eventually I had a stack of SEVEN hard drives at my home. I kept swapping them out for different brands until it stopped. Eventually coming to a brand that they seemed to not have the capability to infect. I reported my findings to several labs, including Panda at the time, and then forgot about all of this until recently..

Also keep in mind, this means they can compromise SERVERS!

 

I feel like trading my little tinfoil hat in for tinfoil full body armor!!

 

"Google is warning that the government's quiet plan to expand the FBI's authority to remotely access computer files amounts to a "monumental" constitutional concern."

http://www.nationaljournal.com/tech...r-a-monumental-constitutional-threat-20150218

 

http://arstechnica.com/information-...k-hard-drives-to-create-a-pervasive-backdoor/

This article goes more into detail of how the firmware of HDD's could be reverse-engineered and infected and what it might take to achieve that.

 

Surprise! America Already Has a Manhattan Project for Developing Cyber Attacks.

It seems we have all been used as guinea pigs, eh?

-- Tom

 

@ Mayahana

Interesting account Indeed ! Several people over the years have also posted about similar experiences, on here & other www's. It was driving them almost crazy. They got a LOT of negative comments & insults etc. Of course we don't know if their issues were actually due to the NSA etc, but with all the recent Equation revelations, some infections "might" have been true !

**********

A stack of Equation's handywork here -http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3735&p=25276#p25276

 

Yes, and to add to the worries above, I'd also like to highlight something that's been giving me the collywobbles, and that's network adapter drivers and firmware. We know that some of the major companies involved have been attacked, and there are many things that could be done once you have control of the network adapter.

 

Nah, network/drivers firmware is irrelevant. Storage firmware access and hidden OS port knocking sequence is all they need.
As for the arstechnica article about not needing source code for making custom firmwares is total BS. To stay under the radar they must be 100% sure that the injected code won't disrupt normal functions of the disk and this can be guaranteed only if they have the source code; and the source code could be only obtained from cooperating manufacturers...No wonder that all these companies almost never release updates for firmware hdds...

Panagiotis

 

I will never ever use Russian-Kaspersky on my PC ever again !!!

Who knows what kind of spy files they have on my PC after i installed Russian-Kaspersky

 

References? How does that get past conventional perimeter defences?

 

It is another "urban leggend" that circulated from the late 90's about the microsoft OSes. Never proven but with the revelations of the last years and the recently patched vulnerability of the windows OSes https://www.wilderssecurity.com/thre...ion-on-win-10-using-window-scrollbars.373329/ "urban leggends" seem more real than leggends.
How port knocking works
http://netsecurity.about.com/cs/generalsecurity/a/aa032004.htm
and some implementations
http://wangzhengyuan.blogspot.gr/2014/02/port-knocking-implementations.html

Panagiotis

 

Well, that's not true of hypervisors (I think I saw reference to about 100k for Xen in Qubes), and even with the fully-fledged type 2 VMs, I suspect most of the vulnerabilities are associated with host integration, and if you don't use that, the attack surface is limited.

 

Well, there has been open source firmware for ages (http://www.coreboot.org/) to replace proprietary BIOS.
It's basically a stripped down Linux.

But we also need Open Source hardware (https://en.wikipedia.org/wiki/Open-source_hardware)

Of course, current hardware vendors will likely protect their proprietary designs like crown jewels till the bloody end.
So, untill there comes some new player(s) and some serious competition in this front, then this is probably just going to be a sweet dream....

*sight* ....
(I would soooo love to make my own 4G USB modem )

BTW, that Kaspersky PDF report seems to list only small subset of all those Equation Groups C&C IP's and domains.
There seems to be 300 C&C servers out there

 

How hackers could attack hard drives to create a pervasive backdoor.

-- Tom

 

Password cracking experts decipher elusive Equation Group crypto hash.

-- Tom

 

Yup, most effective firmware malware would be that on disk drive, as firmware malware itself can't do many things so it most probably have to install its body on OS, then to hide OS malware and persistently survive, the best is disk drive.

Yes, that's correct and part of reason I trust Qubes much more than VBox.

 

The Great SIM Heist

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

 

Edit: Ah, they did use PGP for e-mail. Should have read the story fully first ...
Edit2: or at least one Thailand employee used....

...........

 

The #1 customer for HDD in the world would comfortably be....

The NSA.

They just have to fill the Maryland facility with something.

Doubtless - for lots of good sounding reasons - they would require the HD firmware source code to review before they would place their mega buck orders with their suppliers. And maybe have a few employees in the disk manufacturers to "help" them with their security. And so it goes.

By the way, is there not a fairly simple OS level prevention (pre-infection), which is to say, any ATA/SCSI instruction outside the normal read-write-trim stuff would require UAC or privilege escalation. Although I guess that does nothing for malware that's already escalated. Maybe we need to build a little Sata controller Pcie card which acts as a sata firewall.

 

"Secrecy around spy device is case’s undoing"

An FBI-imposed gag order about the StingRay, a sophisticated surveillance device that mimics cell towers, endangers some criminal cases when its use is questioned by defendants or judges."

http://www.washingtonpost.com/regional/

 

I dont know what the problem is:
Old System- Police Have Reasonable suspicion > Judicial Review > Warrant Issued > Carrier Provide Warrant > Information Provided to Police
New System - Police Want Information > Police Activate Stingray > Police Get Information

Gets rid of the whole wasted process of the judiciary.


Why did we have the judiciary anyway? ...... oh right the whole separation of powers under the US constitution.

 

It's a lot more than just about separation of powers - separation of powers was merely a means to a fundamental end. This story is about the guarantees of, our liberty and freedom under the Constitution and Bill of Rights. The 4th Amendment's protecting us from unreasonable search and seizures was written to prevent one of the British' most common abuses that fomented the American Revolutionary War. That is what makes the recent NSA revelations so fundamentally obscene.

 

"CIA plans to elevate espionage efforts on Web

Director John Brennan’s new focus reflects a determination that the CIA’s approach to conventional espionage is increasingly outmoded amid the exploding use of technology."

http://www.washingtonpost.com/world...94d-11e4-9423-f3d0a1ec335c_story.html?hpid=z1