The German newspaper Der Spiegel has unveiled a whole bunch of stuff about the NSA and its tools that defy belief. Their tools and actions go way beyond what we already knew; we’re not just talking passive information gathering through cables and such, but way, way more.
For instance, the NSA can divert shipments of purchased computers and equipment to their own secret workshops, where malware and spying hardware is added to these products before they are then shipped onward to the buyers. They also intercept Windows crash reports as they are sent from users’ computers to Microsoft’s servers. Worse yet, they can reportedly add special hardware to drones that can wirelessly infect computers from up to 8 kilometres away.
We’ve only seen the tip of the iceberg here. The fact that no heads are rolling in Washington over this illustrates just how corrupt and undemocratic the US government has become.
The NSA (and their pals) are really he scum of the earth. Perhaps they are the real terrorists?
Intercepting shipments of systems and adding spyware to them is the sign of a desparate organisation. I am glad I never used the install that came with the kit I bought and immediately replaced it with my own install. But even that is not safe is it?
All I need to do is wait for my front door to be kicked in and I will know it is true. Naturally I will not be allowed to tell anyone about it.
Edited 2013-12-30 16:23 UTC
It was a surprise to me. When I saw somebody saying that this was happening on Facebook (without a reliable source cited), I scoffed. I’m a hard core anti-government (crazy?) person, and I still didn’t think the NSA would be going this far or be this blatant. Guess I needed to be taught the lesson yet another time.
I know, right? I’ve always suspected the governments of this world, especially the UK and USA, were indeed spying on both their citizens and others through the copper and fibre network. It’s easy enough, with big but hardly known companies running or, even worse universities, running the DNS servers, hacking the internet would be very easy. In a way it was inevitable. But i never thought a western government would be caught installing malware and “modchips” to comuters to spy on them. The “Big Brother” state is already here. We just didn’t realise yet.
I would tell you to assume the worst, but in my experience that makes everything seem all right, which is not a good thing.
Apparently that doesn’t actually help, when they’re doing custom BIOS and HDD firmware malware.
That’s not desperate, it’s out of control.
It seems they keep looking for more and more ways to snoop on people and there don’t appear to be any limits or boundaries.
I do wonder, if they managed to get even more and more data on us, if they would reach a point where they could mirror everything that happened in one giant computer. It would also enable them to rewind to certain dates and times and see exactly how the world was at that precise moment.
That would make it useful so I don’t think that will happen. If you have a learning computer you could use the live data to predict what will happen. After the prediction the computer can check if it was right and learn from it.
That would make a nice SciFi script.
I wonder if the NSA would sue then, claiming it’s their patented idea.
You got that right. I feel like living in a Minority Report America is right around the corner.
The NSA and other agencies are far more intrusive & working outside of the law that people imagined. Some day in our dystopian future this is all going to come crashing down and when it does it isn’t going to be pretty.
If you are a police organization and have a warrant to monitor a person you can plant bugs in their residence, place of business, and so on.
How is this any different?
The real issue is that they may be doing this extra judicially or by interpreting some law or other.
So does your security software see any of this or just ignore it?
There is a great chance that the companies creating the anti-virus/anti-spyware stuff has been told to add an exemption for this stuff.
There is a sure bet that the companies creating the anti-virus/anti-spyware stuff has been told to add an exemption for this stuff.
There, fixed it to you.
PS.: At least for American ones.
Edited 2013-12-30 17:31 UTC
Refusal by certain Linux distros to ship binary blobs has been usually met with scorn about excessive paranoia in the past. As it turns out the motivations behind that refusal have been more than vindicated by this leak.
It turns out that not only you cannot trust binary blobs obtained/download from vendors but you cannot trust baked-in firmware either. Just to put this into perspective pretty much every component today ships with some sort of firmware: BIOS/UEFI, hard-drives, SSDs, wireless cards, graphics cards, etc… You name it.
There is open-source software that were trojaned, NSA modified well-known open-source cryptographic algorithms, etc and no one noticed. Considering the quality of said open-source and the reluctance of paranoid coders like you to review code, there is still chance to get hammered while using your beloved Linux.
Kochise
What software are you talking about? If you’re talking about the Dual_EC_DRBG then you’re completely on the wrong foot here, Dual_EC_DRBG was available, but it was not the default and had to be specifically chosen as the RNG in use. And it was already known to be faulty, no one just had removed it. Besides, NSA didn’t trojan it into any software, it was added because of standards.
Edited 2013-12-30 18:01 UTC
Citations please.
Anyone who thinks Linux offers real security or immunity from exploitation is nothing more than a victim waiting to happen. These guys have it all rigged whether it’s software, hardware, firmware, whatever. The only way people can truly protect themselves is by inventing a time machine and going back to live when steam power was the hottest ticket in town, or prior.
Can you show that there were successful backdoor injections into the Linux kernel in the past?
I don’t keep a running list of all the Linux exploits and points of security breach. It’s unlikely you’re going to find anything in the kernel source, which is obvious. However, there are plenty of other ways to compromise Linux so as I said, “Anyone who thinks Linux offers real security or immunity from exploitation is nothing more than a victim waiting to happen”. Just ask the endless list of people who learned that the hard way.
What other ways? Not withstanding BIOS level mallware, the only ways are through a kernel exploit or through an exploit in one of the services it’s running. If you only have sshd on the thing (setup with a key and no password access) how is it going to get hacked?
You’ve really no idea.
The reason why so many Linux installs are so readily infected is because the people who set them up really only know how to run through an install and have no idea what they are installing or why – they just click ‘next’.
If you know how to configure a system, if you can strip it down to the bare minimum, you will be much more able to fend off any attack.
We can stop here, nothing further is necessary. I said Linux does not offer immunity from being compromised, and you very clearly agree with that. Which you should, because it’s a known fact.
I don’t know why it’s so difficult for some people to acknowledge the truth that Linux gets hacked just like anything else. Just because Linux is more open that other OS’es doesn’t mean it’s perfect. The kernel alone sees massive amounts of fixes and regressions every cycle. With supposedly hundreds or thousands of people going through all this code, a lot sure is being missed or overlooked. Linux gets compromised like anything else. Security is not a guarantee with any OS when so much of it depends on proper configuration and user knowledge/error.
Especially when you look at who contributes and maintains the whole of selinux, a key part of the kernel. For anyone who doesn’t know, that is the NSA.
Now the question is, are they trying to push the picture too far so that they ridicule themselves and they can scream at the conspiracy theory regarding how stupid the news looks : spreading a virus 8 kms around, why not pirating a computer using ultra sound ?
Kochise
I am certainly not.
I would like to point out, CISCO, IBM, Microsoft, AMAZON actively work with the NSA/CIA to intercept shipments of technology.
They don’t need cloak and dagger style intercepts. It is fully sanctioned.
Furthermore, for those of us who have seen “odd” behaviour of CISCO central office/switching gear as well as backbone routing gear since the early 2000’s, it has been suspected that most of the CISCO gear you buy is bugged.
Just waiting to be activated. I am picking CISCO here, because I have had first person knowledge of seeing bugged equipment work. But my friends who work in the network/telecommunication industry have told me about other gear from different companies doing “interesting” things after it is deployed on IPv4 networks.
(A Note: Wonder why IPv6 adoption is slow? Well, it is because the bugged equipment in place doesn’t support it and AT&T, Sprint, and most of the NATO computer company heads have been told NOT TO REPLACE IT.)
Any NATO corporation though is suspect.
None of this stuff is surprising, and although revelations of this stuff in a magazine article as a public work IS surprising.
(i.e. Probably due to Snowden otherwise you are suppose to be fast asleep.)
This has been going on for at least a decade you have to understand and is not just recent.
So you can’t blame a particular political party, government office etc.
It is just all bad and it will get far far worse before it gets better.
That is because all of you are living in a time when the empire you reside in is collapsing and making way for the shining jewel of the far east to command and conquer the 21st century.
Your currency, your jobs and your government is all being shipped off shore. This is an important point because the banking families of Europe who have had for so long complete control over world affairs, are none too happy to lose the ability to print money for themselves and their cronies.
As the economic, particularly the banking situation gets real dicey moving forward over the next couple of years, anyone who doesn’t like their house taken away, their jobs and careers destroyed will become “terrorists”, enemies of the state.
The control grid is now in place and this is to insure you are easily tracked and killed.
Most of you are aware of the private army and munitions buildup by the DHS, CIA, NSA.
This control grid identifies the targets, and the above organizations go after them.
Only this time it is now US Citizens who now realize how rigged the game is from education, now health care, financial markets and don’t like it and may actually plan on doing something about it.
Subverting banker power in a NATO country is about to get very dangerous indeed.
-Hack
Sadly, it’s not corruption or lack of effective democracy within the government that is preventing heads from rolling, it’s the fact that a (slight) majority of Americans approve of the spying.
Since the objections to spying aren’t split down party lines, either among the population or within Congress, the news agencies have been paying to things that are split evenly down party lines, namely the ACA website. It makes for better ratings.
The problem USA has to confront before all this mess is sorted is twofold. There is the loss of trust and, as consequence, there is the loss of business.
Internally, there will be a battle to regain the public opinion confidence on a central government and a fight to restore the power balance these actions shifted. This will be the “easy” part.
Externally, the situation is worrisome. Old partners will just start to look elsewhere or will try to build things themselves. For what I read, it already started. IBM had a way lower than expected contracts on China and some others countries on Asia, same happened with Cisco. There is also all the ISP contracts to be lost. What this scenario brings? International competitors will have a hook to grow, what may make the whole thing worst.
The economical factor, in the end, will be what will propel USA to find a way to appease its friends, provided it is not too late, what, I suspect, already is.
We’ve only seen the tip of the iceberg here. The fact that no heads are rolling in Washington over this illustrates just how corrupt and undemocratic the US government has become.
Or, maybe the NSA actually controls the US government.
A bit like the CIA in the 60’s.
It will be interesting to see, if the NSA crisis will be a hot topic in the next US elections. I can imagine, that the media, that upkeeps the public show of the elite’s two political parties, is corrupted enough to move attention to “more important” topics.
Decades ago USA was still known as a paragon of freedom and civil rights, but what can we say today? Well…
Perhaps it’s time to re-erect the Iron Curtain, only this time to the west instead of the east!
One of the most worrying unanswered questions of this is this: if USA/UK’s network is this extensive and goes so much further than simpe national security, how extensive and intrusive must the networks of those we always knew were oppressive states be, many of whom have even larger resources than the UK & literally no (rather than vanishingly little) chance of being held accountable?
And are we supposed to believe that both Germany and France — the former the largest power in Europe, the latter more or less a mirror image of the UK in foreign affairs — haven’t got something of the kind like it?
Its a subtle version of what Burke warned us about; democracy being used as an excuse to oppress.
—
I’ve surprised myself by how much the recent furore has pushed my position towards Stallman’s. Only a year back I regarded him as a brittle ideologue; the sort of person who’d drive into a hedge in order to head straight to his destination as the crow flies rather than go a mile out of his way to get there by road. Promoting software freedom to a moral issue & some sort of basic ‘right’ seemed self evidently immature & a belittling of the terms. Pretty sure now that I was wrong.
Edited 2013-12-30 22:02 UTC
Me too…time to get back into the libre distros.
That’s totally absurd.
I can see perhaps using using the drone to access an otherwise isolated wireless network but you can’t download software to a piece of hardware unless you can somehow connect to the thing in the first place.