Feeds

back to article How the NSA hacks PCs, phones, routers, hard disks 'at speed of light': Spy tech catalog leaks

A leaked NSA cyber-arms catalog has shed light on the technologies US and UK spies use to infiltrate and remotely control PCs, routers, firewalls, phones and software from some of the biggest names in IT. The exploits, often delivered via the web, provide clandestine backdoor access across networks, allowing the intelligence …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

The sheeple are so gullible

I'd rather have the NSA monitoring my PC than Microsucks.

4
72

Re: The sheeple are so gullible

Can you be any more shallow? C'mon, give it a try...

53
4
Anonymous Coward

Re: The sheeple are so gullible

Eadon?

16
4
Anonymous Coward

Re: The sheeple are so gullible

Wrong conclusion.

Based on this report (which sounds truthful) a government agency is more capable of analysing the bugs and finding their root causes than MSFT itself. That is interesting... to say the least...

10
2
Silver badge

Re: The sheeple are so gullible

> a government agency is more capable of analysing the bugs and finding their root causes than MSFT itself

Is it more likely that the NSA people are smarter than MS's techies - or that MS do the analysis for them and then hand over the vulnerability reports to the NSA (maybe even with worked examples of exploits?) , while holding back on releasing any fixes?

10
2

Re: The sheeple are so gullible

Not surprising. The government agency has the motivation of striving to install a police state while Microsoft has no motivation to fix something they have already been paid for.

23
4
Silver badge

Re: The sheeple are so gullible

Plus a blackish government agency is not bound by economic constraints. Want more more? Get more money, if need be from the future.

5
2
Anonymous Coward

Re: The sheeple are so gullible

I'd rather have the NSA monitoring my PC than Microsucks.

Pretty weak attempt at trolling. NEITHER has any business accessing my IT or my life unless there is probable cause, and even then they're supposed to protect what they obtain because I may still be innocent.

Personally, I think every single detection of such a facility (and there are ways of testing for it) should go straight to the police, with a CC to the EU, to keep them aware that the next time the US is asking for passenger data and bank info it's simply playing politics - because it already has them as far as I can tell. So there is really ZERO need for any further concessions. As a matter of fact, it could get politically interesting if the EU would financially support and stimulate the development of intercept detection measures.

4
0
Anonymous Coward

Re: The sheeple are so gullible

"Pretty weak attempt at trolling."

Wasn't that weak if you responded to it.

8
2
Bronze badge

Re: The sheeple are so gullible

"Eadon?"

Naaaah, grumpy old-man-Bryant.

1
1
Silver badge
Trollface

Re: Waldorf and Stadler are so grumpy

Can't be, he comes into the show at page 3.

1
0
Bronze badge
Coffee/keyboard

Re: The sheeple are so gullible

All of these same techniques are used by ordinary criminals; but some of them have been used to target individuals who were my clients. Once you become such a target, no operating system or hardware will save you. Your only recourse to avoid surveillance is to stop using modern technology completely. Some of my clients have gone back to using old DOS era machines, or Apple laptops with PowerPC CPUs to temporarily avoid the glare; but even those are used sparingly or they will be reacquired by the surveyor.

The NSA hasn't got squat on a good industrial espionage team. These cats really know how to get down in your shorts!

0
0

Re: The sheeple are so gullible

Well, to be clear, the NSA only analyze the bugs so as to exploit more vulnerabilities...

0
0
Mushroom

So..

All hardware is full of gaping holes and it's a matter of time before these holes get exposed to the hacker community and we are screwed.

Nice job NSA / USA.

I can't wait until it happens I'll sit back and watch the carnage.

So glad I made the decision to get out of front line IT in 2014.

17
3

Re: So..

"So glad I made the decision to get out of front line IT in 2014".

Are you kidding? This is a great time to be in IT!

Now, absolutely everyone on the planet has a well-funded and demonstrably malicious adversary to deal with - and all that infosec will have to be bought and paid for somehow.

That together with the massive opportunities that will become available to startups and businesses outside the US in particular means we could literally be on the eve of a new golden age if IT!

30
1
xyz
Bronze badge

Re: So..

Yup, I'm off as well. I don't like where this is all going so, in a few months I'll be a techless, bearded, hillside dweller in another country with a pack of dogs, a rifle and a bad attitude to strangers. Basically like one of those 'mercan survival nutters... who knew they were right all along!!

18
0
Silver badge

Get AK74, go inna woods.

I will bring the beans.

3
0
Anonymous Coward

Re: So..

absolutely everyone on the planet has a well-funded and demonstrably malicious adversary to deal with - and all that infosec will have to be bought and paid for somehow....... Except that the hardware that code is run upon has also been compromised by design. At that point the problem becomes insoluble unless you design and build your own hardware, OS and apps or simply pull the plugs and forego the internet,.

When it gets right down to it, the jury is out on whether all of the tech has been any more successful at blocking terrorists than the two hairy Scotsmen who waded in at Glasgow Airport but it has certainly increased the agencies intelligence gathering (and doubtless the amount of "noise" as in "signal to noise") to the point to the point that life threatening false positives are going to be occurring based on patterns of activity that at some point is going to see innocents shipped to Guantanamo via a sumptuously equipped Mukharabat interrogation suite.

How many folks with an interest in human rights or politics or the history of all this will get burned before it's determined to be not worth hassle and there's a return to targeted interception ? It's McCarthies wet dream as things stand - only waiting for the right people to rise to the top for massive abuse to become a reality, if it hasn't already.

7
1
Bronze badge
Mushroom

Re: So..

All hardware is full of gaping holes

No. Re-read the article. They are modifying the hardware so that it has a "gaping hole".

5
0
Silver badge

Re: So..

"All hardware is full of gaping holes"

Not quite, but we are in a position where most systems are so complex they are beyond our collective ability to understand fully to make them properly secure. Add in to that the secrecy of the 'propitiatory' BIOS and HDD firmware and there is little chance to easily detect against boot-time root kits introduced by those means.

"I will bring the beans."

Just no making me squeal like a piggy, OK?

3
0
Silver badge

Re: So..

"a system dubbed QUANTUMTHEORY, an arsenal of zero-day exploits that it has either found itself or bought on the open market"

I assume this also means that when the NSA is on a buying binge it isn't really particular about the color of the hat being worn by the seller. To think there are people who don't trust electronic voting machines but are blissfully unaware that they could be arrested for kiddie porn which was surreptitiously loaded on their own computer by the NSA and the backdoor removed after the fact. Then again, the NSA could just create their own TrueCrypt volume on your machine but it will be fine, McCarthyism is all in the past. Right?

4
1
Anonymous Coward

Re: So..

"who knew they were right all along!!"

We did

3
0
Anonymous Coward

Re: So..

> "we are in a position where most systems are so complex they are beyond our collective ability to understand fully to make them properly secure."

Exactly!

1
0
Anonymous Coward

Re: So..

The OP on this is correct. The well is truly poisoned. All IT providers are now automatically suspect. It will simply not be possible to convince anyone that you aren't also installing NSA back doors.

This is the IT equivalent of original sin.

3
0
Anonymous Coward

So much talk about the NSA that people forget that tech workers are recruited the same way that spies used to be recruited for classic espionage. A single backdoor inserted can get the tech worker a nice sum of money.... and won't be noticed when only used against high value targets. China has a lot of cash and a lot of workers of Chinese heritage in tech companies around the world ;)

You can complain about spying all you want but don't imagine for a second it's just the US/UK doing it. At least the NSA won't have their massive trove of data hacked. I can't say the same about all of VERINT's customers around the world who log massive amounts of personal data.

4
12
Anonymous Coward

"China has a lot of cash and a lot of workers of Chinese heritage in tech companies around the world ;)"

This sounds like racism to me. Maybe because it is. A lot of workers of "Chinese heritage" - you mean, the ones born here and would rather be accepted as American/British etc rather than spy for the Chinese government? A lot of ethnic Chinese are more loyal to their country - that being a western one - than white people are.

Furthermore, unlike with the USA, there has been no worldwide revelation that the Chinese government have backdoors into IT infrastructure - speculation, yes plenty, but as with most comments of this nature, that's all it is isn't? Playing on fears. Whereas the US/UK are ACTUALLY doing it NOW.

27
9
Anonymous Coward

To add, it is far more likely that Chinese citizens are recruited by the NSA to purposely implement security flaws in their software and infrastructure, like you suggested.

1
1
Anonymous Coward

It's not racism, they really do recruit mostly those of Chinese heritage. They play on feelings of loyalty to the homeland. It's an age-old issue with espionage.

5
5
Anonymous Coward

"Furthermore, unlike with the USA, there has been no worldwide revelation that the Chinese government have backdoors into IT infrastructure - speculation, yes plenty, but as with most comments of this nature, that's all it is isn't?"

Because if someone leaks Chinese secrets, their entire families will be sent to labor camps to pressure the leaker to return home.

3
5
Vic
Silver badge

> At least the NSA won't have their massive trove of data hacked.

[ Citation Needed ]

The US is, to date, the the country whose security service had a whole buncjh of allegedly-sensitive[1] data leaked...

Vic.

[1] I have something of a suspicion that the value of the data is probably being over-hyped to attempt to demonise Snowden...

12
1
Vic
Silver badge

Furthermore, unlike with the USA, there has been no worldwide revelation that the Chinese government have backdoors into IT infrastructure - speculation, yes plenty, but as with most comments of this nature, that's all it is isn't?

Moreover, the speculation came form those who turned out to be doing everything they accused the Chinese of doing and then some...

Vic.

19
1
Silver badge
Happy

"Because if someone leaks Chinese secrets..."

Won't they be totally different by the time the info gets back to base?

15
0

Not really racist

Considering the problems that America has had with ethnically Chinese people ripping off its secrets (state and industrial) on behalf of the Chinese state and industrial groups I think it is reasonable to assume that there is an opportunity for there to be an increase in Chinese spying via technological measures.

However, I don't believe that this should be an allegation limited to just China. Israel, Iran, India, France and many other countries have both the technological capabilities to undertake the same types of espionage as those which are being highlighted as performed by the Five Eyes consortium. Even just reading El Reg will enable people to know this since it reported on both the French version of PRISM and the implementation of the Indian vesion of a similar system.

China is however at the forefront of technological espionage since a)it produces the majority of the world's technology, the state has a vast fund of money available to pay potential spies and it has the biggest diaspora of its people to enable it to gain spies in pretty much any country in the world.

Racist, nah simply commonsense

7
8
Bronze badge

Absence of evidence is not evidence of absence. Nine months ago, before any of the documents that Edward Snowden released were available, there also was only speculation about the capabilities and activities of the US and its allies. Those capabilities and activities did not spring into existence as the classified material was published; they already existed, in some cases for many years. The argument that because there have been no similar releases about Chinese, Russian or other clandestine communication intelligence capabilities and activities is completely without merit.

3
1
Anonymous Coward

What he says about personal data is at least true. I know for a fact the Philippines is storing most "small" unencrypted communications in and out of the country indefinitely (SMS/Yahoo/etc)

0
0

Motivating assets

From my in depth knowledge gleaned from Le Carre, I thought that assets are motivated by a variety of causes, idealistic or financial being the "best" in terms of keeping control. Honey traps are pretty darn tooting too.

So whilst those who have strong feelings towards the homeland/against the enemy might be great, often those who need the cash are even better. Even going as far as to get those useful persons into debt in order to make them more malleable to a bribe.

Like in Blackadder goes Forth, turns out the chap called Fritz with the strong German accent is in fact not a German but a British spy, whilst the German spy speaks perfect English. So the Chinese-American with Chinese grandparents might get more scrutiny than the 10th generation Irish-American.

As the Middle Kingdom has been playing this game for longer than pretty much all the nations it is facing, I would also suspect that it could manage to smokescreen it's spying through, I don't know, a corporate espionage front? You might not be willing to spy for the Chinese, but for a competitor? Damn spies, being all tricksy and stuff.

I thought the age old issue of espionage was you never quite know exactly who is working for whom, or where your stuff might end up. Hence the plethora of double, triple agents, and the preference for turning an enemy asset into a false feed rather than removing the asset.

LOLs at the AC on this. Because the spooks totally cannot get through the reg's awesome securitah!

3
0

This post has been deleted by its author

Unhappy

@Bluenose -- Re: Not really racist

Whether there's specific racism here or not is not the main point. Like it or not, it's an unfortunate fact that throughout history in times or heightened tension or of war, that a resident ethnic minority population etc. belonging to a country with whom one is against/at war etc. will be discriminated against as a matter of course. (It's such a common phenomenon that it seems as if it's human instinct and or herd/group nature etc.)

There are many instances of this. Perhaps the best known is the US Government's rounding up and incarceration of American citizens/residents of Japanese ethnicity who were living in the US during WWII. Most of these poor unfortunates--many of whom were born in the US, owned businesses there etc., had never been to Japan and didn't even speak Japanese--were locked away for the duration of the War just because they had some Japanese heritage.

No doubt a very tiny percentage had sympathies with the then horrible authoritarian Japanese regime. Some might have even been traitors, but the fact remained that the vast majority of these people were unjustly victimized.

This old well-rehearsed scenario is now being played out once again against those who've Islamic and Chinese backgrounds etc. As in the past, the vast majority of those who've come to the attention of the host state as a consequence of their ethnicity and who are now under suspicion and thus suffering unjust discrimination, are completely innocent.

1
0
Anonymous Coward

"They play on feelings of loyalty to the homeland."

Which homeland are you referring to?

0
0
Anonymous Coward

Re: Not really racist

You are mixing groups together here. There has not been a single incident of an ethnic Chinese born in the west who has spied for China. Spied ON China yes.

The problem of non Chinese mistaking ethnic Chinese born in the west with Chinese from China is quite stupid. And yes, that IS racist. I don't see how you could say otherwise, since you are judging... by race

1
0
Silver badge
Unhappy

It's like reading a CDW catalog from evil mirror-world!!

Maybe the CDW reps there just say "F**k you! Buy my shit or I find out where your kid goes to school!!", instead of trying to be so helpful...

You know, we've all seen spy films where the good guy inserts some little electronic bug on a phone or computer, and the bad guy gets enough of his plans discovered that he is thwarted and there is never any "collateral damage". I'm pretty sure that we all understood that things are never so neat and clean in the real world. However, by corrupting at the firmware level and performing these interdiction operations, the NSA has made any major IT manufacturer's gear suspect, unless you run down to their manufacturing plant and buy right off the assembly line, and then lock your gear in a secure datacenter. This horrorfest is all about collateral damage

And unlike the movies we have no idea what the guys installing these are like or what agendas they are in service of.

Also, the "Rel to USA/FVEY" distribution means that the Aussies, Brits, Kiwis and Canucks have this too. Plus whoever else developed these dirty tricks separate of the Five Eyes.

Well, on the plus side, we definitively can give the House Intelligence Committee the raspberry the next time they complain about the PRC installing backdoors in Huawei or ZTE gear.

6
0
Anonymous Coward

Re: It's like reading a CDW catalog from evil mirror-world!!

What makes you think they're not subverting AT the baseline manufacturing level just to be sure there's no way to escape their view apart from rolling your own (and at the level of tech they can subvert, that's an unlikely prospect)? I mean, subverting hard drives at the firmware level? Ethernet connections at the socket? They probably even know how to beat faraday cages, too (probably through subsonic acoustics transmitted through the chassis).

"Well, on the plus side, we definitively can give the House Intelligence Committee the raspberry the next time they complain about the PRC installing backdoors in Huawei or ZTE gear."

Well, it seems there's no escape. Either we blab to the NSA or we blab to the Chinese. What's your choice, because between them and the Russians, they probably have EVERYONE covered.

2
0
Bronze badge

Re: It's like reading a CDW catalog from evil mirror-world!!

Subsonic acoustics is a contradiction in terms.

Apart from that - yep - assume every bit of hardware is compromised unless you beat it out of the metal yourself.

Remember - two people can keep a secret if one of them is dead and the other one wasn't told the secret.

3
0

Re: It's like reading a CDW catalog from evil mirror-world!!

I assume he just means 'too low to hear'

0
0
Anonymous Coward

Re: It's like reading a CDW catalog from evil mirror-world!!

My choice is that a bent copper is worse than a crook. Or - but this gets a little confusing - my enemy's enemy is my friend.

1
0
Silver badge
Pint

Re: It's like reading a CDW catalog from evil mirror-world!!

> reading a CDW catalog from evil mirror-world!

It's more like being on the movie set of The Shockwave Rider

I will drink to John Brunner.

1
0
Bronze badge

Re: It's like reading a CDW catalog from evil mirror-world!!

"Subsonic acoustics is a contradiction in terms."

No it's not. There are audio signals that are rendered inaudible to humans by frequency or amplitude. Just because you can't hear them doesn't mean they aren't there - or that they couldn't be used for signalling to a device that can.

2
1
Bronze badge

Re: It's like reading a CDW catalog from evil mirror-world!!

Er - yes it is

Acoustics refers to the sound carrying properties of a wave.

Subsonic means below the speed of sound carrying frequencies.

A subsonic wave by definition has no acoustic properties.

Human hearing ability is not relevant to either term.

2
0
Anonymous Coward

Re: It's like reading a CDW catalog from evil mirror-world!!

The correct term the OP was looking for is "infrasonic".

0
0
Silver badge
Unhappy

hahahaha

What's funny (in a stomach churning only hurts when I laugh kind of way) is so many fellow brainwashed countrymen still think the US government is the good guy. The 21st century will be known as the century when the US not only lost the moral high ground (what little it had left) but made sure its few remaining allies did as well. The worst part is it did so less than two decades in.

30
3

Page:

This topic is closed for new posts.