back to article How the NSA hacks PCs, phones, routers, hard disks 'at speed of light': Spy tech catalog leaks

A leaked NSA cyber-arms catalog has shed light on the technologies US and UK spies use to infiltrate and remotely control PCs, routers, firewalls, phones and software from some of the biggest names in IT. The exploits, often delivered via the web, provide clandestine backdoor access across networks, allowing the intelligence …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    The sheeple are so gullible

    I'd rather have the NSA monitoring my PC than Microsucks.

    1. Rik Myslewski

      Re: The sheeple are so gullible

      Can you be any more shallow? C'mon, give it a try...

    2. Anonymous Coward
      Anonymous Coward

      Re: The sheeple are so gullible

      Eadon?

      1. Jamie Jones Silver badge

        Re: The sheeple are so gullible

        "Eadon?"

        Naaaah, grumpy old-man-Bryant.

        1. Destroy All Monsters Silver badge
          Trollface

          Re: Waldorf and Stadler are so grumpy

          Can't be, he comes into the show at page 3.

    3. Anonymous Coward
      Anonymous Coward

      Re: The sheeple are so gullible

      Wrong conclusion.

      Based on this report (which sounds truthful) a government agency is more capable of analysing the bugs and finding their root causes than MSFT itself. That is interesting... to say the least...

      1. Pete 2

        Re: The sheeple are so gullible

        > a government agency is more capable of analysing the bugs and finding their root causes than MSFT itself

        Is it more likely that the NSA people are smarter than MS's techies - or that MS do the analysis for them and then hand over the vulnerability reports to the NSA (maybe even with worked examples of exploits?) , while holding back on releasing any fixes?

      2. Zack Mollusc

        Re: The sheeple are so gullible

        Not surprising. The government agency has the motivation of striving to install a police state while Microsoft has no motivation to fix something they have already been paid for.

        1. Destroy All Monsters Silver badge

          Re: The sheeple are so gullible

          Plus a blackish government agency is not bound by economic constraints. Want more more? Get more money, if need be from the future.

      3. Paul in NJ

        Re: The sheeple are so gullible

        Well, to be clear, the NSA only analyze the bugs so as to exploit more vulnerabilities...

    4. Anonymous Coward
      Anonymous Coward

      Re: The sheeple are so gullible

      I'd rather have the NSA monitoring my PC than Microsucks.

      Pretty weak attempt at trolling. NEITHER has any business accessing my IT or my life unless there is probable cause, and even then they're supposed to protect what they obtain because I may still be innocent.

      Personally, I think every single detection of such a facility (and there are ways of testing for it) should go straight to the police, with a CC to the EU, to keep them aware that the next time the US is asking for passenger data and bank info it's simply playing politics - because it already has them as far as I can tell. So there is really ZERO need for any further concessions. As a matter of fact, it could get politically interesting if the EU would financially support and stimulate the development of intercept detection measures.

      1. Anonymous Coward
        Anonymous Coward

        Re: The sheeple are so gullible

        "Pretty weak attempt at trolling."

        Wasn't that weak if you responded to it.

    5. JCitizen
      Coffee/keyboard

      Re: The sheeple are so gullible

      All of these same techniques are used by ordinary criminals; but some of them have been used to target individuals who were my clients. Once you become such a target, no operating system or hardware will save you. Your only recourse to avoid surveillance is to stop using modern technology completely. Some of my clients have gone back to using old DOS era machines, or Apple laptops with PowerPC CPUs to temporarily avoid the glare; but even those are used sparingly or they will be reacquired by the surveyor.

      The NSA hasn't got squat on a good industrial espionage team. These cats really know how to get down in your shorts!

  2. Combat Wombat
    Mushroom

    So..

    All hardware is full of gaping holes and it's a matter of time before these holes get exposed to the hacker community and we are screwed.

    Nice job NSA / USA.

    I can't wait until it happens I'll sit back and watch the carnage.

    So glad I made the decision to get out of front line IT in 2014.

    1. Awil Onmearse

      Re: So..

      "So glad I made the decision to get out of front line IT in 2014".

      Are you kidding? This is a great time to be in IT!

      Now, absolutely everyone on the planet has a well-funded and demonstrably malicious adversary to deal with - and all that infosec will have to be bought and paid for somehow.

      That together with the massive opportunities that will become available to startups and businesses outside the US in particular means we could literally be on the eve of a new golden age if IT!

      1. Anonymous Coward
        Anonymous Coward

        Re: So..

        absolutely everyone on the planet has a well-funded and demonstrably malicious adversary to deal with - and all that infosec will have to be bought and paid for somehow....... Except that the hardware that code is run upon has also been compromised by design. At that point the problem becomes insoluble unless you design and build your own hardware, OS and apps or simply pull the plugs and forego the internet,.

        When it gets right down to it, the jury is out on whether all of the tech has been any more successful at blocking terrorists than the two hairy Scotsmen who waded in at Glasgow Airport but it has certainly increased the agencies intelligence gathering (and doubtless the amount of "noise" as in "signal to noise") to the point to the point that life threatening false positives are going to be occurring based on patterns of activity that at some point is going to see innocents shipped to Guantanamo via a sumptuously equipped Mukharabat interrogation suite.

        How many folks with an interest in human rights or politics or the history of all this will get burned before it's determined to be not worth hassle and there's a return to targeted interception ? It's McCarthies wet dream as things stand - only waiting for the right people to rise to the top for massive abuse to become a reality, if it hasn't already.

      2. Anonymous Coward
        Anonymous Coward

        Re: So..

        The OP on this is correct. The well is truly poisoned. All IT providers are now automatically suspect. It will simply not be possible to convince anyone that you aren't also installing NSA back doors.

        This is the IT equivalent of original sin.

    2. xyz

      Re: So..

      Yup, I'm off as well. I don't like where this is all going so, in a few months I'll be a techless, bearded, hillside dweller in another country with a pack of dogs, a rifle and a bad attitude to strangers. Basically like one of those 'mercan survival nutters... who knew they were right all along!!

      1. Destroy All Monsters Silver badge

        Get AK74, go inna woods.

        I will bring the beans.

      2. Anonymous Coward
        Anonymous Coward

        Re: So..

        "who knew they were right all along!!"

        We did

    3. BillG
      Mushroom

      Re: So..

      All hardware is full of gaping holes

      No. Re-read the article. They are modifying the hardware so that it has a "gaping hole".

    4. Paul Crawford Silver badge

      Re: So..

      "All hardware is full of gaping holes"

      Not quite, but we are in a position where most systems are so complex they are beyond our collective ability to understand fully to make them properly secure. Add in to that the secrecy of the 'propitiatory' BIOS and HDD firmware and there is little chance to easily detect against boot-time root kits introduced by those means.

      "I will bring the beans."

      Just no making me squeal like a piggy, OK?

      1. Anonymous Coward
        Anonymous Coward

        Re: So..

        > "we are in a position where most systems are so complex they are beyond our collective ability to understand fully to make them properly secure."

        Exactly!

    5. Eddy Ito Silver badge

      Re: So..

      "a system dubbed QUANTUMTHEORY, an arsenal of zero-day exploits that it has either found itself or bought on the open market"

      I assume this also means that when the NSA is on a buying binge it isn't really particular about the color of the hat being worn by the seller. To think there are people who don't trust electronic voting machines but are blissfully unaware that they could be arrested for kiddie porn which was surreptitiously loaded on their own computer by the NSA and the backdoor removed after the fact. Then again, the NSA could just create their own TrueCrypt volume on your machine but it will be fine, McCarthyism is all in the past. Right?

  3. Anonymous Coward
    Anonymous Coward

    So much talk about the NSA that people forget that tech workers are recruited the same way that spies used to be recruited for classic espionage. A single backdoor inserted can get the tech worker a nice sum of money.... and won't be noticed when only used against high value targets. China has a lot of cash and a lot of workers of Chinese heritage in tech companies around the world ;)

    You can complain about spying all you want but don't imagine for a second it's just the US/UK doing it. At least the NSA won't have their massive trove of data hacked. I can't say the same about all of VERINT's customers around the world who log massive amounts of personal data.

    1. Anonymous Coward
      Anonymous Coward

      "China has a lot of cash and a lot of workers of Chinese heritage in tech companies around the world ;)"

      This sounds like racism to me. Maybe because it is. A lot of workers of "Chinese heritage" - you mean, the ones born here and would rather be accepted as American/British etc rather than spy for the Chinese government? A lot of ethnic Chinese are more loyal to their country - that being a western one - than white people are.

      Furthermore, unlike with the USA, there has been no worldwide revelation that the Chinese government have backdoors into IT infrastructure - speculation, yes plenty, but as with most comments of this nature, that's all it is isn't? Playing on fears. Whereas the US/UK are ACTUALLY doing it NOW.

      1. Anonymous Coward
        Anonymous Coward

        It's not racism, they really do recruit mostly those of Chinese heritage. They play on feelings of loyalty to the homeland. It's an age-old issue with espionage.

        1. MonkeyCee Silver badge

          Motivating assets

          From my in depth knowledge gleaned from Le Carre, I thought that assets are motivated by a variety of causes, idealistic or financial being the "best" in terms of keeping control. Honey traps are pretty darn tooting too.

          So whilst those who have strong feelings towards the homeland/against the enemy might be great, often those who need the cash are even better. Even going as far as to get those useful persons into debt in order to make them more malleable to a bribe.

          Like in Blackadder goes Forth, turns out the chap called Fritz with the strong German accent is in fact not a German but a British spy, whilst the German spy speaks perfect English. So the Chinese-American with Chinese grandparents might get more scrutiny than the 10th generation Irish-American.

          As the Middle Kingdom has been playing this game for longer than pretty much all the nations it is facing, I would also suspect that it could manage to smokescreen it's spying through, I don't know, a corporate espionage front? You might not be willing to spy for the Chinese, but for a competitor? Damn spies, being all tricksy and stuff.

          I thought the age old issue of espionage was you never quite know exactly who is working for whom, or where your stuff might end up. Hence the plethora of double, triple agents, and the preference for turning an enemy asset into a false feed rather than removing the asset.

          LOLs at the AC on this. Because the spooks totally cannot get through the reg's awesome securitah!

        2. Anonymous Coward
          Anonymous Coward

          "They play on feelings of loyalty to the homeland."

          Which homeland are you referring to?

      2. Anonymous Coward
        Anonymous Coward

        "Furthermore, unlike with the USA, there has been no worldwide revelation that the Chinese government have backdoors into IT infrastructure - speculation, yes plenty, but as with most comments of this nature, that's all it is isn't?"

        Because if someone leaks Chinese secrets, their entire families will be sent to labor camps to pressure the leaker to return home.

        1. hplasm Silver badge
          Happy

          "Because if someone leaks Chinese secrets..."

          Won't they be totally different by the time the info gets back to base?

      3. Vic

        Furthermore, unlike with the USA, there has been no worldwide revelation that the Chinese government have backdoors into IT infrastructure - speculation, yes plenty, but as with most comments of this nature, that's all it is isn't?

        Moreover, the speculation came form those who turned out to be doing everything they accused the Chinese of doing and then some...

        Vic.

      4. Bluenose

        Not really racist

        Considering the problems that America has had with ethnically Chinese people ripping off its secrets (state and industrial) on behalf of the Chinese state and industrial groups I think it is reasonable to assume that there is an opportunity for there to be an increase in Chinese spying via technological measures.

        However, I don't believe that this should be an allegation limited to just China. Israel, Iran, India, France and many other countries have both the technological capabilities to undertake the same types of espionage as those which are being highlighted as performed by the Five Eyes consortium. Even just reading El Reg will enable people to know this since it reported on both the French version of PRISM and the implementation of the Indian vesion of a similar system.

        China is however at the forefront of technological espionage since a)it produces the majority of the world's technology, the state has a vast fund of money available to pay potential spies and it has the biggest diaspora of its people to enable it to gain spies in pretty much any country in the world.

        Racist, nah simply commonsense

        1. This post has been deleted by its author

        2. RobHib
          Unhappy

          @Bluenose -- Re: Not really racist

          Whether there's specific racism here or not is not the main point. Like it or not, it's an unfortunate fact that throughout history in times or heightened tension or of war, that a resident ethnic minority population etc. belonging to a country with whom one is against/at war etc. will be discriminated against as a matter of course. (It's such a common phenomenon that it seems as if it's human instinct and or herd/group nature etc.)

          There are many instances of this. Perhaps the best known is the US Government's rounding up and incarceration of American citizens/residents of Japanese ethnicity who were living in the US during WWII. Most of these poor unfortunates--many of whom were born in the US, owned businesses there etc., had never been to Japan and didn't even speak Japanese--were locked away for the duration of the War just because they had some Japanese heritage.

          No doubt a very tiny percentage had sympathies with the then horrible authoritarian Japanese regime. Some might have even been traitors, but the fact remained that the vast majority of these people were unjustly victimized.

          This old well-rehearsed scenario is now being played out once again against those who've Islamic and Chinese backgrounds etc. As in the past, the vast majority of those who've come to the attention of the host state as a consequence of their ethnicity and who are now under suspicion and thus suffering unjust discrimination, are completely innocent.

        3. Anonymous Coward
          Anonymous Coward

          Re: Not really racist

          You are mixing groups together here. There has not been a single incident of an ethnic Chinese born in the west who has spied for China. Spied ON China yes.

          The problem of non Chinese mistaking ethnic Chinese born in the west with Chinese from China is quite stupid. And yes, that IS racist. I don't see how you could say otherwise, since you are judging... by race

      5. tom dial Silver badge

        Absence of evidence is not evidence of absence. Nine months ago, before any of the documents that Edward Snowden released were available, there also was only speculation about the capabilities and activities of the US and its allies. Those capabilities and activities did not spring into existence as the classified material was published; they already existed, in some cases for many years. The argument that because there have been no similar releases about Chinese, Russian or other clandestine communication intelligence capabilities and activities is completely without merit.

    2. Anonymous Coward
      Anonymous Coward

      To add, it is far more likely that Chinese citizens are recruited by the NSA to purposely implement security flaws in their software and infrastructure, like you suggested.

    3. Vic

      > At least the NSA won't have their massive trove of data hacked.

      [ Citation Needed ]

      The US is, to date, the the country whose security service had a whole buncjh of allegedly-sensitive[1] data leaked...

      Vic.

      [1] I have something of a suspicion that the value of the data is probably being over-hyped to attempt to demonise Snowden...

    4. Anonymous Coward
      Anonymous Coward

      What he says about personal data is at least true. I know for a fact the Philippines is storing most "small" unencrypted communications in and out of the country indefinitely (SMS/Yahoo/etc)

  4. Marketing Hack Silver badge
    Unhappy

    It's like reading a CDW catalog from evil mirror-world!!

    Maybe the CDW reps there just say "F**k you! Buy my shit or I find out where your kid goes to school!!", instead of trying to be so helpful...

    You know, we've all seen spy films where the good guy inserts some little electronic bug on a phone or computer, and the bad guy gets enough of his plans discovered that he is thwarted and there is never any "collateral damage". I'm pretty sure that we all understood that things are never so neat and clean in the real world. However, by corrupting at the firmware level and performing these interdiction operations, the NSA has made any major IT manufacturer's gear suspect, unless you run down to their manufacturing plant and buy right off the assembly line, and then lock your gear in a secure datacenter. This horrorfest is all about collateral damage

    And unlike the movies we have no idea what the guys installing these are like or what agendas they are in service of.

    Also, the "Rel to USA/FVEY" distribution means that the Aussies, Brits, Kiwis and Canucks have this too. Plus whoever else developed these dirty tricks separate of the Five Eyes.

    Well, on the plus side, we definitively can give the House Intelligence Committee the raspberry the next time they complain about the PRC installing backdoors in Huawei or ZTE gear.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's like reading a CDW catalog from evil mirror-world!!

      What makes you think they're not subverting AT the baseline manufacturing level just to be sure there's no way to escape their view apart from rolling your own (and at the level of tech they can subvert, that's an unlikely prospect)? I mean, subverting hard drives at the firmware level? Ethernet connections at the socket? They probably even know how to beat faraday cages, too (probably through subsonic acoustics transmitted through the chassis).

      "Well, on the plus side, we definitively can give the House Intelligence Committee the raspberry the next time they complain about the PRC installing backdoors in Huawei or ZTE gear."

      Well, it seems there's no escape. Either we blab to the NSA or we blab to the Chinese. What's your choice, because between them and the Russians, they probably have EVERYONE covered.

      1. Colin Millar

        Re: It's like reading a CDW catalog from evil mirror-world!!

        Subsonic acoustics is a contradiction in terms.

        Apart from that - yep - assume every bit of hardware is compromised unless you beat it out of the metal yourself.

        Remember - two people can keep a secret if one of them is dead and the other one wasn't told the secret.

        1. Tom Chiverton 1

          Re: It's like reading a CDW catalog from evil mirror-world!!

          I assume he just means 'too low to hear'

        2. Terry Barnes

          Re: It's like reading a CDW catalog from evil mirror-world!!

          "Subsonic acoustics is a contradiction in terms."

          No it's not. There are audio signals that are rendered inaudible to humans by frequency or amplitude. Just because you can't hear them doesn't mean they aren't there - or that they couldn't be used for signalling to a device that can.

          1. Colin Millar

            Re: It's like reading a CDW catalog from evil mirror-world!!

            Er - yes it is

            Acoustics refers to the sound carrying properties of a wave.

            Subsonic means below the speed of sound carrying frequencies.

            A subsonic wave by definition has no acoustic properties.

            Human hearing ability is not relevant to either term.

            1. Anonymous Coward
              Anonymous Coward

              Re: It's like reading a CDW catalog from evil mirror-world!!

              The correct term the OP was looking for is "infrasonic".

      2. Anonymous Coward
        Anonymous Coward

        Re: It's like reading a CDW catalog from evil mirror-world!!

        My choice is that a bent copper is worse than a crook. Or - but this gets a little confusing - my enemy's enemy is my friend.

    2. Destroy All Monsters Silver badge
      Pint

      Re: It's like reading a CDW catalog from evil mirror-world!!

      > reading a CDW catalog from evil mirror-world!

      It's more like being on the movie set of The Shockwave Rider

      I will drink to John Brunner.

  5. asdf Silver badge
    Unhappy

    hahahaha

    What's funny (in a stomach churning only hurts when I laugh kind of way) is so many fellow brainwashed countrymen still think the US government is the good guy. The 21st century will be known as the century when the US not only lost the moral high ground (what little it had left) but made sure its few remaining allies did as well. The worst part is it did so less than two decades in.

    1. Vociferous

      Re: hahahaha

      > still think the US government is the good guy

      Well it's still less-worse than Russia and China. Cold comfort, I know.

      > The worst part is it did so in less than two decades

      Yes. I've said it before: it's both a mercy and a shame that so few Americans understand just how badly Bush damaged the USA. I'm even starting to think Bush may have mortally wounded the US empire.

      Obama has improved things a little, but not nearly enough to win back any moral high ground, and if a progressive democrat president wont/can't reverse the damage, then who can?

      1. Alan W. Rateliff, II
        Paris Hilton

        Re: hahahaha

        "Well it's still less-worse than Russia"

        Pfah! Putin expressed his jealousy.

      2. Frankee Llonnygog

        Re: Obama has improved things a little

        Apparently he has a weekly Terror Tuesday when he signs off on the next round of illegal murders-by-drone

      3. Anonymous Coward
        Anonymous Coward

        Re: hahahaha

        The difference is Russia doesn't try to portray itself as the world police, the installer of freedom and democracy around the world.

        1. Vociferous

          Re: hahahaha

          > The difference is Russia doesn't try to portray itself as the world police, the installer of freedom and democracy around the world

          No, it's a fascist dictatorship without rule of law or freedom of expression, which shamelessly supports other genocidal dictatorships and tries to engulf surrounding countries, without even trying to pretend it's interested in freedom or democracy.

          The US commitment to freedom and democracy may be charitably described as "selective" (as proven for instance by Syria), but even so it puts limits on what the US can do. For instance, the US couldn't use the same extremely harsh tactics in Iraq as Russia did in Chechnya to crush rebellion, because the US claimed to be trying to free the Iraqis.

          The US may be like a drunk which falls off the wagon more often than not and lies to itself that it's just going take this one glass, but it's at least got the goal to sober up. Russia's and China's goal is to drink more than anyone else.

          1. Vociferous

            Re: hahahaha

            It just occurs to me that westerners know so little about the world outside the West that maybe many don't know what tactics the Russians used in Chechnya. Ten percent of the country's population was killed, and that was before Putin installed the war's worst war criminal as president, who is still to this day torturing and murdering with the full support of Russia.

            1. Destroy All Monsters Silver badge

              Re: hahahaha

              > It just occurs to me that westerners know so little about the world outside the West

              It is only for the best, otherwise they would no longer sleep seeing how "the west" flattened and poisoned whole countries and even now supports the worst shits in the 'tans.

              Governments are not nice, whether headed by Putin or "dumocratically elected" retards.

          2. Anonymous Coward
            Anonymous Coward

            Re: hahahaha

            "No, it's a fascist dictatorship without rule of law or freedom of expression, which shamelessly supports other genocidal dictatorships and tries to engulf surrounding countries, without even trying to pretend it's interested in freedom or democracy."

            Yes, and if it was called "China" then our elected representatives would be fighting to be the first to make deals with it and slobber over its leaders to make trade deals.

            So, while what you're saying is true, it is easy to forget that the depiction of such nations is almost entirely controlled by the US and what suits its foreign policy objectives. It is a case of not thinking enough moves ahead in the global chess game to see any difference between Russia, China, and the US just because the last one pretends to be a democracy. It's just another military-controlled country who's main objective is not to "sober up" but to portray the correct image of the rest of the world in order to allow the leaders of that military to continue to binge themselves on the taxes of the masses.

            In the end, the only thing that matters to the powerful is staying in power; the specific flag they wrap themselves in is irrelevant.

      4. Ken Hagan Gold badge

        Re: hahahaha

        "if a progressive democrat president wont/can't reverse the damage, then who can?"

        I have no problem imagining a strong politician of any persuasion reigning in the power of the state. Remember that the Tea Party folks are all anti-"big government" and it doesn't come much bigger than the Stasi wet dream that is being described here.

        Where I do have a problem is in imaging a strong politician managing to get the necessary financial backing and the necessary public support when all the money is in the hands of big business who so clearly don't want a strong politician. They want one they can steer.

      5. RobHib
        Unhappy

        @Vociferous -- Re: hahahaha

        Well it's still less-worse than Russia and China. Cold comfort, I know.

        Perhaps so, but by what measure or comparison? It could be argued that with such horrendous historical pasts, that in the circumstances, both Russia and China are doing very well [catching up].

        On the other hand, once the preacher, crusader and moralist has been caught red-handed and exposed as a dishonest and fraudulent charlatan, then suspicion will always linger and surround his future motives.

        No matter how sincere his repentance and atonement may be, his reputation will probably never fully recover, as good, right, honesty and what is correct are perceived as simple notions, thus inviolate.

        Once lost, it's nigh on impossible to regain the moral high ground.

        (And I don't ever expect to see the US regain it within my lifetime.)

    2. Psyx

      Re: hahahaha

      "What's funny (in a stomach churning only hurts when I laugh kind of way) is so many fellow brainwashed countrymen still think the US government is the good guy."

      No, we all know that the British are the Bad People, with all their imperialism and stuff, and sticking their noses into other nations and starting wars. Right? That's why all the bad people in Movies are British.

  6. Anonymous Coward
    Black Helicopters

    cat

    meet pigeons.

    obligatory trusting trust link goes here.

  7. Salts

    Ok, not so quick and easy

    How about a program that runs MD5 check sums on all firmware.

    Not easy as we have to trust the manufactures not to have been subverted, I also know it is not a complete answer, but check sums for all firmware would at least be a start.

    Just a thought....

    1. Alan W. Rateliff, II
      Paris Hilton

      Re: Ok, not so quick and easy

      And from where do you think we will obtain trust-worthy hashes?

      1. Chemist

        Re: Ok, not so quick and easy

        "And from where do you think we will obtain trust-worthy hashes?"

        That American gov.agency responsible for security ? -Oh wait ..

        1. Anonymous Coward
          Anonymous Coward

          Re: Ok, not so quick and easy

          Hashes can be obtained using a 'globally' collected system. If millions of people from all over the world have the same hash it's unlikely they are compromised and could be used as a 'clean' baseline. Well that's the theory at any rate. But it does not protect from hardware hacks/exchanges.

          1. Dan 55 Silver badge
            Black Helicopters

            Re: Ok, not so quick and easy

            MD5 is compromised, I'm pretty sure 'they' could change the code but not the checksum if 'they' wanted to.

            Ditto SHA1, probably.

            Some super manufacturer-supplied firmware checker using 10 different checksums that you download from their support site? How do you check that hasn't been compromised if you're MITMed?

            Horrendous, isn't it?

      2. Pascal

        Re: Ok, not so quick and easy

        "And from where do you think we will obtain trust-worthy hashes?"

        The real issue is reading the BIOS binary to calculate the hash, which nowadays resides on a chip that is soldered on the motherboard, meaning that any attempt at reading it will actually be controlled by the compromised BIOS. It'd be a simple thing for a compromised BIOS to return the uncompromised binary when it is read like that.

    2. stuff and nonesense

      Re: Ok, not so quick and easy

      Salts, your idea has merit, the question is who do you trust?

      Donkeys years ago I worked in a company that made mission critical hardware. We used a checksum on the software/firmware code at compilation time.

      The checksum values were stored on hard copy (paper) and elsewhere, corrections to any errors were signed (on the sheet of paper). An altered entry with no signature was deemed invalid : that software release was checked against the version controlled code library.

      The binaries generated were then stored on a server and loaded onto the EPROM devices as required.

      When programmed the EPROM was interrogated to verify that the checksum was correct. Verification was against the paper copy checksum.

      The devices were not connected to any external networks and could not be interfered with (exception : physical modification).

      There has to be a point where trust can be established. If not what remains is the belief that the manufacturers are deliberately compromising their firmware.

      There should be no routine monitoring of (world) citizens. Monitoring should only take place when there is a valid reason and a court order limiting the scope of the surveillance.

      There is a need to be able to intercept data but just because they can doesn't mean they should.

      1. Anonymous Coward
        Anonymous Coward

        Re: Ok, not so quick and easy

        @ stuff and nonesense

        It's much more complex these days on the Network devices I work on:

        Embedded checksums in all code and configuration files

        Configuration file encryption

        Background Condition Screening that checks these checksums and all hardware devices constantly

        Devices that need physical jumpers to disable hardware write protection when configuration or program changes are required

        Tamper monitoring to report when the device has been opened to add those jumpers etc.

        Active network intrusion attempt detection

        Plus lots more that won't appear on the data sheets!

        But the arms race is accelerating exponentially to the point that we now spend more time creating new security than adding protocol support!

      2. nematoad Silver badge

        Re: Ok, not so quick and easy

        "There should be no routine monitoring of (world) citizens."

        No there shouldn't, but you know, there's a war on and a dragnet operation is *so* much easier.

        I think Applebaum has got it about right. The war is the security services against the rest of us.

        Bastards.

  8. Winkypop Silver badge
    Mushroom

    Ripley got it right

    I say we take off and nuke the entire site from orbit. It's the only way to be sure...

    1. Anonymous Coward
      Anonymous Coward

      Re: Ripley got it right

      No chance. They hacked the nuke, too. Now there's NO way to be sure. Full-on DTA mode now.

  9. TWB

    So this is why windows PCs slow down over time.

    Its not bloatware, it's NSA installed spyware.....

    I actually think that all this talk of NSA doing this and that is probably a more effective way of 'controlling' the masses than actually acting on all the information they supposedly have and rooting out true baddies, I also think it drives more people to terrorism. I'm thinking of joining a group, if only I could find one which represents middle class liberal angst types like me.

    1. Dick Emery

      Re: So this is why windows PCs slow down over time.

      It's called the Conservative party.

      1. TWB

        Re: So this is why windows PCs slow down over time.

        I think they lack liberal angst...

      2. Vociferous

        Re: So this is why windows PCs slow down over time.

        > It's called the Conservative party.

        They may have started it, but you wont see any other party in any hurry to stop the surveillance.

        1. Destroy All Monsters Silver badge
          Headmaster

          Re: So this is why windows PCs slow down over time.

          The Timmy McVeigh party still needs to be created.

          Gore Vidal: The Meaning of Timothy McVeigh

          For Timothy McVeigh, [Waco and Ruby Ridge] became the symbol of [federal] oppression and murder. Since he was now suffering from an exaggerated sense of justice, not a common American trait, he went to war pretty much on his own and ended up slaughtering more innocents than the Feds had at Waco. Did he know what he was doing when he blew up the Alfred P. Murrah Federal Building in Oklahoma City because it contained the hated [Feds]? McVeigh remained silent throughout his trial. Finally, as he was about to be sentenced, the court asked him if he would like to speak. He did. He rose and said, “I wish to use the words of Justice Brandeis dissenting in Olmstead to speak for me. He wrote, ‘Our government is the potent, the omnipresent teacher. For good or ill, it teaches the whole people by its example.’” Then McVeigh was sentenced to death by the government.

          Those present were deeply confused by McVeigh’s quotation. How could the Devil quote so saintly a justice? I suspect that he did it in the same spirit that Iago answered Othello when asked why he had done what he had done: “Demand me nothing, what you know you know, from this time forth I never will speak word.” Now we know, too: or as my grandfather used to say back in Oklahoma, “Every pancake has two sides.”

          When McVeigh, on appeal in a Colorado prison, read what I had written he wrote me a letter and …

          But I’ve left you behind in the Ravello garden of Klingsor, where, live on television, I mentioned the unmentionable word “why,” followed by the atomic trigger word “Waco.” Charles Gibson, 3,500 miles away, began to hyperventilate. “Now, wait a minute … ” he interrupted. But I talked through him. Suddenly I heard him say, “We’re having trouble with the audio.” Then he pulled the plug that linked ABC and me. The soundman beside me shook his head. “Audio was working perfectly. He just cut you off.” So, in addition to the governmental shredding of Amendments 4, 5, 6, 8, and 14, Mr. Gibson switched off the journalists’ sacred First.

  10. Christian Berger

    The really bad thing is...

    ...that there are people designing and producing such things and handing them to the NSA!

    However there is a silver lining around the dark cloud. During the 30c3 the organizers got a couple of actors to pose as recruiters for a dubious (fictional) company called "Security Solutions Limited". They ask around 500 people and only 2 seemed interested enough to go to further back room talks.

    The NSA doesn't work by "itself". It needs smart people from the hacker community joining them. Either directly or through contractors. We need to stop helping them hurting us all.

    BTW: the recordings of the talks, as far as they are already available are here: http://cdn.media.ccc.de/congress/30C3/mp4/ Append .torrent to get to the torrent file.

    1. Marketing Hack Silver badge
      Black Helicopters

      Re: The really bad thing is...

      How many hackers would like a steady paycheck where they can do stuff like TAO does, plus they get to play secret agent, plus they get to be above the law while doing it? Lots, I imagine...

      That, and defense contractors don't care about the "why" when they are asked to design and build something, they just build it.

  11. Lapun Mankimasta

    hoi8st on their own petards ...

    "Appelbaum and the Der Spiegel team have been careful to exclude the published names of NSA staff who carry out these attacks, and the names of the people and organizations the agency has targeted."

    Ah, but they still had to store the unredacted files on their networked computers while doing the redacting, and those computers are compromised. I cannot imagine that either the Russians or the Chinese are ignorant of those names. It's too much of a leap of faith to believe otherwise.

    The NSA has just illustrated the military manoeuvre known as "Hoisting oneself on one's own petard." It is a truly inspiring sight, is it not!?!?

    1. DougS Silver badge

      Re: hoi8st on their own petards ...

      Given what they know, are you sure they did the redaction on NETWORKED computers?

      They undoubtedly started with a heavily encrypted file. If I were them, knowing what I know (let alone what other details they know they haven't published yet) I'd transfer that encrypted file via a brand new USB stick to a laptop with the wireless physically disabled. On it I'd have a virgin OS, running a VM with a virgin OS, and perform the decryption and redaction there, before copying the redacted file out on a different brand new USB stick to be transferred to a network computer. After which I'd wipe the hard drive in the laptop, and destroy both USB sticks.

      Even that wouldn't protect against all the stuff they're capable of, but it is probably the best you can do under the circumstances. Maybe select some really off brand laptop that never sold well, so they'd be less likely to have created a firmware/hardware exploit for it.

  12. Al_21
    Go

    Impressive

    I'm impressed by the technology assuming everything on NSA/GCHQ's works as simple as this article makes it out to be in my imagination.

    I doubt they're interested in any of us (sorry to deflate your bubbles), but now it's all out in the open, I want to see it be used to catch the bad guys. That's the only way it'll win back the public.

    Then make a good movie or TV series like 24, The Wire(Cable) or Spooks and opinions will change.

    1. Phil O'Sophical Silver badge
      Thumb Up

      Re: Impressive

      assuming everything on NSA/GCHQ's works as simple as this article makes it out to be

      Well, that's the thing, isn't it. Some of it is pretty far-fetched, if I worked in the NSA this is exactly the kind of catalogue that I would "leak" to potential adversaries, as disinformation.

      Has anyone analyzed this to see if there's a pattern in terms of companies/systems that are not mentioned? Maybe those are the ones we should really be wary of.

      Heigh-ho! Tinfoil hats on, everyone

      1. Vociferous

        Re: Impressive

        > if I worked in the NSA this is exactly the kind of catalogue that I would "leak" to potential adversaries

        Well, much, perhaps most, of it was actually known before Snowden leaked it (for instance that all cell phone calls and all international calls are automatically scanned). It just got a lot more attention through Snowden's leak.

        True, an orchestrated leak would be mostly true things which were already known, with some sneaky false things hidden among the true, but I think that's giving the US spy agencies too much credit.

      2. DougS Silver badge

        @Phil O'Sophical

        That's a nice idea, but unless Snowden really is still working for the NSA and the entire thing is a disinformation campaign, to release information we know has already leaked in the past, along with some stuff we can live with deliberately leaking, in order to leak disinformation, it seems rather unlikely.

        In theory the NSA could keep disinformation on its servers just in case someone ever did a massive leak like this, but I'll bet they had too much hubris to believe anyone could ever take information from them wholesale.

        I agree with you that I wouldn't read anything into the idea that companies not mentioned are "safe". The file is supposed to be from 2007 (according to the paragraph about the iPhone) so that's a lot of time for them to fill in their gaps. As well, stuff that didn't exist then like Android and Windows Phone would have been bugged by now.

        It is amazing to me that the iPhone was bugged back in 2007, when only a million or so sold and it wasn't at all clear it was going to be the success it was. I mean, why bother? If they go to the trouble of targeting that, I doubt anyone should feel proud of themselves for using one of the last WebOS phones and thinking they're safe!

        1. Alan W. Rateliff, II
          Paris Hilton

          Re: @Phil O'Sophical

          When the iPhone was introduced I knew it would be a stellar success. Not because I am an Apple advocate, but because I saw what happened with the iPod, I know the iFanboi mentality, and I have always noted how Apple just "gets" the user experience.

          Top Men came to similar conclusions as I for much better reasons than I.

    2. Dodgy Geezer Silver badge

      I want to see it be used to catch the bad guys.

      If you believe that there ARE any bad guys out there - at least the kind of bad guys that NSA and Hollywood pretend that there are, in order to keep their respective jobs - them NSA has already won.

      1. Vic

        Re: I want to see it be used to catch the bad guys.

        > If you believe that there ARE any bad guys out there

        There are many, many bad guys out there.

        I imagine that, without exception, they all consider themselves to be the Good Guys(tm).

        And I suspect that the vast majority are government-funded.

        Vic.

  13. Pete 2

    No better way to destroy a country's IT business

    If the NSA was planning on actively undermining global confidence in american made, or american owned technology companies, they would probably have a strategy that looked a lot like what they're doing.

    So much of our world depends on financial transactions being carried out electronically and all of those transactions are based on the trust we place in the institutions and the infrastructure being incorruptible. What this tells us is that those assumptions are completely wrong.

    Leave aside the (relatively minor) issues about personal privacy. I think we all realise that is a lost cause - and was probably always a myth, anyway. But to have one country, and an unaccountable, secret entity within it, that is above (or making) the law able to track, manipulate, corrupt or deny electronic access to funds, destroys the basic foundation of the world-wide commerce system.

    However, if someone was able to use that as their USP, saying: "Look. None of our systems were designed by americans. None of them use american parts. There are no americans in our factories, laboratories, sales or support organisations and we can guarantee that these systems use hardware and security algorithms that have never touched the USA, or it's allies, and are physically and electronically tamper-proof" - then you have something that almost no other country or company can sell.

    The only question that would remain is who do you trust the least? The americans or whoever offers the alternative.

    1. Anonymous Coward
      Anonymous Coward

      Re: No better way to destroy a country's IT business

      the EU agreed to let the USA have access to SWIFT years ago. or is your concern re internal dollar transactions?

      1. Pete 2

        Re: No better way to destroy a country's IT business

        I'm not concerned about the surveillance issues regarding SWIFT - that boat has sailed. In fact it's over the horizon and out of sight by now. Nor am I going to lose sleep about personal privacy: that boat also gone.

        No. The bigger issue is the NSA promises that systems can be hacked "at the speed of light and the implication that the trust we implicitly have in EFT and all other electronic financial tools - even down to reporting share prices - can no longer be guaranteed while the NSA has this capability.

        Traditionally, wars have been about physical confrontation and destruction. Whichever side manages to beat the crap out of the other: they're the winner. That has mutated somewhat into an economic war: whichever side manages to get the other's "fiscal nuts" into a vice and turns the handle: they're the winner. The Cold War might well have been the prototype for this sort of conflict - won not by military means, but by out-producing and bankrupting the adversary.

        If the financial equivalent of sabotage can be developed and deployed - possibly to make electronic transactions involving "enemy" states or their companies unreliable, corrupted ("why was that transfer declined, there are billions in that account?") or too slow - such as by adding 1 millisecond to share dealings, then that is an effective tool of warfare. Unfortunately, we all then stand the risk of becoming collateral damage in a "clean" war, where victims die from economic malaise in their still-standing homes, rather than a bayonet to the guts in a muddy field, thousands of miles away.

    2. Vociferous

      Re: No better way to destroy a country's IT business

      > If the NSA was planning on actively undermining global confidence in american made, or american owned technology companies, they would probably have a strategy that looked a lot like what they're doing.

      You do realize that you are really suggesting that Snowden's leak was a Chinese secret service operation, right?

    3. Hit Snooze
      Meh

      Re: No better way to destroy a country's IT business

      "However, if someone was able to use that as their USP, saying: "Look. None of our systems were designed by americans. None of them use american parts. There are no americans in our factories, laboratories, sales or support organisations and we can guarantee that these systems use hardware and security algorithms that have never touched the USA, or it's allies, and are physically and electronically tamper-proof" - then you have something that almost no other country or company can sell."

      The NSA / CIA would love this. First, nothing gets extremely smart and creative people excited more than thinking of new ways to crack into a "NSA/CIA proof" system. You might as well use a red bullseye for your company logo. Second, it would be a foreign company so no worries of getting on the wrong side of the US law. Win/win for three letter US government agencies!

      The best part is that you are thinking in technical espionage like any engineer would. You do realize that the hottest girl at the Star Trek convention (hot AND knows Klingon, I can't believe my good fortune!1!) who randomly bumped into you and wow, she is interested in you and loves to hear you ramble on about your boring secret tech work, is really a spy? No need for them to hack your systems, by the time your "girlfriend" is done with you, you will have hacked your own systems.

      Same goes for married people. Get them to cheat on their spouse, then blackmail.

      "insert this little bit of code and your significant other will never know about our little secret, we pinky swear"

      Tech geeks = low hanging fruit for spies.

      1. Pete 2

        Re: No better way to destroy a country's IT business

        > First, nothing gets extremely smart and creative people excited ...

        Very true. Now consider this: There are 300 million americans, 500 million in EU countries and 1.2 .... sorry: 1.3 ... err, 1.35 billion chinese. Maybe at present the balance is tipped in favour of the USA due to its predominance and it's ties with Europe. However, over time it's simply an inevitable matter of numbers that there will be more "extremely smart and creative" people inside China than inside America.

        Don't take that as me advocating one side or the other. Just look at the numbers and ask two questions: when will (or did) it happen and what will be (or is) the effect on the west and its ability to out-smart the other guys? I am absolutely convinced that there are high-powered think-tanks working for every major government that are fully engaged on this question, already. I just hope we all manage to come to some sensible conclusions.

        1. DougS Silver badge

          @Pete 2

          The problem with your statement is that if it was true, China, India and Indonesia would have been dominating the Nobel Prizes for decades now.

          It is much more than just numbers, you have to have a support system (education, financial) in place to allow that. China has that now, India is halfway there, Indonesia less so. Beyond that, there is more required, which is harder to define. You can educate someone, and make them smart up to the best their abilities will allow. That doesn't make them creative. You can't teach creativity - or at least we don't know nearly as well how to do that, as we do how to teach people calculus or Spanish.

        2. Hit Snooze

          Re: No better way to destroy a country's IT business

          > Just look at the numbers and ask two questions: when will (or did) it happen and what will be (or is) the effect on the west and its ability to out-smart the other guys?

          It is the classic Cat and Mouse game. One government will come up with a way to get ahead in the rat race, other spy agencies will learn of it before it is implemented or soon after and create their own version plus a defense if possible. There are different leagues of course - USA (Five Eyes), China, Russia, maybe Germany and Israel are (to use USA's baseball lingo) in the Majors while others are in the Minors, and still others are in Little League.

          I am not concerned about which government(s) are spying on me or a business, I was just pointing out that by describing a business as "not touched by Americans so it is secure" is silly since there is more than one way to skin a cat. Unfortunately, we are the cat and we get shaved, waxed, probed, burned, poked in the eye, noses rubbed in urine, etc by every government, bank, and corporation on earth if they are given the chance or have the means.

  14. Chozo
    Devil

    ##Redacted##

    If the bean counters will swallow $600 hammers, $2,500 toilet seats, and $5,000 coffeepots then how much could we say these 'bugged' USB cables cost us?

    1. Maharg

      Re: ##Redacted##

      While I agree with the sentiment, from what I remember reading the hammer didn’t cost $600 it was part of a bulk equipment and spare part purchase brought for a few thousand and the ‘bean counters’ just allocated each item as costing $600 to make things simple, I think the quote went

      “everyone talks about how much that hammer cost, but they don’t mention what a great deal we got on the $600 Jet Engine”

      As for the toilet seat, that was to replace a broken toilet in a submarine that had to be a certain spec (I’m guessing size, weight, noise reduction, etc), as they didn’t make those toilets anymore, , the money wasn’t on just buying a new toilet seat, it was on the R&D of more or less reinvent the toilet seat.

      As for the third item, well you can’t put a price on good coffee.

    2. Vociferous

      Re: ##Redacted##

      > $600 hammers, $2,500 toilet seats, and $5,000 coffeepots

      I'll take "how do you disguise funding for black projects" for $100, Alex.

  15. pierce

    and this was their capabilties in 2007, 5 years ago. thats before the utah data center etc have come online with their zetabyte storage (assuming they've sorted out the power problems they were having this summer)

  16. Robin Bradshaw

    Cottonmouth will stand out like a sore thumb as it will be the only USB cable ever made that actually meets USB specs, unlike the millions of cheap crap chinese cables made with copper plated string that only just barely work. :)

  17. Pen-y-gors Silver badge

    Practical action

    It's time for the EU to retaliate. If it's legal under US law to do anything you like to a foreigner's IT equipment then we do the same - make it legal for any European to do anything they like to an American's IT equipment - no more Gary McKinnon cases then.

    And at the same time make it illegal for anyone to break into European IT networks, and make the employer of any person doing it subject to the same penalties, with an option for seizure of any assets owned by the employer (e.g. US Government) in compensation. And allow for trials in absentia and make it a strict liability offence. Oh yes, and allow for civil prosecutions as well (lower burden of proof)

    But will the wimps in the Council of Ministers do anything practical like this? I suspect not...

    1. Alfred

      Re: Practical action

      "But will the wimps in the Council of Ministers do anything practical like this?"

      Perhaps they're simply better people with higher standards who think that someone being a dickhead doesn't actually magically make being a dickhead acceptable.

    2. Anonymous Coward
      Anonymous Coward

      Re: Practical action

      The original deafening silence from the EU about these leaks make me think they're all at it, or want to be.

      1. Vociferous

        Re: Practical action

        > The original deafening silence from the EU...

        ...is because all western intelligence organizations are joined at the hip, and share information. Anything interesting the US finds out from it's snooping, it shares with it's pals, and of course the other way around. And the sum of all the organizations capabilities is much greater than any individual organizations capability. In short, the EU countries benefit from US snooping, particularly as the EU secret services generally may not spy on their own citizens.

        That's not to say that they don't spy on each other or trust each other. For instance, the French repeatedly warned the USA that they were building the case for WMD's in Iraq on falsified evidence, but the USA ignored them.

        Also, sometimes lines are crossed. The EU is fine with the US snooping on little people, but gets upset when the US snoops on, say, military contract bidding.

    3. Anonymous Coward
      Anonymous Coward

      Re: Practical action

      Rohde+Schwarz (Germany) build a fake base station too for various gov'ts ...

      So they are all at it.

    4. Marketing Hack Silver badge
      Black Helicopters

      Re: Practical action

      The EU council of ministers (or more likely their key members) are complicit. For one, Britain sits on that council of course, guess who gets all this spytech as a part of their membership in the "Fvey" distribution? Look at the bottom of those catalog pages and you will see that the GCHQ has had access to all this gear for awhile. And they probably have their own Tailored Access Operations "account" or attached team at GCHQ facilities.

      And Germany, France, Netherlands, etc. all get bought off with intelligence sharing agreements, so they get many of the benefits of the NSA's skullduggery without actually having to pay for it all.

      Like I said earlier this year, there is a reason that France/Spain/Portugal closed their airspace to Bolivian President Evo Morales' plane on the SUSPICION that Edward Snowden COULD be onboard, and then the Austrians wouldn't let the Morales plane take off until they could search the plane for Snowden.

      Think of it, four European nations, two of which have reputations for being rather indifferent allies of the U.S., acted together to stop the PRESIDENT OF A SOVEREIGN NATION'S DIPLOMATIC CONVEYANCE. When was the last time you saw anything like that done, by anyone?

      Why did they do it? It's because all those nations are beneficiaries of the NSA's snooping, and they don't want Snowden ending the party, because then Europe would have to choose between flying blind without intel or ponying up the monetary and moral costs of replacing the NSA data feed.

  18. GrahamsTenPenneth

    You guys are sooo gullible

    Think about it:

    There are >7 billion people in the world.

    If even a tenth have access to cellphones and computers that's >700million.

    Exactly how many staff do the NSA have to monitor 700million people?

    1,000? 10,000? 100,000?

    Even at 100,000 staff that's one member of staff to monitor 7000 people 24/7/365.

    Using supercomputers to filter down candidates you MAY get that down.

    Heuristic biometric software is not that good, but lets say it is able to filter that down to 10% or even 1% (which is science fiction "universal translator" anyone).

    Can one person monitor 70 people's phone and internet activity constantly all day, all year, day and night?

    Bear in mind this is 100,000 staff (same as the whole of Microsoft) and using estimates of filtering based on 24th century techniques.

    "Person of Interest" is a fantasy TV show, not reality.

    1. Alfred

      Re: You guys are sooo gullible

      You're an idiot with no imagination. If you ever come to their attention, they've got (as suggested in the article) 15 years of data to sift back through. They don't need to watch you constantly. When you come to their attention they pick something from the last 15 years of automated collection of your life to get you with.

      1. GrahamsTenPenneth

        Re: You guys are sooo gullible

        O I have imagination all right.

        I also have worked in the IT industry for the last 20 years, including in biometric, supercomputing , and security fields.

        I current work in financial IT where I look after a great deal of Cisco ASA firewalls.

        I have a good idea what is possible, and this is just another wet dream.

        15 years ago there wasn't the tech to harvest and store this kind of data, nor did the consumer tech exist off which to harvest it.

        Don't you think they would have block this articles release if they have that much IT power?

        The guy would be in prison or dead before this article got out.

        Next you'll say there are aliens walking among us :)

        1. Alfred

          Re: You guys are sooo gullible

          I discount your credentials roughly 80% and consider you to be more of an idiot for relying on credentials to bolster your arguments. I can spout credentials too. Check this:

          I also have worked in the IT industry for the last 30 years, including in biometric, supercomputing , and security fields, and unicorns.

          I current work in financial IT where I look after a great deal of Cisco ASA firewalls, but fior a bigger more important company than you.

          See. Meaningless. You know I made that up. I suspect that you didn't make yours up, but it counts about as much and says heaps about you that you rely on it this way.

          1. GrahamsTenPenneth

            Re: You guys are sooo gullible

            Alfred, I think you are somewhat missing the point.

            The American government actively promoted aliens stories to explain tech created during wartime.

            They are prone to this kind of misinformation.

            I'm not stupid, I can do the maths (the English version, not the American "math")

            I'm saying I'll get a good nights sleep tonight, nooooo problem.

            "You foster parents are dead!"

          2. GrahamsTenPenneth

            Re: You guys are sooo gullible

            Alfred,

            Actually I have to admit to missing your point.

            Hidden gadgets hand installed on machine-manufactured surface mount PCBs, listening to your private conversations from across the world, backdoors to your kettle and fridge.

            It's all made up and meaningless.

            1. Anonymous Coward
              Anonymous Coward

              Re: You guys are sooo gullible

              OK, what about if some of the bandwidth had already been hogged by the NSA, but was transmitting pure noise at the time so no one can tell anything was wrong? Now with the intercept in place, it's now transmitting encrypted data (which would be nigh-indistinguishable from the earlier noise)?

              And we can't rule much out anymore. We KNOW Americans have come up in the past with truly ground-breaking tech (like the F-117 stealth fighter) that was classified "black" (deny it exists). For all we know, the NSA actually already has a working high-quibit quantum computer hidden in the data store in Utah, already using Shor's Algorithm to churn away at all the old encrypted comms it's storing upstairs. They may even know a secret to breaking lattice encryption and many of the other "post-quantum" algos that have been proposed. Plus, one other thing to note is that if they can subvert storage hardware at the firmware level, they may even have an inroad into stealing the pinnacle of encryption: one-time pads.

              1. GrahamsTenPenneth
                Terminator

                Re: You guys are sooo gullible

                "For all we know, the NSA actually already has a working high-quibit quantum computer hidden in the data store in Utah..."

                Yes and they probably have warp drive and a TARDIS in area 51.

                It's not paranoia if they really are after you!

                Do me a favour.

        2. Valeyard

          Re: You guys are sooo gullible

          Oh well since you put it that way it's all fine then, absolutely nothing is wrong at all

          You can give them all YOUR personal data if you want in the belief that security through obscurity is fine, i however believe

          1-i don't care if they can process it (yet) or not. it's my data, hands off

          2-i think they have a bigger budget than your company and smarter people than you to play with it

          1. GrahamsTenPenneth

            Re: You guys are sooo gullible

            Valeyard, I'm also not stupid.

            I don't run Windows and wouldn't have it in my house.

            I also don't have an iPhone or a stupid Windows phone.

            I like to be able to run something which I can see has no vulnerabilities, not something a secretive company tells me I can trust.

            1. Valeyard

              Re: You guys are sooo gullible

              you're on the internet mate, read the bit about undersea cables? use telephones?

              1. GrahamsTenPenneth

                Re: You guys are sooo gullible

                Actually I have had to organise several repairs to the fibre trunks that run under the Atlantic and Indian oceans.

                This costs in the region of a million dollars to organise any work on even a single undersea trunk.

                If they have a L2 hack they would have to send the data somewhere via something else.

                If they are sending the data along the same trunk it would impact the limited bandwidth and stick out like a sore thumb.

                We are talking of a large trunk here so exactly what would carry that data?

                Another 100gig trunk?

                That's a 1 billion dollar operation to construct and lay it.

                All without even a Russian or Chinese satellite seeing it.

            2. Anonymous Coward
              Anonymous Coward

              Re: You guys are sooo gullible

              "I like to be able to run something which I can see has no vulnerabilities, not something a secretive company tells me I can trust."

              Well, if the snoops can subvert actual physical silicon, it's the latter by default unless you can roll your own ICs.

            3. DougS Silver badge

              @GrahamsTenPenneth

              So because you don't have an iPhone or Windows Phone - by which I assume you have an Android - you feel you're safe?

              Too bad the mention of the iPhone pointed out this capabilities list dated from 2007, before the first Android phone existed. Safe to say they have a backdoor into your Android phone, too. But you won't listen, you're probably naive enough to believe that open source = no backdoors. Go google "on trusting trust" and get back to me after you've smashed your undoubtedly bugged phone with a hammer.

    2. NomNomNom

      Re: You guys are sooo gullible

      I work at Burger King at weekends and I can tell you this is no laughing matter

      1. GrahamsTenPenneth

        Re: You guys are sooo gullible

        I think said "Bin Laden" at least 20 times.

        O no I typed it too.

        What's that knock at the door....

        O It's just aliens posing as Jehovah's Witnesses again.

  19. jai

    naming conventions

    good grief! do they really name all their software code in ALL-CAPS???

    Or was that just done in the report to make them sounds more terrifying? Also makes it harder to read the TLAs in the report. Damnit I spent several minutes trying to work out what WISTFULTOLL was an acronym for...

    1. bpfh Silver badge
      Boffin

      Re: naming conventions

      US military code names tend to be in upper case and it avoids confusion as random code names or project names used in a sentence could be taken out of context. For example, in a military/intelligence context, saying "check with Fairview" could mean that you need to check a project, a town, a manual, or a person, but "check with FAIRVIEW" explicitly references a project (in this case a mass telephone/email surveillance project if I believe this page: http://www.laquadrature.net/wiki/Usa_surveillance_tools )

      1. Destroy All Monsters Silver badge
        Trollface

        GOLD JULY BOOJUM

        At least I now have new names for my servers.

        howlermonkey.homelinux.org sound pretty good.

  20. Dodgy Geezer Silver badge

    ...angry words between the NSA, manufacturers and hardware customers – the latter likely to be searching for more secure products....

    If you want to avoid NSA/GCHQ reading your transmissions....

    1 - run like Obama did and don't use computers, use messengers.

    2 - use an old BBC micro that you keep physically secured. Encrypt messages on it using a one-time pad. Only connect to the Internet when you are sending messages, using a separate machine from the one you used for encryption....

    1. Dave 126 Silver badge

      >1 - run like Obama did and don't use computers, use messenger

      Wasn't it the complete absence of a telephone line etc that marked out a house in Abbotsbad as being a contender for Ozzie's hideout?

      1. Anonymous Coward
        Anonymous Coward

        >2- Who's to say any computer since the Apple II wasn't already compromised (probably by hidden tech in the early processors)? They probably also discrete transmit their memory contents through subsonic acoustics, defeating even an air gap. And one-time pads? If it's anything of significant size, how will you keep a pad that size on paper, not lose track of it, and still enter it reliably? And once you store it, it's game over if all the storage tech is subverted.

        1. Destroy All Monsters Silver badge

          run like Obama did

          I think there is some confusion with Forrest Gump here.

  21. Tromos

    All that money and all that effort...

    ...and all we've got to show for it is a Lolcat. At least it's a bloody good one.

    1. This post has been deleted by its author

  22. RyokuMas Silver badge
    Coat

    How dastardly...

    I vote we all switch over to carrier pidgeons. See if we can turn the NSA into something more like this...

    1. Anonymous Coward
      Anonymous Coward

      Re: How dastardly...

      Until the government starts training hawks and falcons...

  23. Boris the Cockroach Silver badge

    The NSA

    Can read this .. actually I doubt they'd bother

    "The NSA can install various nasties on computers due to them being intercepted while being delivered to the customer"

    So that means that your laptop that you got from Dell last week is stuffed full of NSA spying stuff....... maybe .. maybe not.... If you're J.Smith, 2nd line hell desk and part time sys op for a small company not, if you're B.Jones known business partner to a 'bad guy' then yes.

    In any case the reason your brand new laptop starts so slowly is because of all the crapware Dell put on it, not because you are on the NSA watch list.

    1. John Brown (no body) Silver badge

      Re: The NSA

      "In any case the reason your brand new laptop starts so slowly is because of all the crapware Dell put on it, not because you are on the NSA watch list."

      Maybe so, bit least now you KNOW why all that crapware was installed in the first place. How many would bother to remove all of it? Most users will find at least one item potentially useful ;-)

  24. bpfh Silver badge
    Paris Hilton

    Docs or it didn't happen...

    Der Spiegel talks alot about this catalogue... and a lot of sites are linking to Der Spiegel about this catalogue... but I'd like to see the catalogue rather than be talked to about it. Come on, if you are going to drop the dox, go all the way!

    1. Anonymous Coward
      Anonymous Coward

      Re: Docs or it didn't happen...

      Check Cryptome.

      1. Marketing Hack Silver badge

        Re: Docs or it didn't happen...

        Der Spiegel also showed some of the catalog pages in an infographic running with the main story.

  25. Anonymous Coward
    Anonymous Coward

    "If the dossier is to be believed"

    And there's the problem.. Is this truth, NSA misinformation, or just total bullshit made up by someone who thinks Spooks is true to life?

  26. GrahamsTenPenneth

    "Applebaum suggests that those interested should look for samples that use the RC6 block cipher and which emit encrypted UDP traffic."

    If traffic is encrypted it will be TCP.

    An proprietary non-standard cypher which is emitting rare UDP traffic.

    Shouldn't be hard to spot.

    Why would someone disguising traffic using such an easily detectable hack.

    Just means this article is BS.

    1. Anonymous Coward
      Anonymous Coward

      UDP being connectionless, it might be harder to say who was the intended recipient?

      If you don't want to disclose the tap(s) why flag the end point.

      I think we will look back on the initial IPV6 thing as the biggest porting of global data through untrusted relays ever.

      Most people use it without a second thought, even those who turn it off I'm sure are passing data in ways we don't yet understand while they feel safe that they have a expensive IPV4 firewall that doesn't even inspect the tunnel.

      Even the handshaking and negotiating of scope may be more than it appears.

      I see your previous point about the PCB's, very low tech stuff but then if I want to deploy many thousands in the hope one or two are useful, there is something to be said for paying only pennies for additional "normal looking stuff" in the boxes. If you want to get fancy make pin compatible PCB components that replace some SMD chips, quick rework and that visually indistinguishable BGA package could be something quite a bit different to it's base function, hell on dual video laptops use the "inactive" video card for something interesting.

      What is possible is only limited by the imagination, we may take it on trust that it is not "sensible or justified" probably with a sound commercial head on, but since when has black book spending been limited by sensible or justified?

    2. Destroy All Monsters Silver badge

      If traffic is encrypted it will be TCP

      LOLWHAT

    3. Androgynous Cupboard Silver badge

      Graham the blind squirrel finds a nut...

      Graham, you've got some odd opinions.

      RC6 is not proprietary, it's algorithm is public. It's even on Wikipedia. Encryption can be applied to UDP or TCP equally, and in fact a block cipher lends itself fairly easily to UDP - although I have to admit UDP is an odd choice, as the strength of a block cipher comes from block chaining which isn't viable with UDP (lose one packet in the middle and you lose the ability to decrypt the rest). How amusing if the NSA were not doing this, intercept enough of their traffic and search for a plaintext crib and you could find their key...

      Identifying a UDP packet encrypted with RC6 is not easily detectable: it is, in fact, impossible on the wire, as it will look like a packet with noise in it. Because of the encryption, you see. Identifying the cipher used to create the noise is statistically impossible for any well functioning cipher, almost by definiton really. To identify the use of RC6 you would need to disassemble the code generating the packets and identify the algorithm by it's "footprint".

      However in all your bluster you've asked one very interesting question: if you're tapping an undersea fibre to copy all the data, where do you route this data? On the same fibre? This implies complicity from the backbone provider, and in that case why bother to hack it in the first place? Or do they lay another cable out?

      1. Anonymous Coward
        Anonymous Coward

        Re: Graham the blind squirrel finds a nut...

        Or they'd been preparing in advance by shuttling noise down the line for some time, then using the "noise channel" as a backhaul once the tap is in place.

      2. Tom Chiverton 1

        Re: Graham the blind squirrel finds a nut...

        " This implies complicity from the backbone provider, and in that case why bother to hack it in the first place?"

        I don't see why. The NSA (via a suitable front) rents some space on the fibre, same as any other tier one...

        1. GrahamsTenPenneth
          Big Brother

          Re: Graham the blind squirrel finds a nut...

          OK it was my mistake to apply a bit of rationality and logic to the rather derivative claims in the original article.

          Some people want to be afraid it seems.

          Orwell would be proud.

          1. Matt Bryant Silver badge
            Thumb Up

            Re: GrahamTenPenneth Re: Graham the blind squirrel finds a nut...

            "....Some people want to be afraid it seems....." It seems some people are just desperate to imagine that they are interesting enough for other people to actually want to eavesdrop on them, it would so bruise their fragile egos to be told they are of zero interest to the NSA or GCHQ.

      3. GrahamsTenPenneth

        Re: Graham the blind squirrel finds a nut...

        "RC6 is not proprietary, it's algorithm is public. It's even on Wikipedia. "

        "It is a proprietary algorithm, patented by RSA Security."

        "RC6 is a patented encryption algorithm (U.S. Patent 5,724,428 and U.S. Patent 5,835,600)."

        - wikipedia

        "as it will look like a packet with noise in it. "

        So we look for UDP packets with "noise", which are obviously the bulk of the internet traffic!

        Thanks for making my points.

    4. Anonymous Coward
      Stop

      "If traffic is encrypted it will be TCP."

      You, sir, are full of it.

      1. GrahamsTenPenneth

        I was pointing out that encrypted traffic is generally over TCP, not that not is not possible to encrypt UDP traffic.

  27. croc

    September 11 2001 is a day that will go down in infamy.

  28. Anonymous Coward
    Anonymous Coward

    Who actually makes all this stuff?

    Have NSA/GCHQ collected the finest engineers of the age? Dose it take genius?

    1. Destroy All Monsters Silver badge

      Re: Who actually makes all this stuff?

      MWAHAHA! World domination.

      Maybe they already have full AIs in their cellars.

      But yeah, we need to find actual instances of this GOODSTUFF.

      1. Anonymous Coward
        Anonymous Coward

        Re: Who actually makes all this stuff?

        Obviously, I'm not going to be a part of that: I can't even spell "does!"

  29. GrahamsTenPenneth

    There are 10 types of people in the world...

    We've heard it all before.

  30. Andy 70

    the tech equivilent of run for the hills?

    maybe it's time to un-mothball the ol' amiga 3000...

    an ancient relic of a more civilized age....

  31. Tom 13

    Well, that settles it, I'm safe.

    I might be worth $10K to take out a contract with a mob hit guy, but there's not way to justify spending $200,000 to get little old me.

    Seriously people: read the numbers do some thinking. At the cost per op to use any of these gadgets it has to be reviewed at multiple layers in the government agency. Which means they aren't trawling for ordinary people. Ordinary people might accidentally get caught up in it and that will be bad for them. But ordinary people are always getting caught up in bad things big _______ are involved in. That blank can be filled in with governments, businesses, drug deals, terrorism, or labor unions.

    1. Marketing Hack Silver badge
      Boffin

      Re: Well, that settles it, I'm safe.

      You could be within 3 hops of somebody who knows a designated "bad guy". Or you could join an activist organization that the Five Eyes have targeted, perhaps because you strongly believe that snooping is wrong. Or you could end up with gray market gear that the Five Eyes have already compromised. Or you or someone close to you could be the new paramour of a Five Eyes employees ex-squeeze, and he's the jealous type. Or the NSA & friends can continue to develop new capabilities thanks to Moore's law, and it gets cheap enough to snoop that it's worth spending more effort looking at you in particular.

    2. Don Jefe

      Re: Well, that settles it, I'm safe.

      It isn't a question of targeting regular people, it's about collecting and storing data to be used after a target has been identified. You're correct that the costs of targeted mass surveillance would be extreme, but those costs aren't present when you're just collecting everything.

      The assumption you might do something bad one day is in direct opposition to a democracy, a government of the people. This is no different than stockpiling weapons you migh use one day, but in the case of US and UK surveillance it's weapons to be used against their own people. It's bullshit.

  32. Anonymous Coward
    Anonymous Coward

    i find al this a tad amusing, I actually couldn't give a rats arse what government agency is doing to monitor me, just so long as that information is NOT sold to some of the biggest scum-bag corporations of this wonderful world.

    its an interesting debate though, I mean on one hand we have our privacy an on the other the potential to stop harm to some/all of us.

    I don't think there is a clear answer to this as there are big benefits to both ways of looking at it and there are big pitfalls as well.

    Tell you want though, the information gained via store loyalty / club cards can be used to a much more personal and invasive level than anything the government slurps up, assuming your not putting yourself out there as some neo-Nazi terrorist that is!

    Wouldn't it be wrong for say, a big supermarket to analyse your spending patterns and statistically determine your ....lets say Gay, then use facial recognition to link your picture to your Purchases and then to sell the whole dam lot to anyone who wants to pay for it, scary and yet true...

    1. Destroy All Monsters Silver badge

      Is this a new variant of "I have noting to hide, so I have nothing to fear"?

      Charming, charming.

      1. Destroy All Monsters Silver badge

        In a nutshell. Not i'ts not big corporations and weak copyright.

        Interview with NSA Whistleblower Bill Binney: Afraid We’re Spreading Secret Government Around World

        The FBI, Drug Enforcement Agency, and law enforcement, along with the NSA, are collecting information on Americans and then using that information to arrest people. “Parallel construction” is then used to “fabricate evidence” that is substituted with evidence that is subsequently collected legally and through mechanisms that have traditionally been an accepted part of criminal investigations.

        In former senior NSA employee and whistleblower William Binney’s view, this is the “real problem.” It is occurring without a warrant and they can bring this information into court. He calls it the “planned program perjury policy right out of the Department of Justice.”

        ...

        Finally, in his opinion, data on US citizens needs to stop being collected indiscriminately. How law enforcement uses this data needs to be addressed.

        “They’re all talking about NSA analysts and to me that’s not the real threat. The real threat comes from those other people, who can come at you with guns and put you in a prison and take you off without due process.”

        Enjoy your comfy sofa, gently lulled by the TV, chuckling to yourself.

    2. Don Jefe

      I must congratulate you AC, for your truly stunning leap across the wall of logic and straight into the moat of lunacy. Congratulations!

      1. amanfromMars 1 Silver badge

        If you Well Swim All is OK in Darker Web Ventures

        Congratulations ,.... and Welcome, D J?;-)

    3. Anonymous Coward
      Anonymous Coward

      you know its not as far fetched as you make out, the supermarket club card thing. speaking from the inside things like this are done and are planned to be much more in your face in the future.

      statistical analysis of customers doesn't always work but it is alarmingly accurate and facial recognition is already in the pipe line and in some cases already being used, you may laugh now but don't be surprised to find this being used a lot in the future, the AC is right, id never recommend a club/loyalty card to anyone.

  33. Matt Bryant Silver badge
    Stop

    Alarmist much?

    WTF was that last bit of bleating in the second and last paragraph? ".....one wonders how much kit is out there on eBay and with dealers that still contains examples of ANT's intrusive craft....." I'd say the likely hood is very small to nonexistent, for three very good reasons. As you grudgingly admitted earlier in the article - ".....most of these techniques are used against highly targeted individuals rather than everyone en mass...." - which means there is very little of this high-tech spying going on in the first place; it is being done against the type of people that most likely do not put their old kit on eBay; and the NSA and GCHQ both have a policy of collecting up kit when they can. But I suppose that doesn't fit with the aim of stirring the herd into a frenzy?

    1. BlueGreen

      Re: Alarmist much? @Plump & Bleaty

      Hoy lambchop, your grasp of facts is shaky but your understanding of human nature is truly negligable. Two words: power corrupts.

      I repeat, you are the biggest, fattest, bleatiest sheep around as well as being most ill-mannered.

      I also notice you've still not replied to my posts on the other thread (any reason for that?), get back there and leave the people here alone.

      Signed, BlueGreenLyingLoser (I shall treasure your new nickname for me once I've picked the grass, ticks and sheep droppings off it)

      1. Matt Bryant Silver badge
        FAIL

        Re: LyingLoser Re: Alarmist much? @Plump & Bleaty

        "...... power corrupts....." What, was that supposed to be some form of deep insight? I note you are unable to even discuss the three points i raised, let alone debate them. Face it, Loser, your daft bleating would be a lot more convincing if you hadn't destroyed any credibility in the idea that you had been any closer to power than your Mom's electricity bill. In answer to every argument you do nothing more than childishly rebleat canned buzzphrases, if that is you even manage to mount any form of reply. You insist on posting knee jerk drivel in any forum I post in, mindlessly taking an opposing view for no other reason than you just can't get over being proven wrong so often. Please take your failure elsewhere as it has passed from mildly amusing to become a tragic display of inept and unquestioning groupthink. You're probably even beginning to embarrass the other sheeple.

        1. BlueGreen

          Re: LyingLoser Alarmist much? @Plump & Bleaty

          > "...... power corrupts....." What, was that supposed to be some form of deep insight?

          Not particularly deep, but accurate and with predictive power. That you don't recognise this (along with other 'deep' insights such as "They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither") makes my point perfectly - you have minimal grasp of human nature.

          > unable to even discuss the three points i raised

          Why should I debate with someone to whom twisting facts, making unsubstantiated claims or simply denying what's inconvenient are acceptable tactics?

          > Face it, Loser, your daft bleating [...] embarrass the other sheeple.

          MBZCC

          Get back to the other thread and answer the questions and post the references required, lambchop.

          1. Matt Bryant Silver badge
            Happy

            Re: LyingLoser Alarmist much? @Plump & Bleaty

            ".....Not particularly deep, but accurate and with predictive power......" LOL, what a cop out! Following your own warped logic (and ignoring people come in all shapes and sizes and have different morals, egos and motivators), you would have to assume ANY person that gets into power is therefore guaranteed to inevitably go off the rails and become a power-crazed crook. Which of course leaves the only option as a complete dismantling of society (society is the root of power and of politics) so we can avoid any chance of such corruption. So you'll be off to live in your bunker in the hills in Montana then, I assume? Fail!

            "....That you don't recognise this....you have minimal grasp of human nature....." What I recognise is that you cannot actually argue the points, just rebleat soundbites and buzzphrases. I assume this is because you are the one with no understanding of human nature, probably through limited interaction with actual adults.

            "....Why should I debate with someone to whom twisting facts, making unsubstantiated claims or simply denying what's inconvenient are acceptable tactics?...." So you can't debate the points raised. Just admit it, it will save a lot of time and stop you looking so silly for you to just be honest for a change.

            "....Get back to the other thread....." Aw, are you hurting from losing so badly in this thread too? I would have thought you'd be used to it by now. ROFLMAO!

            1. Anonymous Coward
              Anonymous Coward

              Re: LyingLoser Alarmist much? @Plump & Bleaty

              "Following your own warped logic (and ignoring people come in all shapes and sizes and have different morals, egos and motivators), you would have to assume ANY person that gets into power is therefore guaranteed to inevitably go off the rails and become a power-crazed crook."

              History DOES seem to indicate this to be the eventual result of ANY civilization: eventually, the power gravitates like a black hole until it starts to become a black hole: collapsing in on itself. Thing is, anarchy doesn't usually follow because a rival power usually fills the vacuum pretty quickly. The end result is either a repressive, power-hungry regime (like China and the Soviet Union) or a splintering followed by a shuffle of power, from which things start up again (like the Dark Ages).

              Sure, you can have moments of enlightenment, but they are few and far between, and without an occasional influx of fresh enlightenment, natural human instinct begins to decay at the foundations.

            2. BlueGreen

              Re: LyingLoser Alarmist much? @Plump & Bleaty

              > you would have to assume ANY person that gets into power is therefore guaranteed to inevitably go off the rails and become a power-crazed crook

              Comparing the number of benevolent to tyrannical dictatorships in the world, which is the greater, plumps? You still don't get it, lambchop, but Farmer Knows Best eh.

              > Which of course leaves the only option as a complete dismantling of society [...] so we can avoid any chance of such corruption

              society <> government, lambkins, even if one can arise from the other.

              > What I recognise is [...] with actual adults. & So you can't [...] for a change.

              MBZCC x 2.

              > So you'll be off to live in your bunker in the hills in Montana then, I assume? Fail!

              <giggle> Not very observant are you.

              > Aw, are you hurting from losing so badly in this thread too?

              :-)

              1. Matt Bryant Silver badge
                FAIL

                Re: Pitiful LyingLoser Alarmist much? @Plump & Bleaty

                "....Comparing the number of benevolent to tyrannical dictatorships in the world...." Why the World, why not simply just look at Europe? By your insistance, EVERY state in the EU just must be a dictatorship rather than a functioning democracy, right? So, Germany doesn't have an elective democracy? Hmm, but it does. Same goes for France, Belgium, Spain, Italy, Ireland, Denmark - oops, I don't seem to be able to find any undemocratic dictators in Europe, despite your insistance that they MUST be there. Oh, was that your whole argument going down the pan?

                ".... You still don't get it...." It is very obvious that you are incapable of "getting it", you simple prefer to give in to irrational fear. I pity you.

                1. BlueGreen

                  Re: Pitiful LyingLoser Alarmist much? @Plump & Bleaty

                  I can't consider a government to be properly democratic when they build sophisticated and comprehensive interception into the web and try their best to conceal it from the populace (very successfully until recently too). The people need to have some idea of what's going on so they can choose alternatives. So IMO it's not a true democracy. But it's reassuring for bleaty conformist sheepies like you, right?

                  The point about power corrupts - read this carefully, I'm going to spell it out for you - is that this interception is a kind of power and this power will be subverted from 'finding terrorists' to 'finding violent criminals and peedos' to ''finding domestic criminals' to 'trawling for potential criminal behaviour' to 'trawling for political dissent'. That's what you don't 'get'. That's what you'll never 'get', I think.

                  BTW that's what will happen in our & other western countries. Any idea how quickly they'll reach the final stage in repressive regimes e.g. china?

                  1. Matt Bryant Silver badge
                    FAIL

                    Re: Pitiful LyingLoser Alarmist much? @Plump & Bleaty

                    "I can't consider a government to be properly democratic when they build sophisticated and comprehensive interception into the web...." All you are doing is demonstrating that you do not understand what democratic means - it is not a government that reflects the views and actions you alone feel right but the will of the majority, nothing to do with "interception". And it is very clear from the article they are not building interception "into the Web" but into a very small and targeted set of individuals. Try READING the article before bleating.

                    ".....The people need to have some idea of what's going on so they can choose alternatives....." What you just can't get your noodle round is that your fantasy viewpoint is firmly in the tiny minority, otherwise the irate mobs would be storming Number 10 and Whitehall and demanding GCHQ was burnt to the ground. And as for "some idea of what's going on", the fact is there were plenty of us with a clue (so not including you) that found Snowden's "revelations" as just mildly interesting, having seen plenty of evidence over the years. It's not my fault if you lived with your head in the sand.

                    ".....this interception is a kind of power and this power will be subverted from 'finding terrorists' to 'finding violent criminals and peedos' to ''finding domestic criminals' to 'trawling for potential criminal behaviour' to 'trawling for political dissent'....." Really? Except the "interceptions" (mainly just metadata collection, actually, not interceptions) have been going on for YEARS and there has not been one single incident of what you are insisting (based solely on your shrieking paranoia) should have been well evident by now. The reason it's not evident is because it only exists in the dim and dark recesses of the tiny minds of easily-led sheeple like you.

                    "....BTW that's what will happen in our & other western countries...." And your evidence for this is.... Oh, what a surprise, you have SFA evidence to back up that piece of fear-induced fantasy. Get a grip, get a clue, and get over yourself, you're simply not of any interest to ANYONE.

                    1. Charles 9 Silver badge

                      Re: Pitiful LyingLoser Alarmist much? @Plump & Bleaty

                      ""I can't consider a government to be properly democratic when they build sophisticated and comprehensive interception into the web...." All you are doing is demonstrating that you do not understand what democratic means - it is not a government that reflects the views and actions you alone feel right but the will of the majority, nothing to do with "interception". And it is very clear from the article they are not building interception "into the Web" but into a very small and targeted set of individuals. Try READING the article before bleating."

                      ANY government made by man will, because of human instinct, repress SOMEONE by virtue of some concentration of power. Even a pure democracy introduces "tyranny of the majority". And as we've seen, republics and other representative governments limit the number of people powerful interests need to corrupt to get things done. Smaller oligarchies magnify that issue, and for a government of one...well, Machiavelli wrote a lot about that. In fact, a lack of government (anarchy) would inevitably result in a "survival of the fittest" scenario: itself repressive.

                      "".....The people need to have some idea of what's going on so they can choose alternatives....." What you just can't get your noodle round is that your fantasy viewpoint is firmly in the tiny minority, otherwise the irate mobs would be storming Number 10 and Whitehall and demanding GCHQ was burnt to the ground. And as for "some idea of what's going on", the fact is there were plenty of us with a clue (so not including you) that found Snowden's "revelations" as just mildly interesting, having seen plenty of evidence over the years. It's not my fault if you lived with your head in the sand."

                      Ever heard the phrase "bread and circuses". Sure, some of us are onto the idea, but NOT ENOUGH. It's one smart vote vs. ten dumb votes. The average person lacks the kind of mind capable of CARING about the loss of their own liberties and so on.

                      "".....this interception is a kind of power and this power will be subverted from 'finding terrorists' to 'finding violent criminals and peedos' to ''finding domestic criminals' to 'trawling for potential criminal behaviour' to 'trawling for political dissent'....." Really? Except the "interceptions" (mainly just metadata collection, actually, not interceptions) have been going on for YEARS and there has not been one single incident of what you are insisting (based solely on your shrieking paranoia) should have been well evident by now. The reason it's not evident is because it only exists in the dim and dark recesses of the tiny minds of easily-led sheeple like you."

                      Have you ever read 1984? Ever thought that when they want you gone, it won't be a public arrest in the street but rather you just vanish and become among the untold numbers simply "missing"?

                      "....BTW that's what will happen in our & other western countries...." And your evidence for this is.... Oh, what a surprise, you have SFA evidence to back up that piece of fear-induced fantasy. Get a grip, get a clue, and get over yourself, you're simply not of any interest to ANYONE.

                      Name ONE country that has maintained the same governmental structure and stability for more than 500 years (no changeovers of power between groups, no dynasty changes or the like). The United States is too young to qualify, England had a brief time without a kind almost 400 years ago, and Russia and China had Communist revolutions just in the last century. Inevitably, the gravitation of power combined with human instinct causes things to tip past the comfort zone. If it tips pretty early, you end up with minor upheavals that require reforms and the like to fix; on the outside, you may end up with something like a regime change. If the discontent builds too high, though, you either collapse into totalitarian regimes that squelch rebellion quick as a rule or breakups and shakeups that result in multiple new lands that split the power and start the cycle again.

                      1. Matt Bryant Silver badge

                        Re: Pitiful LyingLoser Alarmist much? @Plump & Bleaty

                        ".....ANY government made by man will, because of human instinct, repress SOMEONE by virtue of some concentration of power....." So who is being repressed here? No-one, it's just in your fear-induced fantasies.

  34. Sean Timarco Baggaley
    Flame

    Am I the only person who understands the meaning of a certain three-letter word?

    The NSA, CIA and their ilk are SPY agencies!

    Spies.

    What makes you think the NSA or CIA (etc.) don't have agents inside these companies? It's a lot easier to find flaws in software or firmware when you can actually read the commented source code!

    It also means that it matters not one whit whether WD, HP, etc. are "aware" of any shenanigans as one of the golden rules of being a successful spy is that nobody knows you are one! All it would take is to install / bribe one or two employees in the right positions within each company and you're golden. Nobody else in the company would even know.

    Microsoft had (at last count) over 100000 employees. Even HP and Dell have thousands of employees spread all over the world. And, of course, the rise in outsourcing will have helped immensely as a single, well-placed spy in the right outsourcing company could give you any number of businesses on a plate.

    They're spy agencies! Spying is what these people do for a living. All day. All night. All the time. They're spying. Get it? What the blue blazes did you all think those thousands of spies actually do all day? Iron shirts? Mend wooden horses? What?

    Jesus Horatio Fogharty Christ on a flying fuckstick. This is a bloody IT website. You're supposed to be intelligent* readers! Even allowing for the intelligence-battering effects of the Internet, I can't seriously be the only one who wasn't even remotely surprised by any of these so-called "revelations"?

    * (Clearly for very small values of "intelligent".)

  35. Tom Chiverton 1

    Anyone else want to ask their IT equipment maker of choice if they've fixed the holes since 2008 ?

    I've started https://twitter.com/thefalken/status/418054762936799233 :-)

  36. Anonymous Coward
    Anonymous Coward

    China protecting its own?

    Perhaps this is the true use of the "Great Firewall of China", not restricting its citizens' access to the rest of the world, but restricting the rest of the world's access to Chinese data. Hell, perhaps we're the ones with the filtered access, not them!

  37. Flyberius
    Thumb Up

    I sense I will be voted down greatly for this. But whatever. This topic garners such one sided comments.

    We have spies! Proper freakin' spies. Clandestine operations and uber hacking on our behalf.

    I'm young, stupid and know no better, clearly, but as far as I know they haven't hurt me.

    So I'm happy to have an actual 'Q' (the newer younger one) on my side. So what if he can see my filthy porn habits, sees who I am stalking on facebook and knows which political parties I hate. I'm a mere statistic in a grand cyber war and probably a very typical and uninteresting statistic at that.

    I don't know how Hari Seldon is going to get his plan together without some good old fashioned data points.

    1. Marketing Hack Silver badge

      @Flyberius

      I think people like myself are worked up because

      A) we've been lied to repeatedly by the NSA & friends,

      B) we're wondering why they are keeping our data, when most of us are honest citizen types

      C) the NSA in particular is supposed to protect American IT networks, but obviously they would rather hoard vulnerabilities for later use

      D) the NSA is using its dual responsibility to vet IT security to insert new vulnerabilities into networks and gear.

      E) So far, the U.S. government doesn't seem to want to stop C & D

      F) The NSA & friends tactics are even more damaging to IT security than any black hat hacker group

      G) Their dirty tricks are making it out into the wild now

      H) Their actions are costing "the West" a lot of moral standing internationally

      I) Some of there uses of money seem pretty ridiculous, e.g. watching Second Life for jihadis

      J) They are watching NGOs, academics, everyone

      K) NSA buddies at GCHQ seem in particular to view their role in public civil liberty debate as being the umpires and timekeepers

      L) Blowback from their antics puts a lot of good companies and people's livelihoods at risk

      L) And we as taxpayers get to pay for it all

      There's more I could say, but have a downvote on me instead.

      1. Anonymous Coward
        Anonymous Coward

        Re: @Flyberius

        Buw now ask yourself, "If not them, then WHO?" Because SOMEONE will own you, full stop. If not the NSA, then their Chinese or Russian counterparts. Who would you rather have see your details and link to whomever on a whim? Because they don't want to be one to explain they weren't watching the perfect sleeper agent until it was too late.

        1. Marketing Hack Silver badge

          Re: @Flyberius

          @AC

          I don't think anybody here really disagrees with the idea that there is a need for spies and surveillance in the world, GIVEN THE RIGHT CIRCUMSTANCES. These aren't those circumstances.

          As for getting owned by someone, sure, that happens. I however cling to the romantic notion that my government should help me to not get owned, instead of owning me themselves or putting more vulnerabilitiesout there so others can own me.

  38. Anonymous Coward
    Anonymous Coward

    How is the NSA intercepting deliveries? Are Amazon and UPS complicit? The old wink and nod? Is this why the Christmas deliveries of so many Americans were delayed this year? Too many tablets in the mail?

    1. Anonymous Coward
      Anonymous Coward

      Wink, nod, and a threat of a trip to Gitmo, perhaps. Don't forget the stick as well as the carrot.

  39. henrydddd

    If anyone believes that the NSA is just trying to catch so called terrorists is a pretty stupid individual. It is only a matter of time before this spying is going to be used to catch enemies of the state such as people who disagree with what the government is doing. It might already be to late to stop these police state tactics.

  40. Breen Whitman

    At least it makes US drone attacks easier

    Combined with Google location data, the NSA would have no problem launching drone attacks on Kim Dotcom, US citizens that criticize their president, UK citizens etc.

    With the correct routers directing traffic to server, that could automatically launch the drone attack based on Google Location and NSA/Google algorithms.

  41. Nathan 13

    And we wonder why

    So many people hate the US/UK governments.

    Both countries people can only be pushed so far before a backlash will occur that the authorities will underestimate!!

  42. chrisp1141

    Privacy is more important now than ever before. We may not be able to hide from the NSA, but we can stop using sites like Facebook and Google. Just think about it. If you care so much about your privacy, if you are outraged by all of the NSA spying, then WHY are you using facebook and google. Those companies are just as bad, if not worse, than the NSA. This is why I advocate using privacy-based sites such as DuckDuckGo, Ravetree, HushMail, etc.

  43. Anonymous Coward
    Anonymous Coward

    Back Doors

    They probably just have people they planted at all these tech companies that make the back doors part of the code. Then the company comes back and says to the same person, are there any back doors? Nope - no one here but us chickens.

  44. We're all in it together

    Humans distrusting humans

    Been happening since the year dot. These days it's mixed in with power and control and nasty weapons that can end the planet. But essentially there's nothing we can say or do that will change it. And on that note:-

    "Happy New year to everyone at the NSA and GCHQ"

    There you go. Didn't have to email them.

  45. GrahamsTenPenneth
    Black Helicopters

    I have a question....

    Do you know of anyone who has been affected by this surveillance?

    Anyone at all?

    The NSA do know how many times you masturbate, you know.

    If they see a change in your frequency and delivery an alarm goes off and they send the men in black.

    ...with a some porn mags

  46. Anonymous Coward
    Anonymous Coward

    Electronic privacy is dead. There's no putting the genie back in the bottle. If you want private communications speak with someone face to face or send a letter (if they're not intercepting those as well).

    1. Anonymous Coward
      Anonymous Coward

      Post Office is almost certainly giving letters the once-over, probably with lights and other gear in an attempt to ascertain the contents.

      As for face to face, that's where ubiquitous surveillance cameras (not all public, but all accessible to The Law) and, at a stretch, aerial and satellite surveillance come in. Then there's the matter of those tiny mics they're developing to "detect gunshots" and the like...

  47. joe K 1

    The big picture

    Its funny how people are petrified about rogue NSA elements, for whatever reason hacking the average Joe's machine to install illicit material that he can be subsequently prosecuted in a bon fide court system for. Without acknowledging that Microsoft could do the same. Or Google. Or your building management agency. Or your work IT guy. Or your wife. Or your best friend. Or your frustrated teenage son.

    This discussion thread is fascinating, but its irritating to read weakly founded paranoid scenarios about how the govt can get you if they chose to. Seriously, if they want you out of the way, all it takes is a sliced brake fluid line. And if it's about blackmail, it's an over simplistic scenario to assume that only the govt would consider doing it. Very few people have genuine need to be concerned about governments hacking their electronic communications. And they can find other ways to go about their business. For the rest of us, its your responsibility to make educated judgment calls - while remembering that you're more likely to be killed by a drunk driver than falsely accused by the NSA. I estimated that last fact, but I'm happy enough believing it.

  48. Anonymous Coward
    Anonymous Coward

    Yo Ho Ho !!!

    What a farking xmas pressie. Think of all those lucrative contracts for making stuff supposedly secure, secure again! Who the hell is going to believe the new stuff is secure now, cans and worms keep coming :P Dovregubben

  49. JaitcH

    The Malaysian-Singapore-VietNam Cable has been down since before Christmas ...

    so I wonder if it was NSA/GCHQ at work again?

    VietNam also feeds InterNet to Kampuchea/Cambodia and Laos.

    Fortunately my office has an unauthorised satellite InterNet feed to/from HongKong ... all uncensored.

  50. Bruce Ordway

    The focus of attention.

    Religious beliefs, political affiliations and disputes will always draw someones attention.

    It is disturbing to hear of the ease with which an interested party can collect, use or expose my details

  51. dssf

    Nauseating, but not surprising...

    I like the name "IRATEMONK", inventive...

    As for HOWLERMONKEY, I months ago became suspicious of those little RJ-45 ports at the tables in SFPL. IT just put them there, with no notices to the users, as if we're supposed to use them instead of the ones already in the tables' midsections.

    As for:

    " And if that fails, agents can simply intercept your hardware deliveries from Amazon to install hidden gadgets that rat you out via radio communications "

    this, I suspected months or years ago. After all, in the early and mid-90s, gangs were stealing mobos from trucking shipments. Probably they came up with the idea unilaterally or were inspired, and maybe they inspired the NSA and other groups. But, then, mobile vehicle tracking came along. I wonder when THOSE devices were modded. I would imagine, though, that FEDEX, AIRBORN, EMORY, UPS, and numerous carriers of the time and of today had or still have no idea when their fleet vehicles are being diverted, shunted, delayed, penetrated, or even outright replaced (maybe the cab, too?, but the personal effects transferred) when certain high-value shipments needed/need to be tampered with.

    Years ago, I used to posit ideas like this, and time after time, people snarled that I was looney. FUCK, if reality doesn't come along and bite THEM in their asses. I hope some of them sit over a mug of draft and say, "Say, remember that daft guy who had all these ideas?" Well, some of them I cannot recall, but, it's funny and frightening to see this shit in the headlines. Vindication and vomitus stirring in the same pot and pit.

    Now, this'll just end up in movies, or in more movies.

    BTW, get around to watching a HK cop-thriller about a financial irregularities unit spying on crims manipulating the HK stocks. They get found out by another security apparatus, and the baddies, too, find out. All hell breaks loose in sophisticated yet brutal HK film manner, and it is utterly devastating to the cops who thought they'd take a dip and skim off the top. The best part was when I heard one character tell another that even removing the phone's battery would not stop it from remote manipulation -- that the phones usually havve a second, hidden battery, and that the phone needed to be drowned out by loud music and EM, or put in a securing box. Of course, it ratcheted up the stakes in the film, to make the cops have to physically access the room needing to be surveilled. And, that movie was out around 2007 or 2009, and I only saw it around 2008 or 2011. Overheard 2 is not as great, from what I read.

    Net result of all this may be public desensitization and blitheness overall. Who knows? But, it should make it easy for some creative screenwriters to get really on the fringe of imagination and make even more tense and intense viewing moments. Well, assuming the reviewers and censors don't force them to drop such scenes on the cutting room floor/digidal dust bin.

    Of course, all this I write, and most of us write, could be on virtual/honeynet servers, and that we're so well monitored that no matter what machine we try to find our postings on, we'll be served up on a silver platter to... Ourselves.

    All this makes me even more disappointed in writing to friends in places such as SK, where some messages never seem to be replied to, or replied to DAYS after, and some message replied in person with "I never saw it... I looked, and never saw it..."

    Once, in Shanghai, last year, someone in the apartment bloc got between me and and a SK-situated friend, taunting me. My SK-based friend said it wasn't him, and it was quite unsetteling, unleasing all variety of "If for just two minutes I were a god, what malevolent violence I'd unleash upon any and all related to this moment's intrusion" feelings.

    So, some of the public will be desensitized, and some will be sent into circular fury, with little room to vent. Such will be worse than the terrorists these programs are meant to derail. Unfortunate, nerve-wracking, and, well, unfortunate... Circular Terror might become a new buzzword.

  52. Mark Major
    WTF?

    SEASONEDMOTH ?

    IRATEMONK ? COTTONMOUTH ? RAGEMASTER ? MONKEYCALANDER ? DROPOUTJEEP ? HOWLERMONKEY ? GODSURGE ? DEITYBOUNCE ?

    If this were April 1st, I'd laugh!

    I wonder if they really use these code-names internally? Their meetings must largely consist of, "Maybe we could use... errr.... ummm..... you know, THINGUMYWOTSIT.... errr, MONKEYBALLS... no, that's not it. Ummmm..... OWLHERITAGE??? You know, the one that intercepts the mobile phone signals!!?"

    1. Charles 9 Silver badge

      Re: SEASONEDMOTH ?

      Yes, they do. Acronyms and initialisms are SOP for the US DoD. For one thing, it reduces chatter. For another, as another poster noted, it makes textual communication more precise. Both objectives are militarily significant.

      1. GrahamsTenPenneth

        Re: SEASONEDMOTH ?

        I have created a new hack.

        It's a virus which is uploaded to the firmware of your keyboard.

        It relays your key presses to a central server via your internet connection so what you typed can be processed and rated for truthfullness.

        I named it BULLSHIT.

  53. Sanctimonious Prick

    Spot The Hacking

    British detectives have analysed mobile phone records of the men who are believed to be members of a burglary gang preying on tourists in the Algarve beach resort town of Praia da Luz around the time Madeleine vanished.

    The police have tracked a high volume of calls between the three men in the hours after Madeleine was reported missing from the holiday apartment rented by her parents, Kate and Gerry McCann.

    from

    http://www.couriermail.com.au/news/world/uk-police-say-gang-of-thieves-snatched-madeleine-mccann-in-a-burglary-gone-wrong/story-fnihsmjt-1226795304615

    Considering Portugal isn't being very cooperative, I wonder how they got those records, hmm???

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020