"flexed their full remote access control over infected machines only for high value targets."
Which recent history has shown to be anything/one that is not NSA.
The US National Security Agency (NSA) infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades – all according to an analysis by Kaspersky Labs. The campaign infected possibly tens of thousands of Windows computers in telecommunications …
Apparently not Microsoft Windows either. Well, I guess Microsoft could of NOT known about this, which leads me to believe that Microsoft's own kernel was NOT written to accommodate this (which truthfully there is a lot of things Microsoft's kernel might NOT pick up on). So, Microsoft did NOT know about this, so what else do they NOT know?
Doesn't it make you feel like a secure Windows user when Windows just runs anything that is present? GO MICROSOFT! (Of course, is there a '...u.o' out there? Wait, would it matter?).
Any security software that relies on obfuscation is only a false hope of security. For example, if an encryption algorithm is mathematically sound, then there is no need for the algorithm itself to be secret. Knowing that there cannot be any benefit from the source code being secret, while there can of course be backdoors, why should we trust it? Wouldn't an open source version be more trustworthy simply because it makes it very hard indeed to hide a backdoor?
"Because they don't prevent these sort of attacks when the attacker has a copy of the key"
Just like any security system - you have to trust the author. If there was a boot loader around with a different checksum, it would soon be spotted.
"But they do prevent you installing anything else to prevent these attacks"
No, they don't stop that at all.
Wouldn't stop the NSA for long. All they need is a signing key or signing of their own bootloader. I can think straight away of three ways to get these:
1. Hack Microsoft. Either technologically, or via blackmail/bribery.
2. Super-secret national security letter demanding MS sign the NSA hack, or else someone goes to jail.
3. Hint that people with Influence really want MS to be cooperative on this, and the government is considering converting a couple of departments to Windows 10 and Surface tablets.
"Wouldn't stop the NSA for long. All they need is a signing key or signing of their own bootloader"
Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again.
"Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again."
And anybody NOT involved in this would lose a lot of customers and business just as quickly - so it's a dilemma. Defy and America blacklists you. Submit and everyone else blacklists you.
If you look to the future, which is admittedly a bit of an ask for most current CEOs, it's not that much of a dilemma.
Defy, and be damned to the Americans.
The IT world isn't anything like as US-centric as it was even ten years ago - and even then, things were heading away from The Land Of The Free (TM). When I started in IT, longer ago than I care to remember, the US held most of the market and most of the knowledge. Now a lot of that has gone to India and China, encouraged by a generation of short-sighted idiots who were, and are, chronically incapable of seeing further than three months ahead.
In ten years time, I can see the US becoming a technological backwater, with its priceless technical and manufacturing capabilities thrown to the dogs by myopic bean-counters, egged on by the retards of Wall Street. The people I feel sorry for are the ordinary Yanks with families to support and roofs to keep over their heads, as they'll cop for the fall out.
"And anybody NOT involved in this would lose a lot of customers and business just as quickly - so it's a dilemma. Defy and America blacklists you. Submit and everyone else blacklists you."
That's why the USA needs to get their ass to mars so as to stop messing the planet up for the rest of us and stop meddling with our legal system (via treaties or strongarm tactics)
Nuke icon because at least we'd be free of US tyranny if they did all board Mars One.
I do think VM's will be next, Not that I am saying they are Now a issue, but a sub 5meg VM of a DOS or Tinycore Linux really screwed down @ about 8meg, on a Fast Internet Connection, with Virtualisation enabled on a Unsecured/unpatched windows box, could/would install in seconds, and then be running in background, either on a Real PC on a Cloud Server I suspect,
But a theory .......
Alan Brown
All true, I am still running Debian on Amiga 2000/060, 128mg ram, it's .iso is about 2.8 meg (OS only), however, I think giving the game anyway is a mistake, I was looking at updating old Concurrent DOS, as a plaything, less than 500kb, install... Tinycore can be nailed down a lot, 8 meg core, 12 meg with apps, is the way it comes from "factory", but it is Linux, cull, install, set it up to do what you want ... The original Amiga OS could run multitasking OS in about 1meg, so it is possible ..
Anybody involved in this would go out of business very quickly
Builders start a business, get credit with suppliers, max out credit, then go out of business *all the time*, the same builders, using the very same suppliers, that they ripped off two months ago.
Why is this possible? Because of "securitisation", the suppliers just sell the credit on to "investors" for an immediate return. After that it's not their problem what happens to payments so they don't care, as long as there is a market for high yield paper, everyone are golden.
A similar business model must already exist around key signing.
"Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again."
Vendors are compelled to comply with the law - regardless of how stupid or counterproductive it may be.
Besides I'll bet that most people would choose to have their machine boot with the NSA malware in place than not boot at all.
At least the greybeards with old PDP-11s running V7 UNIX in the basement can bootstrap via toggle switches, so the world hasn't ended yet. ;)
@AC: If, as you say, the toolkit isn't limited to windows then are you claiming that they have managed to pre-install a firmware for hard drives that contains malware to cover Linux, windows, OS X and bsd in x86, x86_64 and AMD variants? Not fucking likely. 32bit windows would be my guess.
Yes, Microsoft MAY not have known about it but MS has been suspected for years (please don't make me google for the papers, but I will), along with Google and a few other MAJOR players, to have "cooperated" with the NSA when asked to supply backdoors and other types of access. Apple famously refused the FBI. Not to say the NSA doesn't have complete access to Apple products but publicly Apple said "No way". The others didn't make it public but they were caught in various ways giving up user data just because they were asked for it. All this in the name of "National Security" and the "War on Crime".
"It's taken this long - and this event - to make your realize that the US has been a fascist police state since, well, the 1960s? Have you been out of town?"
You dont think every other government on the planet wouldnt do the same if they could (and perhaps already are)? Wake up sleeping beauty and smell some WelcomeToTheRealWorld coffee.
"...since, well, the 1960s"
Maybe.
The real police state started (well, when it became "We are the police and we'll do what we want and we don't give a fuck if you don't like it" anyway) right after the terrorist attacks 9/11.
I personally had a couple of run-ins. Once when during a basic, routine traffic stop (I was speeding a little) a lady friend got her purse dumped and searched, I was pulled from the car and handcuffed "for my own safety" (what a load of shit), the trunk lid was popped, and the whole car and our persons were thoroughly searched, much to my verbal (thought polite) objections.
I talked to a defense lawyer friend of mine soon after, intending for the cops involved to at least get an ass chewing from the chief, and he said I should basically just get used to it. (WTF?) They had new search and seize powers granted to them after 9/11 and could basically strip search you on the side of the road without a warrant, if they so pleased.
And I served 11 years in the United States Marine Corps, supposedly protecting U.S "freedoms". What an idiot I was.
This post has been deleted by its author
I remain unbagged and unvanned at the time of writing, thank you for your enquiry.
The line remained unfinished because I was just back from the pub so I could have gone on a multi-page rant about the entitled tosspots who think they have a fucking right to mess with my own possessions in my own fucking house...or I could just fire up the Xbox and work out my ire on some pixels; which I did.
Likely it doesn't "force" anything. It probably intercepts calls to well-known Windows boot files and replaces them with it's own version. Might be behind a blue-screen or two but then you'd realise when you bin the drive it fixes itself (however, by then, the malware is likely inside your core Windows images and backups).
But, yes, you have to start somewhere - you can't make a any-platform malware that'll work for everything, so you likely just write for your most likely target.
More importantly, this will stop source-code access to such things and/or stop foreign entities trusting anything made in the US. And likely they aren't the first. There's never been anything stopping a hard disk firmware literally KNOWING when you are accessing, say, the Windows boot process files and slipping in its own data. It could even interpret the NTFS, check filenames, boot sectors, etc. on-the-fly.
Except... surely... if you're encrypting everything that goes to disk, even the OS (which is the only secure way to encrypt)... this is useless? The hard disk won't be party to the key (because the read sectors will be encrypted data or an encrypted key which is only unlocked in RAM by the user's entered key?), and will never spot that the data going through it is ripe for insertion, nor have the ability to do so undetected.
The only chance to infect is initial boot and, well, wouldn't TPM and/or privately signed bootloaders stop that in its tracks? Again, anyone SERIOUS about not wanting the NSA et al inside their machine (e.g. Iranian nuclear plants, Chinese military, etc.) could probably just encrypt and enforce basic security and they're done?
Sorry, but these are attacks against bog-standard mainstream PC's with no security. Anyone with a brain shouldn't be storing anything of interest in there.
Sure, so we should all give up and just email our passwords to the NSA / GCHQ, then?
No. Sorry. If the hard drive could be malware, then basic system security and encryption would have prevented it BEFORE we even knew about this attack. So enforce security or stop using hard drives. Same all the way to the metal in every case. Hell, you can use another motherboard/processor, but access to that kind of size of data storage isn't something that's available in every electronics hobbyist shed so you may be forced into using them.
However, biggest thing would probably be - WATCH YOUR CONNECTIONS, because the only sensible way to control these things and have them talk back is to be on the net. And if someone is implanting Win32 malware into drive firmware, then you need to start watching what's going on in your supply chain - particularly because it means you're putting bog-standard Windows machines in areas that you shouldn't be.
This is not "you can stop everyone getting in, ever", it's basic security. I'm sorry but it's embarrassing for you if your nuclear power plant is running on general purpose x86 hardware that loads from SATA and doesn't bother to check integrity of bootloaders, it really is. And it's laughable that NSA etc. are bothering to attack such open machines in so blatant - and recordable - a fashion.
Secure your important stuff as if... well as if were important that others didn't get into it.
This post has been deleted by its author
... Or you go to Korea and show the geeks who wrote the software for the disc controllers a really good time and a duffel of nice, crisp, 500 EUR notes ... Theirs if they could, like, add one or two binaries to the link list - and the photo documentation of the really good time would not need to be published either.
"Or you go to Korea and show the geeks who wrote the software for the disc controllers a really good time"
Do you think this hasn't already happened?
One of the things which is coming out of the Snowden revelations is that like decent security, serious attack plans tend to be layered too.
@Lee D.
I think you give IT departments and users too much credit. Weren't we just treated to stories about how the Sony Pictures hack was aided by some unencrypted Excel spreadsheet of logins and passwords left lying around somewhere on the Sony Pictures network, where the bad guys scooped it up?
If major corporations who know they have intellectual property to protect can do that kind of self-evidently stupid stuff, imagine how many machines can be swept up by something like what the NSA is doing.
If major corporations who know they have intellectual property to protect can do that kind of self-evidently stupid stuff, ...
It is very simple:
Eliminating processes that does not produce a visible result to customers or on the bottom line is a Very Important Strategy in <Place-holder for the latest management religion/fad to infest businesses>
It quickly becomes kind-of hard to defend the wasting resources on security when there is never any hacking incidents. So the accountants can always scale back the costs.
However, once security becomes crappy enough, then the dynamics become self-reinforcing: There will never be any incidents because the gutted IT-systems cannot actually detect anything and the remaining staff left in IT, being the dregs of the barrel and living on the cutting edge of outplacement, will always fear that any problem there is was something they did or it will be blamed on them, triggering further pink-slipping (besides, the network monitoring is long since p0wned and lying about everything).
The corporation, now like a larvae infested by a parasitic wasp, is just happily chucking along until the hackers get bored and spill the beans.
"I'm sorry but it's embarrassing for you if your nuclear power plant is running on general purpose x86 hardware that loads from SATA and doesn't bother to check integrity of bootloaders, it really is."
Given that VMS is going off support 20 years prematurely, a bunch of existing plants are already in an awkward position.
Patching the Windows components appears to be done dynamically in memory, and would pccure after any decryption of data stored on the disk. The attacks undoubtedly are mainly against "against bog-standard mainstream PC's with no security" but seem designed to evade standared and even quite advanced security protocols. After all, they are intended for use in espionage.