You have to admit the NSA is nothing but thorough. We all know they’re grabbing data from the Internet and cell networks and while that might lead you to believe you’re safe if you’re not actually connected to a network, you’d be wrong. Very wrong. The NSA has spy devices with built-in radios that can send data from unconnected computers to listening stations miles away. While this requires physical access to the computer, once installed they are undetectable unless you’re looking for an RF signal. They claim to only be using this technology against foreign targets but at this point does anyone believe them?
60 Minutes used to be on the forefront of investigative journalism. Just mentioning the name would strike fear in the hearts of anyone associated with dirty dealings. Now, with this Sunday’s thinly-disguised propaganda piece on the NSA, 60 Minutes has abandoned all pretext of being investigative.
BGP, the Border Gateway Protocol, has a flaw that was discovered in 2008 that allows attackers to reroute your data without you knowing about it. In fact, someone’s been using it to send traffic to Belarus and Iceland before sending it on to its original destination. It has to be assumed that it’s being copied and then used for has to be assumed as less than innocent purposes.
As part of my Information Security training, the architecture of TCP/IP and the OSI model were covered. They introduced TCP/IP (the basis of the Internet) as optimized for access, not security. Never has that been more apparent than now, with what the NSA has done with the Internet backbone via their QUANTUM program.
You may not have realized that every 3G/LTE phone runs a second operating system specifically for mobile communications. This RTOS (Real-time Operating System) is specific to the chipset running the phone and radio and for the most part has not been reviewed for security. Researchers have identified potential attacks against these subsystems but nothing widespread is known to exist at the moment.
Although it is Halloween, this story is definitely not fiction. Security consultant Dragos Ruiu was working in his lab a few years ago when his freshly updated MacBook spontaneously updated its BIOS and rebooted. It was infected by what he calls “badBIOS” and it’s capable of attacking both Macs and PCs.
Although it’s not yet fully understood, it appears to travel via USB storage devices and may even be able to infect machines that have never seen a USB drive via an ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps. This is a capability that had been demonstrated in controlled conditions but until now had never been seen outside a lab.
Until this is fully understood and measures available to combat it, it’s probably a good idea to never plug a USB drive or memory stick into your machine that’s not yours. Though to be honest, that’s always a good idea.
[Update 11/12/2013] More reason to doubt this story, or at least some of it.
[Update 11/6/2013] It appears other researchers are having trouble duplicating Ruiu’s findings. Stay tuned folks, this is far from over.
In addition to detaining Glenn Greenwald’s partner David Miranda for 9 hours for no apparent reason (other than intimidation), it’s been revealed that the UK government destroyed hard drives at the Guardian in an attempt to eliminate the potential for releasing Snowden’s information. The information is backed up, of course, but the implications for journalists are staggering.
Worldwide, it’s become obvious that government is at war with those it claims to represent. Worse, we’re losing that war and we’re vastly outgunned. Our only weapon, a free press, is almost gone. I don’t know what to do.