The U.S. government is out of control and does not represent or care about the U.S. American people. 
simply. It has been INCORPORATED.
Topic: NSA hid spying software in hard drive firmware - page 3. (Read 6126 times)
simply. It has been INCORPORATED.
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
The unfettered arrogance of these spies makes my skin creep.
What happens next I wonder? Governments, agencies and hackers around the world have just received an advanced class in malware and will co-opt it to do as they please. The harm done by these intrusions will be 10 fold any advantage gained.
Quote
A long list of almost superhuman technical feats illustrate Equation Group's extraordinary skill, painstaking work, and unlimited resources. They include:
The use of virtual file systems, a feature also found in the highly sophisticated Regin malware. Recently published documents provided by Ed Snowden indicate that the NSA used Regin to infect the partly state-owned Belgian firm Belgacom.
The stashing of malicious files in multiple branches of an infected computer's registry. By encrypting all malicious files and storing them in multiple branches of a computer's Windows registry, the infection was impossible to detect using antivirus software.
Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.
The use of more than 300 Internet domains and 100 servers to host a sprawling command and control infrastructure.
USB stick-based reconnaissance malware to map air-gapped networks, which are so sensitive that they aren't connected to the Internet. Both Stuxnet and the related Flame malware platform also had the ability to bridge airgaps.
An unusual if not truly novel way of bypassing code-signing restrictions in modern versions of Windows, which require that all third-party software interfacing with the operating system kernel be digitally signed by a recognized certificate authority. To circumvent this restriction, Equation Group malware exploited a known vulnerability in an already signed driver for CloneCD to achieve kernel-level code execution.
Taken together, the accomplishments led Kaspersky researchers to conclude that Equation Group is probably the most sophisticated computer attack group in the world, with technical skill and resources that rival the groups that developed Stuxnet and the Flame espionage malware.
The use of virtual file systems, a feature also found in the highly sophisticated Regin malware. Recently published documents provided by Ed Snowden indicate that the NSA used Regin to infect the partly state-owned Belgian firm Belgacom.
The stashing of malicious files in multiple branches of an infected computer's registry. By encrypting all malicious files and storing them in multiple branches of a computer's Windows registry, the infection was impossible to detect using antivirus software.
Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.
The use of more than 300 Internet domains and 100 servers to host a sprawling command and control infrastructure.
USB stick-based reconnaissance malware to map air-gapped networks, which are so sensitive that they aren't connected to the Internet. Both Stuxnet and the related Flame malware platform also had the ability to bridge airgaps.
An unusual if not truly novel way of bypassing code-signing restrictions in modern versions of Windows, which require that all third-party software interfacing with the operating system kernel be digitally signed by a recognized certificate authority. To circumvent this restriction, Equation Group malware exploited a known vulnerability in an already signed driver for CloneCD to achieve kernel-level code execution.
Taken together, the accomplishments led Kaspersky researchers to conclude that Equation Group is probably the most sophisticated computer attack group in the world, with technical skill and resources that rival the groups that developed Stuxnet and the Flame espionage malware.
The unfettered arrogance of these spies makes my skin creep.
What happens next I wonder? Governments, agencies and hackers around the world have just received an advanced class in malware and will co-opt it to do as they please. The harm done by these intrusions will be 10 fold any advantage gained.
https://bitcointalksearch.org/topic/m.10387510
Same with Seagate, IBM, WD, Samsung, Sony, GB, MSI and a lot more.
Quote
There is no big business without national interest. If you have a tech company and make millions, you are making part of national security already. Intel IS part of the national security since the 70s. You think Bill Gates would have sold his OS, if he refused the offer from the guys in the black suits back in the days?
Same with Seagate, IBM, WD, Samsung, Sony, GB, MSI and a lot more.
Why does this surprise you? I was actually expecting something like this. The NSA just forces things like this on manufacturers.
You could prevent this from happening though, if you block the right outgoing traffic.
You could prevent this from happening though, if you block the right outgoing traffic.
Quote
Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.
"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.
"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.
They could get the hard drive firmware source code by approaching a key manager or employee directly, using traditional incentives of blackmail, extortion, bribery, sex, false flag, appeal to patriatism, etc. or by infiltration with a qualified agent.
... or simply by making a deal with the manufacturer. No fancy spy techniques needed at all.
Quote
Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.
"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.
"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.
They could get the hard drive firmware source code by approaching a key manager or employee directly, using traditional incentives of blackmail, extortion, bribery, sex, false flag, appeal to patriatism, etc. or by infiltration with a qualified agent.
Here's some relevant work: http://spritesmods.com/?art=hddhack&page=1
It's not the exploits themselves that are surprising, but the sophisticated deployment often years prior to specimen disclosure or similar research. Docs indicate there are implants across the board that target free software OSes aplenty.
It's not the exploits themselves that are surprising, but the sophisticated deployment often years prior to specimen disclosure or similar research. Docs indicate there are implants across the board that target free software OSes aplenty.
Very interesting site. It does add to the how of the NSA exploit. It also shows how this could also be used for another nefarious purpose namely DRM (preventing disk cloning). Yes this could be used to re install malware after the server was cleaned up, and this attack could work on a GNU/Linux system. The practical reality is that the attacker would need either root on the server / and or physical access to the hard drive. So it come down to the question how does the attacker get root in the first place? It is at this point where propriety operating systems provide a huge advantage to the attacker. Microsoft regularly provides access to the source code and advance knowledge of vulnerabilities to agencies such as the NSA, PLA and FSB. This creates a hugely uneven playing field since the attackers have access to the source code and vulnerabilities while the defenders do not. Stuxnet is a prime example of what can happen. In addition operating systems that support DRM must have hidden and obtuse parts to support the DRM. We must not forget that DRM and malware are in reality accomplishing the same thing. It is easy to spy on a user of say Windows, OS X or IOS when those operating systems by design treat that same user as an adversary not to be trusted. With GNU/Linux everyone has access to the source code creating a level playing field, and the operating system does not treat the user as an adversary not to be trusted. Big difference.
Here's some relevant work: http://spritesmods.com/?art=hddhack&page=1
It's not the exploits themselves that are surprising, but the sophisticated deployment often years prior to specimen disclosure or similar research. Docs indicate there are implants across the board that target free software OSes aplenty.
It's not the exploits themselves that are surprising, but the sophisticated deployment often years prior to specimen disclosure or similar research. Docs indicate there are implants across the board that target free software OSes aplenty.
I have read the .pdf and none of the malware works on GNU/Linux. It does work on Microsoft Windows, OS X and IOS. The simplest way to mitigate this risk is to: Ditch Microsoft, ditch Apple and run Free Software.
Here is the relevant part of the .pdf.
It is way simpler to avoid NSA infected operating systems and the hardware will not get infected in the first place. Focusing on the hardware ignores the real risk which is operating systems which by their very nature are very friendly not just to the NSA but also to the PLA and FSB.
Here is the relevant part of the .pdf.
Is there an actual way to buy non NSA infected hardware or its a pipedream?
It is way simpler to avoid NSA infected operating systems and the hardware will not get infected in the first place. Focusing on the hardware ignores the real risk which is operating systems which by their very nature are very friendly not just to the NSA but also to the PLA and FSB.
Is there an actual way to buy non NSA infected hardware or its a pipedream?
If the story is right then they only targeted a limited amount of people's computers that held high value information. Most people were unaffected unless they worked high up in the government, or the military, or some other sensitive job.
The hardware was sold uninfected but sometimes targeted with viruses that infected its firmware after purchase.
Is there an actual way to buy non NSA infected hardware or its a pipedream?
http://bitcoin.stackexchange.com/questions/3736/is-wuala-lacie-the-largest-company-to-accept-bitcoins
Quote
Is Wuala (LaCie) the largest company to accept Bitcoins?
I just found out that you can pay for Wuala with Bitcoins. They are owned by LaCie, who have a revenue of €351.8 million according to Wikipedia. I think this makes them by far the largest company to accept Bitcoin for payment. Is that correct or are there other big players in the economy?
trade
shareimprove this question
asked May 20 '12 at 8:53
jl6
844312
Just to note that LaCie is now owned by Seagate (seagate.com/about/newsroom/press-releases/…) meaning that if Wuala is still accepting bitcoins (wuala.com/en/bitcoin) then this is probably by far the biggest company by market cap. accepting bitcoins in some form. – kirian Oct 10 '12 at 14:44
I just found out that you can pay for Wuala with Bitcoins. They are owned by LaCie, who have a revenue of €351.8 million according to Wikipedia. I think this makes them by far the largest company to accept Bitcoin for payment. Is that correct or are there other big players in the economy?
trade
shareimprove this question
asked May 20 '12 at 8:53
jl6
844312
Just to note that LaCie is now owned by Seagate (seagate.com/about/newsroom/press-releases/…) meaning that if Wuala is still accepting bitcoins (wuala.com/en/bitcoin) then this is probably by far the biggest company by market cap. accepting bitcoins in some form. – kirian Oct 10 '12 at 14:44
It's clear now: we need open source hardware as well as internet decentralization.
This is creazy, where is our privacy.
Long gone along with your other rights 
Is the KASPERSKY PDF available directly from KASPERSKY? Is there a KASPERSKY link to it?
There is a page about the PDF here:
http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage
But it doesn't look like they host the PDF or link to it from their site, however I do believe it is genuine.
Thanks, its all over major news sites like Reuters, but I can't find a direct KASPERSKY link to it.
They're gonna make me use my pc without a hdd... (Remove HDD and Boot a linux distro from usb / cd-rom)
This is creazy, where is our privacy.
Can't take a shit without the NSA or some government agency knowing what you ate last night anymore.
I didn't see Australia on the list so that's good but we have been in bed with the US for so long im sure there doing somthing similar here too.
I didn't see Australia on the list so that's good but we have been in bed with the US for so long im sure there doing somthing similar here too.
The U.S. government is out of control and does not represent or care about the U.S. American people.
That is true but not only U.S. govt, most goverments dont care about their ppl.
One of the whistle blowers released this info a while back.
This is the first 3rd party source that I know of that has tied it all together so neatly.
This is the first 3rd party source that I know of that has tied it all together so neatly.
Jump to: