From the article:
''But why stop at network data? The NSA also uses some fairly exotic tools to grab computer video, keyboard strokes, and even audio from inside more difficult-to-reach places by using passive electronic devices that are actually powered by radar. These devices, charged by a specially tuned continuous wave radio signal sent from a portable radar unit (operating at as little as 2W up to as much as 1kW of power in the 1-2GHz range), send back a data stream as a reflected signal, allowing the NSA’s operators to tune in and view what’s happening on a computer screen or even listen to what’s being said in the room as they paint the target with radio frequency energy—as well as giving a relative rough location of devices within a building for the purposes of tracking or targeting.''
I call BS on this one, everybody knows radar cant go through cars/walls. It would be a too big of an equipment to be of any practical use.
They have EM bugs placed close to target sites. But these bugs have to be powered/recharged, so the NSA use focused radar to power the bug itself. Information is then sent back down the radar signal by modulating it.
EM spying is very real[0] and documented. "The Thing"[1] from 1945 actually uses some of the principles they're discussing here, they're just combining it with Tempest. Nothing they're describing is science fiction, it is very possible.
Yes! The Thing was actually the first instance of this kind of device, well ahead of its time. There was an article some time ago on HN about the Dutch company which had an opportunity to examine it and reverse engineer it. Something like "Project Easy Chair" I think.
Interesting project but it looks to me like it's solving an entirely different problem.
"usbkill is a simple program with one goal: quickly shutdown the computer when a USB is inserted or removed."
The article is referring to a USB cable that has been modified to phone home using either RF or some other covert channel. I'd think that USB Kill would be completely unaware of any such compromise given that it's only looking for a disrupted connection.
You'd need the USB port, hub it's plugged into, all the way to the controller, to be aware of passing this information around, though you could probably use any sort of reporting on total voltage/amperage downstream for detecting it if it reported that information.
(Unfortunately, AFAIK, most USB hubs don't report power draw for devices that are "just" drawing power and don't use the data pins, so you don't get that.)
If I'm reading your comment correctly, you're asking why the spies don't rm -rf. That would kill any chance of them coming back to a potentially good source of intelligence.
They'd probably have to prove you were doing this because of a pending investigation against yourself. What if you were just using it because you didn't want Zee Germans (or some other personal adversary) getting access to your data?
You mean destruction of evidence or obstruction of justice. Contempt of court likely doesn't apply unless you were asked to turn the evidence over yourself and destroyed it.
It is likely that you could be. But as with all criminal proceedings they'd need to prove it beyond a reasonable doubt. If the KillUSB software itself was unrecoverable it might prove difficult.
IMO the bigger question remains: What activities and innovations are their within logistics-industry that ensure integrity of a shipment en-route? If a shipment can be intercepted (without a court order and without the package recipient knowledge) then logistics and freight forwarding technologies have some catching up to do. We learned from the Gemalto hack last year that NSA intercepted a list of SIM card encryption keys presumably due to a weakness in Gemalto's supply chain. There was a similar story with CISCO equipment being tampered with.
It would be incredibly interesting to learn what Gemalto and CISCO have meanwhile managed to come up with in order to tighten their supply chain and ensure their clients they don't receive compromised equipment.
So I recently learned that registered mail is pretty much the highest quality way to ship anything, with full per-node tracking. This was gleaned after some prodding of some people in a law firm who were discussing shipping woes between fedex, dhl, and certified mail, when someone said "What about red-mail"? I had never heard of red-mail (actually registered mail, called red-mail for the red tags, vs the green certified mail tags), but it was explained to me that at least for some governmental purposes, it is the only acceptable way to ship documents and other things.
To me, if I want full "evidence custody chain" style logs of device location, for physical equipment, that would be the way to go. Now, the real question is, how much would you really trust the government mail program vs a NSL or interdiction for implant vs a private company vs a NSL or interdiction for implant. I think there is room for discussion there, but I would tend to side with the government one, because the company will have very little recourse, but the gov entity is likely to be staffed by bone-headed gov employees, who are surprisingly good at bad policy pushback when compared to their private counterparts. Perhaps I'm wrong on that though. Sometimes I find interesting insights into IT by listening to lawyers...
Unless you have an unsubvertible agent carrying the item, you cannot rely on tracking info. How do you know that the tracking data is actually correct and how do you know that the eight hours it spent sitting in a warehouse in Kentucky weren't eight hours used to install malware?
U.S.P.S. security is good enough on average that intelligence types have been known to use it for classified information. There's so many envelopes going through that USPS security people mainly look for stuff that really stands out in shape, smell, etc. You blend in, then targeting you requires knowing what's on the envelope. Put a countermeasure on that variable to get a decent bit of transport security.
Note: Yet another for everyone to remember when you hear someone say the old security certifications were just red tape. Stopping interdiction is just red tape. Haha.
Here's a basic set of recommendations for supply chain security that provides at least a start on various aspects:
Personally, I think being able to print or wire-wrap the electronics yourself can be helpful given they might be able to attack inside the PCB. It's a speculative attack I came up with many, many years ago that I can't remember if anyone has implemented. It would be difficult to detect with some of these internet-of-things style chips implemented w/ minimal packaging.
There's a lot to this subfield of IT. Verification of incoming components & manufacturing process with trusted couriers is the baseline, though.
> then logistics and freight forwarding technologies have some catching up to do
Definitely, although an important question is whether they want to solve the problem and are able to solve the problem. (We still don't know how these package interdictions are done -- what induces the packages to be turned over to governments for tampering.)
I'm guessing that two way RF communication != "little risk of detection".
Anyway, this is the sort of thing I'd expect the NSA to be doing against specific targets. And I'd expect the targets to have equally sophisticated countermeasures.
That's exactly what I did. I started with glue to get in the contacts then occasionally followed with that metallic stuff that's like glue. PS2 ports work fine for keyboards and mice.
One can also do tricks like authenticated peripherals or profiling signatures of them. I had some designs on former. CompSci had results on latter. Not sure if there's any products in this area and if they'd be trustworthy.
The authorized cables go through a hole in a secure enclosure that does not expose ports. Physically securing the computer is essential - if only to restrict access to mass storage by anyone with a screwdriver.
Only if it's enforced, and in a culture of people who understand why it's important - a great many facilities have that policy, but if people think something like "oh, well, X is only a power cord, not actually using the computer", or it's blatantly ignored by even just e.g. cleaning staff charging their music players, you're going to have a bad time.
I worked as a contractor on a military installation a few years ago. We had a snarky, know-it-all new employee who decided to test the base's "no thumb drives" policy his very first day on base. Every employee and subsequent employee learned about the hell he went through as a result. Needless to say, no one tested the policy again.
It's simple to have a policy of not using unapproved hardware.
What's difficult is to build an organisation with a purchasing and new hardware approval process that's quick and efficient enough that people choose to follow it.
I've worked at places where the official policy said "no unapproved USB sticks" but getting approval was so difficult most of the engineering workforce installed Linux using unofficial USB sticks. As firing the most of the workforce for knowingly breaking policy would have been cutting off their nose to spite their face, the policy went unenforced.
TCSM companies stay in business because people rarely find or detect wireless bugs. They usually operate outside of the WiFi spectrum that enterprises might be analyzing. Even government or military groups with spectrum analyzers might not have good enough ones to stop a 10GHz bug or something odd like that. This isn't beginning to talk about wiring the bug to a line-of-sight wireless system (esp IR) they'd have to walk in between to detect.
Maybe this is a dumb question, but within the whole of the intelligence community, who/how many people actually see how big the surveillance operation is? Is it just the one guy at the top of the NSA that knows about all the eyes and ears in the kingdom?
I would imagine, based on compartmentalization, the people involved in individual parts of all the machinery only have limited knowledge of the other things going on.
No single person, has full purview and that is by design.
Even the President likely doesn't know every program comprehensively, not for lack of access but because it's so large that it would be hard to get all of it in such detail.
Well, to be clear the DIRNSA is not the "top intelligence officer."
Technically that role is held by James Clapper as the Director for National Intelligence (DNI).
It's also more complicated than just appointing someone as the head of "Intelligence" because most of the directors of the Intelligence Agencies guard a lot from each other so they don't get resources nabbed.
Prior to the formation of the DNI role, the "Top Spy" was the Director for Central Intelligence (DCI) AkA Director of the CIA - who had outsized pull and purview.
Today there is a push and pull between the DNI and DCI, at the presidential level.
Long story short, it's complicated and very very large.
They don't have the skills to pull that off. I'd help them if they wouldn't lock up the I.P.. That they would and try to circumvent competition with patent suits is the reason I haven't jumped in to help them. Whatever they do will eventually be used against users of their products but everyone else first. ;)
There's already stuff in CompSci and industry that can stop all of these attacks which they could straight up buy. Some of it is very low-overhead to enforce critical properties. That they haven't implemented any of that plus keep making common mistakes reinforces my decision that they're not capable of high-assurance security. So, their mechanisms will raise a baseline but not be adequate for intended opponents.
Your questions seem to conflate two things: nonrepudiation (which includes integrity) of firmware and A3E for I/O.
- Treat firmware like a file, save hashes of them in a public-key signed baseline db. Basically hash everything that can be dumped and throw alerts if anything in the targeted policy changes. (Tripwire for firmware)
- Thinking about it again, v2: end-to-end encryption is needed from driver/app through to device silicon. Key management might require "pairing" would be an initial secret provided separately (like the security model of an Entropy Key, but perhaps not a burned-in secret). Given that most actual drivers are proprietary anyhow, consider today's drivers as http:// when https:// everywhere is needed to defend against bus-sniffing.
I call BS on this one, everybody knows radar cant go through cars/walls. It would be a too big of an equipment to be of any practical use.