Oh so that's why my Lenovo was held for "customs". Hope they at least removed the Chinese backdoors while they were installing the American ones.
Look at me, I'm so clever using HTTPS and GnuPG and FOSS linux when my hardware RNG is key escrowed, my USB cable is transmitting, my factory BIOS has at least two nationalities of spyware, and Big Brother is watching me naked in 720p. So glad I'm not a journalist and have an adequate physique.
Yeah, the customs point is very interesting and worthy of upvote. I suspect they'd need a warrant to do this on an American (one would hope) but I highly doubt they'd need one to do this on anyone who ordered it from across the border.
Canadians (and Americans who talk to Canadians) in particular are probably highly vulnerable to this spying. Emailing Americans, calling Americans, ordering laptops from the US, etc. The NSA is probably free to tap/interdict all of those interactions without any kind of pre-approval or probable cause.
Bottom line: the NSA has done irreparable harm to global trust in dealing with the US(and, sadly, the US dealing with those outside their borders), be it communications or buying their products.
There's definitely a business opportunity out there for someone to come up with DIY laptops, much like the way you can purchase parts from anybody to create your own desktop PC.
Is 'free as in libre' hardware really any protection if the NSA intercepted your device at the border and planted undetectable MITM malware/hardware? Are you really gonna take the whole thing apart and check every chip for modifications?
The "free as in libre" part would make it much more difficult to create an undetectable MITM. You might have a much greater diversity of hardware, so they'd have to find and maintain more exploits. The full software/firmware stack would be verifiable by cryptographic signature. The hardware itself could be checked by looking for chips that don't match other units from the same lot, either visually or behaviorally, and even x-raying the components if necessary.
No. And Stallman (unfortunately) doesn't seem to focus too much on the security aspect of it. His focus is mostly on the freedom, as in ability to copy/modify/do-as-you-please aspect of it.
After sitting through an embarrassingly awkward 2 1/2 hr talk by Richard Stallman at SJSU last month, I think he actually is a little... off. But that doesn't mean you shouldn't take his message to heart.
My suspension of disbelief is getting really close to breaking. Don't get me wrong, I'm fully against the entire NSA spying deal. But these "reports" just keep getting more and more outrageous. The problem is not that I don't think these things have been happening, but rather that the continuous slow leaking by news media is causing the next big reveal to be just more background noise.
We need a big, sudden, destructive reveal that causes a lot of impact. Not the slow drizzle of 'this week in civil liberties violations'. Probably too late for this, sadly.
IMHO the only reason the NSA leaks have been so effective in shaping public opinion is that it's a 'slow drizzle'. Otherwise they would have ended up like other wikileak mass dumps which are too overwhelming to absorb and are quickly forgotten.
I don't think this operation is very unreasonable if highly targeted. If they did this to computers bought by Iran's nuclear program, or known watched mid level jihadis , the only problem I'd have would be I don't have enough money to buy an open bar for everyone involved. No one is arguing this was pervasive.
The dangerous area IMO would be domestic law enforcement or political use (well , not so gray), and attacking innocent third parties with this to gain access to systems to attack actual bad guys. ( eg Belgacom)
The problem is the NSA has shown itself to be indiscriminate in its targeting for other methods of info gathering. So trusting them to 'use responsibly' is a bit like trusting a bunch of teenagers to 'use responsibly' with a case of beer and the parents away.
This operation as described leaves enough of a physical record that it couldn't be used universally.
I'm much more concerned about "NSA backdoor firmware", and vastly more concerned about China doing the same. It's a lot easier to do this at design/manufacture than en-route.
>I'm much more concerned about "NSA backdoor firmware", and vastly more concerned about China doing the same.
No reason the 'upgrades' couldn't be firm/hardware. Just upthread a bunch of people complain about "customs" delays when ordering computers, one person for > 30 days. That is way, way more than enough time. Yes, easier at manufacture. No, not necessary at manufacture. Yes, possible en-route.
Also why would you be more concerned about China doing the same?
edit: and also the problem wouldn't be using the technique 'universally', as in doing it to every machine. The problem would be giving an org like the NSA full control over deciding who to target, incl. US citizens. That is, being indiscriminate in terms of completely disregarding domestic laws, protections, etc., rather than being indiscriminate in terms of spamming loaded chips in every box.
Doesn't matter. It still requires someone being paid <$100k/yr to pull a package off the line and deal with it. If this happened in substantially greater volume than already happens for drug/child porn/money laundering cases, it would be at risk of exposure.
Maybe it would've been better for this news to have been broken a month or two ago, for maximum financial impact.
In all seriousness, one has to wonder how shipments get diverted, and how easily this process can be taken advantage of. Surely the companies handling these "special" shipments are made aware of details on a need-to-know basis (eg: super-secret gov. employee is going to be taking the shipment for an hour, don't ask why and don't tell anyone), but are they able to verify that their handlers are who they say they are?
Would you trust a shipping company based in China? Why would you trust an American one any more than a Chinese one?
This capability already exists for counter drug and other interceptions. I'm sure it was FBI asking ups and fedex to hold a suspected drug shipment and let them look at it briefly; it is entirely possible no one at the shipper, and certainly not on the line, knew it was NSA. They might have said terrorism, too, but probably not. Maybe just "a law enforcement matter" with no questions asked.
Doesn't this seem a little moustache-twirly, even for the NSA? I imagine the only way they'd actually expend the necessary man-hours on this is if they were intercepting hardware ordered by people who were already targets of interest. Now, that probably means Merkel should buy her laptops in-store, with cash, but this really doesn't seem like the sort of panopticon story we've been reading elsewhere. Unless, of course, they've managed to convince a judge to give them a warrant to compromise the Dell/etc factory image.
The linked article on Der Spiegel has a section on what they call "persistence:"
The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA's department for Tailored Access Operations (TAO)... The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on... This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access.
This is probably one of the most important problems of our generation to solve (as hackers, not philanthropists) and it's sort of amazing that it's hardly known, let alone discussed. I've brought it up before and it seems like everyone's reaction is that it's not worth worrying about. But there are adversaries besides the NSA, such as malware. And since userspace programs can upgrade your BIOS, then therefore it's possible to write a viruses to infect your BIOS exactly as described here. If the BIOS security model is even slightly broken, then malware will find a way into it, and security is hard to do perfectly. Why are we trusting proprietary motherboard manufacturers not to have backdoors in their closed-source systems? The answer is probably because we have little choice in the matter. Thus we're giving up a basic right: for us to have faith in our security practices. If, say, Colin Percival's careful security habits can simply be circumvented by his motherboard, then none of us are safe.
We need an open source motherboard for people who care about protecting themselves from this kind of thing. Or at least an open source BIOS. But it's an insidious problem, because once a BIOS is infected, it controls everything that may ever replace the BIOS. Therefore it's almost impossible to detect if your BIOS has been "man in the middle'd," and hence even an open source BIOS may not be enough.
I don't have a good solution, but this is a terribly important problem to solve.
I remember when most motherboards would have a physical BIOS write-protect switch, which would've prevented all software from modifying it. These days it's been eliminated from most if not all, for reasons of cost and "but it'll require the user to open the case to upgrade the BIOS!" -- and apparently, the automatic updating software for some laptops will update the BIOS in the background without warning, which is even more disturbing to me...
Unfortunately an open source BIOS isn't sufficient unless it's coupled with an external BIOS chip reader that can dump a motherboard's ROM and verify its checksum matches the expected checksum of a Coreboot BIOS.
Can the bios chips/eeproms be replaced on a running computer?
Can you remove the bios chip, put it in a different (running) computer, use flashrom to read it, put it back, use flashrom to read it again, and compare the two?
Either the virus doesn't hide itself (on calls to read from the bios nvram), and it will be visible on comparison with a pristine (if you have one) copy of the same bios, or it does hide itself and it will be visible on comparison to itself once put in a running machine that didn't boot from the contaminated code, right?
Yes, this used to be how you flashed a BIOS for a bricked motherboard, when BIOS chips used to be socketed: boot the good board, pull the BIOS chip (while it's running), put the bad/blank one in the socket, and flash, then power everything off again and put the good one back.
I'm so glad someone is thinking about the problem of "how do we know our hardware hasn't been subverted?" It's hard, and there are many facets.
As far as I can tell, what's needed is: (a) an open source BIOS, (b) coupled with some physical BIOS chip reader. And the chip reader needs to be cheap enough for us to assemble ourselves; we can't really trust some company to make it for us, because the company could be coerced into subverting it or it could be subverted in transit after we order it. So it seems like we need an open source blueprint of a BIOS chip reader that's cheap and easy enough for anyone to make themselves. (A tall order, to be sure.)
(a) is a requirement because if the BIOS is closed source, then there's no way to know whether it's backdoored. (b) is a requirement because if it's impossible for an external device to obtain a memory dump of the ROM, then we won't be able to verify that the open source BIOS hasn't been subverted. And it has to be a memory dump obtained by an external device; we certainly can't trust a BIOS to verify its own integrity. Hence a separate, physical device is going to be a necessary and standard security requirement for the first time in the history of the open source community's security practices.[1]
So when we build a new computer, the first step is to order the parts. (Note: the parts may be subverted by an adversary in transit.)
Then we'd either (1) order the parts for the open source BIOS verifier device, or (2) order the fully assembled BIOS verifier from some trusted company. As I said before, (2) is a dangerous idea because an adversary can simply intercept your packages in transit and subvert the verifier. So this whole process is unfortunately going to be so much of a pain in the ass that few people are going to want to do it. But a painful option is better than no option.
Now, the packages for your new computer arrive, along with the components for the BIOS verifier. You assemble the computer and the verifier. Then you boot from a bootdisc which is designed to replace your motherboard's BIOS with the open source one.
At this point -- and this is the part I'm unclear about -- the verifier somehow needs to be able to obtain a dump of the motherboard's ROM containing the BIOS. Then the verifier calculates the checksum of the dump, and you can finally verify that the checksum matches the expected one (the expected checksum would be published on the open source BIOS's website alongside each of its download links).
If all of these steps are followed, then we are safe. Otherwise no one can be sure they're safe, not even Colin. (I'm hoping if I mention often enough that Colin's security practices can be defeated by this, then people will realize the magnitude of the danger facing us.)
I'm sad because there's almost no way to turn this idea into a company. All companies (especially US companies) are constantly coerced or subverted by governments. So it's unlikely that the steps I've outlined will ever be widely adopted. But without these steps, there's no way to trust any of our security measures. This BIOS malware technique must have been one of the NSA's most lucrative and powerful, because nobody has yet even bothered to care about verifying BIOS integrity at the hardware level.
[1] - It's interesting to consider the question: Have even our most paranoid and trusted figureheads like Stallman ever verified the integrity of their computer's BIOS? Or did they simply trust that their Yeelong Lemote laptop BIOS wasn't subverted in transit after they ordered it? I'd bet the latter, because I've never heard of an external tool that can obtain a memory dump of a laptop motherboard's ROM, though I'd love to be wrong about that.
EDIT: And now this submission has been totally buried off the frontpage. So no one will even read this. Awesome. http://hnrankings.info/6983099/
> coupled with some physical BIOS chip reader. And the chip reader needs to be cheap enough for us to assemble ourselves; we can't really trust some company to make it for us, because the company could be coerced into subverting it or it could be subverted in transit after we order it. So it seems like we need an open source blueprint of a BIOS chip reader that's cheap and easy enough for anyone to make themselves. (A tall order, to be sure.)
BIOS chips these days are almost invariably SPI serial interface, which means it is not difficult to make a bare-minimal "manual" one with a battery, a couple of LEDs, resistors, and switches. Just key in a read command by hand, then read out each bit as you pulse the clock line. Pretty hard to subvert something as simple as that, but the problem is how long it will take, so maybe you could do this just to verify the bits that comprise a "root of trust" and not the entire BIOS image.
>The latest report, this time via Der Spiegel and based on internal NSA documents, reveals that the NSA, in conjunction with the CIA and FBI, has begun intercepting laptops purchased online in order to install (quite literal) spyware and even hardware ... Agents divert shipments to secret warehouses ... install the software and/or hardware ...
So if they're installing hardware/firmware that is something a clean reinstallation won't fix. Probably should have titled the submission software/hardware.
Well, with current practice you don't even get OS recovery CDs anymore. You probably get a "Recovery Partition" with preconfigured OS image. And OEM windows license might not allow you to install from elsewhere and re-use your license.
no one said 'be made'. He said the average joe should acknowledge that it is a good idea. Previously I have suggested other people reinstall to get rid of bloatware installed by the vendor.
This is starting to get really bad. Why aren't there demonstrations in the streets? I tried to sound out my relatives over the holidays to see what they think about Snowden/NSA and nobody seems to care.
I actually had coworkers saying they didn't care and that it's necessary to keep terrorists away....
I realized how Hitler was able to rise to power so quickly, people just accept complete trust in authority, the all loving, the all caring and nurturing.
Just like herding cows telling each other everything's alright, we are still comfortable, enough grass to keep us going, owners seem nice. Refusing to believe they will all be slaughtered one day.
same with my order (finally being delivered tomorrow), though i'm highly doubtful that they do this for all computers. prolly only ones for already-monitored targets. doing it for everyone is highly impractical and expensive.
I thought the NSA wasn't "attacking domestic citizens"? They can't excuse this one away as an "error" anymore. NSA/Obama administration lied. Again. What a surprise.
And boy are these NSA stories flagged into oblivion or what? NSA/FBI psy-ops or just good ol' HN folks "getting bored" with the NSA abuses?
I am so raging at news regarding NSA's rogue behavior. Why isn't anything being done about this serious breach of privacy, the freedom to be you, the pillars of democracy? It's like NSA is saying "Look at me fuckers we are above the law and you are just going to have to take it up the ass".
Seriously? This is depressing, knowing that some asshole at the top is ordering all of these things and telling us to close your eyes and say nothing while the ass fucking goes on. At least buy everyone dinner before you've decided to fuck them.
Could it be changed by voting? This has presumably spanned more than one party's rule in any individual chamber and in practise, the party is the only choice.
Do letters work? I'm in Feinstein's district and she makes it pretty clear that she likes things the way they are.
Protest? Does that actually do anything? It's essentially asking someone to voluntarily cede power because "pretty please". Has anything actually been changed by a march in the last decade? I'm not actually sure I'd like a world where a mob's protest is a successful way to change things.
Revolt? I don't hate everything the US Government does and I do hate a higher percentage of what some other governments do, so I'd hate to replace this one with worse. We're already pretty far to the right of most other comparable nations. The last thing we need is a constitution written after privacy has been essentially written off. I also value my personal safety, selfish as that sounds.
So I wish I knew too. Wishing on the internet that somebody would do "something" about it sure isn't working, but I don't know what would.
Look at me, I'm so clever using HTTPS and GnuPG and FOSS linux when my hardware RNG is key escrowed, my USB cable is transmitting, my factory BIOS has at least two nationalities of spyware, and Big Brother is watching me naked in 720p. So glad I'm not a journalist and have an adequate physique.