NSA Interception In Action? Tor Developer's Computer Gets Mysteriously Re-Routed To Virginia

from the a-slight-detour dept

Fri, Jan 24th 2014 11:46am — Mike Masnick

So this one is odd. A core Tor developer, Andrea Shepard, recently ordered a computer from Amazon.com to her home in Seattle. Yet, as she tweeted last night, something odd happened on the way to delivering that package to her house:

You'd think #NSA shipment 'interdiction' would be more subtle... pic.twitter.com/KVCscLbdgG
— Andrea (@puellavulnerata) January 24, 2014

If you can't see the image, here's a larger version:

Also, some more details from PrivacySOS. As you can see, rather than go from the Amazon warehouse in Santa Ana, California up the coast to Seattle, instead the package went across the country to Dulles, Virginia to Alexandria (right outside of DC) and was "delivered" there. Upon seeing this, my initial reaction was that it might not be a big deal. With shipping logistics these days, it's not uncommon to see a sort of hub system, where packages travel across the country from one warehouse to a shipping hub, only to be shipped back across the country for actual delivery.

But that does not appear to be what happened here at all. As Kade from PrivacySOS pointed out, the final Alexandria address is the final delivery location, rather than the sign of something in process. Also, the fact that it bounced around and then went "out for delivery" to that address shows that it wasn't just popping in and out of a hub for delivery to Seattle.

There are some possible other explanations, including just a general screw-up on the part of Amazon. But given the revelations of how the NSA's TAO group does very targeted spying, that often involves getting access to computers being shipped to targets, combined with the fact that the NSA has made it clear that breaking Tor is a priority that has mostly stymied them, this certainly should raise multiple eyebrows.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: andrea shepard, computers, fbi, interception, nsa, routing, tor
Companies: amazon

159 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

This comment has been flagged by the community. Click here to show it

out_of_the_blue, 24 Jan 2014 @ 11:54am

PFFFT! That's nothing! Check out THIS oddity:
"Large chunk of Chinese internet traffic redirected to small Wyoming building"

http://www.smh.com.au/it-pro/security-it/large-chunk-of-chinese-internet-traffic-redirected -to-small-wyoming-building-20140123-hv9jg.html
Reality versus Mike: Technorati ranks Techdirt below 5000.
http://technorati.com/blogs/www.techdirt.com
So why does Mike claim "a consistent Technorati Technology Top 100 rating"?
http://www.techdirt.com/about.php

Just look at the sites Techdirt actually ranks with! What a hoot! :

5433. Free Samples and Coupons by Free �
free-stuff-finder.com
Recent: Free Dove Men Body Wash at Rite Aid �

07:52:07[i-705-7]
[ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 12:00pm
  
  Re: PFFFT! That's nothing! Check out THIS oddity:
  "Large chunk of Chinese internet traffic redirected to small Wyoming building"
  
  Debunked: http://www.theatlantic.com/technology/archive/2014/01/this-little-house-in-wyoming-didnt-just-get-fl ooded-with-web-traffic-from-china/283249/
  
  Oh look, for all his talk about calling every story out here, it's OOTB who falls for bullshit stories.
  [ link to this | view in chronology ]
  - ChurchHatesTucker (profile), 24 Jan 2014 @ 12:35pm
    
    Re: Re: PFFFT! That's nothing! Check out THIS oddity:
    I blame Google.
    [ link to this | view in chronology ]
  - MrWilson, 24 Jan 2014 @ 5:25pm
    
    Re: Re: PFFFT! That's nothing! Check out THIS oddity:
    To be fair, OOTB probably didn't actually fall for that bullshit story because, as we already know, he doesn't actually read articles on the internet, just the headlines, and then goes straight to his random comment generating script.
    [ link to this | view in chronology ]
    - The Groove Tiger (profile), 26 Jan 2014 @ 10:17am
      
      Re: Re: Re: PFFFT! That's nothing! Check out THIS oddity:
      It's got to the point that his "signature" footer saying random negative one-liners about the site has grown to be 3 times larger than his actual post!
      [ link to this | view in chronology ]
- John Nemesh, 24 Jan 2014 @ 1:52pm
  
  Re: PFFFT! That's nothing! Check out THIS oddity:
  Why don't you just stop posting here? You have ZERO credibility after all of the crap you spout. At the very least, get a new user name. That may fool people into taking your posts seriously for maybe one or two days.
  [ link to this | view in chronology ]
  - Anonymous Coward, 27 Jan 2014 @ 8:04am
    
    Re: Re: PFFFT! That's nothing! Check out THIS oddity:
    he keeps posting because people keep responding to him
    [ link to this | view in chronology ]
Clouser, 24 Jan 2014 @ 12:00pm

Creepy Spooky Dark
Creepy
SPOOKY

Dark
[ link to this | view in chronology ]
Chronno S. Trigger (profile), 24 Jan 2014 @ 12:02pm

Didn't the NSA swear up and down that they didn't do this domestically?

I don't know about you, but if I saw that kind of thing, I'd start getting someone else to order my stuff for me.
[ link to this | view in chronology ]
- Geno0wl (profile), 24 Jan 2014 @ 12:35pm
  
  Re:
  The NSA has practically reached the Tyson zone.
  No matter what ridiculous story you hear about their spying efforts, you are by default inclined to believe it instead of asking for proof anymore.
  [ link to this | view in chronology ]
  - Anonymous Coward, 24 Jan 2014 @ 6:33pm
    
    Re: Re:
    hahaha...I thought you were going to say something witty about an earlobe.
    [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 5:17pm
  
  Re: Not Domestic
  Didn't the NSA swear up and down that they didn't do this domestically?
  
  This wasn't domestic. Several parts in the computer came from overseas. She had also recently called Canada so she was only one hop from a foreign potential terrorist.
  [ link to this | view in chronology ]
  - vancedecker (profile), 18 Mar 2014 @ 4:40am
    
    Re: Re: Not Domestic
    PARALLEL CONSTRUCTION = DOMESTIC SPYING
    
    http://www.forbes.com/sites/jennifergranick/2013/08/14/nsa-dea-irs-lie-about-fact-that-america ns-are-routinely-spied-on-by-our-government-time-for-a-special-prosecutor-2/
    
    http://www.huffingtonpos t.com/2013/08/05/dea-surveillance-cover-up_n_3706207.html
    
    If these two articles don't prove to whatever dumb ass is still left posting to skeptic blogs about how 'smart people believe weird conspiracies' then that person is either a fucking retard or intentionally and solidly in denial.
    
    ....and these don't even mention what probably has been going on for years. The NSA's OWN "internal investigations" unit, which is designed as a Lysol Air Freshener to cover up the smell of bullshit. Anyway, in their own report was one incident where on their first day an NSA staffer looked up his ex girlfriend and proceeded to stalk her.
    [ link to this | view in chronology ]
    - vancedecker (profile), 18 Mar 2014 @ 4:43am
      
      Re: Re: Re: Not Domestic
      Point is, if they were smart, and many are, they would wait a couple days, and then start building a network of buyers who would pay for information, like private investigators, etc... they would make a killing. And probably have...
      [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 8:40pm
  
  Re:
  what if they know who your friends are?
  [ link to this | view in chronology ]
  - vancedecker (profile), 18 Mar 2014 @ 4:46am
    
    Re: Re:
    Look, here's the thing. When google spies, it's so that they can show gay guys shirtless underwear ads and straight people whatever cheap tack stuff they buy.
    
    When the NSA does it, it's so that they can destroy you. Did you not read about the people who were stalked and harassed by BP for posting negative comments about the oil spill?
    
    Who do you think provided that private investigator the private info? Parallel Construction baby, it's a bitch!
    [ link to this | view in chronology ]
- Craig Welch (profile), 13 May 2014 @ 2:40am
  
  Re:
  Given that the phone call "hey mom, can you order me a computer" would be tapped, I don't see the point.
  [ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 12:06pm

Solution: Burn the computer and get another from a safe vendor
The solution to this seems obvious, Amazon can't be trusted. If she ever gets her hand on the computer, she should basically burn it and buy it from a more trustworthy vendor. There's no telling what hidden software the NSA might sneak onto the computer to make it less secure if it ever gets back to her.

Obviously you can't trust Amazon not to cooperate with unconstitutional searches and seizures.

I'm very glad now that my new computer I got for Christmas is from NewEgg instead of Amazon.
[ link to this | view in chronology ]
- John Fenderson (profile), 24 Jan 2014 @ 12:15pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  I guarantee that NewEgg would do exactly the same thing if presented with the right paperwork.
  [ link to this | view in chronology ]
- Jessie (profile), 24 Jan 2014 @ 12:17pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  Is it amazon that is the problem, or was it diverted by USPS after leaving Amazon. Amazon may not have had anything to do with it. Perhaps packages being sent to her are being inspected waiting on a computer to be ordered and a chance for this to happen. The last time I ordered a computer by mail it came in a box that indicated that it was from a computer company (basically the box the computer was packed in with a shipping label on it). It wouldn't be hard to notice those and divert the shipment.
  [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 12:19pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  Burn it? No way.
  
  Don't even open it. Give it to security researchers. Somebody get a hold of Bruce Schneier. If he won't take a look, surely he knows who will.
  [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 12:33pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  who is this mythical trustworthy vendor you speak of?
  [ link to this | view in chronology ]
  - cybik, 24 Jan 2014 @ 12:56pm
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    Canadians.
    [ link to this | view in chronology ]
    - Ruben, 24 Jan 2014 @ 1:03pm
      
      Re: Re: Re: Solution: Burn the computer and get another from a safe vendor
      You're cute.
      
      You must have never heard of FVEY.
      [ link to this | view in chronology ]
      - vancedecker (profile), 18 Mar 2014 @ 5:02am
        
        Re: Re: Re: Re: Solution: Burn the computer and get another from a safe vendor
        What I love about Canada is how Justin Bieber just doesn't care and sticks to man by wearing his pants down around his knees. Like I've never anyone do that before. He is more street than south central ever was.
        [ link to this | view in chronology ]
  - Anonymous Coward, 24 Jan 2014 @ 1:31pm
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    brick and mortar stores? they can't divert it at the cash register.
    [ link to this | view in chronology ]
    - pixelpusher220 (profile), 24 Jan 2014 @ 1:59pm
      
      Re: Re: Re: Solution: Burn the computer and get another from a safe vendor
      Definitely. Especially the ones in Alexandria, VA!
      [ link to this | view in chronology ]
  - Anonymous Coward, 25 Jan 2014 @ 2:50am
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    My ONLY source of computers is my work shop. I build my own, from known, clean, tested components. I have never, and never will, purchase a computer-as-appliance. Don't trust manufacturers, don't trust distributors, don't trust delivery services. If I need a laptop for some unforeseen reason, I have an old one (2008) that I have rebuilt many times and know what's in it.
    [ link to this | view in chronology ]
- allengarvin (profile), 24 Jan 2014 @ 12:35pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  "The solution to this seems obvious, Amazon can't be trusted."
  
  And you trust that employees of Newegg will risk charges of criminal contempt under 18 USC 402 by disobeying such orders? That they'll go to jail rather than compromise your privacy?
  
  You do know private citizens don't get to decide what's constitutional or not, right?
  [ link to this | view in chronology ]
  - bone breaker, 25 Jan 2014 @ 4:27pm
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    Neither does the NSA. Only congress can decide the wording of law and only the judicial branch can interpret those laws. Therefore with NSA lying in congressional hearings, they are breaking the law. We need to keep these discussions going until congress performs it's mandated job. Create laws that have teeth. Don't accept the contempt and treason being committed. Pass laws that allow the incarceration and even capital punishment for treasonous acts. Hold agency executives accountable. Don't let them resign or shuffle the personal to avoid accountability.
    [ link to this | view in chronology ]
  - jmn, 5 Dec 2014 @ 12:54pm
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    you do realize that we don't get our rights from the constitution, right? The Constitution does not give us our rights, it merely enumerates them. We are born with rights, such as the right to privacy.
    [ link to this | view in chronology ]
    - Craig Welch (profile), 5 Dec 2014 @ 1:54pm
      
      Rights
      Says who? How do we know what rights we are born with? Do we just think "hey, that seems important, it must be my right"?
      [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 1:11pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  Don't bother unpacking it, just put it up on Ebay in an as delivered condition, stating the delivery routing. A biding war between spy agencies could be interesting.
  [ link to this | view in chronology ]
  - John Nemesh, 24 Jan 2014 @ 1:54pm
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    You, sir, win the Internets for best idea!
    [ link to this | view in chronology ]
  - Anonymous Coward, 25 Jan 2014 @ 2:52am
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    YES!!!
    [ link to this | view in chronology ]
- This comment has been flagged by the community. Click here to show it
  
  Anonymous Coward, 24 Jan 2014 @ 2:40pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  __it was a keyboard__. usually reading entire articles helps one thinks clearly and not like an idiot. "There�s no telling what hidden software the NSA might sneak onto the COMPUTER" lol... please before you go into paranoid tin-foil hat mode and go on about the "there�s no telling" oohhh :O the NSA!!!! And this and that. Again, many of the commenters are either crazy or, like you sir with respect, ("burn the computer" LOLZ!!!!) not the public you would expect from techdirt which is known for this shitty idiot "news". The woman, again, shows no x-ray or whatever the fuck "may be" on his keyboard and again what sense would it make for the NSA to intercept a keyboard being sent from AMAZON? LMAO. PLUS= IDIOTS PLEASE PLEASE, PLEASE _READ_ SNOWDEN DONT just put a thumbs up on facebook dimwits, the whole case was that there was not a lot of "sneaking" but a lot of SPENDING BIG BUCKS paying providers to release info. Missing the point, and again, lol please, "burn your computer" lmao... well shes a dev maybe she can fin another way to "clean it" from the ultrasupersecret-area51stuff the NSA uses. In most ppl dreams as I see and it saddens me such a high lvl of ignorance, come on try to use some commom sense. It helps. It�s a keyboard. One out of the many rational questions one may ask is why would the NSA "intercept" a keyboard. For surveillance? LMAO. Of what? To "bug" it? LMAO... yeah yeah they put a nanorobot they got from martians that hides on the "tab" key and sends info directly via infrawaves to secret nsa cells located in the stratosphere
  [ link to this | view in chronology ]
  - Christopher Best (profile), 24 Jan 2014 @ 2:53pm
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    Actually, yes. They have bugs for USB cables, RJ-45 ports, keyboards, etc. They didn't get them from martians, they buy them from contractors. For someone saying "read snowden" you don't seem to have actually bothered keeping up with what's been published.
    [ link to this | view in chronology ]
  - mudlock (profile), 24 Jan 2014 @ 2:56pm
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    Good point! No one would ever hide a keylogger in a keyboard!
    
    And clearly this isn't real: http://www.eweek.com/security/nsa-can-hack-you-even-if-you-arent-connected-to-the-internet.html
    
    "The target machines first are compromised by way of a USB stick or tiny circuit board that broadcasts the information. ... The geniuses at the NSA with the remote radio access technology have extended the range to a staggering 8 miles."
    
    So I'm sure it's perfectly safe.
    [ link to this | view in chronology ]
    - Anonymous Coward, 24 Jan 2014 @ 3:04pm
      
      Re: Re: Re: Solution: Burn the computer and get another from a safe vendor
      This one I don't get. Any serious air-gapper is going to be doing it in an electromagnetically-shielded environment, thus no radiation of anything anywhere.
      [ link to this | view in chronology ]
      - mudlock (profile), 24 Jan 2014 @ 3:19pm
        
        Re: Re: Re: Re: Solution: Burn the computer and get another from a safe vendor
        TOR developers kinda use the internet.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 24 Jan 2014 @ 5:57pm
        
        Re: Re: Re: Re: Re: Solution: Burn the computer and get another from a safe vendor
        The very technology you pointed to consists of compromising, with radio waves, computers that aren't connected to the internet. The solution to that is electromagnetic shielding, but...
        
        "TOR developers kinda use the internet."
        
        Yeah, let me know when you're tired of riding a waffle.
        [ link to this | view in chronology ]
  - Dan, 24 Jan 2014 @ 4:16pm
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    Your comment was hard to read but it's clear you have no idea of the bounds of technology in use. Read up on Stuxnet as a predictable example, that was made possible in part due to a compromised print spool driver - where from? The US Government. Oh yeah and just because she is a software developer, does not automatically mean she can rip apart and recognize a foreign object in a keyboard. It would probably be rewritten firmware anyway.
    
    Your post shows how much knowledge you have on the subject, which is next to none so why not just stop trying to bitch at people and move on.
    [ link to this | view in chronology ]
  - G Thompson (profile), 25 Jan 2014 @ 9:53pm
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    Paragraphs are your friend.
    
    Use them.
    
    otherwise it's going to be read as just a load of blargha flargha... wait on second reading of your dribble it is just a load of Blargha flargha derpness.
    [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 3:41pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  No, send it to someone like Bruce Schneier and ask them to analyze it. Then if they find anything publish what the find.
  [ link to this | view in chronology ]
- Phill, 24 Jan 2014 @ 4:53pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  She should NOT burn it, this computer may be valuable intelligence for everyone else.
  She should disassemble the computer and take photos, post them online with the specs and ask people to do a once over on it.
  
  If anyone finds any additional components it should then be offered up to a reputable security researcher so they can investigate exactly how it works.
  Heck I'd offer it up to a researcher regardless so they could do a once over anyway in case any firmware is compromised.
  [ link to this | view in chronology ]
- Robert, 26 Jan 2014 @ 5:55am
  
  Re: Solution: Burn the computer and get another from a safe vendor
  More realistically, her internet connection can not be trusted. Any and all online orders can be intercepted and the typically illegal security letter issued and the purchase intercepted.
  The track record is likely a simple mix of indifferent arrogance, laziness and cheapness. Obviously the risk of a key logger is pretty high, with a trigger dump, either by direct physical contact or via remote contact on the already compromised internet connection.
  However a background investigation must still be in action, it would be interesting to see what they are accusing her of to enable the false investigation.
  Likely emigration will be the only escape as they work up to aiding terrorism charges so they can force compliance.
  [ link to this | view in chronology ]
- bon, 26 Jan 2014 @ 10:28am
  
  Re: Solution: Burn the computer and get another from a safe vendor
  They don't intercept to put software on your computer, they intercept to swap out hardware.
  [ link to this | view in chronology ]
- Anonymous Coward, 27 Jan 2014 @ 3:53am
  
  Re: Solution: Burn the computer and get another from a safe vendor
  Dont burn it, store it, away from any sensitive systems, wait to see if more news of the methods and technology comes to light, so that one can open and positively identify the parts.......bam, substantial evidence........makes me wonder why these organisations put these things out there.......is it so well hidden, or do they retrieve it?
  [ link to this | view in chronology ]
- Fushta (profile), 29 Jan 2014 @ 12:05pm
  
  Re: Solution: Burn the computer and get another from a safe vendor
  1) Tell Amazon you didn't get the package (proof is in the tracking info).
  2) They send you a new one.
  3) Repeat as often as they will comply.
  4) Profit
  [ link to this | view in chronology ]
- vancedecker (profile), 18 Mar 2014 @ 4:47am
  
  Re: Solution: Burn the computer and get another from a safe vendor
  I'd rather just burn people like you. It's cheaper, and would be a net savings in carbon credits.
  [ link to this | view in chronology ]
  - vancedecker (profile), 18 Mar 2014 @ 4:50am
    
    Re: Re: Solution: Burn the computer and get another from a safe vendor
    woops! THAT'S WHAT I GET FOR KNEE JERK POSTING. I just read title.
    [ link to this | view in chronology ]
    - vancedecker (profile), 18 Mar 2014 @ 4:50am
      
      Re: Re: Re: Solution: Burn the computer and get another from a safe vendor
      ...actually, not even the title, just the first few words...
      [ link to this | view in chronology ]
Applesauce, 24 Jan 2014 @ 12:09pm

Buy in person, pay in cash
Walk into a computer store, not in your hometown, pick out a computer at random, pay in cash. Preferably, buy the individual parts that way and assemble them yourself.
[ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 12:42pm
  
  Re: Buy in person, pay in cash
  If anything the primary vectors for NSA has always been the software. Computer vendors like you and the other guy is just pushing sales through fear, while it in reality is insignificant for security and protection against spying...
  [ link to this | view in chronology ]
  - John Fenderson (profile), 24 Jan 2014 @ 1:02pm
    
    Re: Re: Buy in person, pay in cash
    How do you know he's a vendor? His advice isn't so bad if you're worried about the NSA's known diversion program where they add spy hardware to the machine.
    [ link to this | view in chronology ]
    - Anonymous Coward, 25 Jan 2014 @ 1:56pm
      
      Re: Re: Re: Buy in person, pay in cash
      First of all I presume physical plants like these require warrents and even though their oversight is for craps, I doubt they want to use their snoopers to hit random targets (price is a factor).
      
      Second of all, how do you know they do not do the exact same crap on store bought computers? If they were randomly adding spying hardware, you wouldn't be any safer when you buy from stores.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 27 Jan 2014 @ 8:20am
        
        Re: Re: Re: Re: Buy in person, pay in cash
        First of all I presume physical plants like these require warrents
        
        What physical plants? The hardware is diverted after it leaves the plant. It arrives at a spy shop where the modification is made, then sent out again.
        
        The only point where a legal requirement comes into play is in the diversion -- and I'm not sure a warrant is needed there.
        
        how do you know they do not do the exact same crap on store bought computers?
        
        because these are, by their very nature, targeted operations. This sort of thing isn't done to every piece of hardware (that would have to be done at the manufacturing plant). This is done against particular people. They would have to know precisely which piece of hardware you'd be getting, in advance, to alter the sight one on the store shelf. Except maybe in very special circumstances, this isn't possible.
        [ link to this | view in chronology ]
  - Chronno S. Trigger (profile), 24 Jan 2014 @ 1:21pm
    
    Re: Re: Buy in person, pay in cash
    I was thinking the same exact thing as Applesauce was. If you really want to make sure that they can't do this, you have to buy from a brick and mortar store. Some place that the NSA wouldn't expect, or at least won't have the budget to cover. Too bad you can't get a replacement laptop keyboard from Best Buy.
    [ link to this | view in chronology ]
    - quawonk, 24 Jan 2014 @ 3:40pm
      
      Re: Re: Re: Buy in person, pay in cash
      Who's to say they don't do it to all the hardware shipped to stores?
      [ link to this | view in chronology ]
- vancedecker (profile), 18 Mar 2014 @ 4:49am
  
  Re: Buy in person, pay in cash
  There are only two chip makers AMD and Intel. Are you going to get a microscope too and map out the chip?
  [ link to this | view in chronology ]
quawonk, 24 Jan 2014 @ 12:13pm

Hacked firmware.
[ link to this | view in chronology ]
- Arthur Moore (profile), 24 Jan 2014 @ 12:19pm
  
  Re:
  It's actually worse than that.
  
  The NSA can replace the network jack on your computer with one that looks identical, but has an extra chip in it that talks to their servers.
  
  It's impossible to find without careful X-Raying or destructive testing, and I doubt that this is the only component they can do that to.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 24 Jan 2014 @ 1:04pm
    
    Re: Re:
    It's impossible to find without careful X-Raying or destructive testing
    
    You don't have to go that far. Use a second computer running wireshark to analyze the traffic to/from the suspect one.
    [ link to this | view in chronology ]
    - Anonymous Coward, 24 Jan 2014 @ 2:10pm
      
      Re: Re: Re:
      This assumes cards per se aren't compromised, behaving normally until they receive custom packets.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 24 Jan 2014 @ 2:15pm
        
        Re: Re: Re: Re:
        Then you'll detect it when the custom packets come in. I wasn't talking about hooking up an analyzer for a few minutes and calling it good -- that's worthless for this sort of thing. I was talking about constant monitoring.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 24 Jan 2014 @ 2:45pm
        
        Re: Re: Re: Re: Re:
        "Ok" Johnny.
        [ link to this | view in chronology ]
    - TiagoTiago (profile), 28 Jan 2014 @ 4:56pm
      
      Re: Re: Re:
      That assumes they are sending their spied data in-band...
      [ link to this | view in chronology ]
    - PRMan, 28 May 2014 @ 2:11pm
      
      Re: Re: Re:
      They already said that they put a wireless chip on it that can go up to 8 miles.
      
      You aren't going to find that on Wireshark.
      [ link to this | view in chronology ]
  - This comment has been flagged by the community. Click here to show it
    
    Anonymous Coward, 24 Jan 2014 @ 2:49pm
    
    Re: Re:
    "it�s actually worse than that". Not only what your stating is quite idiotic, shows no careful examination of many of Snowdens� statements but LMAO... YEAH I WOULD TAKE ADVICE FROM ARTHUR MOORE A PERSON WHO READS AN ARTICLE ABOUT A _KEYBOARD_ AND READS "COMPUTER", THEN SPEAKS OF "X-RAYING OR DESTRUCTIVE TESTING" - as some more informed say LMAO yeah there are other methods as the one stated - come on man takes your meds please, it�s for the best of everyone. Tin Foil hats are good so you should keep yours on, no doubt about it, it�s actually worst than anything you can imagine, they can replace your nipples with a nanochip that speaks to your tv that then sends your personal info -the NSA is very interested on Arthur Moore�s doings- to a central HQ where 3 million ppl work with aliens to examine your thoughts and how to manipulate them. Oh boy grats tech dirt: well played...make a shit article, then cash out 800.000 hits out of crazy comments lol.. the level of paranoia is amazing, and PLEASE.... lol... again reading before commenting is a good thing... "hacked firmware" lmao...ppl please you know shit about what you are talking about with all due respect get informed, information is power so you don�t go into crazy mode as this gentleman and 800.000 more, spreading disinfo... hacked firmware lmao... yeah :P sent to a dev related to TOR ... FOR REAL?! ROTFL ppl wikipedia TOR lmao yeah yeah "hack this chick keyboard she won�t notice" said the NSA super spies lmao...
    [ link to this | view in chronology ]
    - mudlock (profile), 24 Jan 2014 @ 2:59pm
      
      Re: Re: Re:
      Ohhhh, you're just replying in giant blob-o-paragraph form interspersed with DEROGATORY ALL CAPS to *every* thread in the comments.
      
      Man, the NSA is really scrapping the bottom of the barrel for astroturf.
      [ link to this | view in chronology ]
  - Mahhn, 8 Dec 2015 @ 6:27am
    
    Re: Re:
    Just run a span port sniffer on your network and see what goes where. Then block by firewall rules.
    [ link to this | view in chronology ]
dwind (profile), 24 Jan 2014 @ 12:31pm

Keyboard?
The shipping record says the package contains a think pad keyboard.
[ link to this | view in chronology ]
Drawoc Suomynona (profile), 24 Jan 2014 @ 12:31pm

Don't detroy it. There are countless security experts out there that would LOVE to get a look at that machine.

However, now that this has gone public it will be interesting to see if it even gets delivered. If it's still in NSA HQ then you can bet they will undo whatever they have done before it gets sent.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 12:35pm

Has malware reached the point where it can be installed on a keyboard? Perhaps electronic sensors have been developed that are attached on the circuit portion of a keyboard and able to register and store each keystroke?

Note that order was not for a laptop, but apparently for a replacement Lenovo keyboard.
[ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 12:43pm
  
  Re:
  easy, USB keyboard and put in a small hub with spyhardware. Could be a USB storage item with a trojan and autorun for example. Then once the trojan gets installed, hide the anomalous hub and storage. Depends on autorun being enabled, but, you know, people are generally stupid.
  
  I wouldn't be surprised if there is more elaborate stuff that uses undocumented features and backdoors though.
  [ link to this | view in chronology ]
  - Chronno S. Trigger (profile), 24 Jan 2014 @ 1:28pm
    
    Re: Re:
    Windows will not run autorun from a USB drive since Windows XP (and I think one of the XP updates disabled that).
    
    If it's anything, it's probably a small chip that sits between the keyboard itself and the USB output. It then installs itself like a keyboard and uses some glitch (or possibly a back door) in the keyboard driver.
    [ link to this | view in chronology ]
    - This comment has been flagged by the community. Click here to show it
      
      czxc, 24 Jan 2014 @ 2:07pm
      
      Re: Re: Re:
      trigger you seem like a logical person. you are kidding right? have you read any of Snowdens� statements? They got no techies or superhackers at the NSA, they just pulled out a suitcase full of dollars and all info was being handed to them no questions asked. Ppl go easy on the paranoia and get well informed, plus someone mentioned the ockham razor well this is the case ITS A FUCKING KEYBOARD. Apart from all the "yeah they put malware in the keyboard" -shows no indepth reading of snowdens� statements, that there was no hardcore intel or epic hacker work there but LOADS OF MONEY TO PAY COMPANIES TO RELEASE THE DATA. Keep watching 24 and thinking the CIA is made of super spies, or watch Argo yeah the NSA and the CIA are top-notch secret service agents -they are indeed in spreading disinfo and messing foreign policies but no epic "spies" there... again, all the stupid nonsense stuff coments directly disregard most of snowdens�s statements, its crazy, all experts on snowden and intelligence lol but you all seem to have read NONE of what he stated... :P and yes again, get some logic... in the imaginary world were the NSA is super hi tech and has super spies like the one on comics and shit ... they would "bug" a KEYBOARD LMAO being sent to that particular person? LMAO... google social engineering cause that was mostly the "hacking" being done by the NSA, not to be rude but the ignorance is high on some ppl here
      [ link to this | view in chronology ]
      - John Fenderson (profile), 24 Jan 2014 @ 2:18pm
        
        Re: Re: Re: Re:
        in the imaginary world were the NSA is super hi tech and has super spies like the one on comics and shit ... they would "bug" a KEYBOARD LMAO being sent to that particular person?
        
        You haven't been keeping up. It has been recently confirmed that the NSA does precisely this, by the NSA itself. They do say they don't do this domestically, but at this point, who would be foolish enough to take them at their word?
        [ link to this | view in chronology ]
      - AricTheRed (profile), 24 Jan 2014 @ 3:17pm
        
        Re: czxc Re: Re: Re: Re:
        I am not PARANOID! "They" Really are out to get me!
        [ link to this | view in chronology ]
        
        Fushta (profile), 29 Jan 2014 @ 12:11pm
        
        Re: Re: czxc Re: Re: Re: Re:
        Speaking of paranoid; if you live in Alexandria, VA, and order a computer (or computer component), how do you know if it was diverted or not?
        [ link to this | view in chronology ]
        
        PRMan, 28 May 2014 @ 2:14pm
        
        Re: Re: Re: czxc Re: Re: Re: Re:
        Easy. If it got delivered to Alexandria, VA twice, then you know.
        [ link to this | view in chronology ]
  - julius, 24 Jan 2014 @ 1:32pm
    
    Re: Re:
    Yeah, seems pretty logical to "wire" in that crazy way you say into a keyboard being sent to one of the devs behind TOR. my grandma would notice an intervention like the one you speak of Lol... oh boy...
    [ link to this | view in chronology ]
    - nasch (profile), 24 Jan 2014 @ 3:49pm
      
      Re: Re: Re:
      Besides the writing style, we can tell that julius and czxc (and an Anonymous Coward) are the same person by the gravatar. Thought you should know.
      [ link to this | view in chronology ]
      - btrussell (profile), 25 Jan 2014 @ 4:59pm
        
        Re: Re: Re: Re:
        Gravatars
        http://en.gravatar.com/
        
        I think you meant avatar.
        [ link to this | view in chronology ]
        
        nasch (profile), 25 Jan 2014 @ 6:42pm
        
        Re: Re: Re: Re: Re:
        I think you meant avatar.
        
        My understanding is the images generated for non-signed in users on Techdirt are from Gravatar.
        [ link to this | view in chronology ]
  - Jerrymiah, 24 Jan 2014 @ 5:02pm
    
    Re: Re:
    NSA does have that possibility. They've screwed up the cryptographic standard so bad that they can access any computers whenever they want.
    [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 12:45pm
  
  Re:
  You mean a keylogger?
  [ link to this | view in chronology ]
- John Fenderson (profile), 24 Jan 2014 @ 1:05pm
  
  Re:
  Has malware reached the point where it can be installed on a keyboard?
  
  it's been at that point for years. Also, printers.
  [ link to this | view in chronology ]
  - This comment has been flagged by the community. Click here to show it
    
    John ur an idiot, 24 Jan 2014 @ 2:17pm
    
    Re: Re:
    Not even remotely the point. The subject matter is the NSA and their workings right? Or have I missed the subject? Please do an effort to think clearly, read some Snowden as it was CASH that did the work and no, they didn�t bugged this womans� keyboard, sorry, she rushed to tweet sadly. As a) as some other person says, it�s AMAZON, expect screw ups her relation to TOR does not make her immune to human idiocy. b) no even REMOTELY basic analysis of her keyboard was made... a check for nothing unless proven wrong -which she didn�t at the time- but hey let just jump into conclusions real quick!!! it makes good articles! PARANOIA SELLS!!! ... not even a photo the keyboard even ripped apart. If she did it as some sort of decoy as to check if the NSA was checking her online transactions, then again, where is the FUCKING KEYBOARD SNAPSHOT?! Could waited two days or half a day at least and get anyone to crack open the keyboard... she prolly didn�t meant all the fuss but this kinda shit SELLS and thats media be it tech dirt or whatever, note is a joke but a hook that gets 800 comments based on a snapshot and a tweet...great journalism
    [ link to this | view in chronology ]
    - John Fenderson (profile), 24 Jan 2014 @ 2:22pm
      
      Re: Re: Re:
      Settle down, Beavis.
      
      I was answering a specific question about malware vectors. I was not talking about what may or may not have been done in this particular case. I am certainly not jumping to any conclusions.
      
      The rest of your comment is hysterical, in both senses of the word. Snapshot of the keyboard? Why? It would reveal absolutely nothing, even if it had been compromised.
      [ link to this | view in chronology ]
    - techflaws (profile), 25 Jan 2014 @ 4:20am
      
      Re: Re: Re:
      Says the idiot too stupid to understand the concept of Gravatars. Impressive!
      [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 1:21pm
  
  Re:
  zzz malware on old mac keyboard in kylogger years ago.
  [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 4:13pm
  
  Re:
  Umm...yes it can. Take an hour and watch this.
  https://www.youtube.com/watch?v=vILAlhwUgIU
  [ link to this | view in chronology ]
- TiagoTiago (profile), 28 Jan 2014 @ 4:58pm
  
  Re:
  They could just intercept the data being sent thru the wires and then send it out via a GSM modem hidden in the circuit boards
  [ link to this | view in chronology ]
Me, 24 Jan 2014 @ 12:40pm

NSA Liars
IF this was an interception, the NSA heads, Holder, Verrili and Obama should be charged with crimes and perjury for claiming this didn't happen domestically.
[ link to this | view in chronology ]
- This comment has been flagged by the community. Click here to show it
  
  Anonymous Coward, 24 Jan 2014 @ 2:22pm
  
  Re: NSA Liars
  it�s not. it�s the media cashing out on a person�s tweet about her being a bit restless about the delivery of the keyboard. It SELLS. Period. TechDirt is mainstream media too or so it seems as this is a REAL joke of an article and again, she probably didn�t tweeted for attention, the media including this one is making this idiot story about super "malware"-"viruses" (its virii actually but hey go ahead) or some of the crazy stuff being written. yeah yeah the CIA and the NSA has been known not only for sticking "malware" on keyboards, printers and even mouses but here comes the worst part: EVEN YOUR MICROWAVE OVEN CAN BE WIRED! FACT! And beware of your toaster its tracking your bread eating habits
  [ link to this | view in chronology ]
  - John Fenderson (profile), 24 Jan 2014 @ 2:55pm
    
    Re: Re: NSA Liars
    How long have you been working for the NSA? Just curious...
    [ link to this | view in chronology ]
  - mudlock (profile), 24 Jan 2014 @ 3:02pm
    
    Re: Re: NSA Liars
    Three.
    [ link to this | view in chronology ]
    - Anonymous Coward, 24 Jan 2014 @ 6:02pm
      
      Re: Re: Re: NSA Liars
      Let's hope, otherwise you've just misrepresented the law in a manner the aforementioned agency can trace back to you.
      [ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 12:47pm

If this is true then it's troubling on several levels. One is they are actively and in real time monitoring people here, they can hack, re-route or intercept packages and/or Amazon is willingly complying with the NSA to re-route packages.

If any of this is remotely true it'll make me hesitant to buy anything electronic online, like my next computer. Back to buying parts and building my own after inspecting the components for odd looking bits hot glued to them.
[ link to this | view in chronology ]
Eponymous Coward, 24 Jan 2014 @ 12:57pm

A Contrarian View...
I actually think for this group this is a very good thing, not that they are targeted in this way by the NSA mind you (if that is what's going on), but that they are seeing the process unfold first hand. If I were a hacker heavily interested in the NSA's tactics and tech I would look upon this as a late X-mas gift! An above reply said they would burn this computer which I think is idiotic for I would tear this computer apart to find what they altered and assess its capabilities. Meanwhile I would document this whole ordeal to use for a future expose, or lecture at a havking convention. I almost wonder if this could be honeypot situation where they were ordering from Amazon in the hopes that this would happen. You'd think that since they are aware of such issues as NSA interdiction a person connected to the organization would be apprehensive to order online for this very reason, but that's a lot of conjecture on my part. In the end though I think they'll have some fun with this and we'll be hearing more about it later.
[ link to this | view in chronology ]
Moe, 24 Jan 2014 @ 12:58pm

Zip+4 Address
I'm not sure why Mrs. Shepard blacked out her address and left her Zip+4 there. 98122-2990 narrows it down to 1819 23rd Ave., Seattle.
[ link to this | view in chronology ]
- jordan, 24 Jan 2014 @ 7:12pm
  
  Re: Zip+4 Address
  I'm not sure why Mrs. Shepard blacked out her address and left her Zip+4 there. 98122-2990 narrows it down to 1819 23rd Ave., Seattle.
  
  Say what? TOR developer who orders from Amazon? Wait! Even can't black out her zip+4?
  
  Something not right here.
  [ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 1:01pm

I don't buy any of my electronics online anymore. It's just too risky getting a BIOS trojan these days. Brick and mortar stores are the future.
[ link to this | view in chronology ]
Oceania, 24 Jan 2014 @ 1:02pm

Remove the bios from the mother board - and replace with a freshly burnt PROM.
Check some of your other SMDs onboard for flux from replacement, and look for other issues around network hardware.

Use another hard drive and ... problem solved.
[ link to this | view in chronology ]
- TiagoTiago (profile), 28 Jan 2014 @ 5:01pm
  
  Re:
  Unless "they" got to the factory. We know they don't refrain from mass surveillance....
  [ link to this | view in chronology ]
Moe, 24 Jan 2014 @ 1:03pm

Blame US Postal Service, not Amazon
This is most likely the work of the shipping carrier, the US Government owned USPS (aka the Post Office) who delivered this package. It was done by USPS without Amazon's authorization most likely.
[ link to this | view in chronology ]
WobblesALot, 24 Jan 2014 @ 1:12pm

It was probably sent by a carrier such as UPS, Fedex and then handed off for final delivery to USPS. She needs to produce the USPS tracking information to see when the package entered the USPS network. So why not just do that as well as the Amazon tracking detail?
[ link to this | view in chronology ]
- Chronno S. Trigger (profile), 24 Jan 2014 @ 1:17pm
  
  Re:
  It says the carrier is USPS. UPS or FedEx probably weren't involved at all. I've gotten several packages delivered from Amazon directly threw USPS.
  
  Though, I wouldn't trust UPS ether. They've taken to using USPS themselves for the last leg of the trip.
  [ link to this | view in chronology ]
  - Anonymous Coward, 24 Jan 2014 @ 2:23pm
    
    Re: Re:
    UPS and FEDEX have partnered up with USPS under a program called "SmartPost" where the package is handed off to the USPS for final delivery. The premise here is that it saves customers and the aforementioned carriers a few cents. The reality is it briefly puts a package in the hands of the feds that otherwise would be much harder to inspect and/or compromise in the hands of a 3rd party private courier.
    [ link to this | view in chronology ]
    - WulfTheSaxon (profile), 24 Jan 2014 @ 7:02pm
      
      Re: Re: Re:
      Not sure about FedEx, but you can use UPS MyChoice to selectively or automatically upgrade packages before they�re handed off to the USPS.
      [ link to this | view in chronology ]
      - Anonymous Coward, 24 Jan 2014 @ 9:28pm
        
        Re: Re: Re: Re:
        Don't get me wrong, SmartPost is generally a user selected option. However, I can foresee a day when it's the standard. When all else fails, the PTB usually attempt to rule by degrees (incrementalism).
        [ link to this | view in chronology ]
toyotabedzrock (profile), 24 Jan 2014 @ 1:18pm

Wow they screwed up. I hope we get to see the type of hardware they use and the software.

Even better lets see what frequencies they use!
[ link to this | view in chronology ]
ST, 24 Jan 2014 @ 1:24pm

Wow!
Wow! This gal (and a lot of people commenting) need to get out and check the real world every once in a while. It is a very straightforward delivery screw-up. I'm not sure how you reconcile the "NSA-know-it-all-nefarious-out-to-get-you-very-powerful-very-sneaky" type you all talk about with what would clearly be the dumbest way of intercepting a package. Have you guys heard of Occam's Razor? How about a package being sent to the wrong destination by a not-very-competent service?

I've had a coffee machine that was supposed to be delivered from the west coast to the east one, reach Newark, cross the Atlantic and hit Paris and then piruet, go to Memphis and then merrily reach the East Coast. I thought it was a simple routing mistake and I still do. However, I would like to know how many of you think the French DGSE put some chip on it to check on my coffee-drinking habits.
[ link to this | view in chronology ]
- Chronno S. Trigger (profile), 24 Jan 2014 @ 1:35pm
  
  Re: Wow!
  Everything posted here is just hypothesis. The idea that it was a shipping mix-up has already been postulated in the article and by Andrea herself. That is, as you say, the simplest possibility and has already been hashed out as far as possible. The other possibilities are just more interesting.
  
  No one here is saying with 100% certainty that the US government is behind it. We're just it's vary possible and this is how they might have done it.
  [ link to this | view in chronology ]
- John Fenderson (profile), 24 Jan 2014 @ 1:40pm
  
  Re: Wow!
  Actually, Occam's razor doesn't help much in this case. It's not just that the package was diverted. It's that it was diverted to Dulles, VA. That's very suspicious. Also, the person involved works with software the spies hate. Two points in favor.
  
  On the other hand, you'd think that they wouldn't be so careless that the diversion would show up in the package tracking.
  
  So, looking at it from an Occam point of view, it's pretty 50-50.
  [ link to this | view in chronology ]
  - Anonymous Coward, 24 Jan 2014 @ 2:39pm
    
    Re: Re: Wow!
    "On the other hand, you'd think that they wouldn't be so careless that the diversion would show up in the package tracking."
    
    Exactly Johnny. That is unless they want this knowledge publicized - again - promoting fear and paranoia about the very technology they once thought they dominated, but instead has been the primary source of their proverbial undoing when utilized by the common man.
    [ link to this | view in chronology ]
    - TiagoTiago (profile), 28 Jan 2014 @ 5:04pm
      
      Re: Re: Re: Wow!
      For psych wars they don't even need to do any actual modifications. And actually, that might even be more effective, spreading rumors they are so good you can't detect what they did even with physical access.
      [ link to this | view in chronology ]
- Dan, 24 Jan 2014 @ 3:43pm
  
  Re: Wow!
  You are a nobody to the NSA and their associates, a developer for the Tor project however is a lot different.
  [ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 7:16pm
  
  Re: Wow!
  Nope they just peed in it before sending back.
  [ link to this | view in chronology ]
OldMugwump (profile), 24 Jan 2014 @ 1:27pm

Let's all calm down a little
All we have is a misrouted ThinkPad keyboard.

Yes, it was misrouted to Alexandria, and a keyboard is an ideal place for a keylogger/keysniffer.

But there are plenty of legitimate (I mean non-government-connected) businesses and people there.

Most likely, this is nothing but a shipping mistake.

We shouldn't jump to conclusions on such thin evidence.

That said - it's worth further investigation. By all means, talk to Amazon and USPS and see what they say. And examine the keyboard carefully - looking for mechanical, electrical and RF anomalies. (Best to get an identical keyboard from another source for comparison.)

Probably you'll find nothing. If and only if you find evidence of tampering, THEN you have a smoking gun.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 1:35pm

Thanks, NSA.
The new "Thanks, Obama."
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 1:40pm

It was foolish to bring attention to it. If this really was an interception, it could have been software only and could be made to remove itself remotely and leave no trace.
[ link to this | view in chronology ]
- John Fenderson (profile), 24 Jan 2014 @ 2:23pm
  
  Re:
  Not if she never connects it to the net, it can't.
  [ link to this | view in chronology ]
  - Anonymous Coward, 24 Jan 2014 @ 3:00pm
    
    Re: Re:
    assume for a moment, that what ever bug is in there has a cell modem. the few mw power would be hardly noticeable and you could not prevent it from connecting.
    [ link to this | view in chronology ]
  - Anonymous Coward, 24 Jan 2014 @ 3:46pm
    
    Re: Re:
    From what we've learned about the NSA's ANT catalog, that's a rather naive argument to take.
    [ link to this | view in chronology ]
ArkieGuy (profile), 24 Jan 2014 @ 1:42pm

Hanlon's Razor
Never attribute to malice that which is adequately explained by stupidity.

Keep in mind folks, this is the USPS (you know, the guys that go "postal" all the time) - chances are someone simply screwed up and delivered to the wrong address.

With that said, anyone interested in 40 acres of ocean front property I have in Arkansas?
[ link to this | view in chronology ]
- John Fenderson (profile), 24 Jan 2014 @ 2:25pm
  
  Re: Hanlon's Razor
  Sure, misdeliveries happen -- but they're very, very rare, even by the USPS. I get, on average, about 5 USPS-delivered parcels a week. Not once has any of them been misrouted.
  [ link to this | view in chronology ]
afn29129 (profile), 24 Jan 2014 @ 1:43pm

Zip-plus 4
Actually if you're gonna black-out your address you should also black-out the last 4 digits of the ZIP-plus-4.
Now we know which apt building you live in.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 1:52pm

I've actually met Andrea in person (she graciously agreed to sign my PGP key), and there's a couple things that seem to make an NSA interdiction more probable, in my mind.

First, unsurprisingly, Andrea uses Linux. But that's not the point I want to make, in of itself. She's also a developer, familiar with tweaking source code, recompiling it, and using it in her daily activities.

Further, she also uses a metal attache case to transport her laptop, specifically because it acts as an excellent Faraday cage. (I don't know if she was just joking when she gave that as her reason for using the case, but she sounded quite serious!)

It wouldn't surprise me if somebody decided that it was too risky to try a software penetration (she alerted to the fact that my anti-virus falsely triggered on one of her emails, until I was able to demonstrate that it was normal activity), and somewhat difficult to remotely compromise one of her machines. They wouldn't even be sure that whatever bugs or backdoors they're using still exist, because she modifies and recompiles her own software on a regular basis. Conversely, a new hardware order would provide an excellent way to get access.

Is it possible that it's just a shipping shenanigan? Yes, of course. But it would not surprise me if somebody felt they had to go hardware to try and compromise Andrea's systems, that's all I'm saying.
[ link to this | view in chronology ]
krolork (profile), 24 Jan 2014 @ 2:12pm

We need a revolution.
[ link to this | view in chronology ]
- Anonymous, 24 Jan 2014 @ 3:21pm
  
  Re:
  Don't you know that you can count me IN!
  [ link to this | view in chronology ]
- OldMugwump (profile), 25 Jan 2014 @ 8:50am
  
  Re: We need a revolution.
  We may need one, but at this point the revolution would LOSE.
  
  This is still more-or-less a democracy - people elect the criminals who authorize and defend this stuff.
  
  As long as that continues to be the case, any revolution will fail. And if/when the electorate wakes up or finds their moral compass, then a revolution won't be necessary.
  
  Revolutions tend to be bloody, killing a lot of innocents. Let's try to avoid it if we can. Especially so if the result is going to strengthen the state rather than weaken it.
  [ link to this | view in chronology ]
Matthew A. Sawtell, 24 Jan 2014 @ 2:48pm

To paraphrase a quote the movie, "The Guard"
You know, I can't tell if you're really m--herf--kin' dumb, or really m--herf--kin' smart.
[ link to this | view in chronology ]
- Matthew A. Sawtell, 25 Jan 2014 @ 6:23am
  
  Re: To paraphrase a quote the movie, "The Guard"
  Think about it, Bezos and Crew have been slapped with probably another set of orders that they cannot directly divulge - but attempted at least one 'slight warning'. Question is, can this be done again, or with the folks in the Beltway cover this 'loophole' on the next set of orders.
  [ link to this | view in chronology ]
Anonymous, 24 Jan 2014 @ 3:18pm

"...breaking Tor is a priority that has mostly stymied them...". The government can't break something they helped design? Uh-huh. Yeah, and who's this Dread Pirate Roberts guy anyway?
[ link to this | view in chronology ]
- mudlock (profile), 24 Jan 2014 @ 3:23pm
  
  Re:
  NSA can't break something NRL didn't back-door for them.
  [ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 3:29pm

As great an opportunity as finding a tracking device to tear apart.
This is a great opportunity to tear it down in both hardware and software and report some type of definition that the rest of us could look for in our search for this stuff on our own equipment.

Congrats on winning the lottery, I look forward to my own "special software" on my next purchase.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 6:51pm

Check the DNS
My internet got reaaaaaal slow after I posted here on Techdirt. Pages would often timeout.

It's a pattern I've seen before, commented on NSA articles here on Techdirt, DSL got real slow. ISP couldn't fix it, next doors DSL was fine, changed the router, DSL back to normal speed. Comment again on Techdirt, DSL suddenly real slow again.

A tracert doesn't show any extra hops, but there is a huge gap in the routing delay, its very easy to hide extra hops so you cannot rely on tracert.

Switched to fibre, real fast, comment on techdirt, real slow again.

This time I tried messing with the DNS, switching to Google DNS and Open DNS etc. makes it real quick again.

IMHO, maybe the attacks are done via the DNS, returning new IP addresses for existing sites, then man in the middle that traffic.

How would it work with https traffic? I don't yet know, but https traffic suffered exactly the same.
[ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 9:21pm
  
  Re: Check the DNS
  Slowed to a crawl here too. Also, the avatars of each and every "insider" were substituted by a generic silhouette. Seems to be fine now.
  [ link to this | view in chronology ]
  - Anonymous Coward, 24 Jan 2014 @ 9:35pm
    
    Re: Re: Check the DNS
    I do believe it means someone hit a rather sensitive nail on the head though.
    [ link to this | view in chronology ]
Just Sayin', 24 Jan 2014 @ 10:44pm

looks more like
It looks more like a bit of a setup. It could also be a transposition error on the zip code (dyslexia does exist), or for that matter that a large shipment was going there, and her package got "wrapped" onto a pallet.

My guess is more along the lines of someone trying to stoke the fire against NSA by setting things up. I suspect that the full order from Amazon includes a gift address that isn't showing.
[ link to this | view in chronology ]
Warrior, 24 Jan 2014 @ 11:59pm

Even usb cables are used to spy look here:

http://arstechnica.com/information-technology/2013/12/inside-the-nsas-leaked-catalog-of-surveil lance-magic/
[ link to this | view in chronology ]
Yeah Right, 25 Jan 2014 @ 3:39am

Even if the keyboard wasn't tampered with, a fed rerout - if genuine - is sending the intended message: 'We are all powerful and we've got our eye on you.'

We've entered Third Reich territory. We're all living under a virtual occupation. Time to get the Resistance organised.
[ link to this | view in chronology ]
- nasch (profile), 25 Jan 2014 @ 6:36am
  
  Re:
  We've entered Third Reich territory.
  
  Either that, or a shipping company screwed up.
  [ link to this | view in chronology ]
Jim, 25 Jan 2014 @ 9:50am

Similar Experience
I bought a Google Chromecast device through Amazon. The order was placed on 12/26/2013. The estimated delivery date was 1/3/2014. THe device was finally delivered to my home in Phoenix on 1/14/2014. The Fedex Tracking had the package start in Reno, NV. From there it went to (in order):
Sacramento, CA
Los Angeles, CA
Atlanta, GA
Dallas, TX
Phoenix, AZ

You can call this crazy Fedex distribution routing, but I have NEVER seen anything remotely like this. I kept the product and will be having it analyzed.
[ link to this | view in chronology ]
diane, 25 Jan 2014 @ 1:34pm

And why is Andrea an Amazon supporter/customer?
It�s hard to have any sympathy whatsoever for someone who orders through Amazon. What? She doesn�t know about Amazon�s horrid warehouses? Amazon�s cloud servicing the CIA? Bezos� disdain and contempt for the average human? I suppose she also has a gmail account and a facebook page?

She�s clearly one of the many who have made Amazon, et al, relevant and dragged the rest of us, who�ve watched in horror for at least a decade now, into a world where Amazon, Google, Apple, PayPal, eBay, Facebook, Twitter, et al, violate, hand in hand with the Fascist (for lack of a more horrific and current adjective) U$ Government, with impunity.

It�s also truly sickening to see so many of those Blawwgers!!! - who fervently aided in making Sly Con Valley the monster that it is � finally, way too late, talking against it with no apology, or recognition, that they trashed others as Luddites, Trolls� even, for at least a decade, whenever those Luddites expressed concerns re Amazon, Google, Apple, PayPal, eBay, Facebook, Twitter, et al, and the swift trajectory where someone like the sociopath Kurzweil (who has been connected with the Defense Industry for decades, to my understanding) is rapidly approaching his, Go Daddy!, 100% Mechanized World run and imagined by Thought Leader ! ...� Papas [only!], wet dream.

Post Script: And about kade? kade is well past the time in which he should explain why the ACLU has a Face Fiend page.
[ link to this | view in chronology ]
Mike Gale (profile), 25 Jan 2014 @ 1:42pm

Mistrust of the Government
The thing that strikes me here is the mistrust and paranoia (justified) that I see.

A few people (in the law, elected reps, management of the securocracy) have started the rot that is progressively destroying faith in government and business.

A slogan of the US, is mutating into something like:

Government of the sheople, by the devil, for the psychopaths.

Sad. I believe that the majority in the occupations that are starting to stink are decent people. The organisations that made this happen, are, in their present states, not fit for purpose in the current age.
[ link to this | view in chronology ]
Peter Gerdes, 27 Jan 2014 @ 11:07am

This is totally ridiculous.

First, the NSA would only want to intercept a keyboard to do data interception. But there is no reason for them to intercept the data of a tor developer, THE SOURCE CODE IS PUBLIC ALREADY. Unless they think the developer is themselves a terrorist they could care less what they type.

A keyboard would be useless for planting bugs in software. Even if they had the whole computer it would be extremely difficult to leverage that control to force the insertion of backdoors into the code (it would be much easier to hack into github or wherever the `canonical' version of the tor source is held and insert bugs there...even if there is no defacto canonical repository it would be extremely difficult to hide the introduced bugs from the developer while not disrupting the normal diff/compile/run development process).

If the NSA was sophisticated enough to implement this kind of extensive system compromise (all the tools used by the developer must appear to work normally EXCEPT the hash of any commit needs to include the modified source AND any commit needs to include the modifications BUT somehow when the developer turns the commit into a patch and examines it in ANY text editor it must not appear) they surely wouldn't screw up at the step where they divert the package.
[ link to this | view in chronology ]
- diane, 27 Jan 2014 @ 1:23pm
  
  Re: Peter Gerdes/This is totally ridiculous.
  Unless they [the NSA] think the developer is themselves a terrorist they could care less what they type.
  
  What rarified world, and/or lies, are you living in ...and/or promoting? so very late after the sun set and the gathering left ....until the piece is revisited?
  [ link to this | view in chronology ]
atum, 27 Jan 2014 @ 12:52pm

change a chip or chips simple. source intercept destination easy. all computer are on the network can be seen. company developed software cambridge, mass. in the early 90's
[ link to this | view in chronology ]
Worried, 27 Jan 2014 @ 10:16pm

Amazon repeatdly rebilled my credit card. Wrogly. 5 times before I finally got them to stop.
[ link to this | view in chronology ]
tbg, 6 Feb 2014 @ 12:29pm

They will go after anyone
It happened to my computer as well
Don't let them get by with the line "

We only go after legitimate targets

I am a teacher and they went after me

I helped a friend write a complaint to a Judicial Ethics Commission pointing out
blatant fraud, and unethical conduct by a Judge and Amicus Attorney.

Approximately 4 days before the complaint was to be filed, I had 3 windows based computers on my home network rendered to Digit zeros with with evidence documents and other exhibits for the complaint destroyed.

At the time, I didn't really know what happened and just assumed it was a virus that hit my network and all I needed to do was to do were reinstalls of the computer operating systems and all would be well. I was wrong. Even to this day, I continue to have network and computer problems.

After the network attack, the windows computers were rendered as junk. I ordered a new Macbook Pro thinking that a new computer would solve the network problems. The network problems continued. Shortly after the new Macbook Pro was delivered to my home from the Apple online store, I discovered that the EFI Firmware Password had been set before it was delivered. Somebody had tampered with this computer before it arrived at my home. Apple stated that they did not know how this would have happened and they agreed to replace the computer with the one that I
am now using.

I continued to have problems.The recent NSA leaks confirmed my suspicions that I was targeted, but I still have a hard time believing that the government would do such a thing.

After the Snowden revelations, I was determined that I was going to find out for sure and press the issue with Apple. I could never get Apple to do any followup calls to address my issues. Before this
ordeal, I knew very little about computers, but I have educated myself to an extent and Apple cannot or will not answer my questions. When no Sr. Apple Technician in the United States will return my calls, it seems that all my calls to Applecare are routed to Applecare in Canada.

Recently a Sr. Level Apple Advisor in Canada stated to me that when Apple initially replaced the computer which had the firmware tampered with, they replaced it with a computer that did not have the standard operating system that it should have had. The replacement computer had a modified operating system installed.

Why would Apple do this? This is the question that I asked the Sr. Level Apple Advisor and he said he did not know why this was done nor did he know why or how the firmware was tampered with.
This has to stop
[ link to this | view in chronology ]
- nasch (profile), 6 Feb 2014 @ 5:40pm
  
  Re: They will go after anyone
  I am a teacher and they went after me
  
  What a bizarre story. What sort of teacher are you? That's a lot of effort to go to if it really was someone behind the scenes (either NSA or someone else, would be impossible to tell) targeting you.
  
  I helped a friend write a complaint to a Judicial Ethics Commission pointing out
  blatant fraud, and unethical conduct by a Judge and Amicus Attorney.
  
  Approximately 4 days before the complaint was to be filed, I had 3 windows based computers on my home network rendered to Digit zeros with with evidence documents and other exhibits for the complaint destroyed.
  
  Sounds much more likely to be someone involved with the court system, I don't see why the NSA would get involved with a case like that. Then again, we still don't know nearly everything about how they operate.
  [ link to this | view in chronology ]
vancedecker (profile), 18 Mar 2014 @ 4:28am

Woah! That is odd.
I've never heard of a female developer. Are you sure she wasn't a graphics artist just adding some cute icons or design elements?
[ link to this | view in chronology ]
- vancedecker (profile), 18 Mar 2014 @ 5:00am
  
  Re: Woah! That is odd.
  Honestly though, after thinking about comment, that is seriously suspicious, and would actually be a legitimate target for investigation.
  
  Core developer? Are you sure?
  [ link to this | view in chronology ]
Thomas, 25 Mar 2014 @ 9:58am

Everybody knows..
Seriously, this would never normally show in tracking if it was being diverted by the government. Normally, packages diverted by the government for intervention will show departing the orginating center then simply disappear from network/tracking for 1 Week (often times exactly one week). The next update will be at the local processing center by destination city. The one week timeframe is estimated by them that an individual will accept that their package has been delayed somewhere and look past it without suspicion. Yes, the government uses this domestically all the time. They intercept, inspect, record and of course load malware onto anything and everything you can imagine...
[ link to this | view in chronology ]
Vernon_Simian, 29 May 2019 @ 5:45am

Just Customs
Packages from overseas are routinely diverted to customs for inspection. They cannot inspect every package but it is not unusual for your package to be delayed until it is inspected.
[ link to this | view in chronology ]
- WulfTheSaxon (profile), 29 May 2019 @ 8:15am
  
  Re: Just Customs
  This was a domestic package from Santa Ana, California to Seattle, Washington…
  [ link to this | view in chronology ]