This Week In 'The NSA Knows F**king Everything': How It Hacked Most Hard Drives And SIM Cards
from the call-it-a-twofer... dept
Thought that the revelations of NSA/GCHQ spying were dying out? Having some "surveillance fatigue" from all the stories that have been coming out? Have no fear -- or, rather, be very very very fearful -- because two big new revelations this week show just how far the NSA will go to make sure it collects everything. First up: your hard drives. Earlier this week, Kaspersky Lab revealed that the NSA (likely) has figured out ways to hide its own spyware deep in pretty much any hard drive made by the most popular hard drive manufacturers: Western Digital, Seagate and Toshiba.As the report notes, it appears that this is a kind of "sleeper" software, that is buried inside tons of hard drives, but only "turned on" when necessary. The report notes that it's unclear as to how the NSA was getting this software in there, but that it couldn't do it without knowing the source code of the hard drive firmware -- information that is not easily accessible. A few of the hard drive manufacturers have denied working with the government on this and/or giving them access to the firmware. It's possible they're lying/misleading -- but it's also possible that the NSA figured out other ways to get that information.Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.
The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the U.S. agency responsible for gathering electronic intelligence.
A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the spy agency valued these espionage programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.
And that brings us to door number two: your mobile phone's SIM card. Today, the Intercept revealed (via the Ed Snowden documents) how the NSA and GCHQ were basically able to hack into the world's largest manufacturer of mobile phone SIM cards in order to swipe encryption keys, so that your friendly neighborhood intelligence snooper can snoop on you too:
The details of just how the NSA hacked into Gemalto are quite a story -- and proves what a load of crap it is when the NSA and its defenders insist that they only target bad people. As former NSA (and CIA) boss Michael Hayden recently admitted, they actually like to spy on "interesting people." And who could be more interesting than the people who have access to the encryption keys on billions of mobile phones?The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
And, yes, both of these hacks basically involve giving the NSA an astounding amount of access to our electronic devices:
Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”Between both of these big stories this week, it's clear that the NSA is basically deeply buried in pretty much every bit of electronic equipment these days, with the tools ready to go to spy on just about anything. The idea that this power isn't being abused regularly is pretty laughable.
[....]
The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: certificate, encryption key, gchq, hacking, hard drives, malware, nsa, privacy, sim cards, spyware, surveillance
Companies: gemalto, samsung, seagate, toshiba, western digital
Reader Comments
The First Word
“Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
2) High level terrorist leaders avoid electronic communications, but use secure communications means like trusted couriers.
3) Protesters, and political organizers and parties that are outside of the main stream of politics pose a greater threat to the establishment that the terrorists, and are the real targets of all this surveillance.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Directed Energy Weapons
Five minutes on Google will give you hundreds of hits on building a damned powerful maser from an old microwave oven. Of course, about half of the plans have no shielding or collimator, so you'll fry yourself if you ever turn one on.
Hell, even a taser is a directed energy weapon. (aside... know what the taser acronym stands for? Thomas A Swift Electric Rifle (Yes, I'm old:)))
[ link to this | view in chronology ]
Re: Directed Energy Weapons
[ link to this | view in chronology ]
Re: Re: Re:
...and that is how I know it is you that are mistaken.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
This is why we need to have end to end encryption as a layer on top of the normal encryption that phones already use.
[ link to this | view in chronology ]
Shouldn't there be some prosecuter out there working on a CFAA case against them? I'm sure the NSA could get about 10,000 years in jail for that level of deep invasion into other people's technology.
[ link to this | view in chronology ]
Re:
Almost everyone is focusing on the NSA's ability to "get any data they want", but if the NSA and other TLA's are as deeply embedded into computer networks as they're rumored to be, then they have, or can get, Read-Write access to damn near anything they want. You have to assume they can trivially plant evidence as easily as they can retrieve it.
Unfortunately, If we've crossed the rubicon, you can be certain that any prosecutors, judges, politicians, etc, who might initially push back against the NSA and other assorted three letter agencies might quickly find themselves convinced to look the other way, lest they end up out of a job or in prison.
[ link to this | view in chronology ]
Re: Re:
due to the fact that the NSA can plant whatever they want (like CP) wherever they want !
THIS IS GREAT!!!
[ link to this | view in chronology ]
Re: Re: Re:
I did not buy that! the NSA bought it with my bank card !
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
That's exactly what would happen. Although for a politician or investigator, it wouldn't have to get to court - just to the press.
Our societies built-in skepticism and inclination to pre-judge guilt based on the news media is exactly why this would be such a nasty lever, were it to be used - People claim "it wasn't me" so frequently that no one pays attention when that might actually have been the case.
(please note, I'm not saying this has actually happened. I have not idea if it has or not. But assuming the NSA has its fingers into everything as deeply as it's been reported - there's nothing that can really prevent it.)
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Hard Drive Firmware
That's not to say that the NSA didn't have access to the firmware source. They certainly could get at it if they wanted. Just that they did not necessarily need the source in order to write this kind of malware.
[ link to this | view in chronology ]
Re: Hard Drive Firmware
[ link to this | view in chronology ]
Re: Hard Drive Firmware
[ link to this | view in chronology ]
Re: Re: Hard Drive Firmware
[ link to this | view in chronology ]
Re: Hard Drive Firmware
Once in, they could just use the host systems to deploy along with the manufacturer's change control and release, etc. no thats too fancy for them, I think they interrupted the shipments; it wasn't just switches or routers...
[ link to this | view in chronology ]
Re: Re: Hard Drive Firmware
I got a 500gb WD that is still working, although it needs to have its circuit board changed, since about 5 months, didn't get to order one because I'm kinda annoyed that I will have to get the circuit board from anybody like that. (such a thing didn't bother me the other times I changed circuit boards on hard drives, but that was in 2006-2007. Kind of before a lot of things went to shit.
[ link to this | view in chronology ]
Re: Re: Re: Hard Drive Firmware
You mean before you knew about it.
[ link to this | view in chronology ]
Re: Re: Re: Hard Drive Firmware
[ link to this | view in chronology ]
Re: Re: Re: Re: Hard Drive Firmware
[ link to this | view in chronology ]
Re: Hard Drive Firmware
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
If only we had some kind of department or agency in charge of dealing with that sort of thing.
[ link to this | view in chronology ]
Re:
Of course not. If they close holes, then they can't use those holes.
[ link to this | view in chronology ]
Re: Re:
Should we start passing around the butt plugs or should we wait till our holes are sore from the agencies first?
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
And now, those of other nations who were'nt aware the extend of our "beloved" intel agencies......what are they gonna do, ignore it, call for a stop, or force a similar implementation they wouldnt have otherwise, thanks to our "beloved" intel agencies showing them just how far they went..........another bloody war, albeit a digital one, everything is fucking war with them........their gonna keep escalating and escalating, one side then the next, trying to get a one up over another, before you know it, the internet will be the most insecure it has been in its entire fucking lifetime, opposite to the justification that their "protecting" the internet.........f good for nothings, instigators of war.......no, instigators of big guy vs little guy in their struggle for dominance
[ link to this | view in chronology ]
I read in another article that a company was asked by the government who were gonna implement their ?something?, to hand over readable source code of their propriety software, for security reasons, which i might add the public has as much right to as well, anyway, the company representative suggested that it could be likely that they keep that source code indefinatly, which at minimum says there is no prior agreement to delete the cide once audited
I think its plausible that a government would pull the national security card, and demand the source code, so yeah, in this respects, i do believe they have access to to what is normally closed source material in the public
and i strongly suspect, considering the obvious benefits to entities such as our "beloved" intel agencies, that they have the samething going on with closed source phone modems, a bit of kit that can recieve/send data REMOTELY
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Time for an Update...
If not, it looks like it is time that people stop using their cell minutes and switch to using VOIP over SSL and just using their data plans...
[ link to this | view in chronology ]
Re: Time for an Update...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
"Oh, hey, sorry about the compromised crypto keys on that first SIM, here's a free replacement. We know that _these_ crypto keys are secure because, well, Um...."
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The current crypto key generation model saves time and costs associated with key generation at the time of deployment, and frankly, is probably a large part of why deployment is so smooth (I can go to my cell phone carrier today, ask for a SIM card, and get one, pretty much no questions asked).
(and, by the way, anyone know if the SIM's pre-printed ID is also the key? From what I"ve seen, the crypto algorithms are clearly symmetric, there's no reason the SIM ID couldn't be the actual crypto key)
[ link to this | view in chronology ]
Did the NSA need the hard drive firmware source ?
The EFF's article, however, concludes that "at least two published projects from years past have demonstrated otherwise".
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
This is about the crypto used in the communications with the cell tower. That crypo's primary purpose is to ensure that no unauthorized phones are using the cell system. It's not really intended to protect your privacy as such.
The breaking of the crypto exposes real vulnerabilities, though, and can make it possible for attackers to gain total access to your phone. If they have that, then they could obtain the private keys to your own crypto. If that happens, all bets are off.
[ link to this | view in chronology ]
Connecting the Dots
[ link to this | view in chronology ]
Re: Connecting the Dots
Or not, since there's no indication that these kinds of activities have stopped. At this point, I don't see why a reasonable person would believe anything the NSA says*.
*Yes, I am going out on a limb and saying that if you believe anything the NSA says, you are nuts.
[ link to this | view in chronology ]
Kinda what I thought a long time ago, and why I still don't have a cell phone.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
I wonder what those who use these tools think if/when they see these stray comments predicting correctly what their doing........do they have any regrets...., i want to say no
[ link to this | view in chronology ]
Hard to sound crazy, but. . .
But that's just crazy talk. . . right?
[ link to this | view in chronology ]
Re: Hard to sound crazy, but. . .
E.g. you can bypass the authentication and gain root access by modifying the kernel boot parameters in GRUB. Disk encryption helps a lot in this scenario, but since we assume physical access, a key logger or well-placed camera should work fine against password-protected disk encryption...
[ link to this | view in chronology ]
Re: Hard to sound crazy, but. . .
that is the hole reason they are fighting against it!
[ link to this | view in chronology ]
>_
[ link to this | view in chronology ]
You know it.
:-P
Real cool. Stay safe and sane guys. Everyone I know likes your work;
Im at at a UNION now. ;-)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Good news is that post-Snowden they have probably become so paranoid about access as to cripple their operations. It is also likely that they have tightened up vetting on staff to the point where only the most useless authoritarian, aspergers types make it through. This is on top of the major recruitment problems that will already have resulted from widespread public outrage.
Keep it up friends. The alphabet bandit agencies are dangerous, criminal organizations. Keep repeating it. Again and again. Until they are so toxic that no one wants to associate with them.
[ link to this | view in chronology ]
So how many ST506's do you think it will require to install Call of duty? Will be fine if i set aside a room for them :D
[ link to this | view in chronology ]
So basically, I'm now a terrorist even without any evidence against me. Oh well, I might as well go do what I'm accused of since I'm guilty until proven innocent through torture. See me beheading James Clapper in Daesh territory on YouTube next week!
[ link to this | view in chronology ]
wha?
[ link to this | view in chronology ]
Time for a new open source project
One to update hard drive firmware with a known _good_ (a.k.a. non-NSA bugged version).
The second to update the encryption keys in your SIM cards.
Boot from a known _good_ copy of Linux (read-only media), reflash HD firmware as soon as you open the box. Check again every so often to make sure it's still clean.
Installing a new OS used to consist of;
-Partition the hard drive
-Format the hard drive
-Install the OS
Now it needs to be:
-Reflash the hard drive firmware
-Partition the hard drive
-Format the hard drive
-Install the OS
Sure TAO can probably find a way to monkey with it again, but then they'll have to _actively_ do something. Surveillance has gone ultra-wide band because it's gotten so easy. When you used to have to break into some one's home or office, plant a bug, monitor that bug, transcribe what you hear, etc. not a lot of people were surveilled. Now you can just use a computer to tap the internet, track everyone by their cell phones, and now break into large numbers of computers using sleeper hard drive firmware from the comfort of their own offices.
We may not ever be able to completely stop the NSA/GCHQ/etc., but we can sure make it as difficult/time consuming/painful as possible.
Then _maybe_ they'll have to be a bit more particular about who they surveil.
[ link to this | view in chronology ]
Re: Time for a new open source project
Also: it would short sighted to assume the scope of the actions here is limited to hard drives. Yes, this set of recently released documents is HDD specific. Yes, HDD's make an excellent target for this attack vector, for a variety of reasons, not the least of which is that, being hard disks, storage space presumably isn't an issue and so you presumably wouldn't be so severely constrained on the size of the malware you were shipping. But hard disks aren't the only built-in peripherals that allow for field-upgradeable firmware. Video cards, mother boards, CPU's - almost all of them have some amount of field-writable, onboard storage coupled with the firmware that allows them to operate. In fact, while they'd be harder targets, they might well be more valuable.
After all: You can remove a potentially compromised HDD from a system entirely, and run it off of live media on thumbdrive/cd/dvd/etc. Most people would have a very hard time running that same live media system w/o a video card. Or a motherboard.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
If you can afford it, you too can buy your freedom - from persecution, from surveillance, from incarceration, from law, from taxes, from... whatever the particular level of freedom you can afford offers freedom from.
So the meme "Get rich or die trying." is now more than ever, the true motto of America.
---
[ link to this | view in chronology ]
Gummy Bear
But 3% of world is out of this thief. and in this 3%, many of them are scientists with very innovative researches.
They should open any history book and observe that no one is a friend of time. its a foe in the end. Statistically saying , future intelligence would be able to bash up these kinetic child of gods.
Adios.
[ link to this | view in chronology ]