This Week In 'The NSA Knows F**king Everything': How It Hacked Most Hard Drives And SIM Cards

from the call-it-a-twofer... dept

Thought that the revelations of NSA/GCHQ spying were dying out? Having some "surveillance fatigue" from all the stories that have been coming out? Have no fear -- or, rather, be very very very fearful -- because two big new revelations this week show just how far the NSA will go to make sure it collects everything. First up: your hard drives. Earlier this week, Kaspersky Lab revealed that the NSA (likely) has figured out ways to hide its own spyware deep in pretty much any hard drive made by the most popular hard drive manufacturers: Western Digital, Seagate and Toshiba.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the U.S. agency responsible for gathering electronic intelligence.

A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the spy agency valued these espionage programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.

As the report notes, it appears that this is a kind of "sleeper" software, that is buried inside tons of hard drives, but only "turned on" when necessary. The report notes that it's unclear as to how the NSA was getting this software in there, but that it couldn't do it without knowing the source code of the hard drive firmware -- information that is not easily accessible. A few of the hard drive manufacturers have denied working with the government on this and/or giving them access to the firmware. It's possible they're lying/misleading -- but it's also possible that the NSA figured out other ways to get that information.

And that brings us to door number two: your mobile phone's SIM card. Today, the Intercept revealed (via the Ed Snowden documents) how the NSA and GCHQ were basically able to hack into the world's largest manufacturer of mobile phone SIM cards in order to swipe encryption keys, so that your friendly neighborhood intelligence snooper can snoop on you too:

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

The details of just how the NSA hacked into Gemalto are quite a story -- and proves what a load of crap it is when the NSA and its defenders insist that they only target bad people. As former NSA (and CIA) boss Michael Hayden recently admitted, they actually like to spy on "interesting people." And who could be more interesting than the people who have access to the encryption keys on billions of mobile phones?
So, yeah, the NSA and GCHQ basically spied on IT folks at the company until they found a way in. So, the NSA spies on "bad guys" and "IT people" for the good guys. Because, I'm sure they'll claim, it helps them get the bad guys. We've seen this before, when the GCHQ hacked into Belgian telco giant Belgacom, allowing them to tap into communications at the EU Parliament. Hacking into various companies appears to be standard operating procedures for the NSA/GCHQ these days, with no thought to the collateral damage being caused.

And, yes, both of these hacks basically involve giving the NSA an astounding amount of access to our electronic devices:
Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

[....]

The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”
Between both of these big stories this week, it's clear that the NSA is basically deeply buried in pretty much every bit of electronic equipment these days, with the tools ready to go to spy on just about anything. The idea that this power isn't being abused regularly is pretty laughable.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: certificate, encryption key, gchq, hacking, hard drives, malware, nsa, privacy, sim cards, spyware, surveillance
Companies: gemalto, samsung, seagate, toshiba, western digital


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 19 Feb 2015 @ 2:36pm

    Why the fuck are these terrorists not in jail?

    link to this | view in chronology ]

    • icon
      jupiterkansas (profile), 19 Feb 2015 @ 2:44pm

      Re:

      Or a related question, since they pretty much have unrestricted access to everything, why is there still terrorism in the world?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Feb 2015 @ 3:05pm

        Re: Re:

        1) They have built such huge haystacks that they have to identify targets by others means, which works for interesting targets like Gemalto, but not terrorists.
        2) High level terrorist leaders avoid electronic communications, but use secure communications means like trusted couriers.
        3) Protesters, and political organizers and parties that are outside of the main stream of politics pose a greater threat to the establishment that the terrorists, and are the real targets of all this surveillance.

        link to this | view in chronology ]

      • icon
        Ninja (profile), 20 Feb 2015 @ 1:32am

        Re: Re:

        Silly. Terrorism is not their goal, it's just the bogeyman used to achieve total control.

        link to this | view in chronology ]

        • identicon
          Pragmatic, 20 Feb 2015 @ 5:11am

          Re: Re: Re:

          It's a handy standby for when 'communism' or 'socialism' don't scare us.

          link to this | view in chronology ]

      • identicon
        Anonymous Coward, 22 Feb 2015 @ 10:12am

        Re: Re:

        Probably because the NSA *are* the terrorists.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2015 @ 3:13pm

      Re:

      I think its time we demand that these criminals be put in jail.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2015 @ 4:47pm

      Re:

      Because their the ones who'd have to arrest themselves

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 2:48pm

    That's not a huge surprise. What are foreign agencies/terrorist doing in the US?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 19 Feb 2015 @ 2:49pm

      Re:

      They're doing less harm than NSA, CIA, etc.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Feb 2015 @ 3:20pm

        Re: Re:

        Through personal experience, I know you are mistaken.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 19 Feb 2015 @ 3:37pm

          Re: Re: Re:

          Even if I am mistaken, I don't see how any personal experience you have could demonstrate that. Can you be more clear?

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 19 Feb 2015 @ 3:51pm

            Re: Re: Re: Re:

            An entity is attacking me with directed energy weapons and particle beam weapons. It's mostly because they're dicks. All my stuff has been hacked too. Maybe by both sides.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 19 Feb 2015 @ 4:33pm

              Re: Re: Re: Re: Re:

              Please put on your tinfoil hat, go set under your pyramid, smoke some happy weed, and recite your daily prayers to your Marsian god.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 19 Feb 2015 @ 4:43pm

                Re: Re: Re: Re: Re: Re:

                This guy is probably one of them. They actually have disinfo guys stalk people around the internet to convince people directed energy weapons don't exist so their terror op will get through. 20 years ago these terrorism/intelligence practices were considered covert. Now a bored teenager can find the original research papers for some of the technology hosted on a .mil webpage in an afternoon of googleing.

                link to this | view in chronology ]

                • icon
                  Bamboo Harvester (profile), 20 Feb 2015 @ 5:25am

                  Directed Energy Weapons

                  What do you think that "Pulse" weapon is cops use from helicopters to disable cars?

                  Five minutes on Google will give you hundreds of hits on building a damned powerful maser from an old microwave oven. Of course, about half of the plans have no shielding or collimator, so you'll fry yourself if you ever turn one on.

                  Hell, even a taser is a directed energy weapon. (aside... know what the taser acronym stands for? Thomas A Swift Electric Rifle (Yes, I'm old:)))

                  link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 20 Feb 2015 @ 4:36pm

                    Re: Directed Energy Weapons

                    Some idiot has finally hooked an antenna up to the steering and acceleration/braking controls in some models. There should be a new rule. If you don't want it hooked up to the internet, don't put an antenna on it.

                    link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 Feb 2015 @ 3:46pm

          Re: Re: Re:

          Through personal experience, I know the probability that you have the clearance to view the information needed to quantify your claim is infinitesimally small.

          ...and that is how I know it is you that are mistaken.

          link to this | view in chronology ]

  • identicon
    Anonmylous, 19 Feb 2015 @ 2:48pm

    I wonder if this means Stingray stations, which only the FBI is allowed to (not) talk about, uses this technology to give LEOs a lot more info than they have admitted to.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2015 @ 8:36pm

      Re:

      I bet that is exactly why the FBI doesn't want to reveal how the stingrays work. If people realize that the FBI/NSA/(insert agency here) can capture packets and decrypt them without any notification or trail then I bet most people would be very quick to not communicate vital/private information over a cell phone.

      This is why we need to have end to end encryption as a layer on top of the normal encryption that phones already use.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 2:50pm

    So the NSA wears the biggest, blackest hat of all.

    Shouldn't there be some prosecuter out there working on a CFAA case against them? I'm sure the NSA could get about 10,000 years in jail for that level of deep invasion into other people's technology.

    link to this | view in chronology ]

    • icon
      sigalrm (profile), 19 Feb 2015 @ 3:24pm

      Re:

      Shouldn't there be some prosecuter out there working on a CFAA case against them

      Almost everyone is focusing on the NSA's ability to "get any data they want", but if the NSA and other TLA's are as deeply embedded into computer networks as they're rumored to be, then they have, or can get, Read-Write access to damn near anything they want. You have to assume they can trivially plant evidence as easily as they can retrieve it.

      Unfortunately, If we've crossed the rubicon, you can be certain that any prosecutors, judges, politicians, etc, who might initially push back against the NSA and other assorted three letter agencies might quickly find themselves convinced to look the other way, lest they end up out of a job or in prison.

      link to this | view in chronology ]

      • identicon
        good point, 20 Feb 2015 @ 7:30am

        Re: Re:

        thence EVERY DIGITAL evidence against everybody is invalid ...
        due to the fact that the NSA can plant whatever they want (like CP) wherever they want !
        THIS IS GREAT!!!

        link to this | view in chronology ]

        • identicon
          good point, 20 Feb 2015 @ 7:52am

          Re: Re: Re:

          and EVERY BANKING CARD TRANSACTION evidence is also invalid...
          I did not buy that! the NSA bought it with my bank card !

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 20 Feb 2015 @ 9:14am

            Re: Re: Re: Re:

            I'll use this excuse next time I make too many internet purchases while drunk, thanks.

            link to this | view in chronology ]

        • identicon
          Anonymous Coward, 20 Feb 2015 @ 10:26am

          Re: Re: Re:

          Can't wait to see someone try this defense in court and then lose terribly when it doesn't work.

          link to this | view in chronology ]

          • icon
            sigalrm (profile), 20 Feb 2015 @ 12:26pm

            Re: Re: Re: Re:

            Can't wait to see someone try this defense in court and then lose terribly when it doesn't work.

            That's exactly what would happen. Although for a politician or investigator, it wouldn't have to get to court - just to the press.

            Our societies built-in skepticism and inclination to pre-judge guilt based on the news media is exactly why this would be such a nasty lever, were it to be used - People claim "it wasn't me" so frequently that no one pays attention when that might actually have been the case.

            (please note, I'm not saying this has actually happened. I have not idea if it has or not. But assuming the NSA has its fingers into everything as deeply as it's been reported - there's nothing that can really prevent it.)

            link to this | view in chronology ]

          • identicon
            Anonymous Coward, 20 Feb 2015 @ 4:29pm

            Re: Re: Re: Re:

            That just means you have to report them. Just like an IT guy who runs across it, find it and turn them in. Your hands are clean after that.

            link to this | view in chronology ]

  • icon
    Kal Zekdor (profile), 19 Feb 2015 @ 2:54pm

    Hard Drive Firmware

    It is certainly feasible that the NSA did not need access to the firmware source code in order to pull off these kind of attacks. Ars Technica has an article explaining. These drives use standard debugging interfaces, and, with a bit of work, anybody with the right skill set can reverse engineer the firmware.

    That's not to say that the NSA didn't have access to the firmware source. They certainly could get at it if they wanted. Just that they did not necessarily need the source in order to write this kind of malware.

    link to this | view in chronology ]

    • identicon
      RR, 19 Feb 2015 @ 3:00pm

      Re: Hard Drive Firmware

      I want to second what Kai said: it's easy. You can easily find YouTube videos discussing how the Chinese clone manufacturers do it against custom hardware, it would be much easier against mass produced parts that have to implement published specs.

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 19 Feb 2015 @ 3:40pm

      Re: Hard Drive Firmware

      This is exactly right. I have been hired on multiple occasions by companies who have lost the source code to their firmware. I recover it for them through reverse engineering, sometimes using that exact method.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2015 @ 4:48pm

      Re: Hard Drive Firmware

      Maybe the NSA did not have the source, the first time.

      Once in, they could just use the host systems to deploy along with the manufacturer's change control and release, etc. no thats too fancy for them, I think they interrupted the shipments; it wasn't just switches or routers...

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Feb 2015 @ 9:23am

        Re: Re: Hard Drive Firmware

        Remember 3-4 years ago when hard drive prices suddenly went up back to prices from say 2003 ? Well, I certainly do, the guy at the shop I always go to told me "a factory where 90% of hard drives are built was destroyed in a typhoon somewhere in Asia." That could just mean, CSEC (in my case, hi guys!) grabbed a lot of hard drives from the warehouses they are stored in before being sent to retailers. So prices for already shipped hard drives go up for a while, compensates the companies. Seriously I never heard of such a hard-drive-factory-destroying-typhoon. There is about 6 large different companies that make hard drives of the regular SATA kind, why would all of them use the same factory? Never heard of that.

        I got a 500gb WD that is still working, although it needs to have its circuit board changed, since about 5 months, didn't get to order one because I'm kinda annoyed that I will have to get the circuit board from anybody like that. (such a thing didn't bother me the other times I changed circuit boards on hard drives, but that was in 2006-2007. Kind of before a lot of things went to shit.

        link to this | view in chronology ]

        • icon
          nasch (profile), 20 Feb 2015 @ 10:10am

          Re: Re: Re: Hard Drive Firmware

          that was in 2006-2007. Kind of before a lot of things went to shit.

          You mean before you knew about it.

          link to this | view in chronology ]

        • identicon
          jackn, 20 Feb 2015 @ 10:59am

          Re: Re: Re: Hard Drive Firmware

          You might have something. Especially with windows. It seems like windows is frequently saying a hard disk has become unusable, but putting in a linux boot cd shows no problem. This happened tree times in the last 2 years for me. In one case, I just made the machine a linux machine, in the other case, using linux, i was able to get the drive working with windows again. Its one thing for them to put UA code on the device, but buggy code?

          link to this | view in chronology ]

          • icon
            nasch (profile), 20 Feb 2015 @ 12:38pm

            Re: Re: Re: Re: Hard Drive Firmware

            I don't think you need to go looking for explanations for why Windows sometimes has problems. Occam's Razor would lead one to believe it's just problems with Windows - even if the drive actually is NSA-infected.

            link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2015 @ 8:11pm

      Re: Hard Drive Firmware

      Yeah, most any bored teenager could do it in an afternoon.

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 19 Feb 2015 @ 2:58pm

    is it sad when it turns out, I wasn't paranoid enough?

    link to this | view in chronology ]

  • identicon
    Ambrellite, 19 Feb 2015 @ 2:58pm

    Even worse, NSA did nothing to close the security holes it discovered/opened up. If other entities are also injecting covert software on hard drive firmware, or also possess the Gemalto keys, *they* have just as much access to our data. No doubt, it's a national security threat.

    If only we had some kind of department or agency in charge of dealing with that sort of thing.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 19 Feb 2015 @ 3:41pm

      Re:

      "Even worse, NSA did nothing to close the security holes it discovered/opened up."

      Of course not. If they close holes, then they can't use those holes.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Feb 2015 @ 8:53pm

        Re: Re:

        Of course not. If they close holes, then they can't use those holes

        Should we start passing around the butt plugs or should we wait till our holes are sore from the agencies first?

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 3:02pm

    Something tells me we have'nt even scratched the surface of the abuse their participating in this very minute

    And now, those of other nations who were'nt aware the extend of our "beloved" intel agencies......what are they gonna do, ignore it, call for a stop, or force a similar implementation they wouldnt have otherwise, thanks to our "beloved" intel agencies showing them just how far they went..........another bloody war, albeit a digital one, everything is fucking war with them........their gonna keep escalating and escalating, one side then the next, trying to get a one up over another, before you know it, the internet will be the most insecure it has been in its entire fucking lifetime, opposite to the justification that their "protecting" the internet.........f good for nothings, instigators of war.......no, instigators of big guy vs little guy in their struggle for dominance

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 3:21pm

    "but that it couldn't do it without knowing the source code of the hard drive firmware -- information that is not easily accessible. A few of the hard drive manufacturers have denied working with the government on this and/or giving them access to the firmware. It's possible they're lying/misleading "

    I read in another article that a company was asked by the government who were gonna implement their ?something?, to hand over readable source code of their propriety software, for security reasons, which i might add the public has as much right to as well, anyway, the company representative suggested that it could be likely that they keep that source code indefinatly, which at minimum says there is no prior agreement to delete the cide once audited

    I think its plausible that a government would pull the national security card, and demand the source code, so yeah, in this respects, i do believe they have access to to what is normally closed source material in the public

    and i strongly suspect, considering the obvious benefits to entities such as our "beloved" intel agencies, that they have the samething going on with closed source phone modems, a bit of kit that can recieve/send data REMOTELY

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2015 @ 3:24pm

      Re:

      Also, others claimed theres the possibility of reverse engineering the code

      link to this | view in chronology ]

      • icon
        Bamboo Harvester (profile), 20 Feb 2015 @ 5:32am

        Re: Re:

        Why go to the trouble of reverse engineering when they can just issue an NSL and take it?

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 3:23pm

    What do you want to bet that the spyware is activated by the OS using lines of code that also got inserted by the NSA.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 3:25pm

    Wow, so that is where that Billion dollars went. Burn baby burn.

    link to this | view in chronology ]

  • identicon
    Jack, 19 Feb 2015 @ 3:33pm

    Time for an Update...

    Looks like it's time for an update on the way that cellular communications are done... In addition to encrypting the wireless signals themselves, it's about time for the cell phone companies add end to end encryption (like TLS) for the voice data as well. This way even if the wireless signal is cracked using the SIM keys, your communications are still secure.

    If not, it looks like it is time that people stop using their cell minutes and switch to using VOIP over SSL and just using their data plans...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 3:36pm

    I'd like to know what Gemalto is gonna do about it........knowing that what they've handed out is not secure, will they ignore this in the hopes that to few people find out about to cause any issues, or will they be outraged and say/do ....something to oppose such actions and restore a tinsy winsy little faith

    link to this | view in chronology ]

    • icon
      sigalrm (profile), 19 Feb 2015 @ 3:51pm

      Re:

      There's nothing Gemalto _can_ do about it that would be meaningful. The specification was designed more to ensure that unauthorized handsets couldn't use the network than to prevent mass surveillance from an organization with access to all of their keying material.

      "Oh, hey, sorry about the compromised crypto keys on that first SIM, here's a free replacement. We know that _these_ crypto keys are secure because, well, Um...."

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Feb 2015 @ 5:04pm

        Re: Re:

        I get it, but a public statement would fall under my minimum category, i dont expect a fix, but i at least expect them to say something for the record.......given enough of these, im pretty sure the pressure will start mounting up, for meaningfull change whether internally by governments, or externally by programers consistantly hearing about these statements........maybe enough so, that its going through their minds when their planning their new project from the ground up, who knows, maybe the next evolution of defensive privacy/security is around the corner........

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Feb 2015 @ 7:58am

        Re: Re:

        There's nothing Gemalto _can_ do about it that would be meaningful. The specification was designed more to ensure that unauthorized handsets couldn't use the network than to prevent mass surveillance from an organization with access to all of their keying material.
        I don't see any reason why Gemalto should have all the keying material. It should be the carriers that program a key into each one--and ideally, that key would only be used once, to sign a key that the SIM creates on first use. And that new key should be used rarely, to sign ephemeral keys with perfect forward secrecy. (Of course, if the carrier keeps a key to update SIM firmware, that would make a tempting target for the NSA.)

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 20 Feb 2015 @ 9:08am

          Re: Re: Re:

          I don't see any reason why Gemalto should have all the keying material.
          This is the same thing RSA Security ran into with their keyfobs. For some reason they shipped them keyed instead of blank. Not only that, the private key was pushed to the fob instead of being generated by it—it's not like RSA haven't heard of public key crypto—and thus the keys were all compromised.

          link to this | view in chronology ]

        • icon
          sigalrm (profile), 20 Feb 2015 @ 12:15pm

          Re: Re: Re:

          They have it because the threat model when the spec was developed excluded (accidently or intentionally) "TLA's grabbing all the keys".

          The current crypto key generation model saves time and costs associated with key generation at the time of deployment, and frankly, is probably a large part of why deployment is so smooth (I can go to my cell phone carrier today, ask for a SIM card, and get one, pretty much no questions asked).

          (and, by the way, anyone know if the SIM's pre-printed ID is also the key? From what I"ve seen, the crypto algorithms are clearly symmetric, there's no reason the SIM ID couldn't be the actual crypto key)

          link to this | view in chronology ]

  • identicon
    Chris Brand, 19 Feb 2015 @ 3:36pm

    Did the NSA need the hard drive firmware source ?

    "The report notes that it's unclear as to how the NSA was getting this software in there, but that it couldn't do it without knowing the source code of the hard drive firmware"

    The EFF's article, however, concludes that "at least two published projects from years past have demonstrated otherwise".

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 3:43pm

    If im understanding the sim encryption diagrams in another article, if your using a vpn, assuming your vpn provider is'nt compromised, theres still some level of encryption, no?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 20 Feb 2015 @ 7:59am

      Re:

      Yes, there is.

      This is about the crypto used in the communications with the cell tower. That crypo's primary purpose is to ensure that no unauthorized phones are using the cell system. It's not really intended to protect your privacy as such.

      The breaking of the crypto exposes real vulnerabilities, though, and can make it possible for attackers to gain total access to your phone. If they have that, then they could obtain the private keys to your own crypto. If that happens, all bets are off.

      link to this | view in chronology ]

  • icon
    cypherspace (profile), 19 Feb 2015 @ 4:06pm

    Connecting the Dots

    In a past article, Techdirt covered the White House intelligence task force's report on how to reform the NSA, and the report implied the NSA engaged in financial manipulation. Now fast-forward to this story about SIM Card hacking and you read this:
    GCHQ also claimed the ability to manipulate the billing servers of cell companies to “suppress” charges in an effort to conceal the spy agency’s secret actions against an individual’s phone.
    I'd bet good money the intelligence task force reviewed this operation and freaked out like the rest of us.

    link to this | view in chronology ]

    • identicon
      Joe Publius, 20 Feb 2015 @ 10:54am

      Re: Connecting the Dots

      I'd bet good money the intelligence task force reviewed this operation and freaked out like the rest of us.

      Or not, since there's no indication that these kinds of activities have stopped. At this point, I don't see why a reasonable person would believe anything the NSA says*.

      *Yes, I am going out on a limb and saying that if you believe anything the NSA says, you are nuts.

      link to this | view in chronology ]

  • icon
    Gracey (profile), 19 Feb 2015 @ 4:16pm

    ... it's just easier NOT using mobile devices or computers.

    Kinda what I thought a long time ago, and why I still don't have a cell phone.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 5:09pm

    I remember when we were all speculating that next they would be installing backdoors..........so it seems they already had

    I wonder what those who use these tools think if/when they see these stray comments predicting correctly what their doing........do they have any regrets...., i want to say no

    link to this | view in chronology ]

  • identicon
    justme, 19 Feb 2015 @ 5:11pm

    Hard to sound crazy, but. . .

    As a linux user i have wondered if they have a hand in systemd, with it's change to binary log's and overall obscuring of the boot process. Red Hat like any other company doesn't want to risk losing profitable government contracts by not helping to stop terrorists.

    But that's just crazy talk. . . right?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2015 @ 6:02pm

      Re: Hard to sound crazy, but. . .

      Linux is not that well protected once the attacker gains physical access to the machine, it was designed to prevent remote attacks.

      E.g. you can bypass the authentication and gain root access by modifying the kernel boot parameters in GRUB. Disk encryption helps a lot in this scenario, but since we assume physical access, a key logger or well-placed camera should work fine against password-protected disk encryption...

      link to this | view in chronology ]

    • identicon
      good point, 20 Feb 2015 @ 7:48am

      Re: Hard to sound crazy, but. . .

      OF COURSE is systemd compromised...
      that is the hole reason they are fighting against it!

      link to this | view in chronology ]

  • icon
    got_runs? (profile), 19 Feb 2015 @ 6:26pm

    >_

    Spying on you to protect you. :P

    link to this | view in chronology ]

  • identicon
    MalcolmTucker, 19 Feb 2015 @ 7:36pm

    You know it.

    I previously commented as IronChef and Iron Chef.

    :-P

    Real cool. Stay safe and sane guys. Everyone I know likes your work;

    Im at at a UNION now. ;-)

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 10:35pm

    Hats off to Snowden for risking his life to tell us what he did. He surely has earned his place as the most epic leaker in history. But it's hilarious that despite all its billions of dollars, its massive team of super geniuses, and complete and utter unaccountability for doing damn near anything legal or otherwise, the NSA still let a barely-above-average contractor walk out with millions of pages of its most valuable secrets.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward KJKH, 20 Feb 2015 @ 12:33am

      Re:

      I think it is inaccurate that Snowden was a "barely-above-average contractor". It sounds like he was very talented and that is how he ended up getting such privileges.

      Good news is that post-Snowden they have probably become so paranoid about access as to cripple their operations. It is also likely that they have tightened up vetting on staff to the point where only the most useless authoritarian, aspergers types make it through. This is on top of the major recruitment problems that will already have resulted from widespread public outrage.

      Keep it up friends. The alphabet bandit agencies are dangerous, criminal organizations. Keep repeating it. Again and again. Until they are so toxic that no one wants to associate with them.

      link to this | view in chronology ]

  • identicon
    spodula, 20 Feb 2015 @ 12:47am

    So all modern hard drives are hackable by the NSA...

    So how many ST506's do you think it will require to install Call of duty? Will be fine if i set aside a room for them :D

    link to this | view in chronology ]

  • icon
    Sheogorath (profile), 20 Feb 2015 @ 3:51am

    With these stolen encryption keys, 'intelligence' agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments.
    So basically, I'm now a terrorist even without any evidence against me. Oh well, I might as well go do what I'm accused of since I'm guilty until proven innocent through torture. See me beheading James Clapper in Daesh territory on YouTube next week!

    link to this | view in chronology ]

  • identicon
    jim, 20 Feb 2015 @ 7:14am

    wha?

    I'm afraid some of you have the wrong ideas here. They now have an added feature on all electronics, remember the old machine language? You had to program in assembly to get interpreted to proto basic to run the function at machine level, that's where this is. On the chip that activates the machine, it tells the transistors, what to register. So they know what and where, now to get them to do something legal with this information, like legally solve a crime. Think of all the missing people in the world that have some electronic thing with them! All the criminals thought to be evaiding the law, all the though crimes, like a dog barking up a tree, right. Them doing something good? Hah..

    link to this | view in chronology ]

  • icon
    jilocasin (profile), 20 Feb 2015 @ 8:58am

    Time for a new open source project

    I think it's time for a couple of new open source projects.

    One to update hard drive firmware with a known _good_ (a.k.a. non-NSA bugged version).

    The second to update the encryption keys in your SIM cards.

    Boot from a known _good_ copy of Linux (read-only media), reflash HD firmware as soon as you open the box. Check again every so often to make sure it's still clean.

    Installing a new OS used to consist of;
    -Partition the hard drive
    -Format the hard drive
    -Install the OS

    Now it needs to be:
    -Reflash the hard drive firmware
    -Partition the hard drive
    -Format the hard drive
    -Install the OS

    Sure TAO can probably find a way to monkey with it again, but then they'll have to _actively_ do something. Surveillance has gone ultra-wide band because it's gotten so easy. When you used to have to break into some one's home or office, plant a bug, monitor that bug, transcribe what you hear, etc. not a lot of people were surveilled. Now you can just use a computer to tap the internet, track everyone by their cell phones, and now break into large numbers of computers using sleeper hard drive firmware from the comfort of their own offices.

    We may not ever be able to completely stop the NSA/GCHQ/etc., but we can sure make it as difficult/time consuming/painful as possible.

    Then _maybe_ they'll have to be a bit more particular about who they surveil.

    link to this | view in chronology ]

    • icon
      sigalrm (profile), 20 Feb 2015 @ 1:19pm

      Re: Time for a new open source project

      An open-source firmware for hard disks may not be as simple as that. I've heard - 2nd hand, but from a source I put a reasonable amount of trust in - that at least one of the vendors listed has set the hard drives up to require signed firmware, or the disk won't accept it. if you can't sign the code with a key the disk will accept, your open source project won't gain traction.

      Also: it would short sighted to assume the scope of the actions here is limited to hard drives. Yes, this set of recently released documents is HDD specific. Yes, HDD's make an excellent target for this attack vector, for a variety of reasons, not the least of which is that, being hard disks, storage space presumably isn't an issue and so you presumably wouldn't be so severely constrained on the size of the malware you were shipping. But hard disks aren't the only built-in peripherals that allow for field-upgradeable firmware. Video cards, mother boards, CPU's - almost all of them have some amount of field-writable, onboard storage coupled with the firmware that allows them to operate. In fact, while they'd be harder targets, they might well be more valuable.

      After all: You can remove a potentially compromised HDD from a system entirely, and run it off of live media on thumbdrive/cd/dvd/etc. Most people would have a very hard time running that same live media system w/o a video card. Or a motherboard.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Feb 2015 @ 9:21am

    Isn't it illegal even for the government to violate the law? Why isn't this considered a violation of CFAA? Shouldn't the perpetrators be charged accordingly?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Feb 2015 @ 10:11am

      Re:

      Isn't it illegal even for the government to violate the law? Why isn't this considered a violation of CFAA? Shouldn't the perpetrators be charged accordingly?
      Charged by whom? It is illegal, but I don't think citizens have the right to charge the government with a crime in the USA--a prosecutor has to do it, and they're not doing it. (Evidently, in some countries private citizens can file criminal charges.)

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Feb 2015 @ 1:25pm

        Re: Re:

        Can the companies that had their systems hacked and IP misappropriated file a civil suit?

        link to this | view in chronology ]

      • icon
        sigalrm (profile), 20 Feb 2015 @ 1:33pm

        Re: Re:

        Perhaps we've finally found a publicly beneficial use-case for ISDS.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Feb 2015 @ 3:25am

    Proof that the US gov wouldn't bother with warrants in order to access US citizen's information using mandatory backdoors or frontdoors. Whatever you want to call them.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Feb 2015 @ 8:14am

    land of the free. let's keep telling ourselves that..

    link to this | view in chronology ]

    • icon
      GEMont (profile), 22 Feb 2015 @ 4:04pm

      Re:

      Don't forget that the US is also the land of unfettered Capitalism.

      If you can afford it, you too can buy your freedom - from persecution, from surveillance, from incarceration, from law, from taxes, from... whatever the particular level of freedom you can afford offers freedom from.

      So the meme "Get rich or die trying." is now more than ever, the true motto of America.

      ---

      link to this | view in chronology ]

  • identicon
    Gummy Bear, 30 Aug 2017 @ 1:13pm

    Gummy Bear

    "if we have information, we have everything." (NSA).
    But 3% of world is out of this thief. and in this 3%, many of them are scientists with very innovative researches.

    They should open any history book and observe that no one is a friend of time. its a foe in the end. Statistically saying , future intelligence would be able to bash up these kinetic child of gods.

    Adios.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.