A new report by Der Spiegel, based on yet another round of leaked NSA documents, indicates how the NSA uses a wide variety of backdoors to access computers, hard drives, routers, and other devices from companies such as Cisco, Dell, Western Digital, Seagate, Maxtor, Samsung, and Huawei. An accompanying Spiegel report highlights how the NSA uses a fifty page catalog of tools used by an NSA division named ANT (Advanced or Access Network Technology) uses to gain access to devices and network gear. All of the companies cited in the report (see this Cisco blog post, for example) deny knowledge of any backdoors in their hardware.
Wondering if the Target breach has anything to do with this ... Looks like damages if so. There has been a large amount of company's in the US hacked, and it seems unlikely that so many business' would have unpatched servers.
Throw all those company's under the bus, just to catch an old man?
Which will make no difference since the random number generator used in linux (and I think to some extent some of the BSDs) is based on the NIST RNG guidance, which if rumours are to be believed, is also not safe.
Linux updates can be used to install gov spyware and I'm sure this is included in that 'catalog'
If you want to be almost completely 'safe' it is better to use a livecd linux like knoopix in a diskless old motherboard computer. When you turn off the computer everything is gone... well everything except for the BIOS and possible hidden storage devices inside new motherboards.
2013-Dec-30 2:02 pm: ·
MaynardKrebs Heave Steve, for the good of the country Premium join:2009-06-17 kudos:4
On a personal level...
at this point in time I'd probably throw my trust in with a Chinese-hacked motherboard, BIOS, disk drive, and network gear as the Chinese don't have a vested interest in using ALL the information they can gather against me at some future date, unlike some over zealous US Gubbmit attorney - should I commit any Pre-Crime thoughts.
Someone needs to send them a dictionary. What they've described are not "back doors" (code specifically placed in a system to allow access), but are all hacks and exploits used to shoe-spoon their payload into the system. This isn't new; it's been going on for decades. You too can play with this sort of "toy" by downloading metasploit. The NSA, obviously, has better toys, but they aren't unique.
Also, does anyone else find it cute they have "back doors" into Huawei tech? The very people they accuse of placing backdoors for the chinese government. "We know you installed backdoors, because we're using them!"
What they've described are not "back doors" (code specifically placed in a system to allow access), but are all hacks and exploits used to shoe-spoon their payload into the system.
But that doesn't make for as juicy of a headline.
2013-Dec-30 6:40 pm: ·
Camaro Question everything Premium join:2008-04-05 Westfield, MA kudos:1
Instead of spending crazy money on developing all these attack tools, how about figuring out to secure our own networks here in the USA before attacking other networks around the world and getting hacked because someone forgot to patch a system.