NSA Inside: What If Your Computer Was Already Hacked by the NSA?


Wed, Aug 7th, 2013 20:00 by capnasty NEWS

Fascinating piece by Steve Blank asking whether the NSA has already access to your computer by simply sending your specific machine a security update that lets them right inside.

[...] perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates. A backdoor is is a way of gaining illegal remote access to a computer by getting around the normal security built-in to the computer. Typically someone trying to sneak malicious software on to a computer would try to install a rootkit (software that tries to conceal the malicious code.) A rootkit tries to hide itself and its code, but security conscious sites can discover rootkits by tools that check kernel code and data for changes.

But what if you could use the configuration and state of microprocessor hardware in order to hide? You’d be invisible to all rootkit detection techniques that checks the operating system. Or what if you can make the microprocessor random number generator (the basis of encryption) not so random for a particular machine? (The NSA’s biggest coup was inserting backdoors in crypto equipment the Swiss sold to other countries.)

Rather than risk getting caught messing with everyone's updates, my bet is that the NSA has compromised the microcode update signing keys giving the NSA the ability to selectively target specific computers. (Your operating system ensures security of updates by checking downloaded update packages against the signing key.) The NSA then can send out backdoors disguised as a Windows update for "security." (Ironic but possible.)

That means you don't need backdoors baked in the hardware, don't need Intel's buy-in, don't have discoverable rootkits, and you can target specific systems without impacting the public at large.



You may also be interested in:

Why Work Doesn't Happen at Work
How the iPhone Has Ruined Everything
Twenty Reasons Why People Are Revolting Everywhere (via @PaulMasonNews)
Why Israeli Soldiers Shot the Activists
Everything I Need to Know About Morality I Learned From Star Trek