NSA Inside: What If Your Computer Was Already Hacked by the NSA?


Wed, Aug 7th, 2013 20:00 by capnasty NEWS

Fascinating piece by Steve Blank asking whether the NSA has already access to your computer by simply sending your specific machine a security update that lets them right inside.

[...] perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates. A backdoor is is a way of gaining illegal remote access to a computer by getting around the normal security built-in to the computer. Typically someone trying to sneak malicious software on to a computer would try to install a rootkit (software that tries to conceal the malicious code.) A rootkit tries to hide itself and its code, but security conscious sites can discover rootkits by tools that check kernel code and data for changes.

But what if you could use the configuration and state of microprocessor hardware in order to hide? You’d be invisible to all rootkit detection techniques that checks the operating system. Or what if you can make the microprocessor random number generator (the basis of encryption) not so random for a particular machine? (The NSA’s biggest coup was inserting backdoors in crypto equipment the Swiss sold to other countries.)

Rather than risk getting caught messing with everyone's updates, my bet is that the NSA has compromised the microcode update signing keys giving the NSA the ability to selectively target specific computers. (Your operating system ensures security of updates by checking downloaded update packages against the signing key.) The NSA then can send out backdoors disguised as a Windows update for "security." (Ironic but possible.)

That means you don't need backdoors baked in the hardware, don't need Intel's buy-in, don't have discoverable rootkits, and you can target specific systems without impacting the public at large.



You may also be interested in:

Cyclists Offend the Moral Order: the Psychology of Why Car Drivers Hate Cyclists
On Liking Windows 8's Interface
"It's easy to fall in to the procrastination trap." How to Make Time for Your Side Project
Anime Sucks Foundation
What Girls Should be Called Instead of Princesses