Top secret NSA catalog reveals US government has been secretly back dooring equipment from US compan - Polidicks

[QUOTE=mdeceiver79;43355239]Loads of companies do this. British Intel employees are warned against using Lenovo because they fear backdoors (from china). Again everyone jumps at NSA because they're the bad guy, the reality is many countries do this. Its not about security its about spying on other governments it has been done for years in some form or another. "yeah but that makes them super evil" No it just makes them spies. These tactics are needed in the more globalised environment, if you restricted all surveillance and monitoring to your own country your spy agency would be near blind. US wants to stay top dog. That means knowing about things before they are made public so counters can be produced and they are not "caught on their back foot". Be this military, socially or economically. Stop being naive.[/QUOTE] Doesn't make it acceptable regardless. If their exact methods were leaked it sounds like it could seriously damage global computer security.

There is pretty much no reason to buy American equipment now if you have any interest in keeping things secure from US government eyes.

And to think this would be considered a crackpot conspiracy theory a few years back

[QUOTE=Used Car Salesman;43356742]There is pretty much no reason to buy American equipment now if you have any interest in keeping things secure from US government eyes.[/QUOTE] Like I mentioned earlier, companies from other countries have backdoors built in some of their products. You're just being dumb. Unless, of course, you specifically dislike the NSA and have no issue with chinese/russian/anywhere else agencies watching you. Then I would commend you for your intelligence and sophistication. [editline]30th December 2013[/editline] [QUOTE=Alice3173;43356695]If their exact methods were leaked it sounds like it could seriously damage global computer security.[/QUOTE] True this is the biggest concern for me. A trick like this would be worth billions of dollars and in the wrong hands could cause a serious ruckus.

I personally know a bunch of 0day exploits in data storage equipment (NASes) + some industrial control equipment, I cant tell if those are intentional or just incompetence though

[QUOTE=mdeceiver79;43355239] US wants to stay top dog. That means knowing about things before they are made public so counters can be produced and they are not "caught on their back foot". Be this military, socially or economically. Stop being naive.[/QUOTE] The irony being that the NSA didn't know about Snowden's leak until it hit the press.

[QUOTE=WeekendWarrior;43357237]The irony being that the NSA didn't know about Snowden's leak until it hit the press.[/QUOTE] They obviously don't have enough phone taps.

The title implies that they installed deliberate vulnerabilities into computer systems at the manufacturer level but the article makes it seem like they're just really good at hacking commercial hardware. Which is it? Because if it's the latter I'm not surprised and don't see where the outrage is coming from- computer spy agency is good at hacking, more news at eleven. [editline]30th December 2013[/editline] [QUOTE=Alice3173;43356695]Doesn't make it acceptable regardless. If their exact methods were leaked it sounds like it could seriously damage global computer security.[/QUOTE] You know there are plenty of 'white hat' organizations that participate in finding exploits, right? I mean, have you ever heard of DEF CON (the convention)? There are large organizations dedicated to finding and collating vulnerabilities in existing systems, and most every major tech corporation has teams that go over every inch of their computers looking for illegitimate ways in, and any of that data going public would be damaging to global computer security too. But they didn't put the vulnerabilities there in the first place, it's up to the distributor to fix it ASAP.

[QUOTE=catbarf;43357300]You know there are plenty of 'white hat' organizations that participate in finding exploits, right? I mean, have you ever heard of DEF CON (the convention)? There are large organizations dedicated to finding and collating vulnerabilities in existing systems, and most every major tech corporation has teams that go over every inch of their computers looking for illegitimate ways in, and any of that data going public would be damaging to global computer security too. But they didn't put the vulnerabilities there in the first place, it's up to the distributor to fix it ASAP.[/QUOTE] I am aware of that but it seems like these exploits are only known to the NSA is the problem. And since the NSA has no interest in seeing them fixed then the people who made the systems won't know about said exploits unless a "white hat" organization finds the method and informs them about it or they figure it out on their own.

[QUOTE=code_gs;43354949]Isn't the NSA supposed to be helping? I know they weren't before, but they sound more like a malicious hacking organization than a government organization.[/QUOTE] ...What did people think the NSA does before now? Seriously, what did you think the computer-oriented counterpart to the CIA and FBI actually does for a living? They break into computer systems of other countries. They intercept communications. They get information any way they can that involves electronics, computers, radio, satellites, or any other technology that doesn't involve recruiting actual people (since that's the CIA's job). None of this is or has been unknown to the public.

[QUOTE=catbarf;43357300]The title implies that they installed deliberate vulnerabilities into computer systems at the manufacturer level but the article makes it seem like they're just really good at hacking commercial hardware. Which is it? Because if it's the latter I'm not surprised and don't see where the outrage is coming from- computer spy agency is good at hacking, more news at eleven.[/QUOTE] The way I'm getting it, it's a combination of exploits in security software they figured out as well as physical infiltration software. [editline]30th December 2013[/editline] automerge.

Since these are also designed to be undetectable/very hard to remove, if blackhats find them, you're boned

[QUOTE=catbarf;43357300]The title implies that they installed deliberate vulnerabilities into computer systems at the manufacturer level but the article makes it seem like they're just really good at hacking commercial hardware. Which is it? But they didn't put the vulnerabilities there in the first place, it's up to the distributor to fix it ASAP.[/QUOTE] Wasn't the NSA accused of deliberately weakening or tampering with crypto standards recently? It wasn't so extensive that everything ever is broken, but it does raise the question of exactly how deep the rabbit hole actually goes considering the near-unlimited resources involved.

[QUOTE=mdeceiver79;43357097]Like I mentioned earlier, companies from other countries have backdoors built in some of their products. You're just being dumb. Unless, of course, you specifically dislike the NSA and have no issue with chinese/russian/anywhere else agencies watching you. Then I would commend you for your intelligence and sophistication.[/QUOTE] Arn't you a ray of sunshine

So pretty much, if you get infected with this, you have to Flash the BIOS and get a new hard drive to get rid of it? Thanks NSA.

Am I the only one who's interesting in hearing how many 'terrorists' they've actually caught? We're always hearing about how they're doing mass surveillance but I haven't heard any results...

[QUOTE=soulharvester;43357418]So pretty much, if you get infected with this, you have to Flash the BIOS and get a new hard drive to get rid of it? Thanks NSA.[/QUOTE] Yes, if you get infected with a tailored piece of malware designed by an intelligence agency, you're pretty much hosed. Doesn't matter if it's the NSA or its Chinese or Russian equivalents (especially since the article doesn't say this technology has been deployed by the NSA against US citizens). Unless you have something to warrant the attention of an agency concerned with terrorism and geopolitics you have no chance whatsoever of being targeted for electronic intrusion.

[QUOTE=Adzter;43357442]Am I the only one who's interesting in hearing how many 'terrorists' they've actually caught? We're always hearing about how they're doing mass surveillance but I haven't heard any results...[/QUOTE] It's because that info is classified. No, seriously.

[QUOTE=soulharvester;43357418]So pretty much, if you get infected with this, you have to Flash the BIOS and get a new hard drive to get rid of it? Thanks NSA.[/QUOTE] From my limited understanding it is an exploit in all harddrives of that particular manufacturer. So you could delete your stuff and buy a new harddrive but if the backdoor is present in that new HD then you have wasted your time and effort. Several people have expressed concerns that if somebody not in the NSA could use those backdoors then every harddrive with that exploit would be open to highest bidder/bad people. A legitimate concern.

[QUOTE=catbarf;43357452]Yes, if you get infected with a tailored piece of malware designed by an intelligence agency, you're pretty much hosed. Doesn't matter if it's the NSA or its Chinese or Russian equivalents (especially since the article doesn't say this technology has been deployed by the NSA against US citizens). Unless you have something to warrant the attention of an agency concerned with terrorism and geopolitics you have no chance whatsoever of being targeted for electronic intrusion.[/QUOTE] Considering they're already trying to get into every US citizens pants, its probably not hard to warrant their attention

[QUOTE=Adzter;43357442]Am I the only one who's interesting in hearing how many 'terrorists' they've actually caught? We're always hearing about how they're doing mass surveillance but I haven't heard any results...[/QUOTE] Its not only catching terrorists. Its general espionage. Nearly every respectable country does it. IF the US didn't it would be putting them in a bad position. Stop using straw man.

[QUOTE=Adzter;43357442]Am I the only one who's interesting in hearing how many 'terrorists' they've actually caught? We're always hearing about how they're doing mass surveillance but I haven't heard any results...[/QUOTE] They could say a number (and they have) and people here will insist it's bogus. And they won't release details, since that would compromise their methods, although that's looking like less and less of a concern every day. Not everything is about catching terrorists. Sometimes it's about knowing what they're up to, and being aware of other threats. We may not have the ability to catch and prosecute known terrorists in Yemen, Afghanistan, or Pakistan, but knowing what they're planning keeps us one step ahead of the game, just as knowing how much Iran or North Korea are bullshitting about nuclear weapons prevents us from being blindsided. A lot of it is the result of the Korean War, in which Western intelligence analysts were utterly blindsided by the outbreak of civil war. Since then the US, UK, and other members of Five Eyes have tried hard to stay aware of global politics, and have poured an enormous amount of resources into basically just knowing what's going on.

[QUOTE=elixwhitetail;43354902]Okay, NSA, seriously, if you don't stop we're gonna insist you change your name to something sinister with mandatory punctuation like P.O.I.S.O.N. or something, and the head of the agency will need to be bald, smoke a cigar, have a monocle, and pet a really pampered cat.[/QUOTE] And every time someone comes to see him he turns his wheeled chair around without moving and reveals his gold knuckles.

[QUOTE=Tobba;43357468]Considering they're already trying to get into every US citizens pants, its probably not hard to warrant their attention[/QUOTE] That's just not true. Literally nothing so far has indicated an interest in what every individual citizen is up to; the programs are either targeted against specific individuals, or are dragnet mass-collection looking for suspicious information that can identity persons of interest for further development. The US government doesn't care about you playing Call of Duty on your couch, whether you're American or not. There's a big difference in intent between dragnet collection to compile a Big Brother-like image of what every single person is up to, and dragnet collection to identify specific persons of interest, even if both have the same legal and ethical concerns. For all this bluster about the capabilities of the NSA, we know how much money they get, and it's nowhere near enough to be able to pull off some kind of 1984-style mass surveillance of everyone.

[QUOTE=catbarf;43357559]The US government doesn't care about you playing Call of Duty on your couch, whether you're American or not. There's a big difference in intent between dragnet collection to compile a Big Brother-like image of what every single person is up to, and dragnet collection to identify specific persons of interest, even if both have the same legal and ethical concerns.[/QUOTE] But it has been shown that fairly innocent searches online are enough to manage to get you flagged as someone who is worth looking into. For example something as simple as me looking up thermite last week after watching an episode of Mythbusters could potentially get someone flagged. There was an article awhile back here on FP that covered a couple people doing similar things. (Ie: Someone innocently looking up backpacks as well as pressure cookers in a relatively short period of time not long after the Boston bombing got contacted by the FBI not long after their searches.)

[QUOTE=catbarf;43357559]That's just not true. Literally nothing so far has indicated an interest in what every individual citizen is up to; the programs are either targeted against specific individuals, or are dragnet mass-collection looking for suspicious information that can identity persons of interest for further development. The US government doesn't care about you playing Call of Duty on your couch, whether you're American or not. There's a big difference in intent between dragnet collection to compile a Big Brother-like image of what every single person is up to, and dragnet collection to identify specific persons of interest, even if both have the same legal and ethical concerns. For all this bluster about the capabilities of the NSA, we know how much money they get, and it's nowhere near enough to be able to pull off some kind of 1984-style mass surveillance of everyone.[/QUOTE] I'm gonna risk sounding like a conspiracy nut but I think pretty much everyone can tell at this point that "terrorism" is a massive scapegoat, I cant tell what exactly they're hoping to accomplish though, the whole thing is a fucking circus They're probably targeting everyone they find "interesting", which probably isnt too many people, left wing nuts, religous nuts, computer security experts (terrible idea), etc

[QUOTE=Alice3173;43357604]But it has been shown that fairly innocent searches online are enough to manage to get you flagged as someone who is worth looking into. For example something as simple as me looking up thermite last week after watching an episode of Mythbusters could potentially get someone flagged. There was an article awhile back here on FP that covered a couple people doing similar things. (Ie: Someone innocently looking up backpacks as well as pressure cookers in a relatively short period of time not long after the Boston bombing got contacted by the FBI not long after their searches.)[/QUOTE] That's the FBI's purview, not the NSA's, and it's a whole different kettle of fish. The way they do things is substantially different because they have a significant amount of resources at their disposal, and because the US is their sole area of operation. If you look into those articles, many of them don't even involve the FBI- that example of a guy looking up backpacks and pressure cookers was a guy at work, and the police were contacted by his employer. In any case, if there's no further reason for interest, then you'd get dropped from the list. You're not going to have every single phone line wiretapped, all your mail read, and all your emails monitored indefinitely because you did a google search for 'pressure cookers'. Can you imagine being the guy who has to justify to the budget committee a hundred-million-dollar operation over a guy who once looked up pressure cookers and backpacks? [QUOTE=Tobba;43357631]They're probably targeting everyone they find "interesting"[/QUOTE] They don't have the budget. Again, the documents for (I believe) FY2012 were leaked and you can see what the breakdown is. There simply isn't enough money to monitor even 1% of the people in the US, let alone internationally which is the NSA's job. I really do understand where you're coming from but they can't conjure surveillance out of thin air and nobody has a crystal ball. Everything has to be paid for and they don't have the cash.

[QUOTE=Alice3173;43357604]But it has been shown that fairly innocent searches online are enough to manage to get you flagged as someone who is worth looking into. For example something as simple as me looking up thermite last week after watching an episode of Mythbusters could potentially get someone flagged. There was an article awhile back here on FP that covered a couple people doing similar things. (Ie: Someone innocently looking up backpacks as well as pressure cookers in a relatively short period of time not long after the Boston bombing got contacted by the FBI not long after their searches.)[/QUOTE] Whilst these "fairly innocent searches" may have flagged someone up to the FBI, you have to remember it was right after an attack that centred around the damn things, it's quite reasonable for them to be a bit more on edge about people looking things like that up to try and catch possible copycats before they actually do anything. If the search was truly innocent they won't pester you or keep tabs on you, it's a massive waste of resources. If you get odd about them being (fairly rightfully) paranoid about that search at that specific point in time, they might take more interest in you however.

[QUOTE=catbarf;43357676]That's the FBI's purview, not the NSA's, and it's a whole different kettle of fish. The way they do things is substantially different because they have a significant amount of resources at their disposal, and because the US is their sole area of operation. If you look into those articles, many of them don't even involve the FBI- that example of a guy looking up backpacks and pressure cookers was a guy at work, and the police were contacted by his employer. In any case, if there's no further reason for interest, then you'd get dropped from the list. You're not going to have every single phone line wiretapped, all your mail read, and all your emails monitored indefinitely because you did a google search for 'pressure cookers'. Can you imagine being the guy who has to justify to the budget committee a hundred-million-dollar operation over a guy who once looked up pressure cookers and backpacks? They don't have the budget. Again, the documents for (I believe) FY2012 were leaked and you can see what the breakdown is. There simply isn't enough money to monitor even 1% of the people in the US, let alone internationally which is the NSA's job. I really do understand where you're coming from but they can't conjure surveillance out of thin air and nobody has a crystal ball. Everything has to be paid for and they don't have the cash.[/QUOTE] It really doesnt matter how many they can monitor, its just shrinking the criteria If they cant even monitor that many that just makes it worse, they're risking massive harm to big tech companies to do fuckall

[QUOTE=catbarf;43357559]That's just not true. Literally nothing so far has indicated an interest in what every individual citizen is up to; the programs are either targeted against specific individuals, or are dragnet mass-collection looking for suspicious information that can identity persons of interest for further development. The US government doesn't care about you playing Call of Duty on your couch, whether you're American or not. There's a big difference in intent between dragnet collection to compile a Big Brother-like image of what every single person is up to, and dragnet collection to identify specific persons of interest, even if both have the same legal and ethical concerns. For all this bluster about the capabilities of the NSA, we know how much money they get, and it's nowhere near enough to be able to pull off some kind of 1984-style mass surveillance of everyone.[/QUOTE] I always wait for you to post in these thread you are one of the few that brings a level of sensibility to these conversations, but I believe it no longer applies. It may have begun this way and I'm sure it did, but with the increase in media coverage of this subject, the increase in security issues and availability/accessibility of the anonymity something as simple as a laptop can give you they are almost certainly having to expand their search. Sure I might not have anything to worry about myself but we don't have to read the news to hear about false convictions, and the trigger happy Law enforcers that probably regularly make mistakes. Anybody that can give the NSA a run for their money in terms of evasiveness could pin anybody for their cyber backlog of searches and communications, that I am sure of. But there-in lies the main issue, us laymen haven't a clue what these people are capable of, and we are supposed to sit here and not feel worried sick about these mysterious fucks tip-toeing around systems like they own the place? Nah. Whilst I appreciate they don't have the budget to monitor everyone in America, they could easily delegate lower-profile targets and processing to the appropriate agencies, and it's not as if we will sit here and believe the NSA are the only agency in America that are doing this. I don't target you specifically as if you are responsible to answer to this but it is just a general, and albeit slightly silly rant, but I feel compelled anyway.