After Glenn Greenwald's book came out last week, one of the big stories was the additional revelations about the NSA's interdiction program -- in which the NSA grabs packages of computer equipment that are being shipped, outfits the equipment with backdoors -- and sends them along their shipping route as if nothing happened. Most famously, it included an image of it happening, showing a clear Cisco box[.]Oh.
Paranoia in the Age of Obama
UPS is loudly insisting that it is not helping the NSA interdict packages containing computer equipment in order to install backdoor spying equipment, as is Cisco. What an absurd and paranoid thought! Why would anyone think they were doing such a thing anyway?
Subscribe to:
Post Comments (Atom)
12 comments:
Did that image prove that tampering had taken place to you?
I'm not averse (at all) to stories about this topic. I'm just more than a bit suspicious of the "evidence" being presented. Looks more like speculation to me than anything approaching proof.
Am I missing something?
I suspect the image confirms what suspicions people have been having for a while. Whether or not the box in the picture really was one of several/many that have been tampered with by the NSA (or anyone else), the picture will be enough to further harden distrust of Cisco, USPS, UPS, and the feds. What's the term that gets bandied about? Fake but [perceived to be] accurate?
LittleRed1
I don't know why they'd bother with physical interdiction when I'm sure they could do it via hacking after the hardware was installed easily enough, or by paying off or planting programmers to put it in in the first place.
Because the physical interdiction allows them to overcome air gaps, which is the main thing many people do to secure networks (people like, say, the US military). Now, even if the computer is otherwise a "black box," you can access it from a block away in a van.
Cass, I think the image in the book justifies the belief. Two weeks ago that would have been a paranoid thought. Now? It's the sort of thing a reasonable person could think was probably true.
You must have a very different definition of "reasonable" than I do, my dear friend :p
I don't have a belief either way yet, mostly because I haven't seen anything even vaguely resembling a credible attempt at providing evidence upon which a reasonable belief *could* be based.
The Internet is famous for providing people who are already disposed to believe something with reasons to claim they know far more than they do. It's also famous for being powered by emotion - something I think it's extremely important to resist strongly.
I think LittleRed1 nailed it here:
What's the term that gets bandied about? Fake but [perceived to be] accurate?
People suspected all sorts of things of the Bu$Hitler administration, usually based on equally thin gruel prettied up with a heavy-handed frosting of innuendo and specious "connect the dots"-type reasoning. Now that the shoe is on the other administration, I'm seeing a lot of the kind of stuff I used to think was hysterically funny when the Left did it (informationclearinghouse.com style stuff).
Sorry, but I'm not seeing much "there", here (at least yet). But if there's something I'm missing I'm willing to be convinced I'm wrong.
Because the physical interdiction allows them to overcome air gaps....
One of the things I do routinely, ever since my HP laptop came direct from the Shanghai factory (an HP schtick at the time) with a Trojan carefully already installed, is run malware detectors/quashers on my new devices before they ever get onto anything resembling a net.
I would expect a business' IT gang to have better anti-malware detectors and to inspect newly arrived hardware for HW goodies installed, as well as to inspect the chips for malware installed in them. Shame on them and those who do business with them, if those IT folks do not.
Eric Hines
There's a reason why people build computers using components. It's easier to tell if the components are... tampered with.
Although these NSA flacks really need a manufacturing pipeline link, not chasing the UPS guys around like dogs. Easier to have backdoors, when you control how the circuits are printed.
"People suspected all sorts of things of the Bu$Hitler administration, usually based on equally thin gruel prettied up with a heavy-handed frosting of innuendo and specious "connect the dots"-type reasoning."
There was a couple of creeps that did that, around here and elsewhere. When I told them that if Bush was as bad as they said he was, that they should have been hanging from flag poles on the capital and bridge views, they didn't seem to understand what that pertained.
The logick check is easy. Assuming that Bush or Hussein is what people said they were, check the independent sources to see if that is true elsewhere.
So Bush was said to have been killing people on 911 and Iraq for his own gains. When people were told to check that concerning Democrats getting in his way, there weren't enough deaths and disappearances.
Now the same check applied against Hussein.... a lot different things result.
Intel analysis is not merely analyzing the hard data.
"Because the physical interdiction allows them to overcome air gaps, which is the main thing many people do to secure networks (people like, say, the US military). Now, even if the computer is otherwise a "black box," you can access it from a block away in a van."
You're talking about installing hardware now- that's a different story, and I'm sure they do on occasion, but not in a blanket way.
In an age where we were able to get a virus into Natanz to install Stuxnet, because no matter how much you tell your people to maintain security someone is going to stick in a thumb drive or disc from home and spread a virus, it's easier to do it through software. I'll refer you back to your 'Everything is Broken' link from a few posts ago that talked about how nothing is really secure. I think that says it all.
I'm not even sure you can really think of a system as being black or having air-gaps anymore. I'd say the new paradigm is to assume no stand-off defense is infallible, and have secondary security- anything less at this time would be irresponsible.
It strikes me as reasonable because of the huge amount of industry support the NSA PRISM program seems to have received. If you had said before about a year ago that Google was implicated, and had managed to keep secret its participation, in that kind of intensive spying I'd have thought it paranoid. I would have thought, for example, that the scale of the damage to its reputation and position as a worldwide search provider would be too great to permit them to participate.
Turns out the NSA didn't give them a choice in the matter. It also turns out that they were able to keep it under wraps until it leaked -- which is the only reason we have indication that this stuff might be going on.
Does it, under those circumstances, seem unreasonable to believe that the Feds intercept and contaminate some computers during the shipping process? Not to me, it doesn't. It's a very similar concept, on a smaller scale; if corporations can both (a) be compelled to cooperate and (b) be kept quiet about it, why shouldn't it be true?
If you had said before about a year ago that Google was implicated, and had managed to keep secret its participation, in that kind of intensive spying I'd have thought it paranoid.
So you thought I was being paranoid circa 2008-09 when I said that FB could be nationalized by the US for its data intel profiles...
Good thing for us, that didn't happen. The Feds already had a hidden backdoor mirror operating.
Turns out the NSA didn't give them a choice in the matter.
They had a choice. Go out of business/get fired. That's what plenty of encrypted email sites did, when their encryption keys were confiscated. Which suggests that the encryption systems left after that, aren't so encrypted any more.
I'm certainly willing to say it's plausible- now more than ever- but I don't know that I'm convinced- that's all.
That it is so easy to believe it now? That is a problem, whether or not it is true.
Post a Comment