NSA intercepts PC shipments and installs spyware

Discussion in 'Random Nonsense' started by danrok, Dec 31, 2013.

  1. danrok

    danrok Administrator Staff Member

    Joined:
    Dec 7, 2012
    Messages:
    1,467
    Likes Received:
    23
    Trophy Points:
    38
    Location:
    Channel Islands
  2. ChrisBondWindows

    ChrisBondWindows Member

    Joined:
    Jun 24, 2013
    Messages:
    79
    Likes Received:
    6
    Trophy Points:
    8
  3. Gizmo

    Gizmo Chief Site Administrator Staff Member

    Joined:
    Dec 6, 2012
    Messages:
    2,282
    Likes Received:
    172
    Trophy Points:
    63
    Location:
    Webb City, Missouri
    Home page:
    The way this article reads, it makes it sound like the NSA are just casually diverting deliveries to put bugs in random people's gear.

    I find it extremely difficult to believe that. The goods of particular people of interest, sure, but not just random Joe Public. It seems to me that the odds of someone taking their bit of kit to the shop for repair work and having the bug discovered are just too great. Same with malware. Not to mention that the odds of actually catching anything interesting and useful with random bugging like that are just not worth the effort, or at least it would seem to not be. I mean, even J. Edgar Hoover didn't do that. Besides, we already know they can tap the data of at least the 3 largest cellular carriers in the States, not to mention most of the ISPs and data hosts (Google, Yahoo, Amazon, etc.). So going to the effort of planting random bugs on Joe Public just doesn't seem particularly useful, in light of the information they can already get.

    Just to be clear, I don't have a particular problem with the NSA collecting data in a data center somewhere. I DO have a problem with the idea that any PFY or Presidential Aid can just go trolling through that data any time they want with (at best) only perfunctory oversite. And IF they are going to collect that data, they'd better damn well have it secured six ways from Sunday, because a data warehouse with information on every citizen is going to have a bull's-eye painted on it the size of, well, Utah.

    So actually, yeah, I guess I DO have a problem with the idea, if only because the government has proven time and time again just how incredibly inept it is at controlling access to sensitive data. But I still find it difficult to believe the NSA is engaging in just random bugging of parcels and gear of ordinary citizens for no reason.
  4. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    8,339
    Likes Received:
    624
    Trophy Points:
    113
    Location:
    Linux, Virginia
    Home page:
    Why would the NSA waste time diverting shipments when they can just install their spyware via internet and email just like Malware?
  5. danrok

    danrok Administrator Staff Member

    Joined:
    Dec 7, 2012
    Messages:
    1,467
    Likes Received:
    23
    Trophy Points:
    38
    Location:
    Channel Islands
    If you have the computer in your hands, it would be far easier to install stuff which is difficult to detect, or not normally looked for by security software.
  6. danrok

    danrok Administrator Staff Member

    Joined:
    Dec 7, 2012
    Messages:
    1,467
    Likes Received:
    23
    Trophy Points:
    38
    Location:
    Channel Islands
    I agree, otherwise they'd risk modifying a computer on it's way to a security expert who is likely to notice odd behavior.

    But, I can imagine that they may have intercepted computers destined for public use, e.g. internet cafes. Computers which criminals might consider to be reasonably safe. They could modify such a computer to take a photo of the person sat at it, for example.
  7. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    8,339
    Likes Received:
    624
    Trophy Points:
    113
    Location:
    Linux, Virginia
    Home page:
    Hmm I see now...
    Maybe installing software on a really tiny partition?
  8. danrok

    danrok Administrator Staff Member

    Joined:
    Dec 7, 2012
    Messages:
    1,467
    Likes Received:
    23
    Trophy Points:
    38
    Location:
    Channel Islands
    There's no limit to what they could do, if they have a device in front of them.

    And, this wouldn't just apply to PCs, they could modify anything which might be useful. Routers, TVs, mobile phones, digital cameras, etc.
  9. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    8,339
    Likes Received:
    624
    Trophy Points:
    113
    Location:
    Linux, Virginia
    Home page:
    But wouldn't the government have to contact the manufacturer so the products would be send to NSA?
    Meaning the manufacturer is "IN" on it?
    I doubt manufacturer's would go for this unless they were forced to.

    This is a physical product, so it would be a huge operation to have them sent to the government, modify them and send them back. That would be like sending 10K iPhones to NSA and then the send it back to go to retail stores.

    Even 10K doesn't sound like enough when there are millions in circulation.
  10. Daerandin

    Daerandin Well-Known Member

    Joined:
    Oct 18, 2013
    Messages:
    1,157
    Likes Received:
    258
    Trophy Points:
    83
    Location:
    Northern Norway
    Home page:
    The difference between infecting a computer through malware or spyware, and having physical access, is that you can have stuff in the firmware. As long as you have physical access to a computer, you can load a keylogger in the BIOS, which is completely undetectable to whatever OS you may be running.

    So this physical access is a lot more powerful than infecting a computer through other channels, but ultimately I believe it would be too difficult for anyone to do this on a large scale. But I don't doubt this happens, just not on a very large scale.

    But just to give an exmaple, Trusted computing is a good example that others may remotely control your computer, because of a piece of hardware.
  11. danrok

    danrok Administrator Staff Member

    Joined:
    Dec 7, 2012
    Messages:
    1,467
    Likes Received:
    23
    Trophy Points:
    38
    Location:
    Channel Islands
    I think they're targeting specific items when they're in transit, after they've been dispatched by Amazon to a suspect's address.

    They would know that the person has ordered a new computer because either they're already reading their emails, or are snooping on Amazon's servers.

    It would be fairly easy for them to intercept a parcel and take it from the shipping company, under the guise of drug enforcement or something similar.

    Once they have it, they'd quickly install whatever they like, pack it back up, and deliver it to the suspect.
  12. ThunderRd

    ThunderRd Irreverent Query Chairman Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    2,762
    Likes Received:
    88
    Trophy Points:
    48
    Location:
    Northern Thailand, the Land of Smiles
    Home page:
  13. Daerandin

    Daerandin Well-Known Member

    Joined:
    Oct 18, 2013
    Messages:
    1,157
    Likes Received:
    258
    Trophy Points:
    83
    Location:
    Northern Norway
    Home page:
    Thank you Thunder, that article explains the potential dangers of Trusted Computing very well.

Share This Page