Consumer electronics goods are reportedly regularly diverted to secret workshops where they are modified. http://www.dailytech.com/Report NSA...riminals to Spy on Americans/article34005.htm
The way this article reads, it makes it sound like the NSA are just casually diverting deliveries to put bugs in random people's gear. I find it extremely difficult to believe that. The goods of particular people of interest, sure, but not just random Joe Public. It seems to me that the odds of someone taking their bit of kit to the shop for repair work and having the bug discovered are just too great. Same with malware. Not to mention that the odds of actually catching anything interesting and useful with random bugging like that are just not worth the effort, or at least it would seem to not be. I mean, even J. Edgar Hoover didn't do that. Besides, we already know they can tap the data of at least the 3 largest cellular carriers in the States, not to mention most of the ISPs and data hosts (Google, Yahoo, Amazon, etc.). So going to the effort of planting random bugs on Joe Public just doesn't seem particularly useful, in light of the information they can already get. Just to be clear, I don't have a particular problem with the NSA collecting data in a data center somewhere. I DO have a problem with the idea that any PFY or Presidential Aid can just go trolling through that data any time they want with (at best) only perfunctory oversite. And IF they are going to collect that data, they'd better damn well have it secured six ways from Sunday, because a data warehouse with information on every citizen is going to have a bull's-eye painted on it the size of, well, Utah. So actually, yeah, I guess I DO have a problem with the idea, if only because the government has proven time and time again just how incredibly inept it is at controlling access to sensitive data. But I still find it difficult to believe the NSA is engaging in just random bugging of parcels and gear of ordinary citizens for no reason.
Why would the NSA waste time diverting shipments when they can just install their spyware via internet and email just like Malware?
If you have the computer in your hands, it would be far easier to install stuff which is difficult to detect, or not normally looked for by security software.
I agree, otherwise they'd risk modifying a computer on it's way to a security expert who is likely to notice odd behavior. But, I can imagine that they may have intercepted computers destined for public use, e.g. internet cafes. Computers which criminals might consider to be reasonably safe. They could modify such a computer to take a photo of the person sat at it, for example.
There's no limit to what they could do, if they have a device in front of them. And, this wouldn't just apply to PCs, they could modify anything which might be useful. Routers, TVs, mobile phones, digital cameras, etc.
But wouldn't the government have to contact the manufacturer so the products would be send to NSA? Meaning the manufacturer is "IN" on it? I doubt manufacturer's would go for this unless they were forced to. This is a physical product, so it would be a huge operation to have them sent to the government, modify them and send them back. That would be like sending 10K iPhones to NSA and then the send it back to go to retail stores. Even 10K doesn't sound like enough when there are millions in circulation.
The difference between infecting a computer through malware or spyware, and having physical access, is that you can have stuff in the firmware. As long as you have physical access to a computer, you can load a keylogger in the BIOS, which is completely undetectable to whatever OS you may be running. So this physical access is a lot more powerful than infecting a computer through other channels, but ultimately I believe it would be too difficult for anyone to do this on a large scale. But I don't doubt this happens, just not on a very large scale. But just to give an exmaple, Trusted computing is a good example that others may remotely control your computer, because of a piece of hardware.
I think they're targeting specific items when they're in transit, after they've been dispatched by Amazon to a suspect's address. They would know that the person has ordered a new computer because either they're already reading their emails, or are snooping on Amazon's servers. It would be fairly easy for them to intercept a parcel and take it from the shipping company, under the guise of drug enforcement or something similar. Once they have it, they'd quickly install whatever they like, pack it back up, and deliver it to the suspect.