[ExI] Revealed: how Microsoft handed the NSA access to encrypted messages

[Eugen Leitl]

On Tue, Jul 16, 2013 at 02:43:35PM +1200, Andrew Mckee wrote:
> On Mon, 15 Jul 2013 02:11:01 +1200, BillK <pharos at gmail.com> wrote:
> 
> >Well, as you know it is almost impossible to prove a negative.
> 
> Almost? I thought is was just impossible, full stop.

I don't know the context, but you can prove that you have
booted a given image. You can reduce the footprint to that
of an FPGA (though there have been at least one backdoored
FPGA detectec), and just nitric acid and EM with an old
fabrication process, a la http://www.visual6502.org/
 
> >Let's just say that no known, provable backdoors have been
> >demonstrated. Outside of known features, like vPro.
> 
> So far.

You can deploy backdoors at runtime
http://inertiawar.com/microcode/
 
> >And there are other processors on the market besides Intel. If
> >security was a USP (unique selling point) then companies would be
> >shouting about it.
> 
> Shouting about what exactly?, if AMDs marketing department decided to advertise the existence of a secret backdoor snooping capability in a competitors product it had better have some damned good lawyer proof concrete evidence, or it's going to be death by courtroom drama for AMD.
> Besides which, how or why would AMD know about it, its supposed to be a secret remember.

AMD might or might not have a better story there. There's no way to tell.
 
> >Conspiracy theory demands that *all* processors
> >would have NSA backdoors built in.
> 
> Not sure which particular conspiracy theory you are referring to which has that particular requirement.
> 
> But recall perhaps, that communication is a two way street, you only need to tap one phone to intercept the full conversation held between two people, or in this case computers.
> So I'd say they only need a better than average chance to capture at least one node in the communications loop to catch onto fruitful threads of intelligence.
> 
> If the reports are correct, the NSA has a capture capability of the fiber optic backplanes of the the two biggest Telcos in the US, giving them access to 70% of all US communications, so a better than average chance of snagging the nodes the're after.
> 
> And Intel have been making and selling many many more cpus than AMD for some years now, so again a better than average chance that at least one of the two PCs they might need to access can be backdoored via an Intel chip.

In principle you can examine the network with a known good tap,
and just log everything (storage is effectively free these
days) running your own Total Awareness program on your
network traffic, plus ability to get back in time to
analyze it.

Few people do it, but it's not difficult in principle.
 
> >And people are using and testing these chips continuously. Surely some
> >researcher, somewhere, would spot an unusual response, or strange
> >network packets flowing around?
> 
> Are you familiar with the magic ethernet packet that can be used to trigger the 'wake on lan' feature most PCs have, imagine something similar on steroids.
> Until the backdoor is triggered there would be absolutely nothing out of the ordinary to observe.

http://theinvisiblethings.blogspot.de/2010/04/remotely-attacking-network-cards-or-why.html
 
> I'd imagine it would also be a feature of semi last resort, there are after all a ton of zero day exploits and operating system security holes they can try first  that all come with serious plausible deny-ability before they would have to resort to something like this.
> And if all else fails they can of course just arrange for someone to kick a backdoor in when the target is out of town, and stage a fake burglary, then go over the stolen harddrives with a fine tooth comb at their leisure, they are spooks after all, it's what they do for a living.
> 
> >Even on your own laptop you can monitor processes and traffic to see
> >what is going on.
> 
> With what exactly?, any half decent root kit or malware can hide itself from the user and operating system, top of line freshly baked malware from the NSA I'd imagine would require a very skilled blackhat to discover.
> 
> >Not just panic every time a background disk defrag
> >starts up, or your antivirus software does an automatic update without
> >asking permission.
> 
> I think most of us have gone a ways beyond being scared of our own shadow, it's the great dark shadow of the beast that has me worried - cyberpunk dark dystopian future here we com..., oh, looks like we've arrived already.  :-)
> 
> >I'm happy nothing funny is going on with my pc (not a vPro Intel i5 or
> >i7 processor). But I'm watching!  :)

You would have no way of knowing.
 
> I'm almost tempted to ask what sort of hardware / software setup do you have that instills such happy confidence that you are in fact outwitting the worlds most technically capable spying agencies.

Yep.
 
> But I swear, if you tell me you such a happy camper because you just installed Norton's latest security suite I will scream, possibly over the internet, it won't be pretty, please don't make me scream! :-[