Major new bombshells on NSA blackhat techniques at CCC 30c3

Leave a comment

This is part 2 of “To Protect and Infect” about the militarization of the Internet, where Jacob Applebaum aka ioerror talks about specific techniques used by the NSA for surveillance, exploitation and overt attack of individual targets as well as the dragnet collection of data on everyone.   I’m kind of surprised at some of the “low-tech” methods used and also at some of the ingenuous uses of combinations of vectors.  If you’re a target, there’s only so much you can do before they get ya.  As has been hinted at before in previous disclosures of this kind, it’s not impossible to stop or at least severely hamper a lot of these techniques.

The most surprising of these techniques, to me anyway because I thought of it a few weeks back after having ordered some headphones from Newegg during one of those Black Friday/Cyber Monday sales (shipping took over 2 weeks which is surprising for normally rapid Newegg, even with the holiday rush – also, UPS tracker was showing some unusual delays and weird routes), is simply intercepting a postal shipment for computer hardware and infecting it with some kind of modified firmware or even a low-tech bug like a GPS transponder or mic.  I say surprising because I just dismissed this as the meandering of my paranoid imagination, but in the case of someone who might actually be a significant target, it’s not so unrealistic after all and now we know that it’s indeed a reality.  I mean, if I were the Bad Guys, I’d try it as an attack vector, especially if I had the kind of technical, financial and political resources the Bad Guys in question certainly do have.  I first thought of this when I started buying OpenBSD media and having it shipped to me rather than installing from online mirrors – wouldn’t it be easy to intercept the envelope, steam it open and swap out a compromised set of the software?  Especially considering it’s an international shipment since they send it from Canada; I’m guessing the laws are a bit more lenient in such case…   This method and legally using the Patriot Acts to “blackbag” (break into) a target’s residence to gather intel and install backdoors of all kinds are the 2 that bother me the most because I have the least control over them.

In fact, if I recall correctly, Applebaum was just in the news recently for getting his residence in Germany infiltrated, with 3 of the 4 physical security systems he had set up bypassed and lots of items inside were obviously disturbed.  Not surprised, since the context of the news recently has been that of Snowden speaking with German media and subsequently most of the content in this CCC talk were just disclosed to Der Spiegel (and thankfully rapidly reported on by Matt Drudge and other diverse news outlets) and the source had to have been Snowden given the multitude of codenames for various techniques discussed in this talk – surely the NSA and CIA were not very pleased about this data getting disclosed.

Another important point that Applebaum constantly drives home is that the access to most of these techniques is not exclusive to the NSA – once known by the general populace, they can be exploited by *anyone* which is very irresponsible and should give you an idea about this agency’s moral compass.  Who’s to say that SCADA infrastructure, the kind that was (and continues to be! no one has closed that Pandora’s box because… it can’t be) used by the STUXNET worm, won’t accidentally trigger a disaster like a nuclear plant meltdown after accidental infection?

Anyway, an interesting highlight was Applebaum’s meeting with a political dissident from Angola who complained of a possible trojan on his MacBook and sure enough Applebaum discovered a lame background task that was doing screenshots on a regular interval.  I guess it didn’t bother to check if there was Internet connectivity since there were about 8GB of screenshots in his user directory that probably weren’t even queued up to be sent at a later point when there was connectivity.  Unfortunately, this Angolan ended up getting arrested and detained.

Part 1 is here

Advertisements

Boeing loses Brazilian defense contract to Saab over NSA spying

1 Comment

US high-tech companies, already suffering in a fantasy economy propped up by Keynesian stimulus and undermined by outsourcing, international trade agreements and automation, are now really feeling the heat from the blowback of slow-creep Snowden revelations.  Nobody wants a backdoored Cisco router or Microsoft operating system.  It’s so bad that DARPA/NSA darlings like Google and Facebook are rebelling against their benefactors in protest, if only in a superficial theatrical motion to save face for full complicity in all of this.

Now, the lucrative “Lord of War” defense sector, specializing in selling weapons to tinpot dictators worldwide to oppress their populaces and squabble over precious resources at the behest of the bankster cabals, are getting a taste of NSA blowback.  Zerohedge reports that Brazil is canceling a 4 billion US$ contract for fighter jets and instead going with Swedish SAAB for their flying pointy sticks:

Brazil awarded a $4.5 billion contract to Saab AB on Wednesday to replace its aging fleet of fighter jets, a surprise coup for the Swedish company after news of U.S. spying on Brazilians helped derail Boeing’s chances for the deal.

Aside from the cost of the jets themselves, the agreement is expected to generate billions of additional dollars in future supply and service contracts.

The timing of the announcement, after more than a decade of off-and-on negotiations, appeared to catch the companies involved by surprise.

Until earlier this year, Boeing’s F/A-18 Super Hornet had been considered the front runner. But revelations of spying by the U.S. National Security Agency in Brazil, including personal communication by Rousseff, led Brazil to believe it could not trust a U.S. company.

“The NSA problem ruined it for the Americans,” a Brazilian government source said on condition of anonymity.

A U.S. source close to the negotiations said that whatever intelligence the spying had delivered for the American government was unlikely to outweigh the commercial cost of the revelations.

“Was that worth 4 billion dollars?” the source asked.

“We are a peaceful country, but we won’t be defenseless,” Rousseff said on Wednesday at a lunch with senior officials from Brazil’s military, where she said the announcement was forthcoming. “A country the size of Brazil must always be ready to protect its citizens, patrimony and sovereignty.”

You all are surprised?  NSA, your retribution is just starting.  Thanks for destroying the last lynchpin of US voodoo economics, the backer of international petrodollars (AKA Federal Reserve Notes) known as the military-industrial complex.

 

Failed to uninstall the Extension Pack Oracle VM VirtualBox Extension Pack.

Leave a comment

Failed to uninstall the Extension Pack Oracle VM VirtualBox Extension Pack..

I ran into the above problem after upgrading to the latest kernel for CentOS 6.5 x86_64 with Windows 7 as the host and troubleshooting why fullscreen display wasn’t working after the upgrade.  Works like a charm.

I think I could have avoided the initial problem by installing dkms before the kernel upgrade but I haven’t reverted and tested yet.  That would make sense, though, since dkms auto-recompiles kernel modules when the kernel is upgraded.  Well, usually.

-v