This is part 2 of “To Protect and Infect” about the militarization of the Internet, where Jacob Applebaum aka ioerror talks about specific techniques used by the NSA for surveillance, exploitation and overt attack of individual targets as well as the dragnet collection of data on everyone. I’m kind of surprised at some of the “low-tech” methods used and also at some of the ingenuous uses of combinations of vectors. If you’re a target, there’s only so much you can do before they get ya. As has been hinted at before in previous disclosures of this kind, it’s not impossible to stop or at least severely hamper a lot of these techniques.
The most surprising of these techniques, to me anyway because I thought of it a few weeks back after having ordered some headphones from Newegg during one of those Black Friday/Cyber Monday sales (shipping took over 2 weeks which is surprising for normally rapid Newegg, even with the holiday rush – also, UPS tracker was showing some unusual delays and weird routes), is simply intercepting a postal shipment for computer hardware and infecting it with some kind of modified firmware or even a low-tech bug like a GPS transponder or mic. I say surprising because I just dismissed this as the meandering of my paranoid imagination, but in the case of someone who might actually be a significant target, it’s not so unrealistic after all and now we know that it’s indeed a reality. I mean, if I were the Bad Guys, I’d try it as an attack vector, especially if I had the kind of technical, financial and political resources the Bad Guys in question certainly do have. I first thought of this when I started buying OpenBSD media and having it shipped to me rather than installing from online mirrors – wouldn’t it be easy to intercept the envelope, steam it open and swap out a compromised set of the software? Especially considering it’s an international shipment since they send it from Canada; I’m guessing the laws are a bit more lenient in such case… This method and legally using the Patriot Acts to “blackbag” (break into) a target’s residence to gather intel and install backdoors of all kinds are the 2 that bother me the most because I have the least control over them.
In fact, if I recall correctly, Applebaum was just in the news recently for getting his residence in Germany infiltrated, with 3 of the 4 physical security systems he had set up bypassed and lots of items inside were obviously disturbed. Not surprised, since the context of the news recently has been that of Snowden speaking with German media and subsequently most of the content in this CCC talk were just disclosed to Der Spiegel (and thankfully rapidly reported on by Matt Drudge and other diverse news outlets) and the source had to have been Snowden given the multitude of codenames for various techniques discussed in this talk – surely the NSA and CIA were not very pleased about this data getting disclosed.
Another important point that Applebaum constantly drives home is that the access to most of these techniques is not exclusive to the NSA – once known by the general populace, they can be exploited by *anyone* which is very irresponsible and should give you an idea about this agency’s moral compass. Who’s to say that SCADA infrastructure, the kind that was (and continues to be! no one has closed that Pandora’s box because… it can’t be) used by the STUXNET worm, won’t accidentally trigger a disaster like a nuclear plant meltdown after accidental infection?
Anyway, an interesting highlight was Applebaum’s meeting with a political dissident from Angola who complained of a possible trojan on his MacBook and sure enough Applebaum discovered a lame background task that was doing screenshots on a regular interval. I guess it didn’t bother to check if there was Internet connectivity since there were about 8GB of screenshots in his user directory that probably weren’t even queued up to be sent at a later point when there was connectivity. Unfortunately, this Angolan ended up getting arrested and detained.
Part 1 is here