Major new bombshells on NSA blackhat techniques at CCC 30c3

Leave a comment

This is part 2 of “To Protect and Infect” about the militarization of the Internet, where Jacob Applebaum aka ioerror talks about specific techniques used by the NSA for surveillance, exploitation and overt attack of individual targets as well as the dragnet collection of data on everyone.   I’m kind of surprised at some of the “low-tech” methods used and also at some of the ingenuous uses of combinations of vectors.  If you’re a target, there’s only so much you can do before they get ya.  As has been hinted at before in previous disclosures of this kind, it’s not impossible to stop or at least severely hamper a lot of these techniques.

The most surprising of these techniques, to me anyway because I thought of it a few weeks back after having ordered some headphones from Newegg during one of those Black Friday/Cyber Monday sales (shipping took over 2 weeks which is surprising for normally rapid Newegg, even with the holiday rush – also, UPS tracker was showing some unusual delays and weird routes), is simply intercepting a postal shipment for computer hardware and infecting it with some kind of modified firmware or even a low-tech bug like a GPS transponder or mic.  I say surprising because I just dismissed this as the meandering of my paranoid imagination, but in the case of someone who might actually be a significant target, it’s not so unrealistic after all and now we know that it’s indeed a reality.  I mean, if I were the Bad Guys, I’d try it as an attack vector, especially if I had the kind of technical, financial and political resources the Bad Guys in question certainly do have.  I first thought of this when I started buying OpenBSD media and having it shipped to me rather than installing from online mirrors – wouldn’t it be easy to intercept the envelope, steam it open and swap out a compromised set of the software?  Especially considering it’s an international shipment since they send it from Canada; I’m guessing the laws are a bit more lenient in such case…   This method and legally using the Patriot Acts to “blackbag” (break into) a target’s residence to gather intel and install backdoors of all kinds are the 2 that bother me the most because I have the least control over them.

In fact, if I recall correctly, Applebaum was just in the news recently for getting his residence in Germany infiltrated, with 3 of the 4 physical security systems he had set up bypassed and lots of items inside were obviously disturbed.  Not surprised, since the context of the news recently has been that of Snowden speaking with German media and subsequently most of the content in this CCC talk were just disclosed to Der Spiegel (and thankfully rapidly reported on by Matt Drudge and other diverse news outlets) and the source had to have been Snowden given the multitude of codenames for various techniques discussed in this talk – surely the NSA and CIA were not very pleased about this data getting disclosed.

Another important point that Applebaum constantly drives home is that the access to most of these techniques is not exclusive to the NSA – once known by the general populace, they can be exploited by *anyone* which is very irresponsible and should give you an idea about this agency’s moral compass.  Who’s to say that SCADA infrastructure, the kind that was (and continues to be! no one has closed that Pandora’s box because… it can’t be) used by the STUXNET worm, won’t accidentally trigger a disaster like a nuclear plant meltdown after accidental infection?

Anyway, an interesting highlight was Applebaum’s meeting with a political dissident from Angola who complained of a possible trojan on his MacBook and sure enough Applebaum discovered a lame background task that was doing screenshots on a regular interval.  I guess it didn’t bother to check if there was Internet connectivity since there were about 8GB of screenshots in his user directory that probably weren’t even queued up to be sent at a later point when there was connectivity.  Unfortunately, this Angolan ended up getting arrested and detained.

Part 1 is here

Advertisements

Failed to uninstall the Extension Pack Oracle VM VirtualBox Extension Pack.

Leave a comment

Failed to uninstall the Extension Pack Oracle VM VirtualBox Extension Pack..

I ran into the above problem after upgrading to the latest kernel for CentOS 6.5 x86_64 with Windows 7 as the host and troubleshooting why fullscreen display wasn’t working after the upgrade.  Works like a charm.

I think I could have avoided the initial problem by installing dkms before the kernel upgrade but I haven’t reverted and tested yet.  That would make sense, though, since dkms auto-recompiles kernel modules when the kernel is upgraded.  Well, usually.

-v

“Meet Me at Your Riser” by Deborah Natsios

Leave a comment

Cartome virtuoso Natsios produced this visualization of NSA “meet-me rooms” where telcos/ISPs and the NSA meet to split fiber optic beams for not so great justice.

USENIX gives the finger to Volkswagen’s attempt to silence disclosure

2 Comments

The High Court of Justice in the UK judged that researchers who found potential weaknesses in the Megamos cryptography that car maker Volkswagen and many luxury car makers use for their wireless key entry systems could not publish their research.

Since this court does not have jurisdiction here in the USA and such a judgment would be a violation of our Constitutions’ 1st Amendment anyway, the Advanced Computing Systems Association aka USENIX decided they would allow the researchers to present their findings at the next USENIX “HotSec” information security conference later this month on August 13 in the District of Criminals  Washington, DC.

Good on them!  I am definitely proud to be a long-time member of USENIX and even more so after hearing of this news.

On a more sardonic note, lots of people note that Volkswagen was a product of a Nazi organization as a direct result of a fervent request by Hitler himself to produce a car that everyone (in Germany) could afford.

For those that argue against full disclosure and for security by obscurity alone, particularly the kind enforced by crony capitalism and its thuggish protection rackets, this is what happens when you try to hide the truth.

Photo credits: GDF – S2 – 2011

Zerohedge puts out a pithy “Cheat-Sheet on Spying”

Leave a comment

Because most of us don’t have the free time to keep tabs on exponentially ballooning government surveillance machine:

If you’ve been too busy to keep up with the spying scandal, here’s an overview:

(image source: redditor xenitech)

Note: this originated from Washington’s Blog, who contributes actively to ZH.

ESXi 5.1: vmsvc warning guestinfo RecordRoutingInfo: Unable to collect IPv4 routing table

7 Comments

I had the misfortune of stumbling across this in a vSphere 5.1 with RHEL 6.3.  This was just the icing on a hellish cake of fail that I inherited.

vmware-recordrouteinfo

OK it wasn’t that bad and kind of an interesting problem, but definitely the last thing you want to see on a VM booting your central NFS server  after vmotion fails due to someone else’s host networking misconfiguration.  Fortunately it’s still in QA and not production, despite the over-reaching ambitions of technically illiterate management.

It turns out this had nothing to do with any IP routing table whatsoever, as I discovered when I kept experimenting with forcing static routes and triple-checked every network device and NIC that could be possibly be involved.  I thought maybe it was a kernel driver issue with vmnic, that some kind of nasty was introduced in either Red Hat’s vmware tools package or the ones vSphere uses.  After lots of tedious exploring with different combinations of kernel modules and versions of vmware tools I found nothing.

Well, thanks to the work of Chris Colotti and others, it turns out the problem is related to the default behavior of vmware tools to time sync with the host regardless of whether NTP is configured to do this in the OS, simply by renaming these files to something else:

/usr/lib/vmware-tools/plugins32/vmsvc/libtimeSync.so
/usr/lib/vmware-tools/plugins64/vmsvc/libtimeSync.so

It’s not clear exactly why it hangs yet, but the solution for now is to move the shared obj file vmware tools uses out of the way so it skips its timesync and doesn’t hang the entire boot process.  This incidentally highlights the need once again of a parallelized init process that replaces ye olde serialized init.

Run, Nick, Run.

Leave a comment

Ryan Gallagher at the Guardian talks about RIOT, a sort of social network Fusion Center.  No surprises here.

Just in case we need to send a drone after you.

 

Older Entries