Catalog of NSA compromised equipments

[Bob Jonkman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

William Muriithi wrote:
> The only good news is it seem the vendors are not working with
> them. This mean they pick a victim, send someone to break into the
> premise discretely and plant the bug.

The spokespeople who talked to the press have no knowledge of
cooperation, and it is likely that the senior execs have no knowledge
of cooperation. But remember that this is being done by a spy
organization, who likely have bribed staff (or even have their own
agents working as staff).  Or it was done by hacking into source code
repositories, as was done in the Adobe breach a few months ago.

In Bunnie Huang's 30C3 talk last week, he mentioned that SD cards
(which have embedded microprocessors) are made in factories with no
security guards, access passes, or even doors. He's seen chickens
walking through the factory floor. There's lots of opportunity for
subverting the code in embedded devices.

Bunnie's blog: http://www.bunniestudios.com/blog/?p=3554

And watch the video: https://www.youtube.com/watch?v=r3GDPwIuRKI

- --Bob.


On 14-01-01 05:21 PM, William Muriithi wrote:
>> | All these revelations seem to be from about 2007.  Who knows
>> what
they
>> | are up to now.
>> 
>> Reading more...
>> 
>> Some are as recent as 2009.
> 
> Correct,  had planned to mention that yesterday after reading your
previous
> mail.
>> 
>> SWAP provides "software application persistence" by exploiting
>> the BIOS and the HDD's Host Protected Area.  Works with Windows,
>> Linux, FreeBSD, or Solaris (as of 2007).
>> 
>> Cottonmouth (I, II, and III) are USB plugs that contain network 
>> exfiltration capability.
>> 
>> Ragemaster is a little thing that you put in a VGA cable that
>> captures the red signal and makes it available for exfiltration
>> via a RADAR unit.
> 
> Another odd thing about these attacks is they seem mostly aimed at 
> corporate products.  Don't seem to make sense, as terrorist
> activity are unlikely to happen in office networks.  Weird.
> 
> Apple products are missing in the list. Looks like this has to do
> with dumping BIOS for EFI earlier.  I think EFI is more bloated so
> may
already
> be compromised in updated list .
> 
> The only good news is it seem the vendors are not working with
> them.
This
> mean they pick a victim, send someone to break into the premise
discretely
> and plant the bug. Or is there anyway on can infect BIOS of a
> running system? Or what is their delivery method in your opinion?
> 
> Regards
> 
> William
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAlLEm10ACgkQuRKJsNLM5erCPgCgmj4H/E+9uYxtqEZAa/CS1Iw9
WFYAoOLmHkY7OTyRX6yNTTEbX1CYov1m
=R4t8
-----END PGP SIGNATURE-----
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists