NSA attacks American citizens with hardware rootkits
in [Design]
|
From: GreenXenon on 12 May 2010 18:24 Evil NSA builds hardware/firmware rootkit chips and solders them onto motherboards. This means the people who are supposed to protect us are mistreating us. http://www.spamlaws.com/how-rootkits-work.html quotes: "Firmware rootkits are the most malicious type of malware because they are capable of creating malcode inside the firmware while you computer is shut down. Every time you start your computer this type of malware will reinstall. Firmware cannot be detected by the user and is very difficult to remove." Also, read http://www.google.com/url?sa=D&q=http://www.ngssoftware.com/Libraries/Documents/02_07_Firmware_Rootkits_The_Threat_to_the_Enterprise_Black_Hat_Washington_2007.sflb.ashx&usg=AFQjCNHPJJXEP6DduhTdYtFYLvrjGW0pog http://www.rootkitonline.com/types-of-rootkits.html quotes: "Firmware rootkit implies use of creating a permanent illusion of rootkit malware. It can remain hidden in firmware as this is not checked for code integrity. This was proved by John Heasman in ACPI[8] and also PCI expansion of ROM." http://www.google.com/url?sa=D&q=http://www.zdnet.com/blog/security/hardware-based-rootkit-detection-proven-unreliable/109&usg=AFQjCNHhdS1MB0tsuPqe0xdccOyc8BFY0w Hardware/firmware rootkits are the nastiest type of rootkits because there is no way to eliminate them without physically-damaging your computer. Even formatting your HDD won't kill the rootkit The NSA plants rootkits in the computer chips to invade our privacy. These rootkits act as keystroke loggers that transmit -- in real time -- what you type, to the NSA. Even if you don't post or save a file of your text, you're still in trouble. Simply typing whats on your mind can land you in deep s--t. More info: http://www.google.com/url?sa=D&q=http://news.cnet.com/PC-hardware-can-pose-rootkit-threat/2100-7349_3-6162924.html&usg=AFQjCNGLPoLe5vpn79A99C3OKy2GU62HnQ PC hardware can pose rootkit threat ARLINGTON, Va.--PC hardware components can provide a way for hackers to sneak malicious code onto a computer, a security researcher warned Wednesday. Every component in a PC, such as graphics cards, DVD drives and batteries, has some memory space for the software that runs it, called firmware. Miscreants could use this space to hide malicious code that would load the next time the PC boots, John Heasman, research director at NGS Software, said in a presentation at this week's Black Hat DC event here. "This is an important area and people should be concerned about this," Heasman said. "Software security is getting better, yet we run increasingly complicated hardware. Unless we address hardware security, we're leaving an interesting avenue for attack." Malicious code delivered via the memory on hardware components poses a rootkit threat since it will run on the PC before the operating system loads, Heasman said. This likely will hide it from security software and other protection mechanisms, he added. Such low-level malicious code is known as a rootkit. Moreover, because the malicious code is stored on the hardware component and not a PC's hard disk, reinstalling the operating system or otherwise wiping the disk won't remove the threat. In his research, Heasman focused on graphics cards inserted in the PCI, PCI Express or AGP slots on a PC motherboard. He found that it is possible to load a few kilobytes of additional code onto the memory of such cards. An attacker could do this by tricking the user into opening a malicious file, for example, he said. "The PCI bus was developed by Intel in the 1990s. And as we all know, security wasn't in high respects at that time," Heasman said. "On a well-run network, administrators know which machines are on their network, but do they know what PCI devices are on their network? In most cases I'd imagine that the answer is no." The concept Heasman presented is not new. Other security researchers have highlighted the risk before. And the industry has responded through the Trusted Computing Group and the Trusted Platform Module, which performs additional checks. However, the Trusted Platform Module isn't on every PC and its capabilities aren't always used, Heasman noted. For increased protection, Heasman recommends scanning the memory on PC expansion cards and other hardware components and analyzing what the code stored there does.
From: hamilton on 12 May 2010 19:40 On 5/12/2010 4:24 PM, GreenXenon wrote: > Evil NSA builds hardware/firmware rootkit chips and solders them onto > motherboards. This means the people who are supposed to protect us are > mistreating us. Please show a photo of a motherboard and the "rootkit chip". hamilton
From: GreenXenon on 12 May 2010 20:33 On May 12, 4:40 pm, hamilton <hamil...(a)nothere.com> wrote: > On 5/12/2010 4:24 PM, GreenXenon wrote: > > > Evil NSA builds hardware/firmware rootkit chips and solders them onto > > motherboards. This means the people who are supposed to protect us are > > mistreating us. > > Please show a photo of a motherboard and the "rootkit chip". > > hamilton It's all in the firmware.
From: hamilton on 12 May 2010 20:54 On 5/12/2010 6:33 PM, GreenXenon wrote: > On May 12, 4:40 pm, hamilton<hamil...(a)nothere.com> wrote: >> On 5/12/2010 4:24 PM, GreenXenon wrote: >> >>> Evil NSA builds hardware/firmware rootkit chips and solders them onto >>> motherboards. This means the people who are supposed to protect us are >>> mistreating us. >> >> Please show a photo of a motherboard and the "rootkit chip". >> >> hamilton > > > It's all in the firmware. So, there is NO rootkit chip as you described. So, there is NO rootkit hardware as you described. NO one solders chips onto mother board as you described. Ploink hamilton
From: Nial Stewart on 13 May 2010 06:31
> It's all in the firmware. So Asus (say) let the American NSA have access to each and every motherboard they produce before they ship it? It has to be said, you're f'in mental. :-) N. |