Daily Archives: March 20, 2015

One of the most successful U.S. National Security Agency spying programs involved intercepting IT equipment en route to customers and modifying it.

At secret workshops, backdoor surveillance tools were inserted into routers, servers and networking equipment before the equipment was repackaged and sent to customers outside the U.S.

The program, run by the NSAs Tailored Access Operations (TAO) group, was revealed by documents leaked by former NSA contractor Edward Snowden and reported by Der Spiegel and Glenn Greenwald.

It was one of many revelations about the NSA that caused widespread suspicion that U.S. technology products shouldnt be trusted, even if companies strenuously denied helping the agency.

And it appears some Cisco Systems customers have since taken steps to prevent NSA tampering.

The company has shipped equipment to addresses that are unrelated to a customer, said John Stewart, Ciscos chief security and trust officer, on Wednesday during a panel session at the Cisco Live conference in Melbourne.

In theory, that makes it harder for the NSA to target an individual company and scoop up their package. But supply chains are tough to secure, Stewart said, and once a piece of equipment is handed from Cisco to DHL or FedEx, its gone.

Still, the risk of such tampering is pretty low for most customers. Cisco has been working on better ways for customers to verify the integrity of the systems it ships, but there will always be certain amount of risk that cant be mitigated, Stewart said.

If a truly dedicated team is coming after you, and theyre coming after you for a very long period of time, then the probability of them succeeding at least once does go up, Stewart said. And its because theyve got patience, theyve got capacity and more often than not, theyve got capability.

One of the leaked Snowden documents, dated June 2010, has two photos of an NSA interdiction operation, with a box that said Cisco on the side.

See the article here:
To avoid NSA, Cisco gear gets delivered to strange addresses

If youve ever wondered what its like on the other side of the surveillance stateto be the one doing the snooping, as opposed to being the one getting snooped onyou now have the chance, in a somewhat unlikely form: A Laser Chess-style puzzle game for your iPhone.

In TouchTone, you play an NSA analyst, alternatively solving simple geometric puzzles and scanning peoples emails for national security threats. The puzzles are fun, but its the stuff in between thats really interesting. The game presents a simple, stylized take on the job, to be sure, but it can be a powerful experience nonetheless. As youre trying to decide whether a particular message is pertinent to national security, you cant help but feel in a very visceral way the queasy ambiguity at the heart of state surveillance.

The game was created by Michael Boxleiter and Greg Wohlwend, who work together under the name Mikengreg. Theyre responsible for the well-known games Solipskier and Gasketball. More recently, Wohlwend illustrated the cheerful visual design of the hit puzzle game Threes.

Boxleiter had worked out the basic puzzle elements of TouchTone for a game jam in 2012, but the two were struggling to figure out the extra something needed to make the game feel complete. The answer came suddenly with Edward Snowden and the PRISM revelations.

The concept fit well with the puzzle mechanics, which the developers felt had a bit of a hacker vibe all along. Still, it took a while to figure out the right tone for the controversial issue. At first we were going to go for a little satire, and throw in some jokes at the NSAs expense, Boxleiter says. I realized after a while that maybe we could say something a little more real and a little more important.

Boxleiter ended up writing an elaborate story centering around a American Muslim engineer, which unfolds in the form of emails intercepted over the course of the game. It took months of writing and rewriting. Not many people have made a game like this, so it feels like uncharted territory, Boxleiter says.

The game ends up balancing subtle satire with a vague, sinister vibe. At one point in the development process, after theyd shed the initial jokiness and embraced a straighter approach to the conceit, Boxleiter and Wohlwend took the game to a play-testing event in Chicago and claimed they were contracted by the NSA to make it. At least one beta tester believed them, a reaction Wohlwend and Boxleiter took as a job well done.

Go here to see the original:
Become an NSA Spook in This iPhone Puzzle Game

The National Security Agencys top lawyer has left the government and returned to private practice as a partner at Mayer Brown LLP in Washington D.C., running the firms global privacy and security practice.

Since 2012, Rajesh De served as the NSAs chief legal officer and principal legal adviser to its current director, Michael Rogers, and Mr. Rogerss predecessor, Gen. Keith Alexander.

At the NSA, Mr. De stood at the nexus between national security policy and law as the agency was dealing with the fallout from former agency contractor Edward Snowdens exposure of the governments broad-scale surveillance programs.

In an interview this week with the Washington Post, Mr. De declined to talk about Mr. Snowden, who was granted asylum in Russia, but told the paper that he believes that no person, a king or an IT guy, should consider themselves above our democratic system.

Before joining the NSA, Mr. De worked at the White House as staff secretary and deputy assistant to the president. He also served in the Department of Justices Office of Legal Policy. Before that, the Harvard Law School graduate was a partner at Mayer Brown.

With the rapid evolution of the cybersecurity landscape, its an exciting time to return to private practice, he said in a statement released by his firm.

Go here to read the rest:
NSAs General Counsel Joins Mayer Brown

The ability to hack the BIOS chip at the heart of every computer is no longer reserved for the NSA and other three-letter agencies. Millions of machines contain basic BIOS vulnerabilities that letanyone with moderately sophisticated hacking skills compromise and control a system surreptitiously, according to two researchers.

The revelation comes two years after a catalogue of NSA spy tools leaked to journalists in Germany surprised everyone with its talk about the NSAs efforts to infect BIOS firmware with malicious implants.

The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computers operating system were wiped and re-installed.

BIOS-hacking until now has been largely the domain of advanced hackers like those of the NSA. But researchers Xeno Kovah and Corey Kallenberg presented a proof-of-concept attack today at the CanSecWest conference in Vancouver, showing how they could remotely infect the BIOS of multiple systems using a host of new vulnerabilities that took them just hours to uncover. They also found a way to gain high-level system privileges for their BIOS malware to undermine the security of specializedoperating systems like Tailsused by journalists and activists for stealth communications and handling sensitive data.

Although most BIOS have protections to prevent unauthorized modifications, the researchers were able to bypass these to reflash the BIOS and implant their malicious code.

Kovah and Kallenberg recently left MITRE, a government contractor that conducts research for the Defense Department and other federal agencies, to launch LegbaCore, a firmware security consultancy. They note that the recent discovery of a firmware-hacking toolby Kaspersky Lab researchers makes it clear that firmware hacking like their BIOS demo is something the security community should be focusing on.

Because many BIOS share some of the same code, they were able to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo and HP. The vulnerabilities, which theyre calling incursion vulnerabilities, were so easy to find that they wrote a script to automate the process and eventuallystopped counting the vulns it uncovered because there were too many.

Theres one type of vulnerability, which theres literally dozens of instances of it in every given BIOS, says Kovah. They disclosed the vulnerabilities to the vendors and patches are in the works but have not yet been released. Kovah says, however, that even when vendors have produced BIOS patches in the past, few peoplehave applied them.

Because people havent been patching their BIOSes, all of the vulnerabilities that have been disclosed over the last couple of years are all open and available to an attacker, he notes. We spent the last couple of years at MITRE running around to companies trying to get them to do patches. They think BIOS is out of sight out of mind [because] they dont hear a lot about it being attacked in the wild.

An attacker could compromise the BIOS in two waysthrough remote exploitation by delivering the attack code via a phishing email or some other method, or through physical interdiction of a system. In that case, the researchers found that if they had physical access to a system they could infect the BIOS on some machines in just two minutes. This highlights just how quickly and easy it would be, for example, for a government agent or law enforcement officer with a moments access to a system to compromise it.

Read the rest here:
Researchers Uncover Way to Hack BIOS and Undermine Secure Operating Systems