The Lasting Stench of the FBI-CIA-DOJ-NSA

Federal Cyber-Fools

The Feds obviously did not detect and halt the destruction caused by their own tools.

The Best Laid Plans

The obvious philosophical arguments aside, this latest development provides an in-your-face example of why these agencies are making the world and America an increasingly dangerous place rather than safer. The recent theft of the NSA’s suite of cyber weapons illustrates their continued inability to keep information secure. Many forgot about the Chinese hack of the OPM’s Form 86s that revealed 14M people’s personal information, contacts and personal history going back a decade or more of everyone with a TS security clearance. Going back more than a decade now the NSA and CIA have left a trail of leaks, all of which have left the taxpayers and private sector as collateral damage. My own family members were impacted by the OPM hack and the public was asked to nod understandingly and simply forget it ever happened. For $1.5B and virtually limitless power over our data and personal information, the results have been…less than satisfactory.

The human experimentation done in places like Holmsburg Prison by the US government, Dow Chemical, and Johnson & Johnson on unwitting prisoners for things like dioxin and chemical torture compounds should disabuse the readers of any notions that compartmentalized and bureaucratic government agencies should be granted any great amount of trust. The primary function seems to be creating weapons and then unwittingly using them on the native population or allowing them to be used in such a manner. Such is the case here, using our tax dollars to not only fail to do their primary responsibility, protect the electronic infrastructure in the US, but also display a stunning level of incompetence in allowing the very weapons they intended to use on dissident citizens and enemies of the US to be co-opted for use by 21st century pirates. Given the last decade, it is a wonder they allow either agency to have computers or sharp objects in the building. Let us not forget the same people not only got caught lying about meta-data collection, but also siphon off ungodly amounts of money to fund their giant data storage facilities. I fear it is too much to ask that my overlords at least be semi-competent when they demand I submit myself to their electronic voyeurism.

Looking like fools rather than techie-wizards.

Only Obama Gets a Pass on Russky Chat

NSA and ANTs In Your...

...pretty much everything. The NSA has invaded pretty much everything digital, from your computer's BIOS to its harddrives to routers:

The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on.

This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access.

Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of the latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.

Other ANT programs target Internet routers meant for professional use or hardware firewalls intended to protect company networks from online attacks. Many digital attack weapons are "remotely installable" -- in other words, over the Internet. Others require a direct attack on an end-user device -- an "interdiction," as it is known in NSA jargon -- in order to install malware or bugging equipment.

The very first website I ever designed had a backdoor placed in it for my own amusement. Back then it was known that Al Qaeda was using such devices to communicate, and it was incredibly simple to do - just create a page with no apparent link and a complex name.

Getting embedded into a target BIOS is a different level of digital burglary, and I think would be hard to detect without some external engineering tools (I could be wrong).