NSA able to target offline computers using radio-waves for surveillance

31 respostas [Última entrada]
oshirowanen
Desconectado
Joined: 02/28/2014

http://rt.com/usa/nsa-radio-wave-cyberattack-607/

Is it possible to detect if your computer has been infected by such surveillance?

Ivan Antipenko
Desconectado
Joined: 08/28/2014

Since we're under Free software, I guess we're out of risk group.
But maybe there is a good idea to start smth like Great Audit Project
for all of the network-related Free software on Kickstarter or so ;)

On Thu, 2014-08-28 at 13:42 +0200, name at domain wrote:
> http://rt.com/usa/nsa-radio-wave-cyberattack-607/
>
> Is it possible to detect if your computer has been infected by such
> surveillance?

--
Happy hacking!
Ivan Antipenko aka akfio
www: http://blog.akifo.pw
xmpp: name at domain
social net: http://social.feder8.ru/profile/akifo

salparadise
Desconectado
Joined: 09/08/2013

Since we're under Free software, I guess we're out of risk group.

It was revealed, a few weeks ago, that the NSA regard the readers of Linux Journal as "extremists" and that they are kept a close eye on.
So, we are not out of the risk group, we are our own special risk group.

We have already illustrated we are in need of monitoring because we don't use proprietary software. That is indicative of intelligence and individuality, both of which are traits that are no longer required in the masses. Unquestioning allegiance to the crowd is what is encouraged. So I expect this forum is monitored, as are all Linux forums and sites.

Legimet
Desconectado
Joined: 12/10/2013

The NSA isn't stupid. They probably use hardware backdoors (although I don't know if this is one) which would mean it doesn't matter which OS you use. Free software also has security flaws, which is why security updates are important. Don't think they don't know about flaws in GNU/Linux systems.

salparadise
Desconectado
Joined: 09/08/2013

They probably use hardware backdoors

Ain't no probably about it. The only real question, to my mind, is how much hardware is compromised? We hear about "all Intel chips post Core 2", is that an honest admission, or damage control?
Etc.

Legimet
Desconectado
Joined: 12/10/2013
a_slacker_here
Desconectado
Joined: 06/29/2013

These are terrible news, and rises so much questions:

Is this really possible? How can governments let these things happen?Can we escape from that control by using free software friendly hardware components?
What else needs to happen to rise people awareness?

Ivan Antipenko
Desconectado
Joined: 08/28/2014

After what was said in topic: the only hope is Open Hardware, but it
requires decades to make it possible to create something usable at home.
Now I'm really confused - what can we do right now?

salparadise
Desconectado
Joined: 09/08/2013

They have the technology to read every single keystroke you make, through a solid wall, with no physical connection required.
They build backdoors into hardware and standalone OS's into processors. There is no realistic expectation of privacy, regardless of what software you use.

It comes down to being wise about what you share and to patiently enlightening people. A groundswell of consumers, angry about their loss of privacy, will get things changed faster than anything else. When the profits get eaten into because of spying, the spying will be reigned in and not until.

oshirowanen
Desconectado
Joined: 02/28/2014

So basically, trisquel is useless when it comes to privacy? As all the technology exists to spy on people at the hardware level which bypasses the software altogether...

quantumgravity
Desconectado
Joined: 04/22/2013

Well, that's like saying: "We can't immunize people against _every_ disease, so Immunization is useless".
It's one part of the puzzle - if we work on the other parts as well, then one day we might achieve a decent digital society.

Jeremiah Asbury
Desconectado
Joined: 10/30/2013

The average person probably won't be targeted for this attack. I think you would only need to worry about it if you are a whistleblower, political activist, etc.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Ivan Antipenko
Desconectado
Joined: 08/28/2014

No.
Libre Software defends (together with encryption and common sence) you
from mass survelliance, which is mostly software-related.
Hardware holes make you vulnerable to personal spying only.

On Fri, 2014-09-05 at 10:45 +0200, name at domain wrote:
> So basically, trisquel is useless when it comes to privacy? As all the
> technology exists to spy on people at the hardware level which bypasses the
> software altogether...

--
Happy hacking!
akifo
www: https://blog.akifo.pw
xmpp: name at domain
GNU social: https://quitter.se/akifo
BitMessage: BM-2cUBB2sXo7yKRU1GkjT3ToznBMy5Sj9PCi

quantumgravity
Desconectado
Joined: 04/22/2013

That's non-sense.
How do you come to this conclusion?

t3g
t3g
Desconectado
Joined: 05/15/2011

Hopefully projects like Libreboot can help with this, but there is a lack hardware to install it on. Even if you can, its really really hard to install.

Jabjabs
Desconectado
Joined: 07/05/2014

Projects like that have to start somehwere, that said it will probably be a few years before it will really be viable and easy to run for the majority of users.

salparadise
Desconectado
Joined: 09/08/2013

So basically, trisquel is useless when it comes to privacy?

Not at all. But neither should it be viewed as a one size fits all solution for all your privacy/security problems.
It's a step in the right direction.

But there are still the issues of ISP's mandated by law to keep records of what you do online and paranoid, dishonest Governments and their barely controllable 'alphabet agencies'. Not to mention that which represents our biggest threat - the Corporations. If we don't bring the Corporations to heel and soon, the future is going to be a lot less pleasant than it could be.

quantumgravity
Desconectado
Joined: 04/22/2013

"They have the technology to read every single keystroke you make, through a solid wall, with no physical connection required."

Please don't spread FUD. "Without any physical connection" would be some kind of magic, and we're not in hogwarths. What you probably meant is some kind of internet or lan connection. In that case, after everything I read, you're right.

salparadise
Desconectado
Joined: 09/08/2013

It's not FUD.

The method works by detecting the differences in voltage that pass down the keyboard wire. The technology has existed for a while now. It works through solid walls and from up to 20 feet away. It is a specifically targeted method rather than a broad keyword search, but exists none the less.

It's mentioned in one of the other threads on this subject, on this site.

http://dev.inversepath.com/download/tempest/blackhat_df-whitepaper.txt

Quote
Our research details two attacks, one against wired PS/2 keyboards, the other
against laptop keyboards using respectively power line leakage and optical
sampling of mechanical energy.

We describe how using relatively cheap homemade hardware we can implement basic
but powerful techniques for remotely eavesdropping keystrokes.

quantumgravity
Desconectado
Joined: 04/22/2013

"The method works by detecting the differences in voltage that pass down the keyboard wire."

Yeah, it's based on measuring electromagnetic fields, so of course there is a physical connection.
I may be picky on the terms, but nobody can spy on anyone without a physical connection.
Just because there is a wall, no wire and no wlan around doesn't mean your isolated.
Please trust the laws of physics: without any physical connection, there is no spying.

So yeah, it's FUD, but I guess you mean something different.

salparadise
Desconectado
Joined: 09/08/2013

Tests have shown that the data can be read through walls and up to 65 feet away.

From...
http://hackaday.com/2008/10/20/eavesdrop-on-keyboards-wirelessly/

And that's from an article that's 6 years old!

quantumgravity
Desconectado
Joined: 04/22/2013

The fact that they were able to spy _means_ that there was _some kind_ of physical connection...
Don't know how I could explain it any better... photons, other particle transfer - something!

a_slacker_here
Desconectado
Joined: 06/29/2013

Yes, it needs some kind of physical connection between the computer and the NSA, some kind of bridge needs to be established to spy, and bridges can be detected.

salparadise
Desconectado
Joined: 09/08/2013

This alleges that it's possible to focus on a particular house/room, from outside, and be able to tell what's being typed - without any physical connection. Though it has the smack of James Bond about it I do confess.
That was PS2 connections though and USB apparently is different. It was also in the days prior to widespread use of wireless routers so there's now a lot more noise around.
Besides, if you really wanted to watch what everyone was typing you'd pass a law stating that ISP's have to keep records of everything that goes through their networks.
Oh...

quantumgravity
Desconectado
Joined: 04/22/2013

"This alleges that it's possible to focus on a particular house/room, from outside, and be able to tell what's being typed - without any physical connection."

Ok, for the last time: this is NOT possible. It's against the laws of physics, and every physicist on the whole world can tell you this.
The NSA can't move faster than the speed of light, can't create energy out of nothing, and clearly can't transmit information without any physical connection.
The articles you're probably talking about use the term "physical connection" referring to some kind of wire or internet access, no one ever doubted that the information has to be transmitted somehow.
I hope this non-sense is now clarified once and for all. For further reading, I recommend any physics textbook.

Jeremiah Asbury
Desconectado
Joined: 10/30/2013

Sorry, I didn't mean to reply specifically to your message, quantumgravity. I meant to reply to the whole list. (Either me or my e-mail program is kind of wonky.)
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

a_slacker_here
Desconectado
Joined: 06/29/2013

Well, wifi is basically high frequency radio waves.

quantumgravity
Desconectado
Joined: 04/22/2013

Yeah, electromagnetic waves - defintely a physical connection.

Magic Banana

I am a member!

I am a translator!

Desconectado
Joined: 07/24/2010

He is back trolling. Let us ignore him. Please.

ADFENO
Desconectado
Joined: 12/31/2012

2014-08-28 13:42:54, name at domain:
> http://rt.com/usa/nsa-radio-wave-cyberattack-607/
>
> Is it possible to detect if your computer has been infected by
such
> surveillance?

I'm not sure if this helps or turns the situation worse... And
also, sorry for sharing a YouTube URI:

https://www.youtube.com/watch?v=AFWgIAgMtiA

I'm also not sure if this has a proven scientific explanation,
but I decided to share the resource anyway.

Best regards, ADFENO.
Have a nice day.

--
Assinatura automática – português brasileiro:
– Blogue: http://adfeno.wordpress.com/
– Favor não enviar-me documentos do Microsoft Office ou Apple
iWork. Ao invés disso, envie documentos em OpenDocument!
http://fsf.org/campaigns/opendocument/
– Se eu não te desejar um bom dia em meus e-mails, minhas
postagens, ou meus comentários; isto significa que estes foram
enviados por terceiros.

Automatic signature – North American English:
– Blog: http://adfeno.wordpress.com/
– Please do not send me Microsoft Office or Apple iWork
documents. Instead, send OpenDocument documents!
http://fsf.org/campaigns/opendocument/
– If I don't wish you a nice day in my emails, my posts, or my
comments; this means that these were sent by third parties.

salparadise
Desconectado
Joined: 09/08/2013

Interesting video.

But - why are the laptop lids closed?

The detected typing is done very slowly and deliberately - does that mean that normal typing would overwhelm the system?

On the face of it, it does look like "worst fears" may be true. But it could just as easily be faked to appear that way.

Forna
Desconectado
Joined: 01/12/2014

And what about the Libreboot X60 laptop?
It may provide more security in case of hardware backdoors (related to firmware), doesn't it? However I do not understand very much about these kind of issues...