"Secret" 3G Intel Chip Gives Snoops Backdoor PC Access
- Inicie sesión ou rexístrese para enviar comentarios
(It never ends...)
http://www.prisonplanet.com/secret-3g-intel-chip-gives-snoops-backdoor-pc-access.html
(And, this is what I'm talking about, when I call everyone's attention to also the *hardware* that we use... - https://trisquel.info/en/forum/million-dollar-question-concerning-hardware-we-use)
So the moral of the story is, when you power down, pull the plug or remove the battery?
The moral of the story - or of all the other stories appearing so frequently - is:
If you want to keep something secret, keep it out of your pc.
I suppose that will pretty much prevent unwanted access to your computer when it's turned off - but, not when it's turned on...
So, I think the moral of the story is: just don't buy new Intel chips.
On 09/26/2013 06:13 PM, name at domain wrote:
> (It never ends...)
>
> http://www.prisonplanet.com/secret-3g-intel-chip-gives-snoops-backdoor-pc-access.html
>
>
> (And, this is what I'm talking about, when I call everyone's attention
> to also the *hardware* that we use... -
> https://trisquel.info/en/forum/million-dollar-question-concerning-hardware-we-use)
>
I first found out about this while perusing the thinkpenguin website.
They explicitly state that they do not offer CPUs which have either vpro
or txt technologies.
Very bad. These designers have no ideas about what is/isn't morally right. Or they do not care.
How would this work? Surely the metal computer enclosure would block out any signal?
Back when I was first online, circa 2001, I came across a post on a forum (I can't find it now, it may no longer exist) from a person who claimed that he left what was then called the GPO in the 1950's (now called BT) when he discovered that when you put a domestic phone back on its cradle that the speaker was cut off but not the microphone and that the roll out of the domestic phone network was basically a State sponsored bugging program (how they must have laughed, indeed are still laughing, that we pay them for the mechanisms used to spy on us) and that any house with a phone could be listened in on. (I worked for BT briefly in the early 1980's and there were rooms with military personel in them underground beneath one of the BT buildings. "Listening for enemy activity" I was told. I just presumed they meant "the enemy" as in the Cold War.)
At the time I thought "oh dear, paranoid much?"
Bearing in mind that basically pretty much everything we've been told since 1945 has been an artificial contruct (the lies told about WW2 in the official account are off the scale) and pretty much everything you see on the News is made up, added to all this now coming to light about computers and I'm thinking, no, not paranoid at all.
If it's been going on since the 1950's then it's now very advanced indeed.
I'm not surprised to read that...
Since that, that's something known to be possible with modern-day phones, like cell ones - and when they're turned off: http://www.youtube.com/watch?v=0G1fNjK9SXg
Really interesting and alarming story. Two solutions could be:
1) Buy an old analog telephone. If you're not an expert, have someone of your trust analyze and eventually hack it,
so that when the phone's on the cradle the mic is disabled.
2) You have your telephone inside a soundproof box. When it rings lights flash/whatever.
I'm pretty confident that the 3g is not built into the chips. It's dependent on the system having a compatible 3g card installed. So while this story has some level of truth to it it they made assumptions and stretched that truth.
If 3g was actually embedded in the chip somehow and I'm pretty confident its not you'd be able to detect it. Think about that for a moment. The chip has to send out a radio signal of some kind. Plus there is going to have to be an antenna of some kind or the reception would be horrible.
It's in the chip.
This video at around the 50 second mark says laptops do not have to be connected to a network and can still be disabled remotely. How?
https://www.youtube.com/watch?v=7S4BUAm68eg
"Disable lost or stolen laptops, even if the PC is not connected to the network." (With a superscript 8) There is a footnote at the end of the video.
"...Requires an enabled chipset, BIOS, firmware, and software..." Strangely it says nothing about hardware. Also needs a "...subscription to a capable service provider..."
List of providers
http://www.intel.com/content/www/us/en/architecture-and-technology/anti-theft/anti-theft-service-providers-enterprise.html
http://www.allieddigital.net/us/IntelAT/
"Intel® Anti-Theft Technology is an intelligent way for you to help secure the mobile assets of your workforce. This intelligent security technology is available on 4 generations of laptops based on Intel® Core™ and Intel® Core™ vPro™ processor families. This technology is built into the processor, so this will be activated even before the laptops startup and will work even without internet as it is hardwired and it is completely tamper proof."
http://www.securedisable.in/WhySecureDisable.html
Looking at several of the companies on intels service provider list is very interesting. Way lots of control so to speak.
Who's to say that like the onStar non-subscribers who are still being tracked, that something similar is not available on laptops to the right people or agencies? http://www.popularmechanics.com/technology/gadgets/news/the-onstar-incident-isnt-about-digital-privacy-6499661
EDIT: Nice current 6 page PDF list of computers with intel anti-theft technology. http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/anti-theft-tested-platforms-support-datasheet.pdf
Your reading too much into "without a network connection". That would still require a GSM module in the system. If you think about it logically you would still require a network connection of some kind to communicate the message "disable system". Now it may be that the network card has firmware that is communicating with a server somewhere such that no GSM module is required to disable the system.
I would be interested in seeing the network traffic from testing anti-theft. Both wireless, ethernet, and GSM just so that we have a better understanding of how this technology actually works.
Such as was noted by the service provider above, "This technology is built into the processor, so this will be activated even before the laptops startup and *will work even without internet* as it is hardwired and it is completely tamper proof."
I don't know what that means, but they have stated it clearly.
Perhaps it is a radio signal of some kind which gives simple switch like yes/no or on/off instructions, not the real internet, not a cell phone network, not a network in the sense of a standard computer network.
I haven't had time to review all the services of the providers intel has listed. I know they don't all offer exactly the same services. From a brief overview, it was startling to see how much they can do. And that they've been doing it for years.
It's a good question. If I had to take a shot at what is meant it would be that it has a tcp/ip stack in the BIOS. In fact I'm pretty confident of this as there are BIOS options to update the BIOS on at least some systems. So what is probably happening is that when the technology is activated in the BIOS it'll send packets to an IP on the Internet which is run by one of these service providers. If the service provider says "it's been reported stolen" the BIOS program sends the motherboard/CPU a signal that says disable it. If you try to pull the CPU and install it in another machine it probably won't work. What probably happened was the CPU contained a bit of flash and when the signal was sent to the CPU it got recorded. Since flash doesn't require power the CPU doesn't work in other machines. I would bet that technically the CPU isn't really disabled. It's probably the motherboard that reads something from the CPU and if it is set to 'stolen' simply won't boot. That's a wild guess on my part. Either way you could do this to any/all the different components on the system probably. The CPU and probably motherboard are the only ones that probably have this though.
What is most concerning is that there is a significant amount of code nobody is allowed to look at. It is suggested (or I'm going to suggest) that these features could be used maliciously (without your permission, by say a government, or another sophisticated malicious party). It appears that there is a 2nd CPU of sorts with its own memory and small area for storage too that can be used to spy on the main CPU/memory. It's undetectable by the OS. Either they could intentionally be implementing buggy code such that a government agent has the ability to remotely enable the technology (that way they can deny it was anything other than a bug) or there could simply be a hidden feature on top of the 'disable bit' / 'remote access' technology that then enables a more silent bug. Unlike with an operating system bug that an agent might have used in years past you can't simply reload to remove it or easily detect this.
What I understand is that you might have a reason to do something like this (remote access independent of the OS). What I don't have an explanation for is why they need a 2nd CPU/memory (or it has been alluded to that this exists). That feature to me makes me think its main intent is something else. And the only thing that makes sense to me is if it was spying.
I'm not skilled in this area though so my speculation is just that. Either way I'd still like to know more about the technology and hear from an engineer something that sounds more probable.
MORE
Called absolute persistence technology by one of the providers, they say they can send an SMS for immediate lock functionality.
http://www.absolute.com/en/partners/alliances/intel
With Intel Anti-Theft, Absolute customers can:
"Trigger an Intel Anti-Theft lock using real-time technology within the Absolute Customer Center, sending an SMS message to the computer and invoking the Intel Anti-Theft lock almost immediately. To take advantage of this SMS-only immediate lock functionality, you will require Intel Anti-Theft supported hardware (Intel Core i3, i5, or i7 notebooks)."
How it works
Hardware
"The first step is hardware-based and occurs before the device
is even built. Through our partnership with computer
manufacturers, the persistence module is built into the
firmware of desktop, laptop, tablet, and smart phone
devices around the world. Each device leaves the factory
with the persistence module in place, waiting to be
activated."
http://www.absolute.com/en/partners/bios-compatibility
(Note that even the 7 year old Lenovo X series, considered to be close to free computers, are BIOS and firmware capable for the use of this system.)
Software
"This occurs when the software agent is installed. It’s the step that turns everything on and it’s through this agent that device information is transmitted to IT so they can remotely track, manage, and secure devices."
Persistence
"Even if the firmware is flashed, the device is re-imaged, the hard drive is replaced, or if a tablet or smart phone is wiped clean to factory settings, the agent will simply reinstall and continue to provide hundreds of data points for each device. And it’s a two-way street. The same connection can be used by IT to convey a variety of remote security and management commands back to the device."
"We’ve provided forensic evidence to close to 5,000 law
enforcement members around the world, allowing them to recover over 28,000 stolen devices and put countless criminals behind bars"
http://www.absolute.com/en/resources/whitepapers/absolute-persistence-technology
So, this technology is in the hardware. In a lot of hardware. It needs software to activate it. Many chips now allow installing software remotely even if the computer is powered down, it can be turned on and updated. Not saying this is happening all over the place, it just feels quite out of control to be the owner of a device and be unable to have complete say over what is to be done with it.
If alerted to the intent for some control to be added over the machine, that would be one thing. To have the capability to alter the machine without the owner knowing, is not something I wish to pay for or own.
These controls make sense in a corporate or government setting, but for personal use, how can one be sure these features are permanently turned off or rendered useless? These are "known" backdoors. What if we can't be certain they are closed? What about unknown backdoors. It doesn't end.
OK,
So basically what this is saying is that a GSM module is a critical component. If you remove that GSM module (they look like this: http://i19.photobucket.com/albums/b181/i-deal/P3023380.jpg) then there probably isn't any way to activate the feature in the CPU (to disable it or remotely control it). It doesn't sound like it communicates via TCP/IP at all. Rather it does do something similar with SMS messages.
Again- nothing is saying that the technology doesn't also enable a hidden feature such that the same thing can be done via TCP/IP though. Which goes back to the concern I'd have over what exactly is in the firmware.
Are you saying GSM because of something you know that isn't featured elsewhere? GSM is an old protocol, end point to mast security is not up to the requirements of today e.g.
https://www.computerworld.com/s/article/9218866/Researchers_show_off_homemade_spy_drone_at_Black_Hat
3G OTOH AFAIK hasn't been cracked, because it is much more recent.
Of course if it is GSM some Black Hats switching off entire districts' worth of laptops would make the manufacturers and Intel very unpopular.
This vPro paper http://www.intel.com/content/www/us/en/enterprise-security/3rd-gen-core-vpro-data-protection-paper.html says on page 6,
"The OOB (out-of-band) channel uses a special TCP/IP stack embedded in the firmware instead of the OS network stack. The channel secures critical system communication (such as alerting) and operations (e.g., agent presence checking, remote booting, and console redirection), regardless of OS, applications, or hard drive state."
https://en.wikipedia.org/wiki/Intel_AMT_versions
Similar but different, Intel's Anti-Theft Technology does not require vPro. The built-in anti-theft technology uses SMS to disable/enable various features. One would think that would require some kind of pager radio or cell phone system capability.
The anti-theft feature "...Requires an enabled chipset, BIOS, firmware, and software..." and a "...subscription to a capable service provider..." (there are links in earlier posts in this thread)
Seems most people believe that anti-theft and vPro are turned off in their default setting and that additional hardware cards, beyond the chips, BIOS, and software, are required in order for them to work.
That makes sense to me, however I have not seen special hardware requirements spelled out in print on Intel's website. They'll have a list, as in http://www.intel.com/content/dam/www/public/us/en/documents/datasheets/anti-theft-tested-platforms-support-datasheet.pdf but do all of those computers have 3g capability built-in? And if additional cards are needed, why don't they say so? Is it all just assumed to be known? I don't know. I remain confused.
I've yet to see the name AMD in all of this hooha about backdoors in hardware.
Has anyone come across their name in any articles?
Yes- AMD has implemented similar questionable technology. I haven't read up on either terribly though.
ARM chips (phones, tablets, some computers) also have something similar. I have not yet found companies supporting those features to the degree of intel, but I haven't looked much yet either.
https://trisquel.info/en/forum/some-current-free-software-friendly-hardware#comment-43157
I'm not actively looking into it so I can't say for sure. I think there is or may be a home-grown solution from China now or in the future which might work. I think there are hurdles to overcome still although I can't recall what they are any more.
...
When I think we are ready to do something from a financial perspective I'll investigate it further.
Answering my own question...
http://www.eteknix.com/expert-says-nsa-have-backdoors-built-into-intel-and-amd-processors/
All the articles seem to reference the same Australian Financial Review story from July of this year.
http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI
And a denial from AMD here.
http://fudzilla.com/home/item/32120-amd-denies-existence-of-nsa-backdoor
One is tempted to think "well, they would say that, wouldn't they"? No one's going to admit to this and see Government and/or military supply contracts lost.
I've spent the last 10+ years loving IT, spending every spare moment in front of my pc. Most of them using Linux. I was happy, believing that if "we" could just get enough people interested in Open Source that the world could be made a better and safer place, free from the tyranny of Corporate nonsense and spying.
Over the last few days, as a result of the various links on this and other threads here, everything has changed. Now it all seems nasty and suspicious. I used to think "I cannot help someone to be happy with Windows or Apple, without at least warning them of the loss of privacy and control they bring with them" but now I'm wondering if the message should be "if you have a computer, regardless of what you run on it, you're unable to rely on being secure or safe".
What if NSA employees are masquerading as OpenSource contributors? What if they are "maintainers" for various bits of code? If code comes from "a trusted person" is it really reviewed by others for compromise or is it accepted as "trusted" and included without being checked?
We had a story break here in the UK a few months ago, whereby it transpired that undercover Police had infiltrated various political movements, to the extent of having sexual relationships and even children with women in the movements. If that is the level of abuse of trust that is being carried out in order to monitor dissidents, then it's highly likely that some trusted contributors are indeed working for the security agencies, with hidden agendas.
Once stories like that become known it naturally and presumably intentionally, introduces mistrust into every such movement, as people begin to look at people they thought were trusted and wonder "are you a Policeman too"? Such mistrust tears movements apart, again, presumably quite deliberately.
Divide and rule.
So it comes down to this, for me - I'm not involved in anything that could be described as genuine terrorism. I don't call for the deaths of politicians or bankers. I speak out as and when it seems necessary, always and only in defence of the weak and the poor. If the day should come when they're arresting people for doing that then that's no world I wish to live in and I'll take the consequences without shame.
Or put another way "f*ck 'em, I'm doing no wrong" and I'm not going to let a bit of fear (perhaps unfounded and introduced by those who wish to destroy the OSS movement) stop me from thus speaking out.
Every time I read things like these, I am so tempted to buy a yeeloong
notebook..
How is the status on the MIPS architecture?
-Miguel
On 09/28/2013 06:25 AM, name at domain wrote:
> Answering my own question...
>
> http://www.eteknix.com/expert-says-nsa-have-backdoors-built-into-intel-and-amd-processors/
>
>
> All the articles seem to reference the same Australian Financial
> Review story from July of this year.
>
> http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI
>
>
> And a denial from AMD here.
>
> http://fudzilla.com/home/item/32120-amd-denies-existence-of-nsa-backdoor
>
> One is tempted to think "well, they would say that, wouldn't they"? No
> one's going to admit to this and see Government and/or military supply
> contracts lost.
>
> I've spent the last 10+ years loving IT, spending every spare moment
> in front of my pc. Most of them using Linux. I was happy, believing
> that if "we" could just get enough people interested in Open Source
> that the world could be made a better and safer place, free from the
> tyranny of Corporate nonsense and spying.
> Over the last few days, as a result of the various links on this and
> other threads here, everything has changed. Now it all seems nasty and
> suspicious. I used to think "I cannot help someone to be happy with
> Windows or Apple, without at least warning them of the loss of privacy
> and control they bring with them" but now I'm wondering if the message
> should be "if you have a computer, regardless of what you run on it,
> you're unable to rely on being secure or safe".
>
> What if NSA employees are masquerading as OpenSource contributors?
> What if they are "maintainers" for various bits of code? If code comes
> from "a trusted person" is it really reviewed by others for compromise
> or is it accepted as "trusted" and included without being checked?
>
> We had a story break here in the UK a few months ago, whereby it
> transpired that undercover Police had infiltrated various political
> movements, to the extent of having sexual relationships and even
> children with women in the movements. If that is the level of abuse of
> trust that is being carried out in order to monitor dissidents, then
> it's highly likely that some trusted contributors are indeed working
> for the security agencies, with hidden agendas.
>
> Once stories like that become known it naturally and presumably
> intentionally, introduces mistrust into every such movement, as people
> begin to look at people they thought were trusted and wonder "are you
> a Policeman too"? Such mistrust tears movements apart, again,
> presumably quite deliberately.
>
> Divide and rule.
>
> So it comes down to this, for me - I'm not involved in anything that
> could be described as genuine terrorism. I don't call for the deaths
> of politicians or bankers. I speak out as and when it seems necessary,
> always and only in defence of the weak and the poor. If the day should
> come when they're arresting people for doing that then that's no world
> I wish to live in and I'll take the consequences without shame.
> Or put another way "f*ck 'em, I'm doing no wrong" and I'm not going to
> let a bit of fear (perhaps unfounded and introduced by those who wish
> to destroy the OSS movement) stop me from thus speaking out.
>
>
"One is tempted to think "well, they would say that, wouldn't they"? No one's going to admit to this and see Government and/or military supply contracts lost."
Military is different apparently. Go to the bottom of the compatible BIOS list http://www.absolute.com/en/partners/bios-compatibility and look at Xplore Technologies. It says "All models except IXC104M Military version"
So at least one seller on that list offers a military version that does not have these "features" that we apparently must have.
Mistrust is a huge thing now. We can never really trust anyone or anything completely, however when someone has "problems", financial difficulty, addictions, whatever, well those things happen and usually in a limited way. The length to which you describe, where infiltration goes to the level of having children with the target, that is very deep, so calculated. There obviously are no boundaries.
The solution is to ignore or push back the people who are making BS claims/dividing us/etc. Don't assume your safe, but take action to avert problems, and help fix them. There may be a few great people leading. However it takes everybody doing a little to actually fix the problems.
Wanted to add a footnote on the 3g, right from the source. Re-read some earlier posts...
"Jeff Marek, director of business client engineering for Intel, acknowledged that the company’s Sandy Bridge” microprocessor, which was released in 2011, had “the ability to remotely kill and restore a lost or stolen PC via 3G.”
https://trisquel.info/en/forum/million-dollar-question-concerning-hardware-we-use#comment-43144
Original article, should be checked also: http://www.prisonplanet.com/secret-3g-intel-chip-gives-snoops-backdoor-pc-access.html
Another link: http://www.tomshardware.com/news/sandy-bridge-vpro-core-i7,12353.html (very good vPro background here)
The link above from an opinion article published in 2008 contains many details, a must read...
Same link here below:
I see the snoops talking about using my mouse right now. If anyone is interested an online, look at my log files.
vPro manual from intel
Good discussion at Wilders Security on this topic as well. Sandy Bridge background, intesting post...
http://www.wilderssecurity.com/showpost.php?p=2286063&postcount=46
Why? Or are you just spamming?
Twice in the last week I have picked up my laptop in the morning only to find the OS booted.
As a rule I don't leave it switched on, though when I've come to start it up only to find it already booted I can never be 100% sure it's not because I forgot to power it down the night before.
This morning it was booted when I opened the lid, the battery reads 37% drained ( I was using it on battery power last night and usually, if I close the lid, it doesn't last 4 hours when suspended and I haven't used it since 10:30 last night (nearly 12 hours ago).
It's a core i3 Asus. I have the webcam and microphone stopped with gobs of blutak, but keep forgetting to take the battery out when I shut it down for the night.
I don't know whether to be paranoid, frightened or annoyed at my own forgetfulness.
I've seen it happen with a Celeron 433 MHz Toshiba laptop (that I had, more than 10 years ago), with the dial-up Internet cable connected to it, where the computer simply turned on, on its own, in the middle of the night, some time after having been completely shut down.
And, I've seen it happen, much more recently, about a dozen times, or so, to a computer of a family member, also in the middle of the night, when I was in the living room, where the computer simply turned on, on its own. (This last computer being, at most, an Intel Core 2 Duo, one with WiFi, and also a Toshiba.)
And, having both computers Microsoft Windows installed on them, and also microphones incorporated in them.
*(Either any of this has anything to do with it, or not...)*
Taking into account that I (now) know that I was already, more than 10 years ago, (and, still am today) under surveillance, because of what I do, and write about, none of this surprises me. (And, I could talk about more things, that have happened to my phone line, that also don't surprise me.)
As I've said, in here, earlier... (https://trisquel.info/en/forum/internet-censorship-authoritarian-countries#comment-30785)
We are *all* under surveillance. (And, even more, everyone that is politically active, or that does anything that the establishment doesn't like - including, simply being a part of the Free Software movement.) The only question, for each different individual, is how heavy that surveillance is...
Just as two more recent examples...
Someone that I met in this forum, has recently reported signs, to me, of what is (to me, that am already experienced in this kind of things) clearly signs that such person is (also) under surveillance. (Having that person recently launched a project that is, very much clearly, counter to the interests of the establishment...)
And, I've just finished exchanging some messages with a journalist, because of what I was able to confirm that was, yet another, case of censorship of comments of mine, this time on his blog, on Blogger (/Google/CIA/NSA). Having that censorship been made by someone else, other than the journalist who approves them - who confirmed, to me, that it wasn't him...
And, concerning your case....
*(Either this strange behaviour of your computer has anything to do with it, or not...)*
The fact that you reported, above (https://trisquel.info/en/forum/secret-3g-intel-chip-gives-snoops-backdoor-pc-access#comment-43136), a surveillance scheme operated in your country, is enough for you to deserve the attention of Big Brother, itself - who will, obviously, want to know everything (more) that you know (about this, or anything else).
I know what I'm talking about, when I say this...
And, I could talk much more about this kind of things... And, could even talk to you about subjects that, If you research too much about them, on the web, will make your computer be "cleaned" of all its data... (https://trisquel.info/en/forum/chrome-os#comment-33954)
But, as always, don't believe this kind of things, just because someone else, that you don't know, told you so.
Make the test, if you want, of being politically active, and you'll see just how heavy the powers-that-be will fall upon you.
I have spoken out against 9/11, the so called Boston marathon bombing, chemtrails, food additives, American foreign policy, Israeli policy, British policy, Corporations, surveillance, tax avoidance, the Iraq war, the Libyan atrocity, the demonisation of the poor and unemployed, globalisation, immigration, the controlled nature of debate in the main stream media, the global warming hoax, Apple, Microsoft, etc.
I wil continue to do so until integrity and truth are victorious.
"I've seen it happen with a Celeron 433 MHz Toshiba laptop (that I had, more than 10 years ago), with the dial-up Internet cable connected to it, where the computer simply turned on, on its own, in the middle of the night, some time after having been completely shut down."
Then there's no point in me selling the laptop and buying an older model, which was my first thought.
(Exactly the same type of things that I write about. And, the kind of things that I know that get people, all over the World, under more heavy surveillance...) :)
I tried to make this stand out, a bit, but I guess I should take the opportunity to make it clearer...
The computers that I mentioned, where I saw this happening, had both *Microsoft Windows* installed in them.
(And, I can add that, they both seemed to have some sort of latent connection to the Internet...)
I never saw this happening on computers running GNU/Linux.
Concerning the old Toshiba Celeron 433 MHz laptop,
It happened when the computer was completely shut down, and had the phone line connected to its 56k internal modem. And, because I had heard, at the time, from friends who know about this kind of issues, that it was possible to turn on a computer, that had a phone line connected to it, through a signal sent through the phone line (and, from what I understood, possibly get inside a person's computer, when one thought it was safely turned off - although, I have the impression that one would have to have a specific type of phone modem and/or motherboard, for that to be possible) my immediate reaction, was to unplug the phone line from the laptop. And, I subsequently decided, at the time, to never let the phone line connected to the computer again, when it was turned off. And, coincidence or not, the fact is that, I never saw that happen again.
Concerning the other Toshiba laptop, which is, at most, a Intel Core 2 Duo,
Not only did I saw the computer repeatedly turn on, on its own, but I also remember seeing it turn off, a few of those times. So, it was definitely acting on its own. I have the impression that it was in some kind of sleep/hibernate mode, when that happened. So, I don't know if the WiFi modem was active enough to react to "outer stimulus". Or, whether this was a freak type of behaviour, or not, for sleeping/hibernating laptops, which have Windows installed in them. The fact is that, ever since the hard drive on that same computer started malfunctioning, and that computer can now only boot with a live GNU/Linux distro, running from the DVD drive, I never saw that happen again.
I also never saw that happen with an old AMD64 laptop that, ever since I use it, only runs GNU/Linux in it. And, I also never saw that happen with a relatively recently bought Toshiba laptop, with a chip of the generation just prior to this new "i3/i5/i7" ones, that, ever since it was bought, has only run GNU/Linux.
So, this type of suspicious behaviour, was only observed, by me, in computers with Microsoft Windows installed in them.
(And, as I implied... And, taking the opportunity to make things more clear... And, unlike other things that happened to me... Concerning this type of strange computer behaviour, I have *no idea* if this is an indication of remote access, or not. The fact is that, nothing surprises me, any more, in terms of surveillance. So, I wouldn't be surprised if I someday knew that it was, indeed, an indication of remote access...)
But, of course, as you now know... Having GNU/Linux installed on your computer is not protection enough for this new generation of Intel chips, that can be remotely activated by a 3G radio signal...
But, as I said, I never observed any kind of suspicious behaviour on laptops with chips of prior generations, running GNU/Linux.
So, I think it should be safe to use those.
(Although, one can never be 100% sure, about anything, relating to computer security... And, I, nevertheless, usually cover the webcam of the recently bought Toshiba laptop...) hehe :)
What a surreal world this is, that we live in...
And, for those of you who may doubt, as to whether there is cause for concern, or not...
People who expose information that is damaging to the establishment are, indeed, being surveilled,
http://www.naturalnews.com/040492_GMO_activists_Monsanto_blackwater.html
and, are having their computers attacked.
Well I can assure you that it has happened to me twice. And the laptop has Trisquel installed and nothing else.
It was powered down, but the battery was left in, thus providing a power source.
I've not seen my desktop PC (Dell Precision 380) do this, which has Trisquel installed and nothing else; it's connected via ethernet to a permanently powered up modem but the computer has an Intel Pentium D chip in it.
I pretty much think that many articles contain some truth and some lies, almost as a matter of course.
So - "the laptop is remotely bootable" is the truth part and the untruth part is "but it requires the right software to be installed and a subscription to the appropriate service".
If I was developing such an ability it would be OS agnostic and dependent only upon a power source and net connection. It makes sense and if a klutz like me can figure that out then you can bet that they have too (and a great deal more besides).
Further - and this is pure speculation - seeing as the laptop in question is now 100% open source without so much as a single line of proprietary code, might it not be the case that it can no longer be observed via subroutines in blobs and plugins? That would explain why this behaviour has only started since I dumped compromised Linux.
If you think about it - the rise in popularity of open source OS's would, of necessity, drive the surveillance ability to being built into the hardware. When almost everyone used Windows, it was easy. Now that so many more people are using Linux, particularly some banks and Police forces, it becomes necessary to be able to surveill regardless of what the hard disk contains.
Could it have been WOL or RTC alarm?
https://en.wikipedia.org/wiki/Wake_on_LAN
https://en.wikipedia.org/wiki/RTC_Alarm
There is no mention of either in the BIOS.
The machine was not plugged into the ethernet, so there'd be no "wake up" signal from that source.
If it came from the wifi, then who sent it? I was asleep, as was everyone else in the house.
Hard to see how a "real time clock" could wake the machine up if there's no way to access it from the BIOS or the OS.
You might have caught a rootkit. It's more likely than clumsy
snoops, although they might use one.
Install packages rkhunter and chkrootkit, read their man pages and
see if you have one they know about. You're looking for them saying
pretty directly rootkit some-name has been found. You have to be
familiar with what their reports say for your system before worrying
about warnings from them for other things because they both issue
them for perfectly innocent things on a system. E.g. chkrootkit will
warn of your X server not having a controlling tty.
Tested with both packages - no root kits found.
Both complained about java - a .java folder was found in /etc, but the files inside it are empty or blank.
"Tested with both packages - no root kits found."
Sadly all it means is that you probably don't have any of the
rootkits these tools know about. If you really have caught the
attention of a somewhat clumsy Advanced Persistent Threat (APT) then
they'd be quite up to using an unknown one.
However, you said there was no RTC Alarm in the BIOS. I wonder if
it's possible to build coreboot, if that's what you have, without RTC
function? Does anyone know? The hardware would still be there. If
you don't have coreboot then a proprietary BIOS as indicated by
the links on the Absolute Presence service with Intel Anti-Theft
horror is a significant security exposure. Moving to coreboot is
a possible logical next step. However, if you have got an APT
intrusion then building it on your machine would be a mistake. It'd
be wiser to say go to a Hacklab, Hackspace, Linux User Group or if
you are in or near London try BLAG[1] to have someone a) look at the
machine and b) build you a coreboot image and provide an
independently sourced Trisquel CD and different Internet connection
to start again from scratch.
I must emphasise these are just obvious things from someone who knows
something of security but isn't a security specialist. So I'll defer
to other more knowledgeable opinions.
"Both complained about java - a .java folder was found in /etc, but
the
files inside it are empty or blank."
Yes I have that on my machines with Java installed. As I said the
tools warn about somethings which are innocent when you check.
[1] BLAG is another FSF approved distro, They're Brixton Linux
Action Group, as in it was started by Anarchists. They may or may not
help (they're Anarchists) but AFAIK they're the only UK based FSF
approved distro and your email domain is .uk .
Yes, I'm in the UK.
Blag hasn't released a new version since Blag 14. Fedora is now on version 19. Fedora 14 is no longer supported. Doesn't that make Blag a hopeless source for a reliable distro?
Besides - recent revelations seem to indicate that machines no longer need to be rootkitted - that if there's a bootable micro OS built into the chip (the laptop in question is an Intel Core i3 machine) that's triggerable via wifi (as long as there's a power supply present) then all the testing apps in the world won't find anything on the hard drive, as there's nothing to find.
leny2010 suggests you to visit a GNU/Linux user group, such as the one in Brixton that produced the BLAG (Blag Linux And GNU) distribution. He does not suggest you to install BLAG.
" Blag hasn't released a new version since Blag 14. Fedora is now on
version 19. Fedora 14 is no longer supported. Doesn't that make Blag a
hopeless source for a reliable distro?"
You misunderstand me. I am suggesting that if London is convenient
you see if a BLAG developer would be so kind as to have a look at
your machine and check it over, not that you install the BLAG distro.
"Besides - recent revelations seem to indicate that machines no longer
need to be rootkitted - that if there's a bootable micro OS built into
the chip (the laptop in question is an Intel Core i3 machine) that's
triggerable via wifi (as long as there's a power supply present) then
all the testing apps in the world won't find anything on the hard
drive, as there's nothing to find."
It's 3G, like mobile phones, not Wifi. The point being turning off
your router would have no effect.
The processor in question will run off the 'standby' power and
there'd be no need for it to start the actual O/S. So you'd not be
finding your computer mysteriously switched on. If it were someone
official they'd be able to get someone like the Absolute, who are
linked earlier in this thread, to access your machine without you
ever knowing. So if someone is turning your laptop on remotely then
they're either a technically inept government bunch or they don't
have law enforcement powers in the West and are not government. UK
plod has the reputation of not being exactly technically proficient,
but as I say they would just show a court order to Absolute or
whoever.
Plod et al are reputed to have rootkits and custom o/s mods to
further real time tracking and interception on phones. So they could
well install such on anything when intercepts have been legally
authorised. But you're much much more likely to get one from a
cracker through poor security practice.
If it's an i3 then almost certainly there will be a watchdog timer on
the actual RTC chip. Many laptops are designed for such things to be
changed from within Microsoft Windows and so the BIOS UI doesn't
surface them. Equally there's no GUI access I know of for them in a
stock Trisquel install, so try the command line commands and /proc
listed earlier in this thread. If you have or do, say what you've
found here. Also paste the output of a
sudo dmesg | grep -i rtc
Also test if it's some weird laptop that powers up when the keyboard
is pressed, as it would from suspend. If it is and you have a cat or
similar then very likely that is your problem. Further if you don't
live alone suspect other people in the house of not admitting they've
turned it on before you do the UK government. As you know from the
ACPO idiocy and the number of ministers who've found out there's a
file on them from when they were students, it's not that the UK
government doesn't get up to such things but they a) don't get caught
very oten so are good at it and b) are self evidently very careful to
at least keep up the appearance that it isn't a police state.
Output of sudo dmesg | grep -i rtc as follows
[ 0.537626] RTC time: 16:21:35, date: 10/19/13
[ 1.343624] rtc_cmos 00:06: RTC can wake from S4
[ 1.343727] rtc_cmos 00:06: rtc core: registered rtc_cmos as rtc0
[ 1.343754] rtc0: alarms up to one year, y3k, 242 bytes nvram, hpet irqs
[ 1.350927] rtc_cmos 00:06: setting system clock to 2013-10-19 16:21:35 UTC (1382199695)
I can rule out cats treading on the keyboard - both times the lid was down and it's set to 'Suspend on lid close' (which works fine as far as I can tell).
I can also rule out other people in the household - one was in bed the other has her own Macbook and doesn't use my machine.
You've got RTC alarms, which is what the kernel / BIOS uses to wake
up the machine.
If you look at this page
https://www.linux.com/learn/docs/672849-wake-up-linux-with-an-rtc-alarm-clock/
You will see if there's any output from
cat /sys/class/rtc/rtc0/wakealarm
Then you have an alarm set. And it would be best to reset it in case
of a driver error in any event, use a
sudo sh -c "echo 0 > /sys/class/rtc/rtc0/wakealarm"
Lastly there's been kernel maintenance recently. It's perfectly
possible a bug has been introduced that does this with a tiny number
of machines. So if there's no output from the first command above
then boot into an older kernel for a bit. IIRC it's hold down shift
throughout boot to get the grub menu where you can select older
kernels. (Correct me anyone please if I'm wrong about which key to
press).
> IIRC it's hold down shift throughout boot to get the grub menu
This is correct.
I've used Linux as a user for the best part of 10 years, but it's always been a political/moral thing rather than a technical one.
So, in all honesty (blushing furiously) I have not gone beyond enjoying the fact that 'linux isn't prone to the same nonsense that Windows is' so my knowledge of security extends to sometimes remembering to disable ssh access on a fresh install.
Noticed the following from Lembas' links...
"Wake-on-LAN support may be changed using a subfunction of the ethtool command."
"In Linux, the real time clock alarm can be set or retrieved using /proc/acpi/alarm or /sys/class/rtc/rtc0/wakealarm.[1] Alternatively the rtcwake utility may be used which prevents problems when using local time instead of UTC by automatically processing the /etc/adjtime file."
Yes. Concerning the computer that you have connected, with an ethernet cable, to a permanently powered up modem, I guess that, not being a modem integrally built into the motherboard, and one that was purchased separately, it reduces the risk of the computer being woken up remotely. (And, I've just remembered that I used to have my desktop computer connected in the same way to the Internet, and never saw it waking up, on its own.) Also, if a computer has GNU/Linux installed in it, and doesn't have a recent "i3/i5/i7" chip, that can bypass the OS, then, even if it's possible, there's no point in waking that computer up.
Using the term "Wake-on-LAN", that "trisq" left here, I've just made a quick search online, and was able to confirm what my friends said, of being possible to wake a computer through a signal on the network. And, as I had the impression of, it does require a specific combination of modem and motherboard: http://en.wikipedia.org/wiki/Wake-on-LAN#Hardware_requirements
This is why I very much distrust integrally built computers (like smartphones*, tablets, and, to some extent, laptops) where every component is already built to work very well with each other... And, this is why I think that the safer thing to do, is to build our own systems with separately purchased components. Because, if, in the former case, all that it requires, for your system not to be secure, is that /one/ single company has an interest in spying on you, in the latter case, they would /all/ had to be in league with each other, to accomplish that, and, I guess, would have to build components with several different compatibilities, in order to achieve that.
And, concerning what I'm now reading, about this "Wake-on-LAN" option being controlled by the BIOS... Knowing that my Celeron 433 MHz Toshiba laptop had even the BIOS incorporated into Windows, itself - where, I would have to go to the configuration options of this (highly suspected of having a back door in it) OS to make any changes in the BIOS... To leave a computer like that, physically plugged in to the Internet, waiting for some small electrical burst, in the phone line, to wake it up... I guess it was really asking for it... :)
---
* (notice what Richard Stallman says, in some of his lectures, and what's also written on the Replicant web site, about having been discovered that some smartphones' modems can access this, and that)
- Inicie sesión ou rexístrese para enviar comentarios