2/17/15 7:44 AM

anyone else tracking this?!

http://www.huffingtonpost.com/2015/02/16/nsa-computer-spying_n_6694736.html

2/17/15 8:58 AM

How can anyone really be surprised? The boundaries of privacy were ripped down with the Patriot Act, and this is just a logical continuance (unfortunately not even a conclusion) of it.

2/17/15 9:09 AM

privacy is a myth.

i'm amazed at how far they've taken this capability and how far back it goes.

2/17/15 1:07 PM

When stories like this hit such mainstream news outlets as this one, it's all about some message being sent, not about "reporting news".

So it's up to the imagination to proffer a reason for any story's content and timing.

Who knows, maybe they're trying to scare who-knows-who.

2/17/15 4:25 PM

Reminds me of something Wayne Lim wrote here years ago: "Privacy is a discipline, not a right." Not saying he's correct, but I will say it's a practical way of thinking.

--Cranky

2/17/15 4:53 PM

There is a lack of detail in the report. And I read the Kaspersky lab report.
There is a lack of detail there too.

I want to know how compromising the HDD firmware can lead to the computer being taken over but it's not clear how this works, new ATA functionality or commands perhaps?

It seems most of the NSA code is Windows-specific. Terrorists, please take note and use a Mac.

However, there is some evidence from the browser compromises, DOUBLEFANTASY works on both macs and windows. Is Webkit itself compromised? But again, there is a lack of detail for me to see what exactly happens.

Frustrating...

Sandiway

2/17/15 8:19 PM

I think the bigger question is not how compromising a machines "DOS" allows the computer to be be compromised, but whether your basic anti-virus looks at the computer BIOS or DOS at all, to determine whether a machine is infected. Or is it only looking at the OS and software.

It seems a simple matter that once you've taken control of the DOS, you now can examine what's stored, as well as where and how.

If they did this to countless disk manufacturers DOS, did they also do this to many fewer manufacturers BIOS.

2/17/15 9:37 PM

www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/

2/17/15 10:16 PM

I don't remember what agency that it was reported had forced printer manufacturers to include stealth owner identification algorithm that put i.d. markes on each printout, but it seems to me that if they could similarly require OS vendors to include back-door weaknesses that allow this kind of snooping, then here we are.
But the most powerful snooping capability is going to be the one that WaPo or whoever won't be telling us about.

2/18/15 6:25 AM

Is there enough of a difference in their code to avoid infection?

2/18/15 9:22 AM

It's not just the USA, but other countries like China, too.

Just think of all of the domestic branded electronics that are actually manufactured overseas. Imagine that?!?

News circa 2012... http://www.theguardian.com/technology/2012/oct/08/china-huawei-zte-security-threat

Is this jingoism or a real threat? You decide, but if it is the latter, I recommend you don't reply so on your Android device. I am amazed at how much information Google collects from me using my phone.

Maybe we should all start to consider living off the grid like Jimmy McGill's brother. Or not.

2/18/15 6:23 PM

DOD

We have ripped out all kinds of tech because of where the boards where made. From simple VGA projectors to entire desktops, even interior office lighting timer/controllers.

We buy only approved IT from very limited suppliers and none of it gets delivered to the end users until the cyber geeks have it for quite some time. I am sure to take the consumer spyware off and to put DOD stuff on there. The end user has NO control of the machine. I can't even install an approved printer.

2/18/15 8:47 PM

quote:

---

Is this jingoism or a real threat?

---

2/19/15 9:06 AM

And a major antivirus software supplier is Kaspersky, based out of Russia. Where someone has been hacking major bank systems for a while and have walked away with an estimated $1 billion.

Kaspersky came with my laptop and I didn't bother activating it. When I finally broke down and tried to download it from their website, I got so much crap loading onto my laptop that I killed it and had my IT guy get every last scrap of that program out of my system. I think it's been purged, but who knows what's been left behind . . .

2/19/15 12:23 PM

Is your laptop a Lenovo, PLee?

Lenovo to stop pre-installing controversial software

BEIJING (Reuters) - China's Lenovo Group Ltd, the world's largest PC maker, said on Thursday it will no longer pre-install software that cybersecurity experts said was malicious and made devices vulnerable to hacking.

http://finance.yahoo.com/news/lenovo-stop-pre-installing-controversial-152140699.html

2/19/15 1:53 PM

Nope. Sony VAIO. The problem was that the Kaspersky website was infested with malicious popups that started downloading stuff when you tried to close them.

2/19/15 3:53 PM

...Cyber security software download site infested with malicious software.

2/19/15 3:57 PM

...it's time to re-watch The Net.

2/19/15 7:43 PM

Nah, it's not historically accurate. :)

2/20/15 4:34 AM

http://www.theregister.co.uk/2015/02/19/nsa_and_gchq_hacked_worlds_largest_sim_card_company_to_steal_keys_to_kingdom/

2/20/15 5:42 AM

It is embarrassing to learn just how much my government has chosen to ignore the very constitution I swore to give my life to protect and uphold. To blanket hack our devices across the board is not what was intended by the Patriot Act. It was supposed to make it easier to track the bad guys. So the government just attacks everyones' privacy with no reason. It is not right at all.

I have nothing to hide but I do have the right to privacy as granted in the 4th amendment.

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

2/20/15 7:43 AM

the only way to get something that even approaches the appearance of privacy is to operate in paper-only mode. once something is electronic, privacy is no longer possible.

Last edited by walter on 2/20/15 7:54 AM; edited 1 time in total

2/20/15 7:48 AM

I'm surprised that neither party supports privacy rights in this case. Seems to me there may be a lot of votes available but neither side is willing to give up this invasion of privacy, or throttle it in any way.

To me, electronic invasion is no different than home invasion.

2/20/15 7:53 AM

...of being labeled a traitor and somehow friendly to the extremist islamists.

to face that backlash and fight the well-funded lobbyists of the military-industrial complex, that's sadly a political non-starter.

2/20/15 9:59 AM

Is it safe to assume they are bugging every land line conversation in the US? Why not...Every fax that is transmitted? I do wonder why fax still exists.