[liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data

Rich Kulawiec rsk at gsp.org
Tue Jun 11 04:23:02 PDT 2013 

On Mon, Jun 10, 2013 at 01:48:23PM -0700, x z wrote:
> @Rich, those are good movie scripts :-). But it does not work for 9 firms,
> and hundreds of execs all with diverse values and objectives.

Two responses.

"hundreds"?  Not necessary.  Not desirable, from the NSA's point of view,
either.  One person per firm would suffice, and they need not be an executive.
Surely you can't think for a moment that the NSA is incapable of placing
its own people on the datacenter staff of any major operation?

Second, how's this for a movie script?

(quoting myself)

> Annnnd I'd also, by the way, develop custom lookalike hardware.  (With
> the NSA's budget, this could be done with chump change.)  Who's going to
> open up a Cisco router and yank a board and look at it closely enough
> to figure out that it didn't come from Cisco?

Now quoting this (h/t to Rob Slade):

	http://www.scribd.com/doc/95282643/Backdoors-Embedded-in-DoD-Microchips-From-China

	This paper is a short summary of the first real world detection
	of a backdoor in a military grade FPGA.  Using an innovative
	patented technique we were able to detect and analyse in the
	first documented case of its kind, a backdoor inserted into the
	Actel/Microsemi ProASIC3 chips. The backdoor was found to exist
	on the silicon itself, it was not present in any firmware loaded
	onto the chip. Using Pipeline Emission Analysis (PEA), a
	technique pioneered by our sponsor, we were able to extract
	the secret key to activate the backdoor. This way an attacker
	can disable all the security on the chip, reprogram crypto and
	access keys, modify low-level silicon features, access unencrypted
	configuration bitstream or permanently damage the device. Clearly
	this means the device is wide open to intellectual property theft,
	fraud, re-programming as well as reverse engineering of the design
	which allows the introduction of a new backdoor or Trojan. Most
	concerning, it is not possible to patch the backdoor in chips
	already deployed, meaning those using this family of chips have
	to accept the fact it can be easily compromised or it will have
	to be physically replaced after a redesign of the silicon itself.

---rsk

More information about the liberationtech mailing list