Announcement

Collapse
No announcement yet.

TrueCrypt Has Been Potentially Compromised

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    Originally posted by Luke View Post
    The NSA is also capable of thinking in this manner. Example: if they put keylogging chips into ALL keyboards, their "tailored operations division" or TAO would not need to intercept keyboards shipped by distributors to known enemies of the US regime to install their custom rf-enabled keyloggers, as they would already be present and waiting for remote activation. The disadvantage would be that some hardware hacker somewhere would find the chips and blow the whistle. The same is true for malicious NSA-installed BIOS code: it gets installed by TAO into machines being delivered to known or suspected enemies of the NSA's bosses. That way it takes a crack at the Guardian's reporters without getting caught by someone working on Coreboot reverse-engineering the original BIOS.
    Two words: flame virus. This is exactly what happened (although it is unclear whether it was the NSA or some other intelligence agency). The thing went undetected for at least 5 years because it was only infecting computers in a specific area. It was even able to exploit a hole in Microsoft security to distribute itself via windows update.

    Comment


    • #47
      A virus can't distribute hardware keyloggers

      Originally posted by TheBlackCat View Post
      Two words: flame virus. This is exactly what happened (although it is unclear whether it was the NSA or some other intelligence agency). The thing went undetected for at least 5 years because it was only infecting computers in a specific area. It was even able to exploit a hole in Microsoft security to distribute itself via windows update.
      That's another attack. A hardware keylogger cannot be distributed by software. Even a 3-d printer cannot make a computer chip, much less covertly install it an existing keyboard. One exception might be software sent to a factory that made keyboards, but in that case all the keyboards would be modfied and one or more would be found. Thus, the TAO interceptions of hardware in shipment and my advice to buy randomly on the spot with cash only.

      Malicious BIOS "updates" have been distributed by attack programs, but this involves having to first determine exactly what motherboard and chipset are to be attacked prior to the attack, as a failed BIOS flash that bricks the board makes the attack useless for surveillance. If this attack was easy, the NSA would not bother intercepting computers being shipped to state-level and equivalent opponents to install malicious BIOS code.

      Comment

      Working...
      X