Equation Group

This is so depressing, feels like there’s no security at all anymore against such groups. What can a mere mortal do against such malware techniques? Sounds like it’ll be a piece of cake for them to install a keylogger on any regular user’s system… You’d need to be extremely paranoia to even stand a chance.

2 Likes

That… Is very depressing. I think hardware has a long way to come

1 Like

I’m not technically versed enough to understand just how deep this probably goes and how vulnerable it makes the SAFE Network.

I’m wondering if it would help (or even be possible) to run a machine that connected ONLY to the SAFE network and used no local storage, i.e., boot from usb and run only in memory, storing only to the network.

I know that usbs have some inherent bug, recently unearthed, that makes them vulnerable. But assuming one had a certainly good usb and only connected via an os on the usb, to a castrated (diskless) machine, would we still be lost? It seems that it would then be possible to set up vault computers which would do the vault job even on infected machines, without giving anything away, except the wallet address to which farm proceeds were sent. Then do personal use only on a sterile computer booting only from removable os.

Pain in the butt, and I’m not needing to be so secure, but how much would such a regimen protect someone who REALLY wanted to be secret?

1 Like

I think the initial parts of this were discovered recently by Defcon hats. Badusb was shown two years ago

https://srlabs.de/badusb/

Which has the same hallmarks of this attack (firmware squatting). Most couldn’t believe it existed when they discovered it. They doubted the research.

I am also at the point of giving up hope. We have an enemy with unlimited resources and time and experience of gaming every system known to man (political, monetary, social). While MAIDSAFE is going to be the best defense should it work. Its not enough.

Every major organization that matters is compromised and operates in the open as a compromised entity and still sells majorly. Cisco, RSA have been exposed as literally taking money to put in backdoors. This is nearly every router in the world and some of the highest levels of security.

Active agents compromise any organization they wish and have unlimited budgets to expose and undermine them.

When I got into bitcoin and maidsafe I had hope. If it was possible to disengage the nation state actors somewhat there might be a chance but its looking more and more like we’ve already lost.

As Gibson said, the future is already here, its just not evenly distributed. While I and many others fantasized about what computers could do for humanity at the dawn of the net in the early 2000’s, they were already breaking it to keep us in line. Now we know.

@fergish :

I’m wondering if it would help (or even be possible) to run a machine that connected ONLY to the SAFE network and used no local storage, i.e., boot from usb and run only in memory, storing only to the network.

This is not only feasible but part of the plan, and along with multiplying hardware/software device “families” through open source initiatives, will gradually reduce the effectiveness of mass malware and surveillance attacks.

Not even the NSA has “unlimited resources” so it isn’t hopeless, it’s a matter of extending the decentralisation and open IP movements to shift the balance back to something that works better for everyone.

The US/NSA either don’t realise that what they are doing creates terrorism and insecurity, or they don’t care because that’s what they want. It doesn’t matter though, the best outcome for the majority comes from the same response IMO: not more violence and competition, but greater cooperation and understanding, built and supported in part through decentralisation.

2 Likes

As @happybeing said, it is possible and there are solutions that already exists.

TREZOR is an interesting solution. But it costs $119 and designed specifically for Bitcoin. If the SAFE Network gains mass adoption, they can modify this tech device to work with ANT Tech. Or we can make our own device.

http://doc.satoshilabs.com/trezor-faq/overview.html

2 Likes

Trezor addresses a separate issue: identity validation.

This is about malware infection of a type that is effectively undetectable with conventional tools, and not erased from a system even by a low level disk format and clean OS install. Infection achieved by a range of infection methods and tools that can breach almost any security in use today.

MaidSafe could be one of the few ways to build systems resistant to the attacks by reducing the available attack surface (e.g eliminate HDD, USB drives, BIOS risk, host OS infection, and other sources of infection storage), so what runs on your device is either a very small and verifiably secure code to boot your main OS from a read only SAFE storage, and load apps from similarly secure SAFE areas. The challenge then is to ensure live malware can’t store itself in ways that allow it to be reactivated when you next boot.

Preventing accidental loading of malware (eg by visiting an infected website, opening an infected file etc) is another, even harder, but less serious problem that is not directly addressed by SAFE, but which SAFE also makes easier to tackle I think.

3 Likes

I don’t mean to sound negative. But harddrives is not the main problem here. It’s HARDWARE in general and who/where it is made. Since non of us can make a computer chip, we’re basically all screwed when it comes to security.

@Seneca not to get you more depressed but if you combine hardware and this idea of a cryptographic backdoor then…

You don’t stand a chance because you can’t make computer parts, maybe a few but not a chip. To my knowledge there is no opensource computer chip.

Assume that these hackers were just getting their feet wet and Kaspersky is lucky to find something unencrypted, what if now they encrypt everything and release a better version malware? I take my hat off for who did this. Please do this since you control harddrives, find the harddrives with kiddieporn and report it to the authorities, but your probably the authorities then do your job.

As for Maidsafe I’ll use it regardless of a artificial digital God looking along. Look even if there are people out there who want to make our lives black & white, I’m just happy to take a look @ Sasha Grey.
:stuck_out_tongue:

Now that I think about it
You don’t need a harddrive at all, you can use a bootable linux CD as an OS.

The issue of potentially corrupt hardware, computer chips, discussed, back in September 2013.

“I think there may be more opportunities than there are things to be concerned about, but we just have to get them in the right order, and not be complacent, at all.” - David

2 Likes

With regard to state agencies it kind of reminds me or academia facing youtube, rate my professor and alternate education routes on the internet. Early on MIT tried making its curriculum or much of it free and openly accessible, I think Stanford did the same. They’ve backed off a bit. But the nature of the net itself is certainly challenging centralized institutions. Institutions that seem to work against the global public are getting deconstructed. There a lot of smart motivated people out there that don’t want the status quo in education or in state spying/hacking.

The NSA is now a target, everything it does is now under increasing scrutiny and that won’t stop. It is being made transparent and its can’t survive that process. Hundred now thousands of public interest groups are now working together to defeat its efforts and publish its mistakes. Its mandate and reason for existing are being being questioned, the very philosophy that justifies its existence is coming under question.

I can see a future of transparent honest organizations that telelgraph all their moves and are still unstoppable, but that kind of power requires public support and that’s not something transparent spy agencies will ever be able to approach, unrelenting transparency will abolish them.