There was a good video posted here a while back about the NSA hoarding information on vulnerabilities, to allow them to exploit them. The idea that fixing the holes, or telling the devs about them, wasn’t on the menu. This is from a government agency, which is supposed to protect people against criminals… Great job!
1 Like
You have your agencies confused. The NSA doesn’t give a damn about crime. The NSA is all about cyber warfare. We are talking about cyberwarfare where cyber armies can EMP entire cities and wipe out all electronics.
I don’t think this is the work of the NSA. I think Intel just designed an overly complex chipset and part of the problem is the backward compatibility with x86 forces a lot of complexity. A lot of the new features in the chipsets are where the flaws could be.
I don’t blame Intel because it’s always been this way with chipsets.
http://www.coindesk.com/intel-hints-at-bitcoin-play-with-crypto-researcher-hire/
If you read the paper I think you will (even without tech knowledge) find that this particular backdoor:
-
applies to AMD as well as Intel (I’m pretty sure it suits this, but by all means check)
-
can be done by anyone (no need for Intel cooporation)
Sorr eee 
2 Likes
lol…so it’s just as risky buying a second hand old computer as a new device because it affects pretty much all chipset wotsits? It gets worse and worse :Hang on then, this means that it can also be reversed or wiped then, so at least some defence could be developed and made available in an open-source way?
@Luckybit, it doesnt make sense to say the NSA is relatively less of a threat than non US intelligence agencies. NSA is still apt ti feed one faction what they need to blackmail and defeat their political enemies, a huge part of the problem with spying on your own citizens. Its like saying just trust that 911 was a good thing. A rider was being added to the NDAA that would allow the American military disappear US citizens in the US and do so without paper trail and without seeking any kind of outside justification or authorization. That is the level of stuff. Trusting NSA is like saying trust a drug company or trust an arms maker. Snowden’s analogy of the NSA having a loaded gun pointed at people’s head and saying trust us is seems quite likely to be accurate.
1 Like
No on both counts I’m afraid.
It affects this generation of chips, ones with the vPro feature which are made by both Intel and AMD.
Few ordinary users will have vPro chips, but hundreds of thousands of such PCs have been deployed all over the place, and certainly in places that make us all vulnerable.
However, when manufacturers make chips with different features, the chip itself is sometimes identical, but with the features themselves enabled or disabled in some way at the end if the manufacturing process. In theory, this should not be something that could be re-enabled after manufacture, but given what the NSA has been up to, it would seem rather tempting for them to force Intel to provide a way for it to be turned on remotely, even in chips which are not sold as having the feature. That’s incredibly terrifying, where’s the first case is just enormously terrifying.
EDIT: One thing more, the is no way for a user to turn this feature off. Apparently even though AMT can be disabled in the BIOS of a PC it does not prevent this backdoor from working.
1 Like
As I said, I’m not so concerned about NSA or China here, but others. Criminals and terrorists could exploit this with horrendous consequences. Government agencies have at least some theoretical restraints.
That’s not to say NSA etc aren’t an issue, just slightly less terrifying.
2 Likes
Yes, they could break the global finance system , but would have NSA Intel as partners that lured them and provided the means for this result. Sounds almost like the 911 mo.
It is a weird thing, but this terrorism etc. always makes me wonder if it exists (as much as we think),
I remember years ago, as a wee fella, when the UK had terror troubles (apparently) and thinking why not go up to the North and cut the submarine cables for the transatlantic phone (they are exposed lines on the beach, this was pre satellite being widely used). An easy swing of an axe, or worse send a huge power surge down the thing and break it all over the place for miles out to sea. Or even now just set fire to some gas cannisters in main roads (effect == road closed for 24 hours). I think we could all come up with many ways that cost no lives, are easy to do and with an almost zero chance of being noticed/caught (a terror group would want to boast though).
There seems a massive number of ways to cause mayhem, I just think it strange that it does not seem to happen, it would be simple to create chaos almost anywhere.
I see corruption though, everywhere and clever folks using clever methods to control and steal, That is worrisome indeed as greed seems way more powerful than terror, much more harmful to!
8 Likes
It makes perfect sense. Your next door neighbor could work for the NSA but that is exactly why they are less of a threat than a complete stranger who has no legal restrictions and who doesn’t live next door.
The NSA employee isn’t above the law in the USA. It’s against the law for the NSA to spy on you. It’s against the law for the CIA to torture you. It’s not against the law for foreign intelligence to spy on or torture you because in their country you’re the enemy just like how the NSA sees foreigners as the enemy.
The same stuff our government does to other countries, other countries intelligence agencies can do right back to us. So as far as what I’m concerned about it’s not the NSA but it’s every non-US intelligence agency which isn’t restricted by any laws or any rules.
Do you think China or Iran will respect your human rights or decide not to spy on you? Do you think Russia would have any problem not only spying on you but stealing all your Safecoins? What about North Korea?
The NSA (and GCHQ) have proven quite effective finding loopholes around laws. At the same time, your own government’s spying can be more dangerous to you because they also have jurisdiction over you.
1 Like
Government agencies don’t have restraints against foreigners. The terrorists you speak of might be state sponsored for plausible deniability.
It’s more that as US Citizens we don’t have to worry about the US government treating us as the enemy. That doesn’t mean foreign intelligence will show us any mercy at all. The same way the CIA threats people overseas, the foreign intelligence or cyber militia would treat us.
I think in most cases they don’t give a damn about us though. Cyber militias are concerned with warfare and nationalism. On the other hand if Safecoins are worth a lot and someone is centralized like MtGox or SilkRoad with a lot of Safecoins then you might see them turn up missing and those stolen coins might go to fund terrorist activities or organized crime in favor of some nation state.
We just don’t know.
I don’t think you understand how the US intelligence community works. Because I’m in the US as a US citizen they don’t have to spy on me. They can simply arrest me and I’m taken out. They don’t see me as a threat and in fact they probably see me as a friendly or a neutral.
I cannot say that every government in the world is going to see me that way. Also if the NSA spies on me it’s clearly against the law so it’s not something which is supposed to happen. If some foreign government’s intelligence agency spies on me that is exactly what their intelligence agency is designed for and I’m exactly the sort of person they are paid to target.
So of course I should be most concerned about what can actually put me in danger. Why should I be concerned about the NSA who have been watching me for my whole life along with the FBI? At the same time their agents live among us, it’s not at all like foreign intelligence where they don’t have to give a shit about any of us because they aren’t living in the same country.
To put it another way, the US intelligence community would give a shit if there was a civil war and doesn’t want that. The foreign intelligence wants a civil war because it can help their governments to weaken the US economy and invade. Neither intelligence agency might care about us personally but foreign intelligence would use terrorist attacks if it could destablize the US.
Of course you could be one of those people who believes the CIA and US intelligence community is behind all terrorist attacks. I’m not a conspiracy theorist like that though.
Do you, and do they? From what Snowden has revealed, I got the distinct impression that they see everyone as a potential threat, hence the dragnet surveillance. The laws that prevent them from directly spying on Americans are bypassed by making deals with allied foreign intelligence agencies like GCHQ to spy on each other’s citizens and then exchange information.
They first need to know if you’re doing something illegal, or simply something that they really don’t want you to do. The official cause to investigate could then be fabricated, and in the latter case maybe evidence as well. That’s what makes national agencies potentially more dangerous than foreign ones. There is far more potential for abuse of power.
2 Likes
The power to create money in a centralised (Sort of quasi governmental, but not. Weird!) way is to blame for a lot of the challenges, including terrorism, real or synthetic, poverty, war, hunger, surveillance, etc imo.
The process by which money comes into existence is corrupt, and totally corrupting.
Looking forward to the Safe network, and Safecoin…biggest box of weed killer ever!
(maybe use the forward momentum and network to force change with the hardware, down the road a bit)
Wow…seriously, both Intel and AMD are American Corporations - Intel has 80% of market share and I don’t know about AMD, but I’d hazard a guess that it is somewhere near the other 20%. how on Earth can the main concern be foreign govts, nevermind the more important “1984” point Seneca mentioned.
Any chip mischief is surely more likely/effective at the point of manufacture, than later on in the chain surely. All of this terrorist stuff is a red herring in my view - they could create a small Network at best anyway. If there is any National Govt intelligence agency involved then this is hugely likely to be the American one.
As stated on the Intel website, this is going to be the planned way of operating the Internet of things via (willingly) connected devices. This is actually scarier even than “incredibly terrifying” - “Humongously terrifying” in fact. 
3 Likes
Luckybit, I think its kind of like three strikes the US intel will take you out if they think they will get caught doing something illegal. I also think that like Gandhi saying you can measure a nation’s humanity by how it treats its animals you can measure your own rights by how a nations treats foreign nationals. If they would water board a foreigner. Jessie Jackson is talking about how black people have lived in a terrorist state for a long time in the US, that’s pretty much all of us post the 911 fraud. The elites are out to straight enslave us ever since Nixon and almost every policy decision from the right has been trying to move us that way in a hurry. Katrina was an example of their real regard.
Average Joes caught up in the NSA hierarchy may care a lot but at this point I don’t think the brass can be promoted if they give a ****, Ramsey Clark was an example of brass that cared and look at how he was treated. Look at the security around Obama. Think about the deaths of JFK and also of RFK for investigating the death of JFK and their non investigation. Its been a pure plantation agenda since 70 or so. Look at what commissioner Wheeler would have done with neutrality and free speech if left to his own devices. Look at democrats now trying to feed public pensions to Wall St as possibly another attempt on social security. They want to eliminate our rights, drop wages to $1 an hour and let us die in the streets in old age as an example of non work.
I’m aware of this but the NSA still by law cannot spy on US citizens. Five Eyes can allow foreign intelligence to spy on US citizens and the do share information but I doubt the NSA is going to go out of it’s way to investigate someone unless there is some national security threat. It can certainly happen so I will admit it’s plausible through Five Eyes.
Everyone is doing something illegal. So the legal vs illegal thing is just a pretext. The point is they can investigate anyone they want at any time for almost any reason and arrest any one of us under any pretext they want.
There are so many laws and so much surveillance that if the feds want to do so they can get anyone arrested.
Intel is an American company? Do you know whether or not Intel shareholders are American or how much influence foreign shareholders have on Intel?
Are Intel or AMD chips made in the USA anymore? How much influence do foreign foundries have on the chip making process? Do you know the answer to that?
I think people dramatically underestimate the capabilities of China, and of other foreign intelligence agencies. They do this because either they are American so they think America is the greatest or because the NSA is going through leaks while foreign intelligence agencies don’t leak.
It could be possible that the NSA is simply the most popular intelligence agency and not the most effective in every area. It’s very possible for example that China is the most competent at cyber warfare and considering their cyber militia is the biggest, they have the strength in numbers, and almost everything is manufactured in China.
Of course the NSA is going to compete with the Chinese equivalent to spy on the world but when you assume it’s only the NSA then you’ll forget that smart hackers exist all around the world, programmers exist all around the world, and vulnerabilities in hardware are exploited by everyone not just the NSA.
You think the NSA is the only one who knew about these vulnerabilities? Everyone into infosec knew about these vulnerabilities since at least 2011 and the newer vulnerabilities since 2013. The risk is actually not just in the chip design phase but also at the foundries where they make the chips.
And companies like Intel are international. Whether they help the NSA or not (and of course they do because the CEO is probably an American) it doesn’t change the fact that no matter what chip maker or chipset you use there could be hidden hardware trojans. So unless you design and fabricate the chips yourselves you’re trusting whoever does that as much as you would trust MtGox to hold your private keys and keep your Bitcoins safe.