You are here
All your computers are belong to us: the dystopian future of security is now
Alon is contemplating replacing his laptop so I figured I would recommend he take a look at Purism, a company offering laptops that are designed for people that care about security and privacy.
Unfortunately, once I started looking a bit more closely at this little rabbit it ran deep down into its little rabbit hole and I discovered that in reality there are currently very very few hardware options for people that want a computer that is not backdoored with a sophisticated rootkit at the hardware level.
I followed the Snowden revelations closely and even read Grenn Greendwald's "No Place to Hide", but still the extent of this was news to me. Apparently after 911 an NSA program called "Sentry Owl" successfully coerced major US PC companies into co-designing hardware level rootkits into their products.
By 2006 the new generation of Intel hardware came with Intel ME ("Management Engine"), the secret computer within your computer pre-installed.
The ME has a full network stack with its own MAC that works even when your computer is turned off and has direct access to RAM and you all hard drives / peripherals. It's a 5MB proprietary encrypted blackbox that was designed to be extensible while being extremely hard to reverse engineer. The ME CPU runs its own custom non-x86 instruction set (ARC), the firmware is compressed with a custom designed compression algorithm, and all code is signed and encrypted. Intel is extremely uncooperative with anyone that wants details on how this thing works, including big customers like Google.
If you wanted to design a universal hardware backdoor that is embedded into all PCs this is how you would do it.
The people who seem to know the most about Intel ME outside of the intelligence community are the free software "nuts" attempting to develop a free (free as in free speech) boot process:
https://libreboot.org/faq/#intel
Unfortunately, the latest generation of AMD hardware (post-2013) has its own version of Intel ME called the AMD PSP (Platform Security Processor) which isn't any better:
https://libreboot.org/faq/#amd
For people that want a computer that isn't backdoored at the hardware level libreboot recommends not using modern hardware at all. Yikes!
Intel ME and the AMD PSP have the NSA's fingerprints all over it. I would be very very surprised if it turned out NOT to be designed (or at least co-designed) with the concerns of US intelligence capabilities in mind.
Unfortunately, that's a problem even if you trust the NSA not to abuse their powers, because as one 29-year old former NSA contractor armed with a thumbdrive showed - the NSA's security isn't all that great.
Even those who think it's wise to trust the NSA would probably think twice about trusting the legions of private contractors it depends on to run its mass warrantless surveillance programs.
Even worse, according to experts like Bruce Schneier the game of cyber-espionage is all offense, no defense. In other words, foreign intelligence agencies most likely already had all the documents Snowden leaked because they were already in the NSA's systems.
So now you also have to trust not just the NSA, but the Russian FSB, the Chinese Cyberarmy, and potentially anyone working for them in past, present and future.
Now I get why the Chinese are developing their own CPUs, why the Russians and Germans are reverting to typewriters and paper for classified information, and what a top US intelligence officials means when he says:
I know how deep we are in our enemies's networks without them having any idea that we're there. I'm worried that our networks are penetrated just as deeply
The only saving grace is that given the risk of detection, political fallout and attack devaluation, I reckon advanced attackers regard hardware level backdoors as the tools of last resort and only against high-value targets. For the little guys, they'll prefer plausibly deniable exploits in endpoint software that were either accidentally or maliciously inserted. And yes, part of Sentry Owl and similar programs by other intelligence agencies involves inserting undercover agents into private companies and presumably into open source projects like Debian and Ubuntu as well.
Bottom line: options for a someone who wants a computer and get reasonable assurance that it cannot be remotely controlled at the hardware level when connected to the Internet are virtually non-existent.
You can raise the bar a little bit without sacrificing too much comfort with products like those from Purism:
Features I like:
- No binary blob drivers (which I'm certain are ALL backdoored)
- hardware cut-off switches for RF, wireless and camera
- Qubes OS certified / pre-installation option
https://www.qubes-os.org/news/2015/12/09/purism-partnership/
Stuff I don't like:
- No free BIOS/firmware yet: https://puri.sm/posts/bios-freedom-status/
- Intel based so is still includes (like ALL post-2006 Intel hardware) on Intel hardware-level backdoor called the "Management Engine".
Possibly the closest thing you can get to a free computer at the hardware and software level is by buying old refurbished hardware directly from the libreboot guys:
Unfortunately, you'll need to pay dearly for freedom. The laptop hardware was cutting edge in 2008. The server/workstation board is better since it took AMD longer to get on the backdoor bandwagon.
Also, given the well established practice of intercepting hardware in-route to install implants, if you don't have the skills to inspect hardware yourself, you can you know supposedly clean hardware hasn't been tampered with en route?
Paranoia, justified or not, is a tough hobby.
Comments
Ugh, I really didn't have enough reasons to be depressed. ;)
Very nice summary of informaton, thanks for putting together. I had heard bits and pieces of this, but this puts things together much more clearly.
Between the government's backdoors, potential spyware/monitoring, plus (un)Trusted Computing features to ensure no one pirates anything, corporates tracking our every click and movement on the net, plus normal OS/and software attackware these machines will grind to a halt spying on us.
Or better yet tangle each other up.
Our best defense is the incompetence of the groups of people driving the stuff spying on us. It is much easier for an individual or small group to be extremely competent (typical hacker) it is very difficult for large groups of people in a bureaucracy to be competent.
Ack!!! My face just showed up in the preview! Are you watching me on my webcam? :) Gravatar obviously but still a surprise given the topic.
The dark google
I also don't actually believe for a moment that any organization, private or public has the ability to spy on everyone all the time with actual people. The things is:
A) They don't have to: Once people understand that everything they do on the Internet is logged forever, the effects are chilling. Self censorship is far more effective at suppressing dissent than actual censorship.
B) With regards to technical capabilities, huge datasets open up interesting scary opportunities for machine learning. All of the data they're collecting is being fed straight into AIs. When properly trained, the AIs can pick up patterns even an army of human Stazi-like minders would miss and those systems have Moore's law on their side so they're only going to get better. Advances in AI, coupled with mass surveillance could lead to societies that make east germany look like a paradise of free expression by comparison.
Trust then in greed and corruption.
Agreed on the point of everything everywhere all time; and most importantly the self censoreship problem.
Although I do note that people seem perversely unaware, oblivious of basic discretion, most people are unaware of even casual exposue of their personal communications and opinions. Look at people done in by FB when potential employers see their exploits? Or all the people caught in affars or indecent tweeting?
But people will eventually learn and the self-censorship will be a problem, and in fact, I think it is becoming a problem already in many parts of the world.
On a related concern I note how many governments are working to shutdown communications during protests and coups (Turkey was relatively good at blanketing out information)
The sort of onboard chipsets in this article could also be used as kill switches in the event of revolution. True censorship.
As far as the big data database. Well, big data manipulation is only as good as the people controlling in. One problem they have (in my opionion a good one) is that the rate of collected data keeps growing, making their haystack even bigger and their task more difficult. It requires a lot of intelligence to sort, filter, group, analyze and connect this data and the number of humans that can do this, is fortunately, limited.
But now: I come back to my subject Greed and Corruption.
First to the outsources: I could go on for hours about the illogic of government outsourcing of things that should not be outsourced (it is all tied to the idea that "government" should not get any bigger, therefore pay for consultants that cost 10x as much as hiring your own people)
But, what will happen is that the corporate outsourcing companies will, with time, succumb to greed and try to squeeze the most money out of the government for the least amount of effort.
This is exactly what has happened in the traditional military industrical complex. The contractors' greed and their lobbyists are causing the government to spend ridiculous amounts of money on unwanted boondoggle jets and ships, etc. Most of which do not work as promised. Or at all. They overpromise, underdeliver and walk away with a fortunate.
What they will do is take the contracts for data collection and analysis, and at first do pretty good, get themselves locked in, then to increase profit, they will start cutting costs on their employees, hiring less and less competent people for less money.
In the process, the more qualified and competent people will be squeezed out, probably be pissed and well...who knows...
The point being I don't think it's sustainable in an outsourced environment.
Next, true greed and corruption will prevail.
The 29 pages of the 9/11 report released Friday demonstrate that the US government had all the pieces to identify and stop the hijackers before hand. It could have been prevented; however, that would have required allowing intelligence agencies to act on data they had regarding Saudi Arabian operatives Those papers were only about activities in one city, because that is all they were allowed to investigate. The government purposefully looked away because it was in the best interest of very powerful people to not look too closely.
Same corruption happens in the defense industry appropriations and review process.
The bad thing is that is exactly what dystopian science fiction has been warning us about for 50 plus years.
The good thing is that I still believe that human frailties may yet sink the machinations of the police state.
A true and effective police state requires a lot of shared idealism/patriotism/fascism on the part of the people serving it. Intense, unswering loyalty and dedication.
That does not happen in a world of independent contractors and greedy megapolies where everyone is looking out for themselves.
Hope for the best, plan for the worst
Misdirect
Sometimes I wonder just how much egg-in-the-face the government voluntarily takes in order to hide what's really happening. We see reports about how one government agency after another keep getting hacked. And many of us have blurted out something along the lines of "what kind of idiot actually thinks that's safe" and so on. I almost wonder how often it's a honeytrap. After all, it is ironic that we're really fast todetect when these things happen and really good at tracking down who did it, yet couldn't prevent obvious vulnerabilities an intro to computer course from the mid 90's taught us to avoid?
There can be no bigger idiot than he who underestimates his opponent.
Establishing Trust
Totally separate from anything the US (or other) government influences to be built into the hardware, I've been developing a "Trust Process" for our infrastructure.
The process goes something like this...
Assuming the hardware is anything other than brand new, direct from the manufacturer, how do you establish a secure environment?
Software packages need to be authorized. Software packages need to be installed from a trusted source. Software packages need to be installed and configured in an authorized way. In order to trust the source of the installer, you need a way to ensure the installer you have is genuine and unaltered. In order to trust that the install package is unaltered, you need an unbreakable way to ensure such. For example, MD5 isn't good enough. Of course, ensuring that the checksum matches also requires that you trust where and how the hash was posted. If the site was hacked and the ISO's tampered with, a checksum matching the compromised file could have been posted, thus passing the checksum process, but still failing to ensure authenticity in any way the matters.
OK, so let's assume in whatever way necessary, we absolutely trust the ISO. Now on to the bridge between hardware and software... the hard drive...
I've seen some tricky infections that bite into the hard drive. Simply reinstalling does not ensure the resulting install is safe. MBR infections are easy to overlook, but just as easy to remove, as long as you repartition the drive. (Personally, I prefer to secure erase the drive as part of the "Trust" process.)
Again, assuming we've gained the ability to trust the hard drive, on to the rest of the hardware...
In the absence of memory sticks and other drives (hard drive, CD, etc.) we need to establish trust in the bare computer itself. BIOS infections exist as do EFI / UEFI infections. How do you ensure that these are trusted and safe? Reflashing the BIOS / EFI / UEFI may resolve this, yet again it may not. Other firmware compromise only adds to this. Could the computer have gotten an infection that compromised the firmware in the keyboard or mouse? It's crazy to discover that we cannot allow ourselves to overlook these "harmless" devices anymore. It's also crazy to expect people to throw them away regularly to mitigate such risks. That would be like replacing your tires every time you get gas because you fear "premature failure" on your 50000 mile rated tires. It might be safer, but is it practical and what other risks get introduced because of the process?
ThunderStrike and BadUSB are just two avenues to read up on.
Maybe it's time to just go back to the Apple II.
Wonder, who shakes free BIOS
Wonder, who is download free BIOS and install it.
What the side of the page?
Pages
Add new comment