http://blog.thinkst.com/p/if-nsa-has-been-hacking-everything-how.html?m=1
Category Archives: work2
” BIOS and firmware-level attacks were somewhat common in the late 80s and early 90s. At that point, when the Internet took rise, probably around the advent of Windows 95, it became easy enough for “hobbiest” hackers to forget about the more difficult task of infiltrating hardware and focus on the software. But clearly the NSA had the resources and inclination to keep focus on the lowest level.”
” Orwell thought we would be destroyed by the things we fear, particularly comprehensive surveillance. Huxley conjectured that we would be destroyed by the things that delight us. As it happens, we’ve wound up with both. NSA/GCHQ are doing the Orwellian stuff, while Google, Facebook, Apple, Yahoo, Microsoft, Skype et al are taking care of the Huxleyan side of things.”
Privacy Intl on why targeted end-point is almost as low cost as passive surveillance
GCHQ and the NSA developed an automated system named TURBINE, which “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually”.
Privacy Intl’: ” You do not have to choose between privacy and security….”
You do not have to choose between privacy and security. With robust communications systems, we can have both. Yet intelligence agencies such as GCHQ and the NSA have severely injured both, interfering with our privacy rights while simultaneously jeopardizing our security.
” If attackers located in country A compromise a device that was made in country B, installed in country C, and exfiltrates data to country D, which rules apply?”
Schneier late 2013:” Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it’s explained away as a mistake.”
Salesforce CEO ON need for “radical transparency” to regain trust. ” “Trust is a serious problem, we have to get to a new level of transparency – only through radical transparency will we get to radical new levels of trust.”
John Maynard Keynes 1953 : “Will the discontented peoples of Europe be willing for a generation to come so to order their lives that an appreciable part of their daily produce may be available to meet a foreign payment, the reason of which … does not spring compellingly from their sense of justice or duty?” he asked. Greece profit from German history | Jeffrey Sachs | Comment is free | The Guardian
UK’s Cameron: “In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to listen in on mobile communications,” he said. “The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not.”
Latest US/UK survey: ” More than 1 in 4 Americans and Brits said they do not own a smart device because of privacy or security concerns”
Report on EU digital sovereignty attempts: “like the location of data storage and routing, it is not the location of production and supply chains that guarantees protection from surveillance or espionage, but the actual security standards.”
Frank Rieger: ” It is impossible to live in a complex society without violating a rule here and there from time to time, often even without noticing it. If all these violations are documented and available for prosecution, the whole fabric of society changes dramatically. The old sign for totalitarian societies – arbitrary prosecution of political enemies – becomes a reality within the framework of democratic rule-of-law states”
Frank Rieger:” a democratically legitimated police state, ruled by an unaccountable elite with total surveillance, made efficient and largely unobtrusive by modern technology. “
Ordinary people gut feeling know better about meaningfully safe crypto solutions than “experts” and journos?!
http://m.spiegel.de/international/germany/a-1010361.html
“[people] Or they think the intelligence agency experts are already so many steps ahead of them that they can crack any encryption program.”
Morozov on digital sovereignty: ” Note the crucial difference: Russia and China want to be able to access data generated by their citizens on their own soil, whereas the US wants to access data generated by anybody anywhere as long as American companies handle it.”
“Every piece of technology we’ve used in the last twenty years has probably been backdoored at birth by the NSA”
“Cyber Security Needs Its Ralph Nader” makes a case of why we necessarily need an ICT standard (public or private) for highest-assurance ICT systems and devices, , and a related of form of remote attestation, albeit extremely-secure and user-controlled. The rational is that people will be able to modify their cars, but if they want to drive their cars in the same road as others, they should be obliged by law, and by technology were possible, to run safe-enough cars.
http://www.darkreading.com/attacks-breaches/cyber-security-needs-its-ralph-nader/a/d-id/1317690 via
Sony hack. (1/3) Cyber crime attribution is extremely hard, and very easily falsifiable by those having the most access to vulns lowest layers of SW/HW techs. (2/3) Extremely small evidential claims (let alone evidence) produced so far for “conclusion” (FBI statment) that North Korea is behind (3/3) It’s the same gov that claimed (provenly falsely! ) Iraq had weapons of mass destruction.
The New Scientist on the Sony hack: “The [publicly known] evidence is [incredibly far from sufficient] not sufficient for one government to charge another with an attack – there has to be a higher bar.”
text in brakets is mine, the rest form article below: