Spammers: The NSA’s Greatest Enemy? (and RTLSDR, BIOS SDR, Iceland/Silk Road, Greenwald/Guardi an)

Spammers, not crypto, may be the biggest thorn in the NSA’s side.

The NSA was busy spying on some Iranian guy when the man’s account was taken over by spammers… flooding everyone he’d ever talked to with hundreds of gigabytes of messages… and prompting the NSA’s systems to start recording all their emails too… which just multiplied the volume of stored spam.

The total traffic volume? Somewhere between two and a hundred gigabytes PER DAY. From trying to watch one guy’s email address.

RTLSDR trunk tracking police scanner:
https://sites.google.com/site/policescannerhowto/

BIOS rootkit used high frequency audio as the out-of-band channel!
🙂 SOB (!) 🙂 Erik Tews wins the prize. The OOB channel was HF Audio, not SDR. Wonder if linux flashtools dumps realtek firmware? https://twitter.com/dragosr/status/390239699597393920

At least this explains why first update offered to my windows/linux boxes whenever I bought a new computer was always the RealTek drivers. https://twitter.com/dragosr/status/390248028226846720

@dragosr Was the source of the signal coming from another computer in your lab or from another part of the same box? I want to test my boxes https://twitter.com/kraemer_matt/status/390249097862463488

@kraemer_matt multiple laptops and computers. local laptop speakers and ext audio. don’t know how they orchestrate which one gets the stage. https://twitter.com/dragosr/status/390249536922206208

It also solves that problem with the persistent HF whine presumed to be RF interference that we never could engineer out of my soundsystems. https://twitter.com/dragosr/status/390248628398206976

@kraemer_matt disconnecting mic is a hassle on some laptops, on my dells, the mic connection is on screen connector, screen/mic/cam sealed https://twitter.com/dragosr/status/390257487300939777

No, Iceland will not really stand up to the US just yet… Silk Road had their servers there and the Icelandic police negotiated a special one time agreement to hand over the data: https://medium.com/p/3dcc1f6d12ab
http://www.theverge.com/2013/10/14/4836994/dont-host-your-virtual-illegal-drug-bazaar-in-iceland-silk-road

Greenwald leaves the Grauniad for a venture funded by eBay founder Pierre Omidyar. http://www.reuters.com/article/2013/10/15/us-usa-security-greenwald-idUSBRE99E18D20131015

(Joining him will be Jeremy Scahill and Laura Poitras — which I have mixed feelings about, since Poitras and Greenwald are the only ones with complete Snowden collections. There is now a single point of failure.)

As to the timing, well: once an internal security service like MI5 so publicly declares war on anyone… let’s just say I’m not surprised. The British political establishment is already moving in the direction “the security service” wants, and no doubt other attacks are/were being prepared and executed as well. http://www.theguardian.com/world/2013/oct/16/snowden-leaks-david-cameron-investigate-guardian

Greenwald backer Omidyar is not exactly an NSA fan:
https://twitter.com/pierre

Which doesn’t mean he’s bulletproof:
https://news.ycombinator.com/item?id=6558945

Omidyar had been one of the possible WaPo buyers, but thought about making his own instead. Greenwald, Poitras, and Scahill had been planning to do their own thing anyway, so Omidyar coming along was ideal.

The new news outlet will be a general-purpose thing, sports, business, entertainment, tech, etc, not just leaks.

They’ll aim to attract really strong journalists and support them well with good editors and a very, very well funded set of lawyers.

The new project is NOT a nonprofit or a charity, it will be designed to turn a profit and reinvest that profit in itself… though it will have $250 million to start with. Which is a hell of a lot more than the $5 million Assange once estimated (c.f Cryptome Wikileaks emails) would be required to do Wikileaks right). http://pressthink.org/2013/10/why-pierre-omidyar-decided-to-join-forces-with-glenn-greenwald-for-a-new-venture-in-news/ e:

http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/15/the-nsas-giant-utah-data-center-will-probably-hold-a-bunch-of-spam/

“The NSA’s data-collection activities are so resource-intensive, the agency can’t complete its new server farms fast enough. But when it does, a significant share of what gets held on those servers could wind up being worthless spam.

We now know the NSA collects hundreds of thousands of address books and contact lists from e-mail services and instant messaging clients per day. Thanks to this information, the NSA is capable of building a map of a target’s online relationships.

Sometimes, however, that process goes awry — such as when one Iranian e-mail address of interest got taken over by spammers. The Iranian account began sending out bogus messages to its entire address book. This included a number of Yahoo Groups addresses that in some cases represented thousands of other e-mail users. So the NSA dutifully flagged not only the fake messages that got sent out, but also the inboxes of all the thousands of people who were receiving the spam. And then the NSA started downloading information on them, and their inboxes, and their address books even if they weren’t of interest. Worse, the spam that wasn’t deleted by those recipients kept getting scooped up every time the NSA’s gaze passed over them. And as some people had marked the Iranian account as a safe account, additional spam messages continued to stream in, and the NSA likely picked those up, too.

This caused huge amounts of unimportant information to flow through the NSA’s systems, according to a chart in a top secret NSA presentation. Every day from Sept. 11, 2011 to Sept. 24, 2011, the NSA collected somewhere between 2 GB and 117 GB of data concerning this Iranian address. The exact numbers aren’t clear because details of the chart have been redacted.”

Advertisements
%d bloggers like this: