Continuing the series of “interesting tidbits mentioned in passing” —
former surveillance-technology engineer (read: he built bugs for a living) Clive Robinson has a clever observation. When GCHQ operatives told The Guardian to destroy the computers on which Snowden’s documents had been kept, those operatives directed the Grauniad staffers attack particular chips.
Presumably, those are the chips which for one reason or another have unintentional or intentional capabilities for storing data long past the computer’s power-off date.
Robinson also observes that the TAO catalog (the thing Appelbaum released to much fanfare and drama at 30C3) isn’t in fact all that damaging to US interests — it just focuses “people’s attention on what was already known and talked about…”
“This TAO catalog is just an uup market version of ones you can see in a number of high end commercial surveilance shops in London, Paris, New York and I asume a number of other places.
[…]
The two operaatives acted like Tweedle Dee and Tweedle Dummer in the way they went about things and after giving there “if you knew what we know” speach promptly gave a practicle demonstration of which parts of the computers were “suspect” by instructing staff which chips etc had to be destroyed with grinding tools. The Guardian staff then published pictures of the boards, so anyone with half a brain can compare the photos with actual hardware they have to determin which chips are suspect. It then takes only a modicum of effort to find out more about these chips.
I suspect that several academic and other security researchers have already done this…
The point is that much of this information is already well know indirectly and published on the internet, where the old school Hacker mentality has show many peripheral and other chips that can be re-programed to harbour malware or as in the case of some criminals to make thumb drives etc look bigger so they can be sold at a higher price.
All this TAO catalog does is to focus peoples attention on what was already know and talked about on this blog and in other places on the Internet.”
https://www.schneier.com/blog/archives/2014/03/firewalk_nsa_ex.html#c4923166
kabelmast 