Linux Kernel Hacked by NSA/GCHQ

Sat Aug 31 03:46:56 UTC 2013

On 2013/08/30 18:24, agraham wrote:
> On 08/30/2013 10:53 PM, Fernando Cassia wrote:
>> On Fri, Aug 30, 2013 at 4:35 PM, agraham<agraham at g-b.net>  wrote:
>>> "I KNOW" we can overcome this adversary and regain the freedom that the
>>> internet once offered.
>>
>> What?
>> You must have been living under a rock. The Echelon spy network was
>> exposed back in 1999, way before even 9/11
>> http://news.bbc.co.uk/2/hi/503224.stm
>>
>> There are no secrets, get over it. If you want privacy use encryption
>> for email, and if you want anonymity surf using a public hotspot and
>> not login to any service
>>
>> FC
>
>
> Those are not the types of solutions I was thinking of and in fact before
> solutions, we need to know if/what/was/when compromised in the kernel, or did
> you miss the "Give me a list of compromised machines".
>
> Given what we now know, then we apply that knowledge as far as capabilities are
> concerned to events of the past (particularly those that misdirected us) you
> have to consider that all Linux machines were compromised (while we were
> asleep), that's really my point, such that the methods you mentioned above are
> also compromised.
>
> But this means you would need to get into certain subsystems, assuming that they
> have compromised the firewall / netfilter.
>
> So, what Snowdown exposed is, I'm guessing is really just Stage 1 of this global
> rootkit.
>
> Stage 2 is going to be much much more aggressive and intrusive as this would be
> the logical extension of Stage 1 and may even be even more invisible.
>
> Now before you dismiss this argument, if I said "Windows", you would probably
> agree, yep, we're in Stage 2 of the attack, because we know (and always have)
> that windows is compromised and I know for a fact because I personally spent a
> year dis-assembling parts of the Windows kernel about 15 years ago with CodeView
> and a hardware debugger.
>
> I now believe we are already in Stage 2, but most don't realize it yet.
>
> Let me give you another example, think back over the past few years, say even 3
> years, if you check your firewall logs for any server you have install for a
> customer, you may have noticed a huge number of port scans from China?. For
> example, I noticed, at a customer site that within the first 24 hours of getting
> an IP address block, I had about 100,000 scans, mostly from China.
>
> I know it was from China because WHOIS database says so.
>
> So, I'm trusting that WHOIS database which is controlled by Government, and
> guess what, the packets are not coming from China, but from the West!
>
> So, I believe this is all part of the misinformation based on information that
> we had reason to implicitly trust in. So, what I'm saying now is that as we
> install new servers/VMs, they are being probing and finger printing the servers.
>
> Also, I suggest that pattern analysis on these probes be done as that may also
> reveal more about the attacker.
>
> The kernel compromise I'm talking about could be very very subtle that only
> provides enough information that allows the attacker to select their next
> subversion technique.
>
> This attacker, albeit many world government working together, is nonetheless an
> attacker, and is using well known techniques that come from many open source
> projects to enact this global attack of computers.
>
> As an example of the tools (most will know them well already, checkout the NSA
> job spec http://s3.documentcloud.org/documents/716069/boozallenhamiltonnsa.pdf)
>
> Also, we must also assume that Stage 2 or 3 will include isolation and
> destruction not just observation. This will probably be known as the global
> virus control program etc..
>
> If you think about it we are now inside the virtualized machine which is why we
> cannot see it.
>
> Until we defeat this, we may all be trapped in wonderland forever.
>
> I mean, technically, this could be kernel bug, and the patch will probably  be a
> single line of code, but we don't know what that bug is!
>
> The prize for this attacker is not just a Linux server, it's the control of the
> entire world and the future.
>
> Make no mistake about it, we are under attack.
>
> Albert.
>
> p.s, And, I'll buy a free beer for the first one who submits a fix for this.
>

You are in Great Britain and you're worried about Internet anonymity? Er,
ah, about the only places there are no cameras are where Muslims have
bitched about it and maybe your bathroom. What's a little Internet snooping?

{^_^}