[clug] Offline snooping

Sat Feb 1 18:23:06 MST 2014

On 31/01/14 09:29, Alex Satrapa wrote:
> It doesn’t matter what OS you are running, there are “TEMPEST” style
> attacks that can be used against it. The original “TEMPEST” spying
> involved picking up the EM signal from CRTs so you could see what was
> displayed on the computer’s screen. These days you just tune in to
> the 2GHz signal emitted by the chipset and it tells you what the
> computer is processing.
> 
> There are other options too, such as installing malware (e.g.: via
> Autorun or equivalent) which uses hardware onboard the computer to
> transmit information. That hardware could be the built-in but
> “disabled” WiFi, bluetooth, or even the sound card.
> 
> Even better is if you can use all the mobile phones in the world as
> mobile bluetooth/wifi/audio listening devices.
> 
> It’s not paranoia. They’re not out to get *me*. They’re out to get
> everyone, as efficiently as possible.

Yes it *is* paranoia [*1.].
It's unlikely 'they' are out to get you. If anything what the Snowden
revelations have confirmed it that:-
;'they' are out to get certain people and organisations (targeted)
;'they' are out to get certain hardware (targeted)
;'they' are demonstrably and patently *not* doing a very good job of the
former

The difference between desire and capability, is budget and resources.
Attacks cost money and consume resources.
Processing data gathered from successful attacks costs money and resources.
Attacks risk exposure.
If budgets and resources allow data gathering in excess of analysis
expertise then the information gleaned is so low it renders the process
useless (polluted by false data). There's a big difference between the
pitch by the companies that sell the total surveillance myth (there's
gold in that thar big data) and the reality (signal:noise is too low).
Between media hype and PsyOp irrational fear is likely to paralyze
intelligent risk assessment - if it's not already doing so.

https://www.schneier.com/blog/archives/2014/01/matt_blaze_on_t_1.html

Just because something 'might' occur does not extrapolate to "something
is likely to occur".
Your house is nigh impossible to completely secure (like your computer).
To declare "if someone accesses my house it's game over" is to conclude
gun lockers and safes are pointless, um, misses the point.

Take care, stay informed, minimise risks by minimising exposure, don't
panic (be sure and pack a towel) :)

[*1.]
par·a·noi·a
ˌparəˈnoiə/
noun
noun: paranoia

    1.
    a mental condition characterized by delusions of persecution,
unwarranted jealousy, or exaggerated self-importance, typically
elaborated into an organized system. It *may* be an aspect of chronic
personality disorder, of drug abuse, or of a serious condition such as
schizophrenia in which the person loses touch with reality.
*or the result of taking mass media seriously*
(emphasis mine).

Kind regards

> 
> Alex
> 
> On 30 Jan 2014, at 21:11, Keith Sayers <spinifex at iprimus.com.au>
> wrote:
> 
>> Would anyone know anything about this?  I had imagined that because
>> I was using a Linux operating system I was more secure than with
>> Windows - am I being naive?
>> 
>>> http://www.bbc.co.uk/news/technology-25743074
>> 
>>> The US National Security Agency (NSA) used secret technology to
>>> spy on computers that were not even connected to the internet, it
>>> has been reported.
>> 
>>> Citing documents from whistleblower Edward Snowden, the New York
>>> Times said 100,000 machines were fitted with small devices that
>>> emitted radio waves.
>> ----------------------------------------------------------------------------------------------
>>
>> 
Keith Sayers
spinifex at iprimus.com.au
>> 6 Clambe Place CHARNWOOD, ACT 2615, Australia
>> http://www.keithsayers.id.au 
>> ----------------------------------------------------------------------------------------------
>>
>> 
-- 
>> linux mailing list linux at lists.samba.org 
>> https://lists.samba.org/mailman/listinfo/linux
> 
> 
> 