[clug] Offline snooping

[Scott Ferguson]

On 30/01/14 21:11, Keith Sayers wrote:
> Would anyone know anything about this?

Yes.


> I had imagined that because I was using a Linux operating system I
> was more secure than with Windows - am I being naive?

A bit.


<snipped>


> were fitted with small devices that emitted radio waves.


<snipped>


'They' (most work is contracted out) intercept(ed) hardware shipments
and replaced (likely keyboards and mice) components with ones containing
radio transmitters. Up to 8km range.  It is *extremely* unlikely you
would have them on your boxes. That sort of technology is only deployed
when the risk of discovery (and resulting loss of advantage) is
outweighed by the value of likely intelligence to be gained. (if you
were not retired the situation might be different - depending on the
clients you did the accounting for, and their clients).

If you're concerned about your boxes being infected by NSA type spying
devices - don't be. Most likely if you are being spied upon via
something installed on your hardware it'd be "opportunistic" software in
the hope that it could "hitch a ride" to a valuable target. Again, the
release wouldn't be random, the risks of disclosure would be assessed
first. Note that one of our 4 letter agencies has recently requested the
legal ability to deploy similar spying software (targeting the innocent
in the hope of hitch-hiking to the suspect). Our 3 letter agencies don't
tend to ask for legal backing (they don't need it).

It's also possible some devices were/are capable of sending data as DC
signals over the AC supply. Bear in mind that what's being released is
information suitable for newspaper readers, the majority of the
documents are not Powerpoint presentations.

Keep calm, practice good security (you really do need to do updates
Keith), give Mr Stallman and Coreboot some
more respect and attention. SNAFU :)


Kind regards.