HomeLogin

Nobody Seems To Notice and Nobody Seems To Care – Government & Stealth Malware

Friday, October 5th, 2012 at 5:30 pm.
danza_point_to_multipoint_(wimax)_scenario

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer’s files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don’t you?

I’m now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual’s products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or ‘deleted/junk posts’ forum section, someone or a team of individuals will mock you in various forms ‘tin foil hat’, ‘conspiracy nut’, and my favorite, ‘where is the proof of these infections?’ One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you’re using the proprietary Microsoft Windows OS. Now, let’s move on to Linux.

The rootkit scanners for Linux are few and poor. If you’re lucky, you’ll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don’t call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I’ve been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don’t let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I’m convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the ‘curious’ malware I’ve come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are ‘on the take’, compromised themselves, and/or working for a government entity.

Search enough, and you’ll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some ‘strange infection’. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the ‘strange infection’ posts are left to age and end up in a lost pile of old threads.

If you’re persistent, the usual challenge is to, “prove it or STFU” and if the thread is not attacked or locked/shuffled and you’re lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone’s BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use – which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, “the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet” but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it’s not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you’re doing, and even then… you won’t notice it.

Windows user

Back to the Windows users, a lot of them will dismiss any strange activity to, “that’s just Windows!” and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I’ve observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn’t exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China’s people. For other, freer countries, however, the concentration camps exist but you wouldn’t notice them, they originate from media, mostly your TV, and you don’t even know it. As George Carlin railed about “Our Owners”, “nobody seems to notice and nobody seems to care”.

[3] http://www.stallman.org/

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won’t be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we’re mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and “nobody seems to notice and nobody seems to care”.

##

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

There’s thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

  • Know your router’s firmware may easily be replaced on a hacker’s whim?
  • Shield all cables against leakage and attacks
  • Still use an old CRT monitor and beg for TEMPEST attacks?
  • Use TEMPEST resistant fonts in all of your applications including your OS?
  • Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
  • Use your PC on the grid and expose yourself to possible keypress attacks?
  • Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
  • Sarch out informative papers on these subjects and educate your friends and family about these attacks?
  • Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don’t need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

#

I’m more concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/

Some BIOS has write protection in its configuration, a lot of newer computers don’t.

#

“Disconnect your PC from the internet and don’t add anything you didn’t create yourself. It worked for the NOC list machine in Mission Impossible”

The room/structure was likely heavily shielded, whereas most civvies don’t shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

subversion hack:
tagmeme(dot)com/subhack/

network card rootkits and trojans
pci rootkits
packet radio
xmit “fm fingerprinting” software
“specific emitter identification”
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, I’ve personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn’t find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

#
eof

199 Responses to Nobody Seems To Notice and Nobody Seems To Care – Government & Stealth Malware

  1. There are a number of action plans for those of us wanting to
    learn how tto get a flat stomach. Muscle is built using
    proteins found in foods and it also keeps yyour body from attacking the
    muscle for extra caqlories nce you’ve gotten rid of the fat your bkdy stores.
    Pictures of the workout plans improve you to understand how too carry out the work outs.

    Stop by my web blog metformin weight loss side effects

  2. Lenard says:

    Yesterday, while I was at work, my cousin stole my apple ipad and tested to see
    if it can survive a thirty foot drop, just so she can be a youtube sensation. My iPad is now broken and
    she has 83 views. I know this is totally off topic but I had to share it with someone!

  3. If you would like to obtain much from this paragraph then you have to pply such techniques too your won website.

  4. It’s considered to be one of the most effective of all
    the marketing methods that are currently on the market.

    You must commence your movie marketing and advertising marketing campaign below.
    Leave viewers longing for more and wanting to see what you come up with next.
    If you don’t believe me just go look at a few product sales pages right now,
    or some popular internet business blogs, or discussions on your
    favorite online marketing forum. By promoting your videos effectively,
    you can experience much more traffic. Rather than hiring
    actors, ask satisfied customers why they like
    the company.

  5. There are hundreds of other video sharing sites that you should be posting
    your vids to. If you are convinced with the business
    video marketing campaign’s efficiency, get started by posting a short video that gives
    viral marketing for your service on an eminent flash player and enjoy the magic
    in your website’s traffic and revenue. Youtube is an excellent place to
    start, but also check out vlogs and videos posted on social media.
    Also, note any attempts you took, objectives or significant assignments that you simply
    attained, outcomes that you accomplished or ideas that you made which increased productivity or
    proficiency. , 82% of buying decisions online have been directly influenced by reviews.
    An even better, video market research strategy is to
    convince your prospective customers to subscribe to your mailing
    list to receive updates about your product and help in beta testing.

  6. ที่นอนราคาโรงงาน
    Thanks for your marvelous posting! I genuinely enjoyed resading it,
    you might be a great author.I will be sure to bookmark your blog and definitely will come back very soon. I
    want to encoourage one to continue your great
    work, have a nice morning!

  7. Heya superb blog! Doess running a blog like thbis require a lot of
    work? I hav verfy little expertis in computer programming however I had been hoping to start my own blog soon.
    Anyways, should you have any recommendations or techniques for new blog owners please share.
    I know this is off subject nevertheless I just needed to ask.
    Thanks!

  8. Very rapidlƴ this website will be famous among
    all blog users, due to it’s fastidioսs content

    Look into my hօmepage – hug day messages wishes

  9. Simone says:

    However, put a point in Wukong’s W ability, Decoy earlier then level 4
    if need be, depending on the harassment you are receiving from
    the opposing champion(s). Again, this is not a necessity, but it will make those
    high-level hacks easier. You could also shoot the flamer out of his hands, if you
    want.

  10. Index says:

    It’s an awesome piece of writing for all the web people; they will obtain advantage from it I am sure.

  11. Have you ever thought about adding a little bit more than just your articles?
    I mean, what you say is important and everything. However think about if you added some great graphics or video clips to give your posts more, “pop”!
    Your content is excellent but with pics and videos,
    this website could definitely be one of the greatest in its field.
    Good blog!

    Here is my page Honda Four Wheeler Parts

  12. Rachelle says:

    Asking questions are really nice thing if you are not understanding something
    fully, except this piece of writing provides good understanding yet.

  13. I’m not that much of a online reader to be honest but your
    sites really nice, keep it up! I’ll go ahead and bookmark your website to come back
    later on. All the best

  14. Kassandra says:

    Afterr I originally commentеd I seem to have clicked the -Notify me when new commentѕ
    are added- checkbox and now each time a comment is aԁded I гecieve
    four emmɑils with the exact same сomment. Peгhaps there is
    a mеаns you can remove me from tɦat sеrvice?
    Tɦanks a lot!

  15. The General pharmacy is in fact budget friendly regardless if you are from regardless of which parts of the society.
    The retail price is affordable for everyone and anyone; you must
    wish of buying it. When determination is made, search for the ideal retail store.
    Immediately after obtaining the remedies, you will have utilized it.

    Just ingest the remedies with basic waters. generic cialis from canada

  16. My brother recommended I might like this web site. He
    was totally right. This post actually made my day. You cann’t imagine just how much
    time I had spent for this information! Thanks!

    Have a look at my website … sara schwartz-gluck

  17. you’re truly a good webmaster. The site loading velocity is
    amazing. It kind of feels that you’re doing any distinctive trick.
    In addition, The contents are masterpiece. you’ve performed a magnificent job in this matter!

  18. Superb, what a weblog it is! This weblog provides useful information to us,
    keep it up.

    Feel free to surf to my page; markedpsycholog89.pen.io

  19. Annett says:

    It’s actually a great and helpful piece of info.
    I’m satisfied that you just shared this helpful information with us.
    Please keep us up to date like this. Thank you for sharing.

  20. Because the admin of tjis web sitte is working, no doubt very soon it will be well-known, due
    to its featue contents.

    Feel frese to surf to my homepage :: mega millions

  21. Sometimes its a pain in the ass to read what blog owners wrote but
    this site is truly incredible and I actually
    treasure your piece of work, Great post.

    Here is my website :: sizegenetics reviews

  22. Myles says:

    While eating your snacks make sure yoou are having a low carb protein bar aboyt
    90 minutes before your workout that helps you burn more fat
    and calories which then speeds up your weight loss process.
    The only way is a properly planned diet and daily exercise.
    The causes of abnormal weight loss are listed below, and thbey may be just a couple
    of factos related to it.

    my web page; best weight loss pills in stores (Myles)

  23. Beau says:

    I’m extremely impressed with your writing skills and also with
    the layout on your weblog. Is this a paid theme or did you modify it yourself?
    Anyway keep up the nice quality writing, it’s rare to see a great blog like this one these days.

  24. Google Maps is typically meant to provide info about the company nside a particular area.
    The most popular of these niches are restaurant
    guides. If you need someone to manage yyour campaigns
    call mme at 863-698-8266 and I will be glad to help you get
    started.

    my web blog; compare automobile code scanners

  25. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make
    your point. You definitely know what youre talking
    about, why waste your intelligence on just posting videos
    to your blog when you could be giving us something informative to read?

  26. And this is where Mobile Marketing has come in and taken the nation by storm.

    This is a question that more and more small companies have to ask themselves as people.
    The mobile Internet brings the same flexibility to
    handheld devices as the World Wide Web brought
    how to make money online fast cash PCs.

  27. Marisol says:

    It’s in fact very difficult in this active life to listen news on Television, so I only use
    the web for that purpose, and take the most up-to-date news.

    Check out my webpage: quick weight (Marisol)

  28. Eve says:

    Excellent post. I was checking constantly this blog and I am impressed!
    Extremely helpful info specially the last part :) I care for such information much.
    I was seeking this certain info for a very long time.
    Thank you and good luck.

    Feel free to surf to my webpage … Eve

  29. Fastidious answers in return of this issue with real arguments and explaining
    the whole thing on the topic of that.

  30. This paragraph will assist the internet users for setting
    up new web site or even a weblog from start to end.

  31. These exercises are ggreat for increasing
    your metabolism levels, therefore helping you get a flat
    stomach quicker. No longer can you be in thee spaxe of negativity with your body or you will continue to attract misery and pain and weight loss smoothies book.

    The answer to getting rid of and controlling toxins is simple.

  32. In order to grab one of the most suitable lotion, an individual will need to learn about her or his skin forms.
    com – which offers advice and tips on Skin Bleaching, Skin Lightening, Skin Whitening, Skin Brightening etc.
    They can treat, acne scars, age spots, fine lines, wrinkles,
    freckles, uneven skin tone, and rough skin.

  33. In terms of minecraft toys for kids, during our review visit we saw everything from baby feeding sets,
    great P’kolino toddler toys and art supplies, and Eco-Kids art supplies, to craft kits, puzzles,
    small novelty toys, candy, Ugly Dolls, and savings banks.
    Overall, this new Oak Park children’s store is well worth a visit either to shop
    for unique and stylish children’s clothing and toys or as
    a way of clearing out and giving a second life to old but good-quality
    kids’ clothing and toys. So if you’re a retail store, you can market your products through your internet retail front.

  34. You could make money online with My – Space if you know how to play your cards right.
    When first starting out, try to give people the best deal on the site or close to it.
    She did not forget to thank the technology that had made
    it possible for her to realize her dream.

    Here is my homepage :: Anik’s earnings institute

  35. Indira says:

    At this moment I am ready to do my breakfast,
    when having my breakfast coming over again to read additional news.

  36. Shayla says:

    Our bodies are great at adaptation, and one of the
    things it does best is hoard energy to ward off starvation in the future.

    In fact, both of these are very loose with only some general guidelines to follow.

    It is possible if you have the will and determination to not only maintain your figure but
    lose weight during this winter celebration.

  37. You will be amazed at how smart your child becomes by constantly playing with the best toddler toys on it.
    The Newhaven crib includes four level mattress adjustment bed bath and beyond coupon at buy buy baby 2 compartment under-crib storage drawer.
    Plus, once your contemporary nursery is done your entire house will
    flow together beautifully.

  38. Its like yoou read my mind! You seem to know a lot
    approximately this, like yoou wrote the guide in it
    or something. I believe that you just could do with some percent tto force the message
    home a little bit, but innstead of that, this is fantastic blog.
    A fantastic read. I will certainly be back.

    Feel free tto visit my homepage: treatment for hair loss in male

  39. Step 2: Use a small brush and black face paint to create the outline of a bat.
    Thus, you can purchase almost any clothes you wish to buy for your kids at
    kids online shopping in India. From there, I sent everyone home appliances, packed up and checked out the mobile app from my house.

  40. Their set color schemes include: Green & White, Grey and White and
    Brown and Green. Made of cultivated beechwood,
    delivering strong, solid and durable product. Even if there is no label around,
     it will be better to ask the seller about the cleaning method 20 bed bath and beyond coupon may 2012 stuff.

  41. Choosing the right sms service provider for your business can take a
    little more of your valuable time but at the end it will be all worth the time and effort.
    Lastly, mobile marketing is effective because mobile devices are easy
    to use. With the best way to make money online for free sheer amount of hours spent sending and
    reading texts, calling friends and family, reading e-mails and even accessing the Internet, it is without a doubt that mobile
    marketing has become an important advertising tool these days.

  42. strona www says:

    Do you mind if I quote a couple of your posts as long as I provide credit and sources back to your weblog?

    My blog site is in the very same niche as yours and my users would truly benefit from some of the information you
    present here. Please let me know if this alright with you.

    Thank you!

  43. Use of appealing visuals and controls of Thief Deadly Shadows.
    Since the time to time. Free mobile clash of clans hack games to have an inclination towards playing games and games.
    It could clash of clans hack enable you to compete against previous workouts.

  44. However , a week before my top class, I made the
    decision against this. Remember that your annuity
    payments are liable to taxation. The next section can give the
    details from the position by itself. Concessions, licenses, enables, assets privatized,
    tenders awarded are all susceptible to reallocation charges.

    My webpage studying tips

  45. Unfortunately, many Americans who need to lose “unhealthy” excess
    body fat enroll in weight loss smoothies recipes loss programs that lead to long-term weight gain. Because your physique is usually absorbing fats, workout is the most vital detail you should be doing.
    Those are much healthier selections, and will give
    you what you need Don’t just consume empty carbohydrates
    either (A LOT of white foods are like this).

  46. What’s up, yup this article is genuinely pleasant and I have learned lot of things from it on the
    topic of blogging. thanks.

  47. Most people quit their weight loss venture mid way.
    Keep this in your mind, it will guide you at the right direction in youhr
    journey of weiight loss. These capsules are easy and
    convenient tto take everyday.

    My website: i need a flat stomach in 3 days

  48. google says:

    Blessed with various geothermal areas across the island, Dominica features a rare and wonderful “ace
    in the hole”. One of the most essential
    steps in drain repair is when you are reinstalling the
    pipes and gluing them together. Nonprescription medicines with simethicone include Gas-X and Mylicon. Using a similar
    process for the breweries’ spent wet grain, first water is removed
    from the wet spent grain, then the grain is dried,
    and then burned to produce energy. Recuerda que debes disfrutar con la bondad, el amor y el perdn. Un estudio indica un incremento de 185% entre 1994 y
    2010 en E. Although Mexico manufacturers many medical devices, it imported
    product valued at US $2.

  49. Muhammad says:

    Informative article, totally what I needed.

Leave a Reply

Your email address will not be published. Fields marked * are required.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


livelyblog.com | Random blog | Login | Get your own blog | ^^^
anonymous.livelyblog.com/Login