Cory Doctorow, boingboing
A Snowden leak accompanying today's story on the NSA's Tailored Access Operations group (TAO) details the NSA's toolbox of exploits, developed by an NSA group called ANT (Advanced or Access Network Technology).
The ANT division doesn't just manufacture surveillance hardware. It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer's motherboard that is the first thing to load when a computer is turned on.
ANT's catalog runs to 50 pages, and lists electronic break-in tools, wiretaps, and other spook toys. For example, the catalog offers FEEDTROUGH, an exploit kit for Juniper Networks' firewalls; gimmicked monitor cables that leak video-signals; BIOS-based malware that compromises the computer even before the operating system is loaded; and compromised firmware for hard drives from Western Digital, Seagate, Maxtor and Samsung.
Many of the exploited products are made by American companies, and hundreds of millions of everyday people are at risk from the unpatched vulnerabilities that the NSA has discovered in their products.
This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this "Persistence" and believe this approach has provided them with the possibility of permanent access.
Another program attacks the firmware in hard drives manufactured by Western Digital, Seagate, Maxtor and Samsung, all of which, with the exception of latter, are American companies. Here, too, it appears the US intelligence agency is compromising the technology and products of American companies.
Basically, don't buy American (or Samsung) if you want your privacy. It's what Snowden's revelation has been saying for months, if you recall my previous journal on it.
I'll conclude with some tools for encryption. What you do with this information is up to you.
First, install HTTPS Everywhere to your browser. For the moment, they are only available for Firefox, Chrome, and Opera.
“Encryption Works" a guide written by former EFF Staff Technologist Micah Lee for the Freedom of the Press Foundation (an EFF client)
CyanogenMod adopted TextSecure to protect the text messages of its ten million users against mass surveillance
crypto parties teaches people about adopting encryption tools
In which Jacob Applebaum discusses US dragnet surveillance, including the revelation of NSA's intent to implant surveillance firmware to US electronic products.
