Hardware trojans messing with chip production

[Skybird]

An expert's assessement:
https://www.schneier.com/blog/archiv...titiously.html

And here is the original study:
http://people.umass.edu/gbecker/BeckerChes13.pdf

German source that had me finding it:
http://www.spiegel.de/netzwelt/gadge...-a-922853.html

Shouldn't the thread title be "Hypothetical hardware trojans possibly messing with chip production if you believe the conspiracy theory"?

[Skybird]

shouldn't reason dictate to assume the NSA does what is possible as long as it has not been proven that it has not? Its not as if the revelations of the past weeks and months have just been a conspiracy fantasy.

Its technically possible, and the NSA has approached all major softwrae companies including Microsoft, Google, Yahoo, Apple etc. in order to get access codes to encryption coding and security protocoles. Even more, US laws make cooperation of companies with the NSA mandatory and legally binding, if it demands it.

Quote:

shouldn't reason dictate to assume the NSA does what is possible as long as it has not been proven that it has not?

No. Reason dictates that you consider possibilities as possible, not certain. And yes, the revelations of the past few months show us that the NSA has been up to all sorts of things - but they also show that they aren't particularly good at keeping such things quiet.

[nikimcbee]

Quote:

Originally Posted by Skybird

An expert's assessement:
https://www.schneier.com/blog/archiv...titiously.html

And here is the original study:
http://people.umass.edu/gbecker/BeckerChes13.pdf

German source that had me finding it:
http://www.spiegel.de/netzwelt/gadge...-a-922853.html

No comment.

[nikimcbee]

Interesting article. It wouldn't be hard to hide special circuits in the chip.

[Jimbuna]

Quote:

Originally Posted by nikimcbee

Interesting article. It wouldn't be hard to hide special circuits in the chip.

So your party to it ya wee bugga

[nikimcbee]

Quote:

Originally Posted by Jimbuna

So your party to it ya wee bugga

Not at my pay grade.

[Skybird]

Quote:

Originally Posted by AndyJWest

No. Reason dictates that you consider possibilities as possible, not certain. And yes, the revelations of the past few months show us that the NSA has been up to all sorts of things - but they also show that they aren't particularly good at keeping such things quiet.

A long record speak against the suspect'S reputation, and so I see probability for him to play foul once again as much higher than just 50%, where as you ignorte the record and insist on a probability assessment of 50:50 : completely unknown, or random. I disagree, and I refuse to ignore what we already know about the suspect already.

Things like what Der Spiegel summarises, that you manipulate the entropy levels in certain randomization functions of the chip, are no difficult implementation, still would be extremely difficult for the end user to recognise as long as he does no9t run long, systematic test sessions with randomised function and umber generation and analysing the probability distribution. For the technical potential of somebody like the NSA, a degrading from 64 to 32 bit only already would tremendously simplify the task to break any randomised security code used by OS routines by using brute processor force to burn through. That is the ideal entry opportunity for an actor like the NSA: it's potent, but unsuspicious, and difficult to unveil.

It also is just the logcal next step, even the logically enforced next step. First there were soft trojans and virusses, rootkits and the like. Next operating systems get corrupted. Infiltrating the hardware during the production, is the next step.

And is it really that new? Some time ago there was a debate about Chinese computer tech and especially chips being used in practically every American hightech weapon system, ever cruise missiles, every platform electronics.

I already back then, two years ago it was or so, said I find it insane that one builds one owns weapons by using c hips and electronics produced by one's most pressing rival and possible future war enemy. At the same time the Americans import construction materials even like simple bricks and concrete parts when they build a new embassy in some foreign "friendly" nation like over here, for fears of getting bugged components if buying them from regional sub contractors. And at the same time they even hack friendly governments internal communication networks.

Trust me. Chip producers ARE under pressure by the NSA to build in backdoors into their hardware. I take that as 99% certain. It's technically possible, it is a benefit for the NSA, they can do it and demand it, the Patriot Act still is in effects well, and "national security" is a magic spell that immediately ends all discussion and all resistance - and so hardcoding backdoors in chips for sure gets done.

Quote:

Trust me.

No. Why should I? By your logic, I have to assume that the NSA are getting up to every dirty trick that is possible. Which includes the obvious dirty trick of planting false claims that microchip security has been breached. Or even planting people on forums to spread stories that microchip security has been breached, come to that.

Whether the story is true or not should actually make no difference to most people anyway - if you are that worried about security, don't use a computer for anything you don't want others to know about. That was good advice before this story came out, and it is good advice now. Worrying about dopant-level tampering on microchips while using an operating system you can't be sure hasn't been tampered with anyway is rather pointless.

[Skybird]

Avoiding to learn lessons by dreaming sweet dreams of a friendlier, though more unlikely world has one precondition: being asleep.

Quote:

Originally Posted by Skybird

Avoiding to learn lessons by dreaming sweet dreams of a friendlier, though more unlikely world has one precondition: being asleep.

Oh really? And what lesson haven't I learned? How exactly is your pointless paranoia about things neither of us have the ability to detect, nor the means to do anything about if we could, actually a 'lesson' in anything at all?

I've already explained that whether these 'trojans' exist or not should make no difference one way another to my behaviour. Is it going to make any difference to yours?

[the_tyrant]

Ahh, Skybird, at your level of paranoia, you should just step away from the computer and maybe go play with a calculator man.

I am sure that the Intel Xeon 5***, 3***, E3, and E5 lines have working random number generators. Why? since Intel's Xeon line has been tested and certified many times by multiple parties, and is widely used in the gambling and financial industries.

hey man, if gambling companies running millions of random number generators per second can't detect anything deviation from the norm, I think I should be fine, encrypting my pornography with a Xeon don't you think?


Also, this:

[HunterICX]

HunterICX

[Smaragdadler]

Quote:

Originally Posted by Skybird

shouldn't reason dictate to assume the NSA does what is possible as long as it has not been proven that it has not? Its not as if the revelations of the past weeks and months have just been a conspiracy fantasy.

Quote:

DER SPIEGEL 8/1989

NSA: Amerikas großes Ohr
Die National Security Agency, der aggressivste US-Nachrichtendienst, hört Freund und Feind ab
Im weltweiten Gewimmel der Funkwellen speichert die US-Regierung alle Signale, Befehle und Gespräche. Die National Security Agency (NSA), der geheimste aller Geheimdienste, lauscht rund um den Erdball und rund um die Uhr - auch in der Bundesrepublik. Letzter spektakulärer Erfolg, der die Beziehungen zwischen Bonn und Washington belastete: die von der NSA abgehörten Gespräche der Chemie-Firma Imhausen mit Libyen.

...
Link: http://www.spiegel.de/spiegel/print/d-13494509.html

Everyone is laughing about conspiracy theories - till the problems start.
Then everyone is seeing the conspiracies everywhere...