Did GCHQ reveal secrets about computer insecurity when it exorcised the Snowden leaks from the Guardian's laptops?

[Permalink]

2 Likes

Their website isn’t currently loading, but there’s this cache text-only that loads for now:

http://webcache.googleusercontent.com/search?q=cache:BIKVCpRvEGAJ:https://www.privacyinternational.org/blog/what-does-gchq-know-about-our-devices-that-we-dont&hl=en&gl=us&strip=1

Their website did load for me, albeit with agonizing slowness. I wonder if they have not paid my ISP for “fast-lane” service.

Despite my initial reaction that this smacks of yet another conspiracy theory, the article does raise an interesting question.

The author(s) of the article are reaching out to hardware manufacturers for an explanation, but with the recent revelation of the way that certain routers were physically intercepted by the NSA for the purposes of tampering with them, it may be that the manufacturers actually can’t answer for the specific computers and the specific components in question.

1 Like

Interesting, there is a small amateur chip analysis scene so hopefully someone will get hold of a similar laptop, dissolve the top of the IC case off, photograph the chips with a microscope and analyse the circuit blocks for flash memory etc.

There are three reasons I see these chips would be targeted:

  • They are OEM chips that have memory and could theoretically contain secrets. These could be put there by rougue software, either by friend or foe. [example of how to hack a keyboard][1]

  • They are not original equipment (or there is a chance that that they may not be, again, either by friend or foe) and the hacked replacement chip might contain a radio to leak secrets. This isn’t to protect secrets; it’s to protect methods … so this would probably be done if it was implanted by friends only.

  • The LTC power inverter chip is a strange one. It is a cost-optimized linear chip with no connection to any data. But it does connect to big inductors and control big currents, so it could be useful as a transmitter as-is (except that there is no data). It might be able to transmit very slowly by transmitting the current the processor takes - sometimes when a laptop “whines” when processing a lot, this is the kind of chip that makes the noise. If it had been tampered with, it might be hacked to make it a more effective transmitter (such as pre-tuning it, or disabling some of the operating modes that make it quieter).

  • And, there’s always spite/incompetence/over-careful … they could have destroyed the power supply to make the motherboard less usable in case they missed something else.

that didn’t work for me it is on the wayback already anyways.
https://web.archive.org/web/20140523151949/https://www.privacyinternational.org/blog/what-does-gchq-know-about-our-devices-that-we-dont

I thought the same thing, when I read the details of the exorcism. They were quite specific, and they wanted devices that were known, by security experts, to be possible residing places of malware NSA / GHCQ tracking/listening devices.

My guess: those chips contain a microcontroller and firmware to interface the trackpad and keyboard onto USB. e.g. there is a little 8-bit microprocessor comparable to an Arduino that scans the key switches for key presses and posts messages to the USB bus for the computer to process. If the firmware is held on EEPROM or FLASH, then there’s maybe 64kB worth of flash memory on each of those microcontrollers, and yet the actual firmware needed to scan the keyboard might only take up 8kB.

We can infer GCHQ know how to load a hacked version of the firmware onto those chips, which exploits the unused Flash storage on the general purpose chip used to scan the keyboard, as a key-logging buffer - e.g. each key press is stored in an unused address above the main program. GCHQ are physically destroying the EEPROM/FLASH devices to make sure Snowden’s passwords can’t be discovered by dumping the non-volatile memory.

This topic was automatically closed after 5 days. New replies are no longer allowed.