Am i crazy? (poll)

clickbait title perhaps, but i’m serious here…

long, long ago, in interweb years, i was put in contact with a LEO who specialized in computer forensics as i recall - at the time i was running Win 9x and i had questions about how it stored data that is hidden from users and how that data can be used by LE

i tried to establish some trust with the guy before i popped the Big Question; can LE access a Windows box remotely without first installing a RAT? answer: “What do you think?” - that’s the last i heard from him

the curious among us have known about the nefarious activities of the “intelligence” communities long before Snowden, but there’s other stuff that i wonder about that is at a deeper level than OSs and the software we use - for example we can monitor net traffic with Wireshark, but might there be other protocols that we don’t know about and which cannot be monitored by a typical packet sniffer?

is it possible to send data over the power lines instead of through the modem? (the answer is ‘yes’, but what i’m asking is whether it’s possible with a typical mainboard without modification)

what dangers are there with proprietary hardware, such as a processor? can backdoors be built in to hardware?

i’d really like to hear from people who have experience with this sort of stuff

  • you’re a delusional paranoid tinfoil hat wearing masochist
  • you might not be as crazy as you think

0 voters

Firstly, are you the owner of 12bytes.org and/or author of the content there?

In answer, yes there are hardware back-doors, you have probably read about Intel ME and AMD TrustZone. You may also have read about PowerHammer.

ME has known exploits, but most of the others require very specific access and detailed knowledge of target systems that currently puts them way out of scope for most threat models and means that more mundane attacks would be more economical.

That’s not to say these exploits don’t exist though.

2 Likes

From an unspecified “law enforcement officer”. This does not mean a thing. First of all, he did not tell you yes, and then, he was probably bragging. How do you know he wasn’t ?

Also, saying that “the police” can do this and that is meaningless. What police ? In what case ? Against whom ? Are we talking about your local beat officer, looking into grannies’ computers ? Are we talking about gigantic intelligence agencies from world superpowers, trying to bust up muslim terrorists ? Not the same thing at all.

Breaking into computers takes time and money. Neither are in unlimited supply.

2 Likes

I use Maltego a fair amount, and I know that systems can be accessed remotely either with a RAT, or by some other means (maybe it’s an easy system to crack, or has a default password, etc.). Another common method (as you seem to already know) is via social engineering, so you could, in theory, be tricked into allowing someone remote access. All this to say that I don’t think that what you’re saying is so out of the question.

yes and yes - and i have read about Intel ME and AMD’s version, but not PowerHammer - i will look that up

actually he did tell me ‘yes’ - we exchanged several emails over the course of a week or so and as a result of our conversation, it was very clear what he meant by “what do you think?” - he broke off communication after that - also i was put in contact with him by a detective friend who i was posing the same sort of questions to - he didn’t know the answers which is why he put me in touch with someone he thought would

that said, i don’t remember his credentials and i’m not saying that what he told me is fact, not at all, but it did raise my eyebrows a bunch at the time and it’s something i still wonder about

1 Like

PowerHammer - oh this is fun…

Our results show that binary data can be covertly exfiltrated from air-gapped computers through the power lines at bit rates of 1000 bit/sec for the line level power-hammering attack and 10 bit/sec for the phase level power-hammering attack.

i just skimmed through the paper - they state that the attack depends on pre-loaded malware, but it is very interesting nonetheless

reminds me of ‘smart’ electrical meters

1 Like

I’m about to have a smart meter forced on me. I rage.

It equates to them saying something like, pay us $550/year or have a smart meter.

Also, I’m fairly sure their next play will be a 5g upgrade and an offer to provide wireless broadband via the meter. That meter/router is then quite a juicy target.

The Epic Saga of a Smart Meter Opt-Out - Invidious

1 Like