Overclock.net › Forums › Industry News › Hardware News › [HNN/Softpedia] New Intel CPUs Have NSA Exploitable Secret Hidden Backdoor
New Posts  All Forums:Forum Nav:

[HNN/Softpedia] New Intel CPUs Have NSA Exploitable Secret Hidden Backdoor - Page 9

post #81 of 139
Here's the talk that those slides are from:

https://www.youtube.com/watch?v=4kCICUPc9_8

Not sure why chicken little is yelling about NSA backdoors. Yes, there's a microcontroller in the PCH, yes it has access to your network adapter. How else is stuff like wake on LAN supposed to be implemented?
Edited by TranquilTempest - 6/20/16 at 12:11pm
1
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 930 @ 3.6 Gigabyte x58a ud3r Gigabyte GV-R6870C-1GD Mushkin Redline 
Hard DriveOptical DriveMonitorKeyboard
2x 1TB Spinpoint samsung dvd burner Samsung p2370 + Mitsubishi Diamond Pro 930SB WASD keyboards v1 semi custom w/ cherry browns 
PowerCaseMouse
Antec CP-850 Antec P183 CM Storm Spawn 
  hide details  
Reply
1
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 930 @ 3.6 Gigabyte x58a ud3r Gigabyte GV-R6870C-1GD Mushkin Redline 
Hard DriveOptical DriveMonitorKeyboard
2x 1TB Spinpoint samsung dvd burner Samsung p2370 + Mitsubishi Diamond Pro 930SB WASD keyboards v1 semi custom w/ cherry browns 
PowerCaseMouse
Antec CP-850 Antec P183 CM Storm Spawn 
  hide details  
Reply
post #82 of 139
Quote:
Originally Posted by mothergoose729 View Post

I don't dispute that it is possible, I just don't think NSA could keep it a secret. You can't route packets in a packet network without exposing your address in the packet header. If this were taking place on any scale, it would be discovered immediately. Any router with even the most basic of logging software would show in the log file.


Before Snowden, i would have said it's impossible. After Snowden, i don't regard anything impossible anymore. But, i don't think that IF NSA has anything to do with this, that they would use this backdoor en masse. It's like using nuclear weapons as first resort. It doesn't make sense. This is a powerful backdoor, assuming it can be exploited. So you don't want to use it often.

The exposure of the address is a non issue, as i am sure NSA has ample amount of proxy servers, where the only thing you 'd see in your router, is that you connected to one of the miriad of akamai.net servers for example. They wouldn't use "NSA computers". I mean, the "Anonymous" can remain anonymous, imagine if NSA can't.

So what would the router show? That your hope IP, made a connection with TCP to 245.xxy.435.yyx. Which you resolve to be a server somewhere in the US. So? How are you going to tell that's an NSA server and that you don't have a legitimate application that is simply autoupdating at the time or that you simply have a malware infection that your antivirus can't catch?

I mean, what's the difference with having the backdoor in the hard disk?

http://www.techpowerup.com/209925/nsa-hides-spying-backdoors-into-hard-drive-firmware

Won't the backdoor need to pass through the router again? So, why is NSA bothering? Because they don't think it's a problem apparently. How many people pass through a sea of connections every day logged in their router to see what was every single connection they made? In theory, you can have this thing phone home once a year at midnight. Are you going to analyze the logs of the router that particularly night and think "hmm, this server in the US, leading to akamai.net, must be an NSA's hidden proxy"? biggrin.gif Or, what is different than having a software backdoor? Or is NSA shy of using software backdoors too? Won't the router show the same as with hardware backdoor? So, why should NSA have problem with hardware backdoors?

Now, i 've no idea if NSA has anything to do with this, but, if i was NSA, i 'd certainly think about taking advantage of this as "ultimate weapon". Software backdoors, are to be preferred for wide use, because software updates often, the hole might be patched, software always has holes, so if one finds a hole, it's "normal". But hardware backdoor, is "nuclear weapon". And you don't use nuclears every day.

I mean, it's not that NSA is so shy about hardware backdoors anymore...
Quote:
NSA director defends plan to maintain 'backdoors' into technology companies

https://www.theguardian.com/us-news/2015/feb/23/nsa-director-defends-backdoors-into-technology-companies

Quote:
"Jim would like a back door available to American law enforcement in all devices globally. And, frankly, I think on balance that actually harms American safety and security, even though it might make Jim's job a bit easier in some specific circumstances."
http://www.usatoday.com/story/news/2016/02/21/ex-nsa-chief-backs-apple-iphone-back-doors/80660024/

Quote:
Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA

Juniper Networks, a tech giant that produces networking equipment used by an array of corporate and government systems, announced on Thursday that it had discovered two unauthorized backdoors in its firewalls, including one that allows the attackers to decrypt protected traffic passing through Juniper’s devices.
https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/

Here's an interesting coincidence with the current topic. The encryption used on the Intel chip is:
Quote:
Although the ME firmware is cryptographically protected with RSA 2048,
Quote:
Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers.

Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or "back door" - that allowed the NSA to crack the encryption.

http://www.reuters.com/article/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331
Quote:
NSA’s backdoor catalog exposed: Targets include Juniper, Cisco, Samsung, Huawei

https://gigaom.com/2013/12/29/nsas-backdoor-catalog-exposed-targets-include-juniper-cisco-samsung-and-huawei/

^ They backdoored firewalls, the irony!




So, a security company named RSA, has made the encryption for the Intel chip and the same company has received money from NSA to basically make an encryption with code from NSA, including backdoor.

So, if anything, one may have some doubts, about how "independent" to NSA pressures this company is...


So, i don't know if the Intel chip is or can be controlled by NSA, but surely, the love of NSA towards hardware backdoors and encryption backdoors, is not disputed. Thus, i don't know if NSA CAN currently control the chip, but i sure think they 'd love to!
Main
(16 items)
 
Dedicated Encoder
(15 items)
 
 
CPUMotherboardGraphicsRAM
FX-8320@4Ghz Gigabyte 970 UD3P rev2.1 Gainward GTX 750Ti Corsair XMS3 1600Mhz 16GB (4x4GB) 
Hard DriveHard DriveOptical DriveOptical Drive
Crucial BX100 250GB Western Digital Green 2TB LiteOn Blu-Ray Burner IHBS 112-2 LG BH16NS55 Blu-Ray Burner 
CoolingOSMonitorKeyboard
Scythe Katana 3 Windows 7 Pro 64bit ASUS 22" VS228HR Microsoft Wired Keyboard 600 
PowerCaseMouseAudio
EVGA 430W Sharkoon VG4-V Logitech M90 Onboard 
CPUMotherboardGraphicsRAM
FX-8300 Asrock 970 Extreme3 HIS 6570 Silence Corsair XMS3 1600Mhz 8GB (2x4GB) CAS9 
Hard DriveHard DriveOptical DriveCooling
Plextor M6S 128GB Toshiba 2TB SATAIII LiteOn Blu Ray burner IHBS 112-2 Xigmatek Balder 
OSMonitorKeyboardPower
Windows 7 Pro 64bit Samsung S22B350H Microsoft Wired 600 Corsair VS350 
CaseMouseAudio
Lepa LPC 306 Logitech M90 Onboard 
  hide details  
Reply
Main
(16 items)
 
Dedicated Encoder
(15 items)
 
 
CPUMotherboardGraphicsRAM
FX-8320@4Ghz Gigabyte 970 UD3P rev2.1 Gainward GTX 750Ti Corsair XMS3 1600Mhz 16GB (4x4GB) 
Hard DriveHard DriveOptical DriveOptical Drive
Crucial BX100 250GB Western Digital Green 2TB LiteOn Blu-Ray Burner IHBS 112-2 LG BH16NS55 Blu-Ray Burner 
CoolingOSMonitorKeyboard
Scythe Katana 3 Windows 7 Pro 64bit ASUS 22" VS228HR Microsoft Wired Keyboard 600 
PowerCaseMouseAudio
EVGA 430W Sharkoon VG4-V Logitech M90 Onboard 
CPUMotherboardGraphicsRAM
FX-8300 Asrock 970 Extreme3 HIS 6570 Silence Corsair XMS3 1600Mhz 8GB (2x4GB) CAS9 
Hard DriveHard DriveOptical DriveCooling
Plextor M6S 128GB Toshiba 2TB SATAIII LiteOn Blu Ray burner IHBS 112-2 Xigmatek Balder 
OSMonitorKeyboardPower
Windows 7 Pro 64bit Samsung S22B350H Microsoft Wired 600 Corsair VS350 
CaseMouseAudio
Lepa LPC 306 Logitech M90 Onboard 
  hide details  
Reply
post #83 of 139
Quote:
Originally Posted by clao View Post

well good thing I went with AMD ...

Notice that everything AMD from Family 16h onwards comes with PSP (Platform Security Processor), AMD's variation on the Intel's ME theme.
HAL-9011
(14 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 960T X6 4.1GHz ASUS M4A89GTD Pro Radeon HD 6870 16 GB DDR3 1600MHz 8·8·8·24 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vertex 4 128GB OCZ Vertex 2 120GB WD Caviar Black 1TB LG DVD-RW 
CoolingCoolingOSOS
Noctua NH-D14 Accelero S1 R.2 + 2x NF-F12 Se7en x64 Se7en x32 
PowerCase
Antec TP-650W CM HAF 912 + 
  hide details  
Reply
HAL-9011
(14 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II 960T X6 4.1GHz ASUS M4A89GTD Pro Radeon HD 6870 16 GB DDR3 1600MHz 8·8·8·24 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vertex 4 128GB OCZ Vertex 2 120GB WD Caviar Black 1TB LG DVD-RW 
CoolingCoolingOSOS
Noctua NH-D14 Accelero S1 R.2 + 2x NF-F12 Se7en x64 Se7en x32 
PowerCase
Antec TP-650W CM HAF 912 + 
  hide details  
Reply
post #84 of 139
This is how the NSA primarily works. They FUND research and programs for security, so those adopted programs and techniques get back-doored by them.

If Intel cared or, maybe wasn't under some contract with the NSA, they'd let independent developers write their own code for it.
AMD Box
(15 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320E @ 4.6 GHz +0.356250v offset Asus Sabertooth 990FX Rev1 eVGA GTX 970 SC ACX2.0 Patriot Viper Xtreme 2x4 GB 1600LL 8-9-8-24 1T 
Hard DriveHard DriveHard DriveCooling
Samsung 840 EVO WD Black 1 TB 32MB cache FALS WD Blue 1 TB 7200rpm EZEX Corsair H80i 
OSMonitorKeyboardPower
Windows 10 x64 HP LP2475w Logitech Illuminated Corsair TX750  
CaseMouseAudio
You don't want to know Logitech G9x Creative Sound Blaster Z 
  hide details  
Reply
AMD Box
(15 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320E @ 4.6 GHz +0.356250v offset Asus Sabertooth 990FX Rev1 eVGA GTX 970 SC ACX2.0 Patriot Viper Xtreme 2x4 GB 1600LL 8-9-8-24 1T 
Hard DriveHard DriveHard DriveCooling
Samsung 840 EVO WD Black 1 TB 32MB cache FALS WD Blue 1 TB 7200rpm EZEX Corsair H80i 
OSMonitorKeyboardPower
Windows 10 x64 HP LP2475w Logitech Illuminated Corsair TX750  
CaseMouseAudio
You don't want to know Logitech G9x Creative Sound Blaster Z 
  hide details  
Reply
post #85 of 139
I thought this had plenty of options to disable it and such in the bios? Even if bios no longer has those options, couldn't someone just block the ports this tries to send data on in the router? If it even has external communication abilities, I thought it was only able to send/receive over LAN.

oh nope, it can do external now too:
Quote:
AMT version 4.0 and higher can establish a secure communication tunnel between a wired PC and an IT console outside the corporate firewall.[1][25] In this scheme, a management presence server (Intel calls this a "vPro-enabled gateway") authenticates the PC, opens a secure TLS tunnel between the IT console and the PC, and mediates communication.[1][26] The scheme is intended to help the user or PC itself request maintenance or service when at satellite offices or similar places where there is no on-site proxy server or management appliance.



There is also this though:
Quote:
Because AMT allows access to the PC below the OS level, security for the AMT features is a key concern.

Security for communications between Intel AMT and the provisioning service and/or management console can be established in different ways depending on the network environment. Security can be established via certificates and keys (TLS public key infrastructure, or TLS-PKI), pre-shared keys (TLS-PSK), or administrator password.[1][2]

Security technologies that protect access to the AMT features are built into the hardware and firmware. As with other hardware-based features of AMT, the security technologies are active even if the PC is powered off, the OS is crashed, software agents are missing, or hardware (such as a hard drive or memory) has failed

Edited by EniGma1987 - 6/20/16 at 1:16pm
Gaming
(17 items)
 
Gaming PC
(20 items)
 
 
CPUMotherboardGraphicsRAM
7700K AS Rock Z170 OC Formula Titan X Pascal 2050MHz 64GB DDR4-3200 14-14-14-34-1T 
Hard DriveHard DriveHard DriveCooling
950 EVO m.2 OS drive 850 EVO 1TB games drive Intel 730 series 500GB games drive Custom water cooling 
OSMonitorKeyboardPower
Win 10 Pro x64 AMH A399U E-Element mechanical, black switches, Vortex b... EVGA G3 1kw 
CaseMouseAudioAudio
Lian-Li PC-V1000L Redragon M901 LH Labs Pulse X Infinity DAC Custom built balanced tube amp with SS diamond ... 
Audio
MrSpeakers Alpha Prime 
  hide details  
Reply
Gaming
(17 items)
 
Gaming PC
(20 items)
 
 
CPUMotherboardGraphicsRAM
7700K AS Rock Z170 OC Formula Titan X Pascal 2050MHz 64GB DDR4-3200 14-14-14-34-1T 
Hard DriveHard DriveHard DriveCooling
950 EVO m.2 OS drive 850 EVO 1TB games drive Intel 730 series 500GB games drive Custom water cooling 
OSMonitorKeyboardPower
Win 10 Pro x64 AMH A399U E-Element mechanical, black switches, Vortex b... EVGA G3 1kw 
CaseMouseAudioAudio
Lian-Li PC-V1000L Redragon M901 LH Labs Pulse X Infinity DAC Custom built balanced tube amp with SS diamond ... 
Audio
MrSpeakers Alpha Prime 
  hide details  
Reply
post #86 of 139
What if you use a different NIC than the Intel one?
AMD Box
(15 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320E @ 4.6 GHz +0.356250v offset Asus Sabertooth 990FX Rev1 eVGA GTX 970 SC ACX2.0 Patriot Viper Xtreme 2x4 GB 1600LL 8-9-8-24 1T 
Hard DriveHard DriveHard DriveCooling
Samsung 840 EVO WD Black 1 TB 32MB cache FALS WD Blue 1 TB 7200rpm EZEX Corsair H80i 
OSMonitorKeyboardPower
Windows 10 x64 HP LP2475w Logitech Illuminated Corsair TX750  
CaseMouseAudio
You don't want to know Logitech G9x Creative Sound Blaster Z 
  hide details  
Reply
AMD Box
(15 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320E @ 4.6 GHz +0.356250v offset Asus Sabertooth 990FX Rev1 eVGA GTX 970 SC ACX2.0 Patriot Viper Xtreme 2x4 GB 1600LL 8-9-8-24 1T 
Hard DriveHard DriveHard DriveCooling
Samsung 840 EVO WD Black 1 TB 32MB cache FALS WD Blue 1 TB 7200rpm EZEX Corsair H80i 
OSMonitorKeyboardPower
Windows 10 x64 HP LP2475w Logitech Illuminated Corsair TX750  
CaseMouseAudio
You don't want to know Logitech G9x Creative Sound Blaster Z 
  hide details  
Reply
post #87 of 139
Quote:
Originally Posted by EniGma1987 View Post

I thought this had plenty of options to disable it and such in the bios? Even if bios no longer has those options, couldn't someone just block the ports this tries to send data on in the router?

I don't know about Intel BIOS. About router, see previous pages, same question was made. To put it otherwise. When you get infected these days, there is always a chance, that you got delivered a software rootkit. By definition, a rootkit hides from the OS. This means, that even if you manage to detect it at some point, you can never be certain 100% on what it has done in the meantime. Your PC may have become a puppet for all you know. Thus, the advice in any doubt is "format". This is the only way to be 100% certain that nothing was left behind after an antivirus "cleanup" (antiviruses and cleanup is always a thing that goes well together). Actually, you should format and make sure you also overwrite the MBR, because there have been rootkits that install themselves on the MBR, so they are immune to any kind of image restore for example, that doesn't include the MBR too.

If you get hardware rootkit, there is no format you can do. Routers are good from protecting you from the outside world. Not much help if you get infected.
Main
(16 items)
 
Dedicated Encoder
(15 items)
 
 
CPUMotherboardGraphicsRAM
FX-8320@4Ghz Gigabyte 970 UD3P rev2.1 Gainward GTX 750Ti Corsair XMS3 1600Mhz 16GB (4x4GB) 
Hard DriveHard DriveOptical DriveOptical Drive
Crucial BX100 250GB Western Digital Green 2TB LiteOn Blu-Ray Burner IHBS 112-2 LG BH16NS55 Blu-Ray Burner 
CoolingOSMonitorKeyboard
Scythe Katana 3 Windows 7 Pro 64bit ASUS 22" VS228HR Microsoft Wired Keyboard 600 
PowerCaseMouseAudio
EVGA 430W Sharkoon VG4-V Logitech M90 Onboard 
CPUMotherboardGraphicsRAM
FX-8300 Asrock 970 Extreme3 HIS 6570 Silence Corsair XMS3 1600Mhz 8GB (2x4GB) CAS9 
Hard DriveHard DriveOptical DriveCooling
Plextor M6S 128GB Toshiba 2TB SATAIII LiteOn Blu Ray burner IHBS 112-2 Xigmatek Balder 
OSMonitorKeyboardPower
Windows 7 Pro 64bit Samsung S22B350H Microsoft Wired 600 Corsair VS350 
CaseMouseAudio
Lepa LPC 306 Logitech M90 Onboard 
  hide details  
Reply
Main
(16 items)
 
Dedicated Encoder
(15 items)
 
 
CPUMotherboardGraphicsRAM
FX-8320@4Ghz Gigabyte 970 UD3P rev2.1 Gainward GTX 750Ti Corsair XMS3 1600Mhz 16GB (4x4GB) 
Hard DriveHard DriveOptical DriveOptical Drive
Crucial BX100 250GB Western Digital Green 2TB LiteOn Blu-Ray Burner IHBS 112-2 LG BH16NS55 Blu-Ray Burner 
CoolingOSMonitorKeyboard
Scythe Katana 3 Windows 7 Pro 64bit ASUS 22" VS228HR Microsoft Wired Keyboard 600 
PowerCaseMouseAudio
EVGA 430W Sharkoon VG4-V Logitech M90 Onboard 
CPUMotherboardGraphicsRAM
FX-8300 Asrock 970 Extreme3 HIS 6570 Silence Corsair XMS3 1600Mhz 8GB (2x4GB) CAS9 
Hard DriveHard DriveOptical DriveCooling
Plextor M6S 128GB Toshiba 2TB SATAIII LiteOn Blu Ray burner IHBS 112-2 Xigmatek Balder 
OSMonitorKeyboardPower
Windows 7 Pro 64bit Samsung S22B350H Microsoft Wired 600 Corsair VS350 
CaseMouseAudio
Lepa LPC 306 Logitech M90 Onboard 
  hide details  
Reply
post #88 of 139
Quote:
Originally Posted by umeng2002 View Post

What if you use a different NIC than the Intel one?

If the NIC has support for Intel ME then it will pass through the commands as well. Im betting that is pretty much all of them.



Edit:
Quote:
Originally Posted by Undervolter View Post

I don't know about Intel BIOS. About router, see previous pages, same question was made. To put it otherwise. When you get infected these days, there is always a chance, that you got delivered a software rootkit. By definition, a rootkit hides from the OS. This means, that even if you manage to detect it at some point, you can never be certain 100% on what it has done in the meantime. Your PC may have become a puppet for all you know. Thus, the advice in any doubt is "format". This is the only way to be 100% certain that nothing was left behind after an antivirus "cleanup" (antiviruses and cleanup is always a thing that goes well together). Actually, you should format and make sure you also overwrite the MBR, because there have been rootkits that install themselves on the MBR, so they are immune to any kind of image restore for example, that doesn't include the MBR too.

If you get hardware rootkit, there is no format you can do. Routers are good from protecting you from the outside world. Not much help if you get infected.

That doesn't really answer my question at all though. If the ports the ME interface uses to do communication are blocked, how could a backdoor in the interface be accessed, and if there was a rootkit already in the computer, how would it communicate out if the firewall has the communication blocked off? IME seems to use ports 16992 and 16993 if those ports are blocked for in and out, how would a rootkit through the IME using those ports get the data out?
EDIT again:
I dont mean to offend, but I honestly dont think you can answer such a question. I was reading some of your other posts and you seem to have a great misunderstanding about how routers and firewalls and even TCP/IP works.
Edited by EniGma1987 - 6/20/16 at 1:29pm
Gaming
(17 items)
 
Gaming PC
(20 items)
 
 
CPUMotherboardGraphicsRAM
7700K AS Rock Z170 OC Formula Titan X Pascal 2050MHz 64GB DDR4-3200 14-14-14-34-1T 
Hard DriveHard DriveHard DriveCooling
950 EVO m.2 OS drive 850 EVO 1TB games drive Intel 730 series 500GB games drive Custom water cooling 
OSMonitorKeyboardPower
Win 10 Pro x64 AMH A399U E-Element mechanical, black switches, Vortex b... EVGA G3 1kw 
CaseMouseAudioAudio
Lian-Li PC-V1000L Redragon M901 LH Labs Pulse X Infinity DAC Custom built balanced tube amp with SS diamond ... 
Audio
MrSpeakers Alpha Prime 
  hide details  
Reply
Gaming
(17 items)
 
Gaming PC
(20 items)
 
 
CPUMotherboardGraphicsRAM
7700K AS Rock Z170 OC Formula Titan X Pascal 2050MHz 64GB DDR4-3200 14-14-14-34-1T 
Hard DriveHard DriveHard DriveCooling
950 EVO m.2 OS drive 850 EVO 1TB games drive Intel 730 series 500GB games drive Custom water cooling 
OSMonitorKeyboardPower
Win 10 Pro x64 AMH A399U E-Element mechanical, black switches, Vortex b... EVGA G3 1kw 
CaseMouseAudioAudio
Lian-Li PC-V1000L Redragon M901 LH Labs Pulse X Infinity DAC Custom built balanced tube amp with SS diamond ... 
Audio
MrSpeakers Alpha Prime 
  hide details  
Reply
post #89 of 139
Quote:
Originally Posted by EniGma1987 View Post


That doesn't really answer my question at all though. If the ports the ME interface uses to do communication are blocked, how could a backdoor in the interface be accessed, and if there was a rootkit already in the computer, how would it communicate out if the firewall has the communication blocked off? IME seems to use ports 16992 and 16993 if those ports are blocked for in and out, how would a rootkit through the IME using those ports get the data out?
EDIT again:
I dont mean to offend, but I honestly dont think you can answer such a question. I was reading some of your other posts and you seem to have a great misunderstanding about how routers and firewalls and even TCP/IP works.


I haven't really watched that 55 mins video of that guy, so i don't know anything about which ports and how exactly it works. My understanding is that there is a part of operation which is made at motherboard level, way before the router can do anything about it and the chip can then use the NIC to "phone home". The router, AFAIK doesn't stop anything outbound. This is why so many people get infected, despite being behind routers. The Damien guy in the article i posted in previous page also says that it bypasses firewalls, which i can believe, because it's at such low level that it runs below the level of the firewall filter. So yes, your router will show the connection. And this is it... It will show a connection to some remote proxy server. It's not like you will see in router log: Home IP (192.168.1.0) port 80 TCP ACK remote IP 212.134.134.214 (random IP, i don't know what it is), port 1244 NSA.NET! biggrin.gif

The problem with rootkits, is this. If someone can decrypt the encryption, then it can make a custom firmware and reflash it at will, to make whatever. It can change even ports, that's not a problem, NSA doesn't lack good programmers.

In Stuxnet, which was running about 1 year before being detected, the NSA-israeli (assumed) team had made this little worm to activate if detects the presense of a specific version of a Siemens software and if this software wasn't detected, the worm was entering a "on hold" or "hibernated" state.

Point is, if you decrypt the encryption, you can alter the code as you please. If the hardware permits it, you can even reprogram the chip to show you the Simpsons at boot (just saying as example). It's a bit like people who make custom BIOSes. They can do it if they are unlocked.

That's why the only "secure" solution against even suspicion of rootkit is "format, including MBR".

The good thing with all this, as i said, is that, exploiting this chip, gives a powerful backdoor. So, like all powerful weapons, you don't waste them for "John Doe". Just like you don't throw Stuxnet to average Joe. You throw it at Iran. Eventually Stuxnet got out of control, which how the rest of us came to know about it. But, if it wasn't for the thing going out of control, it was running for 1 year undetected.
Edited by Undervolter - 6/20/16 at 2:01pm
Main
(16 items)
 
Dedicated Encoder
(15 items)
 
 
CPUMotherboardGraphicsRAM
FX-8320@4Ghz Gigabyte 970 UD3P rev2.1 Gainward GTX 750Ti Corsair XMS3 1600Mhz 16GB (4x4GB) 
Hard DriveHard DriveOptical DriveOptical Drive
Crucial BX100 250GB Western Digital Green 2TB LiteOn Blu-Ray Burner IHBS 112-2 LG BH16NS55 Blu-Ray Burner 
CoolingOSMonitorKeyboard
Scythe Katana 3 Windows 7 Pro 64bit ASUS 22" VS228HR Microsoft Wired Keyboard 600 
PowerCaseMouseAudio
EVGA 430W Sharkoon VG4-V Logitech M90 Onboard 
CPUMotherboardGraphicsRAM
FX-8300 Asrock 970 Extreme3 HIS 6570 Silence Corsair XMS3 1600Mhz 8GB (2x4GB) CAS9 
Hard DriveHard DriveOptical DriveCooling
Plextor M6S 128GB Toshiba 2TB SATAIII LiteOn Blu Ray burner IHBS 112-2 Xigmatek Balder 
OSMonitorKeyboardPower
Windows 7 Pro 64bit Samsung S22B350H Microsoft Wired 600 Corsair VS350 
CaseMouseAudio
Lepa LPC 306 Logitech M90 Onboard 
  hide details  
Reply
Main
(16 items)
 
Dedicated Encoder
(15 items)
 
 
CPUMotherboardGraphicsRAM
FX-8320@4Ghz Gigabyte 970 UD3P rev2.1 Gainward GTX 750Ti Corsair XMS3 1600Mhz 16GB (4x4GB) 
Hard DriveHard DriveOptical DriveOptical Drive
Crucial BX100 250GB Western Digital Green 2TB LiteOn Blu-Ray Burner IHBS 112-2 LG BH16NS55 Blu-Ray Burner 
CoolingOSMonitorKeyboard
Scythe Katana 3 Windows 7 Pro 64bit ASUS 22" VS228HR Microsoft Wired Keyboard 600 
PowerCaseMouseAudio
EVGA 430W Sharkoon VG4-V Logitech M90 Onboard 
CPUMotherboardGraphicsRAM
FX-8300 Asrock 970 Extreme3 HIS 6570 Silence Corsair XMS3 1600Mhz 8GB (2x4GB) CAS9 
Hard DriveHard DriveOptical DriveCooling
Plextor M6S 128GB Toshiba 2TB SATAIII LiteOn Blu Ray burner IHBS 112-2 Xigmatek Balder 
OSMonitorKeyboardPower
Windows 7 Pro 64bit Samsung S22B350H Microsoft Wired 600 Corsair VS350 
CaseMouseAudio
Lepa LPC 306 Logitech M90 Onboard 
  hide details  
Reply
post #90 of 139
People assuming the NSA doesn't have the source code for this? People thinking Intel didn't give them the source code for this? People thinking Intel wasn't served with a NSL for the source code for this? People thinking Intel employees don't have friends in the NSA who slipped a thumb drive into their hamburger at Saturday's BBQ lunch with the source code on it?

rolleyes.gifbiggrin.gif
AMD Box
(15 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320E @ 4.6 GHz +0.356250v offset Asus Sabertooth 990FX Rev1 eVGA GTX 970 SC ACX2.0 Patriot Viper Xtreme 2x4 GB 1600LL 8-9-8-24 1T 
Hard DriveHard DriveHard DriveCooling
Samsung 840 EVO WD Black 1 TB 32MB cache FALS WD Blue 1 TB 7200rpm EZEX Corsair H80i 
OSMonitorKeyboardPower
Windows 10 x64 HP LP2475w Logitech Illuminated Corsair TX750  
CaseMouseAudio
You don't want to know Logitech G9x Creative Sound Blaster Z 
  hide details  
Reply
AMD Box
(15 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320E @ 4.6 GHz +0.356250v offset Asus Sabertooth 990FX Rev1 eVGA GTX 970 SC ACX2.0 Patriot Viper Xtreme 2x4 GB 1600LL 8-9-8-24 1T 
Hard DriveHard DriveHard DriveCooling
Samsung 840 EVO WD Black 1 TB 32MB cache FALS WD Blue 1 TB 7200rpm EZEX Corsair H80i 
OSMonitorKeyboardPower
Windows 10 x64 HP LP2475w Logitech Illuminated Corsair TX750  
CaseMouseAudio
You don't want to know Logitech G9x Creative Sound Blaster Z 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Hardware News
Overclock.net › Forums › Industry News › Hardware News › [HNN/Softpedia] New Intel CPUs Have NSA Exploitable Secret Hidden Backdoor