Silk Road forums
Discussion => Security => Topic started by: Fallkniven on May 16, 2013, 09:55 pm
-
Excellent read found in the Tails forum... probably old now, but still good :)
https://tails.boum.org/forum/State-sponsored_malware_can_inventory_RAM/
Cryptome has just published a public document, an order by a US judge concerning a request by the FBI to use malware to infect one or more "target computers" in a investigation of suspected money-laundering.
Once installed, the software has the capacity to search the computer’s hard drive, random access memory, and other storage media; to activate the computer’s built-in camera; to generate latitude and longitude coordinates for the computer’s location; and to transmit the extracted data to FBI agents within this district. Using this software, the government seeks to obtain the following information:
(1) records existing on the Target Computer at the time the software is installed, including:
records of Internet Protocol addresses used;
records of Internet activity, including firewall logs, caches, browser history and cookies, “bookmarked” or “favorite” Web pages, search terms that the user entered into any Internet search engine, and records of user-typed Web addresses;
records evidencing the use of the Internet Protocol addresses to communicate with the [victim’s bank’s] e-mail servers;
evidence of who used, owned, or controlled the TARGET COMPUTER at the time the things described in this warrant were created, edited, or deleted, such as logs registry entries, configuration file, saved user names and passwords, documents, browsing history, user profiles, e-mail contents, e-mail contacts, “chat,” messaging logs, photographs, and correspondence;
evidence of software that would allow others to control the TARGET COMPUTER;
evidence of times the TARGET COMPUTER was used; and
records of applications run.
(2) prospective data obtained during a 30-day monitoring period, including:
accounting entries reflecting the identification of new fraud victims;
photographs (with no audio) taken using the TARGET COMPUTER’s built-in camera after the installation of the NEW SOFTWARE, sufficient to identify the location of the TARGET COMPUTER and identify persons using the TARGET COMPUTER;
information about the TARGET COMPUTER’s physical location, including latitude and longitude calculations the NEW SOFTWARE causes the TARGET COMPUTER to make;
records of applications run.
I'm going out into leftfield with this one but I think Bill Gates is working to include these monitoring applications (malware) in builds of Windows.
Another good reason to switch to Tails and ditch Windows and Facebook.
-
I've seen claims that Windows maintains a constant connection to the NSA that's effectively hidden from within the OS. I don't know if I really believe that, but I certainly wouldn't be surprised if something vaguely similar were a part of Windows.
I also haven't read every single line of the Linux kernel and all software running on my computer though... also, Linux isn't immune to remote exploits or anything: so it could just as easily happen without Windows. Well, perhaps "just as easily," isn't accurate... but still, Linux doesn't make you immune to viruses. There are just very few people who target Linux with them, that's all: things like Java, for example, don't necessarily even need different exploits for different operating systems. Java is both a language and a set of programs for executing software written in that language -- a single exploit could work on both systems because of the Java virtual machine.
I mean Linux is definitely safer, but don't let it make you feel invulnerable is all I'm getting at.
-
Agreed. The price of freedom is eternal vigilance.
Java is both a language and a set of programs for executing software written in that language -- a single exploit could work on both systems because of the Java virtual machine.
Having never studied Java in much detail, I never knew this was how it worked. Thanks for the clarification :)
-
I'm curious to know if the more popular anti-virus or anti-malware programs can detect this government malware running in a Windows environment?
-
if you are vending you need to beusing tails, otherwise you need to trade out your tinfoil hat for something more comfortable.
-
Whether buying or selling, Tails is highly recommended for everyone concerned about their privacy and anonymity.
I like my tinfoil hat just fine thanks :) It keeps CIPAV from infecting my brain :P
-
I'm curious to know if the more popular anti-virus or anti-malware programs can detect this government malware running in a Windows environment?
The short answer is no.
The long answer is maybe. See, the problem is that when you scan for viruses on your computer, basically all you're doing is comparing files (both on the hard disk and in memory) against a list of known virus signatures. That's why you have to keep updating your antivirus definitions (that's what the definitions are, fingerprints of known viruses). There are also other ways of detecting viruses, but the problem is that they don't work very well. Like, not very well at all, actually, so for the most part antivirus programs either don't make use of them or tune the algorithms so far to one side of the scale to avoid accidentally detecting a virus in the operating system kernel or something that they basically don't work at all.
That's what the "heuristic scanning," option in some antivirus programs is actually doing. Trying to detect new or unknown viruses by comparing programs against very common behavior of viruses/malware and stuff like that. This is actually why zero day exploits are so catastrophic: they're undetectable, basically. You could have a dozen monitoring your entire system right now, and every antivirus program out there that isn't aware of those specific attacks/programs/viruses would say your system is 100% clean.
-
Agreed. The price of freedom is eternal vigilance.
Java is both a language and a set of programs for executing software written in that language -- a single exploit could work on both systems because of the Java virtual machine.
Having never studied Java in much detail, I never knew this was how it worked. Thanks for the clarification :)
A great many modern languages usually work like that. Java, Ruby, Python, Perl, PHP, Javascript, C#, and many more. Some popular languages that usually work differently are C and C++ , and of course all of the assembly languages. It is a difference between interpreted languages (which need interpreter software) and compiled languages. Although all languages can be interpreted or compiled, almost all of the popular modern languages are primarily interpreted. Interpreted languages are dependent on the interpreter, but get the advantage of being cross platform (ie: java applications work wherever there is a java interpreter aka the java virtual machine). Of course there are a lot of different virtual machines / interpreters for these languages though, Ruby has about a dozen.
-
Learning heaps today, cheers :)
I tried searching for any info on whether the AVs have detections for said malware but came up inconclusive.
-
It is good to keep in mind though that there are two things to consider. One is the correctness of the applications used. Poorly programmed software is going to have security vulnerabilities regardless of if it is running on Windows, Linux or BSD. Another thing to keep in mind though is that different operating systems have different security features for mitigating vulnerabilities. Running buggy software on OpenBSD is not going to be as big of a threat as running it on Windows XP, because OpenBSD has full ASLR which makes actually exploiting some vulnerabilities a lot harder. Qubes has really strong isolation which makes it a lot harder for an attacker who pwns an insecure application to then pwn the entire system. The differences between operating systems are even more important for really advanced users who know how to use the security features that the OS makes available. A noob using FreeBSD might not be way better off than a noob using Windows 8, but someone who has mastered the very feature rich Mandatory Access Controls of FreeBSD is likely to be better able to secure themselves than someone who has mastered Windows 8. So yes, insecure applications are insecure no matter which OS they are run on, but different operating systems have different features for mitigating the threats that insecure applications introduce.
-
I hope they target Windows users because of the sheer amount of them vs. nix users. Since we all run JVM, it wouldn't be infeasible for there to be a cross-platform program in which would work on all systems. Also, if it's not sent into virus companies (which they will most liekly be sure to exclude under LE), it may just run as a suspicious "extra few megs" of skype or some other propeitary software. I guess the only way to ensure this doesn't happen is to make sure you run no propeitary software of which the source is not openly published.
-
https://xkcd.com/463/
-
Anti Virus software is pretty much entirely worthless for protecting from this sort of attack. Anti Virus software is largely botnet size limiting software. It is to prevent a botnet virus from spreading to two million machines, not to prevent it from spreading to one million machines and definitely not to prevent it from infecting *you*. In other words, anti virus software is for protecting you decently from old viruses, and to protect from new viruses before the entire set of vulnerable machines become infected. It is not meant to stop a hacker from infecting you, and it fails horribly at doing this.
-
Good thing is, if your computer isn't connected to the net in any way the only way it can become infected is if LE break into your home and physically take control of your system.
I'm glad I went with Tails months ago, it's good not to have someone constantly looking over your shoulder.