Re: Linux Kernel Hacked by NSA/GCHQ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/30/2013 10:53 PM, Fernando Cassia wrote:

On Fri, Aug 30, 2013 at 4:35 PM, agraham<agraham@xxxxxxx>  wrote:

"I KNOW" we can overcome this adversary and regain the freedom that the
internet once offered.


What?
You must have been living under a rock. The Echelon spy network was
exposed back in 1999, way before even 9/11
http://news.bbc.co.uk/2/hi/503224.stm

There are no secrets, get over it. If you want privacy use encryption
for email, and if you want anonymity surf using a public hotspot and
not login to any service

FC
Those are not the types of solutions I was thinking of and in fact before solutions, we need to know if/what/was/when compromised in the kernel, or did you miss the "Give me a list of compromised machines".
Given what we now know, then we apply that knowledge as far as capabilities are concerned to events of the past (particularly those that misdirected us) you have to consider that all Linux machines were compromised (while we were asleep), that's really my point, such that the methods you mentioned above are also compromised.
But this means you would need to get into certain subsystems, assuming that they have compromised the firewall / netfilter.
So, what Snowdown exposed is, I'm guessing is really just Stage 1 of this global rootkit.
Stage 2 is going to be much much more aggressive and intrusive as this would be the logical extension of Stage 1 and may even be even more invisible.
Now before you dismiss this argument, if I said "Windows", you would probably agree, yep, we're in Stage 2 of the attack, because we know (and always have) that windows is compromised and I know for a fact because I personally spent a year dis-assembling parts of the Windows kernel about 15 years ago with CodeView and a hardware debugger. 

I now believe we are already in Stage 2, but most don't realize it yet.
Let me give you another example, think back over the past few years, say even 3 years, if you check your firewall logs for any server you have install for a customer, you may have noticed a huge number of port scans from China?. For example, I noticed, at a customer site that within the first 24 hours of getting an IP address block, I had about 100,000 scans, mostly from China. 

I know it was from China because WHOIS database says so.
So, I'm trusting that WHOIS database which is controlled by Government, and guess what, the packets are not coming from China, but from the West!
So, I believe this is all part of the misinformation based on information that we had reason to implicitly trust in. So, what I'm saying now is that as we install new servers/VMs, they are being probing and finger printing the servers.
Also, I suggest that pattern analysis on these probes be done as that may also reveal more about the attacker.
The kernel compromise I'm talking about could be very very subtle that only provides enough information that allows the attacker to select their next subversion technique.
This attacker, albeit many world government working together, is nonetheless an attacker, and is using well known techniques that come from many open source projects to enact this global attack of computers.
As an example of the tools (most will know them well already, checkout the NSA job spec http://s3.documentcloud.org/documents/716069/boozallenhamiltonnsa.pdf)
Also, we must also assume that Stage 2 or 3 will include isolation and destruction not just observation. This will probably be known as the global virus control program etc..
If you think about it we are now inside the virtualized machine which is why we cannot see it. 

Until we defeat this, we may all be trapped in wonderland forever.
I mean, technically, this could be kernel bug, and the patch will probably be a single line of code, but we don't know what that bug is!
The prize for this attacker is not just a Linux server, it's the control of the entire world and the future. 

Make no mistake about it, we are under attack.

Albert.

p.s, And, I'll buy a free beer for the first one who submits a fix for this.

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux