[verax]

So I found out, there is a new NSA exploit that is entirely out of band and operates on the CPU microcode level. Basically these days with SoC (system on a chip) and the level of integration, the CPU is basically a computer in and of itself, and the CPU microcode processing is like a CPU within a CPU. This exploit can draws power from the CMOS battery of the computer, so even if computer is completely powered off and unplugged from the wall it will still work. It sends/recieves info completely out of band communications, so cannot be detected by something like wireshark or a firewall or any splitter or means of deep packet inspection. All of this can be triggered and remotely activated by the built in 3G capabilities found in any modern processor such as part of Intels (Anti Theft) measures. (For example, a Stingray like device can remotely activate the built in backdoors miles an miles away from your location - and this is for air gapped computers, for computer connected to the Internet it is much easier) Once activated, it backdoors the AES-NI component of the processor and instructing it to store all master encryption keys in a hidden section of the processor itself on the CPU chip. The CPU then communicates directly with the memory sticks (DMA in a direct memory access type of fashion) and ethernet/network adapters, bypassing the operating system, harddrive, and even much of the normal /regular motherboard itself. In essence, it is running its own computer within a computer, completely oblivious to the end user. Thus none of this can be detected in the works or caught in the act.

So sensitive information can be siphoned away via ethernet cable even when the computer is completely turned off and even when there is not a harddrive and not a working operating system. (here is to looking at you, TAILS) It is even capable of querying the memory directly to extract private key and encryption key information directly (no need for privilege escalation or zero day exploits since it does this out of band, at the microcode/firmware level outside the realms of any operating system) from RAM even after the computer has been shutdown (via cold boot attack methods), and then uploading that to a Echelon/NSA/CIA/CSS/etc station either via radio embedded on the motherboard (if you purchased your PC from amazon, etc), the via 3G chip on the chip, via high frequency acoustic channeling (a la Bad BIOS exploits) or via out of band via direct network ethernet adapter access (again bypassing completely the OS or rest of the motherboard) using its own secret encryption transport protocol (hint, not TCP/IP) or via very low frequency comms by modulating the power of the computer itself to communicate via the power outlet, /electric grid itself. It can then instruct the harddrive itself, via the controller , to storage large amounts of data that it wants to steal/siphon away in the service sectors of modern harddrives, (in encrypted format only accessible/decryptable by NSA of course) so that the end user cannot detect its existence at all (because the harddrive itself is compromised on the firmware/controller level and simply won't show it, and even if you could manage to somehow swap it out with another identical harddrive controller that was clean, you still couldn't read it because it would be encrypted and look nothing like but a high entropy bunch of randomness junk data)

Since all encryption software do not encrypt the master key in the RAM, and since all Full Disk Encryption software these days use the Intel AES-NI by default this means that it is trivial for the NSA to crack any encryption and any disk encryption, there is no brute force or cracking needed. This includes bitlocker, Truecrypt, PGP, bitmessage, HTTPS, OTR, etc etc etc

Also, once exploit is infected, it can be tasked to do other things like infect the controllers and firmware of devices on the same computer, like BIOS of the motherboard, like usb sticks, mouse, keyboard, monitors, graphics card, other PCI components, harddrives, web cams, and almost anything and everything, and yes even SD cards have firmware and micro controllers.... for example, it will essentially rootkit your usb keyboard and make it into a keylogger to record your keystrokes and mouse movements (thus attacking the "inputs" of the "end points" - the weakest point of failure other than being able to read minds to extract passwords) ... so if you accidentally use the now infected keyboard with an air gapped computer, the air gapped computer itself is now infected, and vice versa. Using this method it can essentially map an entire air gapped network of disconnected computers, like cisco cdp neighboor discovery but much more powerful... the air gap systems themselves become an interconnected web of exploits that have akin to swarm like intelligence and emergent properties and that sort of stuff.. It is capable of then hijacking your router and spreading to all the wifi connected /ethernet connected devices in your home, including any consoles, tv, smart car, etc etc... anything connected directly to a wall outlet is considered compromised.

[KaiserJeep]

I have been working on computer hardware design for 37 years. This message is total BS and should be disregarded entirely.

Somebody is trying very hard to start a new conspiracy rumor. Don't fall for it. I decided to reply rather than simply report this bogus message to the Moderator, so that if you see this elsewhere, you will be forewarned.

[verax]

I have been working on computer hardware design for 37 years. This message is total BS and should be disregarded entirely.

Somebody is trying very hard to start a new conspiracy rumor. Don't fall for it. I decided to reply rather than simply report this bogus message to the Moderator, so that if you see this elsewhere, you will be forewarned.

This is no tin foil. Read it again. It is real.

Esssentially, in a nutsell, the CPU microcode is an exploit vector now.

A backdoored CPU can be instructed to steal master encryption keys DIRECTLY from RAM (bypassing any protection of the OS, etc) and then again, communicate that OUT directly to the ethernet adapter/controller on the motherboard (again bypassing the OS, so it can't be captured in wireshark, etc) and sending the keys in real time or near real time, so that your Full disk encrypted harddrive and other encrypted volumes can be later decrypted trivially. Once it compromises the firmware and controller on the harddrive, it can even store a select number of files/data to the hidden service sector of a harddrive, like a hidden cache, in cases where a physical retrieval is deemed necessary.

In point of fact, once the encryption key has been captured by the backdoored AES-NI of the processor, etc, it is stored there and can be transmitted remotely, for example via the ethernet even if the computer is shutdown (or you think it is shutdown). Most modern motherboards are still powered on when you think the PC is shutdown. (that is how wake up on LAN works) and so the compromised CPU, will be able to send the master encryption keys (which it can easily find out without a program like ElcomSoft's Forensic Disk Decryptor , etc because the keys are STORED right in AES-NI itself!) out via direct connection from CPU to ethernet adapter, bypassing completely the operating system, much of the motherboard and the rest of the computer itself. None of this even touches the harddrive itself. Once the keys are stored in the CPU, it can send it out via Internet even when you think the computer is shutdown.

The use case is this, say at one point in time you had a PC that acted as an "air gapped computer" that didn't connect to the network. Your encryption keys were being stolen without your knowledge and siphoned away onto the CPU. But it couldn't necessarily get out. Say later you decide to remove the harddrive, and then to use that airgapped computer as a normal computer... so you remove the harddrive, and then put in a brand new drive and then connect an ethernet cable to the RJ-45 port on the back of the mobo, then you plug in the power. Even before you turn it on or install a new operating system, it has already got the keys out!

[KaiserJeep]

You are talking nonsense from a hardware perspective. You cannot change the rules of physics and the circuits simply do not work the way you think they do.

I'm not saying it is impossible to build a computer to capture information from the users, in fact I am sure that many intelligence agencies have done so. But such computers do not function as you have described. Nor am I going to aid your deceptions by giving you more accurate descriptions of the internal components and how they would need to be re-designed towards that end. I am virtually certain that you would take anything I taught you and use it to improve the next iteration of your fantastical fictional story on some other web forum.

Please go away and do not trouble us with your delusions. Perhaps you should consider the dangers implicit in the new generation of microprocessor-controlled bathroom fixtures. Surely that is more - shall I say fertile ground - for paranoid technology fantasies.

[Outcast_Searcher]

I have been working on computer hardware design for 37 years. This message is total BS and should be disregarded entirely.

Somebody is trying very hard to start a new conspiracy rumor. Don't fall for it. I decided to reply rather than simply report this bogus message to the Moderator, so that if you see this elsewhere, you will be forewarned.

This is no tin foil. Read it again. It is real.

Esssentially, in a nutsell, the CPU microcode is an exploit vector now.

So if it's so real, show us a credible CITATION. You know, something to show us this isn't just the voices in your head, our your completely bogus personal opinion. Unless I missed it, I saw NO citations in your original post -- not even a conspiracy blog.

[SeaGypsy]

Chemtrails!

[SeaGypsy]

KJ the kids love this shit.
Ever since building 7 everytime some half believable conspiracy gets written up there are millions waiting & eager to believe. Amazingly they usually are blind to the paradox involved in wasting precious time in paranoid delusion at worst & stuff we mere mortals can do nothing about at best.

[verax]

KJ the kids love this shit.
Ever since building 7 everytime some half believable conspiracy gets written up there are millions waiting & eager to believe. Amazingly they usually are blind to the paradox involved in wasting precious time in paranoid delusion at worst & stuff we mere mortals can do nothing about at best.

Same can be said about Peak Oil....

Many people, indeed the mainstream at large, consider Peak Oil to be a paranoid delusion....
And regardless which side of the fence you are on, Peak Oil, (by definition and virtue of it being a macro/global phenomenon) is not exactly something anyone of us mere mortals can "do anything about" at best.

[SeaGypsy]

Except in the case of peak oil only an imbecile would argue it is not real. In this case it appears you have cut & pasted an extremely technical argument for which you are unable a defense when countered by an expert in the field.

[Outcast_Searcher]

Except in the case of peak oil only an imbecile would argue it is not real. In this case it appears you have cut & pasted an extremely technical argument for which you are unable a defense when countered by an expert in the field.

Or even a layman PC user (me). Asked for a simple citation -- we have crickets and a poor attempt at distraction.

[Keith_McClary]

This exploit can draws power from the CMOS battery of the computer, so even if computer is completely powered off and unplugged from the wall it will still work. It sends/recieves info completely out of band communications, so cannot be detected by something like wireshark or a firewall or any splitter or means of deep packet inspection. All of this can be triggered and remotely activated by the built in 3G capabilities found in any modern processor such as part of Intels (Anti Theft) measures. (For example, a Stingray like device can remotely activate the built in backdoors miles an miles away from your location - and this is for air gapped computers, for computer connected to the Internet it is much easier) Once activated, it backdoors the AES-NI component of the processor and instructing it to store all master encryption keys in a hidden section of the processor itself on the CPU chip. The CPU then communicates directly with the memory sticks (DMA in a direct memory access type of fashion) and ethernet/network adapters, bypassing the operating system, harddrive, and even much of the normal /regular motherboard itself. In essence, it is running its own computer within a computer, completely oblivious to the end user. Thus none of this can be detected in the works or caught in the act.

It's a watch battery:

It keeps the time while the computer is powered off. Doing the above would run down the battery in seconds (or however long a watch battery would light a 60 watt bulb) and this would result in an error screen when the computer is rebooted.

[davep]

There is no way a CMOS battery can power the ethernet ports. And SoC is more for mobile devices, which don't have the extra CMOS battery. It seems a rather confusing mishmash of known exploits.

If you want to see some of the stuff the NSA can do, take a look at the Equation Group that has been merrily hacking away for 14 years:

http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage

http://arstechnica.com/security/2015/03/new-smoking-gun-further-ties-nsa-to-omnipotent-equation-group-hackers/

[davep]

Oh, and some references would be useful. Air-gapping is known to be compromised, but your alphabet soup of exploit components doesn't wash.

[davep]

Also, why would the NSA expend so much effort to get the encryption key for a disk-encrypted air-gapped computer? The potential air-gapped transfer rate is REALLY low, so the only really effective use is to steal OTHER private keys (SSH, PGP etc) or password info that is stored on the air-gapped computer for security purposes (it would be impossible to transfer the disk contents) or if you were stupid enough to use the same passphrase for different full-disk encrypted computers (and even then, there is little point as the info you want will not be available straight from RAM - also, it's easy for the NSA to start a payload implant process from e.g. disk firmware - but the point is to use it as a starting point for other payloads). Generally, the further payload process would require the computer to be on. You're conflating lots of different threats here. The air-gap exploit is real, but your explanation is dubious to say the least.

[Outcast_Searcher]

It's a watch battery:

It keeps the time while the computer is powered off. Doing the above would run down the battery in seconds (or however long a watch battery would light a 60 watt bulb) and this would result in an error screen when the computer is rebooted.

Right. In fact, this used to be one of the more annoying weak spots in older PC's (say pre-2000, in my experience). They would often solder/seal the stupid battery onto the motherboard, so when the CMOS battery got weak enough, the PC would lose certain BIOS settings as well as the time if it was powered off longer than a day or so, and eventually every time. To the non-tech user (like my girlfriend), restoring BIOS settings was NOT on her list of stuff she was comfortable with.

I haven't noticed this with the more modern PC's I have now. Not sure if they're just too young. Also, with all the non-volatile memory choices like flash memory now, presumably they don't use current to preserve BIOS settings any more. (Anyone?)

I rarely open them now, so I don't even know if they quit sealing in the CMOS batteries (being so cost driven, they may do whatever is cheapest to mass manufacture and avoid problems during the warranty, based on my experience with maintaining modern cars).

[KaiserJeep]

The answer to your question is that the BIOS battery is slightly larger and soldered to the motherboard today. In an application where the PC is only powered on for 8 hours and 5 days per week, modern batteries will last over 10 years, which is frequently longer than the PC's lifetime. However, even today there is not enough power in such a battery to even reset the CPU, much less allow microcode execution. The CPU remains the most power-intensive part of the PC, with it's huge heatsink. Nor will the BIOS battery power an Ethernet or WiFi connection.

While there are designs based on nonvolatile memories requiring no battery power, PCs are very price sensitive products and the simple BIOS battery and cheaper ROMs are still common.