It is now apparent that the NSA co-opted nearly every piece of electronics present in our lives. Der Spiegel reports that the NSA has found ways to slither through most firewalls and work around most security systems. This dirty work is done primarily via malware, computer code created by the NSA that is implanted in the targeted device to do the NSA’s bidding. This malware most commonly creates a “back door,” a new, hidden pathway into some computer system.
NSA Lies about BIOS Attacks
We also learn that the NSA, which only recently used the American TV news magazine “60 Minutes” to warn about a new form of Chinese cyberattack, actually employs the very same technique. NSA Information Assurance Director Debora Plunkett spoke in near-apocalyptic terms:
[She] revealed the discovery by one of her 3,000 analysts of a secret computer weapon that could destroy any computer it infected. She would not name its origin, but 60 Minutes has learned it was engineered in China. The NSA allowed Plunkett to talk about it for the first time in detail. She says it was called the Bios Plot, for the foundational component, the Bios, that all computers have that performs basic functions like turning on the operating system and activating the hardware. The attack on the Bios would have been disguised as a request for a software update. If the user clicked on it, the virus would turn their computer into “a brick,” says Plunkett.
“One of our analysts actually saw that the nation-state had the intention to develop and deliver, to actually use this capability to destroy computers,” Plunkett says. If successful, says Plunket, “Think about the impact of that across the entire globe. It could literally take down the U.S. economy.” The NSA quietly worked with computer manufacturers to eliminate this vulnerability.
However, quite apart from “quietly working with computer manufacturers to eliminate” a BIOS attack, the NSA quietly worked to exploit BIOS attacks of its own making. Der Spiegel tells us:
[NSA] developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer’s motherboard that is the first thing to load when a computer is turned on. This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The developers call this “Persistence” and believe this approach has provided them with the possibility of permanent access.
A Look How Deep the Rabbit Hole Goes
In a way, however, the most insidious technique the NSA employs is in a way one of the simplest. Der Spiegel reveals that the NSA intercepts computers and other eletronic hardware being shipped to a “target,” alters them, and then sends them on to be received and used by the target, albeit with the NSA software and/or hardware installed.
Let’s break this down.
Once the NSA identifies a “target” (whom we’ll refer here to as “You”), the NSA needs to know when You order a new laptop they want to intercept. That means the NSA has to spy on Your credit card, Your online activities and/or probe into the ordering systems of places like Amazon, Dell and the like. Perhaps there is a sort of “no fly” list distributed to manufacturers that requires notification to the NSA when someone like You on it buys something. Or all of the above.
The NSA then must know when and how Your laptop will be sent to you. That means they need to have been accessing the computer systems of Amazon, Dell and the like, and/or UPS, Fedex and other shippers. Or all of the above.
The NSA then has to have physical access to the warehouse of the shipping company. Or, the shipping company has to agree to mark your package, and deliver it instead to an NSA location. That all means the shipping companies are in on the NSA plot, or the NSA has to be hacking into the shipping companies’ data systems and substituting their address for Yours.
Once in NSA hands, Your package has to be opened, and Your laptop must be altered in some undetectable way. They can’t steam open a box like a letter in the old movies; someone has to open it physically and then get it all buttoned up again without a trace. Does the NSA have a way to unstick packing tape and reseal internal bags, or do they have a ready supply from Dell and Apple of packing materials?
Lastly, the NSA has to return the package into the shipping stream. That means the box, with say Amazon’s return address and Your home address, has to reenter say Fedex’s system from a third location without too many people knowing it happened. It would not do for the low-level UPS guy to pick up a ton of boxes everyday from a nondescript warehouse, all with third-party address labels. This strongly suggests cooperation by the shipping companies.
You then open Your new laptop on Christmas morning. Yeah, be sure to select a secure password.
Private Enterprise as Tools of the National Security State
After a lot of denying and prevaricating, the telecommunications companies of the United States admitted they work hand-in-glove with the NSA under a secret portion of the Patriot Act to collect and transfer data about You. Verizon also hacked its own wireless modems to allow the FBI easier access to You. Microsoft collaborated to allow Your communications to be intercepted, including helping the NSA circumvent the company’s own encryption. Microsoft also worked with the NSA to grant easier access to its cloud storage service SkyDrive with Your documents. One technology expert speculates the NSA embeds back doors inside chips produced by U.S. corporations Intel and AMD. There are many more examples of corporate cooperation, as well as corporations appearing to “not know” about NSA intrusions deep into their systems and products.
ADDED 1/1/14: After I first wrote this piece, I got an email from a “strategic communications” firm claiming to represent Microsoft. The email reminded me that “Microsoft offers an adamant and robust denial, writing that ‘There are significant inaccuracies in the interpretations of leaked government documents reported in the media last week,’ and referencing this Microsoft blog post. The communications person “Wondered if you’d consider adding Microsoft’s comments to your blog, rather than just giving one side of the story.” And so I just did.
Denials aside, what we have here is an example of the depths into which You have fallen. The government has recruited private industry into its national security state, down to the level of the Fedex guy delivering packages to Your door in time for Christmas. For those of You who still foolishly insist that such spying is OK because they “have nothing to hide,” I sure as hell hope You are right, because whatever You do have now belongs to Them.
We would know none/none of this had it not been for Edward Snowden.
Peter Van Buren blew the whistle on State Department waste and mismanagement during Iraqi reconstruction in his first book, We Meant Well, and writes about current events at his blog. Van Buren’s next book, Ghosts of Tom Joad: A Story of the #99Percent, will be available April 2014 from Luminis Books.