back to article NSA alleges 'BIOS plot to destroy PCs'

Senior National Security Agency (NSA) officials have told US news magazine program “60 Minutes” that a foreign nation tried to infect computers with a BIOS-based virus that would have enabled them to be remotely destroyed. NSA Director General Keith Alexander and Information Assurance Director Debora Plunkett both appeared on …

COMMENTS

This topic is closed for new posts.

Page:

            1. tom dial Silver badge

              Re: Sadly Trevor

              The reports that I saw were unclear about whether the targets in these cases were "US Persons". Those targets, however were smuggling illegal drugs into the country, not out or within. Accordingly it is possible or even likely that the intercepts were proper and the attempt at secrecy was aimed at protecting intelligence sources and methods.

              1. Anonymous Coward
                Anonymous Coward

                Re: Sadly Trevor

                "Accordingly it is possible or even likely that the intercepts were proper and the attempt at secrecy was aimed at protecting intelligence sources and methods."

                So, keeping the intelligence secret trumps having a trial? That could never go wro...oh, it already has.

          1. tom dial Silver badge
            Stop

            Re: Sadly Trevor (reality check)

            "That means that pretty much 7 billion are also tracked."

            NSA has in the neighborhood of 35,000 employees. It is not credible that each of them (managers to secretaries and machine repairpersons) tracks an average of 200,000 people in any sense that even remotely approaches meaningful. Not by at least two orders of magnitude.

            1. Trevor_Pott Gold badge

              @tom dial

              Feeding my metadata into the machine so that I can be mistakenly Jean Charles de Menezesed based on some trial-less "guilt by association" cranked out by an algorithm is being fucking tracked.

              Too tinfoil hat for you? Too bad. The burden of proof is on your government now, not those who just want to be left alone.

              Or will I be targeted for tax audits because of my political group? Have my e-mails raided because I'm a journalist? Be thrown in gitmo because I work with whistleblowers?

              Computer says no. Your life, thus, goes bye-bye. And you're okay with this?!?

              1. tom dial Silver badge

                Re: @tom dial

                I don't think I said anything to suggest I approve of it, or think it is warranted or effective. Neither have I seen much evidence that the bad things mentioned are common. Tax audits because of a political group? Not much to do with the NSA, much more to do with the FBI and municipal police departments. Email raided because a journalist/working with whistleblowers? Certainly that's possible, but again has little to do with the NSA and a lot to do with prosecutors and the FBI or local authorities.

                I cannot say whether your metadata or mine would correlate with a target and raise suspicion, and that is a serious problem that can be addressed either by not doing the analysis at all or by ensuring that such things as entry into "no fly" databases rely on much more careful investigation than sometimes seems to be the case. I could be satisfied with either, keeping in mind that the alternative in which service providers are required to retain metadata for access by law enforcement agencies may not represent much of an increase in our security over what we have at present.

                1. Trevor_Pott Gold badge

                  Re: @tom dial

                  You don't seem to get it. Any situation in which our metadata is being collected in a dragnet fashion is unacceptable. It doesn't matter if it's the FBI, GCHQ, the NSA, the RCMP or the fucking IRS. If you want to investigate a person then you get a fucking warrant for that person and that's that.

                  You do not trawl through data looking for "suspicious patterns" and use that as justification to trawl through the data! You do not keep a lifetime's worth of metadata (or even a year's worth!) and go back in time to peer through someone's life and find every minor mistake they ever made based on some broken suspicion that a cranky neighbor had that might be leaving our more than the maximum number of bags of garbage.

                  You keep talking as though it is okay for us to give up our rights. That it is inevitable and that it is an acceptable and natural consequence of...what, exactly? Protection from the boogyman?

                  Whether the breach today is the FBI or tomorrow the IRS it makes no nevermind. Human beings in positions of power over other human beings abuse that power. It doesn't matter which agency they belong to. The more power you give them to peer into our lives the more harm they will do. The totality of human history is a fucking testament to this fact!

                  Noone can be trusted with the kind of power represented by unfettered access to our metadata, let alone the communications data in full. Noone.

                  Any use of technological assets to collect information about an individual must be narrowly targeted, only records relevant to the narrow warrant collected and retained and the entire process carefully reviewed by independent civil rights organisations. (Rotated out so as to prevent regulatory capture.)

                  The NSA has already been seen to give information to the DEA and then tell them to lie about the source. How long before their databases are used to raid journalists, a practice already underway? You argue that agencies are isolated and that evidence of malfeasance in one isn't evidence that it will occur in another.

                  I say that the totality of human history says that absolute power corrupts absolutely, and given that the US government in general has thrown out the presumption of innocence as regards proles I think the NSA - and any other TLA - need to prove their innocence. After all, we don't have the means to investigate their guilt. It's all hush-hush tip-top super secret stuff that proles aren't allowed to see.

                  No TLA cna be trusted with our privacy. No amount of bureaucracy can make dragnets okay. Nothing can justify dragnets. is that clear enough? Or are there more predictable bits of apologist newsspeak you'd like to trot out?

            2. Roo

              Re: Sadly Trevor (reality check)

              "NSA has in the neighborhood of 35,000 employees. It is not credible that each of them (managers to secretaries and machine repairpersons) tracks an average of 200,000 people in any sense that even remotely approaches meaningful. Not by at least two orders of magnitude."

              Yet Amazon, Facebook and Google all manage to do plenty of meaningful tracking.

        1. JLV

          Re: Sadly Trevor

          >You want a budget of *how much* to track 60 people?

          But,but...

          If they are only tracking 60 people, why the heck can they not follow procedures that have existed for 50+ years and get a warrant/judicial order?

          If they need it right away, fine. Start listening, file the paperwork and let a judge decide after the fact.

          Don't tell me you can't manage 60 intercepts with proper judicial oversight.

          Btw, we're all in the same boat. The new Canadian CSIS HQ building is hundreds of millions over budget. And had to move due to increasing power requirements - presumably not caused by limited snooping to a few dozen citizens.

    1. LarsG

      Just like here in the UK they like to feed the public a few snippets and tell them in very vague terms how much they have done to prevent disaster.

      For instance, did you know that the security services have prevented hundreds if not thousands of terrorist attacks in the last couple of years and this is only down to the fact that they can spy on everyone and retain all the data they want.

      Of course, as we are only 'little people' we could never hope to verify the truth in these claims. If they say this is true it must be.

      1. Uncle Slacky Silver badge
        Stop

        Life imitates the Simpsons

        "the security services have prevented hundreds if not thousands of terrorist attacks in the last couple of years and this is only down to the fact that they can spy on everyone and retain all the data they want."

        That's nothing. I have a rock here that keeps away tigers!

        1. Ivan Headache

          Re: Life imitates the Simpsons

          I got the elephant version.

          Works well.

    2. Arctic fox
      Happy

      @Trevor_Pott Re "I'm not a US person...."

      Neither am I, although I have to admit that even if it were MI5 saying this I would not believe them either. As far as I am concerned I would not accept that fisherman's tale from the Almighty Himself without independent evidence let alone any country's intelligence service. What they are saying is that we are (excuse me, it's very hard to type and cry with laughter at one and the same time) just going to have to trust them (Oh God my sides are splitting).

      1. Marshalltown

        Re: @Trevor_Pott Re "I'm not a US person...."

        Besides, biblical authority has it that God does it too, kind of like Santa Claus when you get down to it. .

    3. Turtle

      @ Trevor_Pott

      Ah, your usual eloquence and insight.

      The enemy is not the NSA. The enemy is you, and everyone else who thinks that the progress of civilization is measured in the amount of benefits that government delivers, because of the ever-expanding role of government intervention in the life of society and the lives of its citizens required to deliver those benefits.

      1. Wzrd1

        Re: @ Trevor_Pott

        "The enemy is you, and everyone else who thinks that the progress of civilization is measured in the amount of benefits that government delivers, because of the ever-expanding role of government intervention in the life of society and the lives of its citizens required to deliver those benefits."

        Erm, is not being under surveillance an ever expanding role of government intervention?

        But then, you strike me as a tea party type.

        Also known as the type that never met a Constitutional amendment that they did not despise and disparage.

      2. Anonymous Coward
        Anonymous Coward

        Re: @ Trevor_Pott

        "The enemy is you, and everyone else who thinks that the progress of civilization is measured in the amount of benefits that government delivers,"

        Did this make sense in your head before you typed it? Did you think that complaining about the NSA is about wanting MORE government intervention? Do you think that government intervention is only good when it does harm? Or are you a hopeless idealist who thinks that a state of having no government would be anything other than hell on earth? Basically, WTF are you talking about?

    4. Anonymous Coward
      Anonymous Coward

      Not a US person ?

      Problem easily solved - the NSA seem to be paying GCHQ a few hundred million a year to spy on those they legally can't spy on themselves.

    5. Jeremy Allison

      Hit them where it hurts.

      Good way to annoy the NSA and GCHQ, evil fucks that they are:

      Refuse to hire ex-NSA/GCHQ people into private industry. Let the grunts know that working for the NSA/GCHQ is a one-way street. You are forever after tainted and no one will ever trust you again.

      That should stick a spike into their University recruiting pipeline. Those government pensions not looking so guaranteed now eh ?

      1. Michael Wojcik Silver badge

        Re: Hit them where it hurts.

        Refuse to hire ex-NSA/GCHQ people into private industry. Let the grunts know that working for the NSA/GCHQ is a one-way street. You are forever after tainted and no one will ever trust you again.

        Even a massive boycott along these lines - which will never happen, but let's entertain the possibility for a moment - would not be much of a deterrent to desperate job-seekers offered relatively high-paying, relatively interesting work in the "intelligence" industry. The long-term risks pale in comparison to the short-term benefits.

        I'm not intimately familiar with the situation in the UK, but here in the US recent grads have a tough time of it, even in ostensibly high-demand fields, and they're facing crippling student debt, inflating food and energy prices, a still-tumultuous housing market, etc. You offer them jobs and they'll take 'em.

        But the simple fact of the matter is that you'd never get enough employers to sign on to such a program. What's in it for them? Listed corporations wouldn't be able to uphold it anyway, if it were at all effective - their boards would find a CEO who didn't artificially limit the labor market.

  1. ACx

    Ah bless, the dear little nut jobs are floating conspiracy theories. Reading that was like Father Jack suddenly waking up.

    Funny how these TLAs are allowed to come out with any old idea to scare people, but if any one else does it, these very same TLAs will mock them as conspiracy theorists.

    1. Solmyr ibn Wali Barad

      Conspiracies are FUN

      MEH. All those TLAs, including NSA, are just CYA front-ends to hide the real masterminds.

      There are hints and answers, though, scattered around seemingly innocent places. Just like this one, from haikuonline or some such:

      Guess what I found out?

      My CAT rules the universe!

      That explains a LOT.

  2. Allan George Dyer Silver badge
    Joke

    Corrected headline: "NSA Admits Conspiring with China"

    Well, Plunkett said “The NSA working with computer manufacturers..." and China does all the manufacturing, right?

    And was the "virus" called UEFI?

    1. vagabondo
      Black Helicopters

      Senior National Security Agency (NSA) officials have told

      So it can't be true then. What do the Snowden/Guardian have to say about it?

  3. Katie Saucey
    FAIL

    BIOS malware eh?

    " ...developed BIOS malware “disguised as a request for a software update” that would have turned PCs into “a brick.”

    Wow, this threat has been around since the first PC was ever put in the hands of your average joe. Bricking ones PC is a pretty trivial feat, all it takes is an urge to upgrade the BIOS, combined with downloading the wrong (or corrupted) image, and/or a lack of reading comprehension. It doesn't take a rogue state to wrap a 100k of garbage in a cmos flasher that looks legit. Also what good would it do to knock out a few thousand porn boxes anyway? The malware would be identified and flagged within a day.

    Come on NSA, if you're going to feed us bullshit at least try! How about a story about how you stopped the evil-doers from causing a financial apocalypse? Or thwarted hackers killing the power grid? If stopping a half assed 4chanish inconvenience from going live is truly the best the NSA has to brag about, we're all fucked.

    1. Anonymous Coward
      Anonymous Coward

      Re: BIOS malware eh?

      I seem to recall, around win 98 era a virus called chernobyl which purported to flash and corrupt the bios.

      It was a bit of a non event as i recall.

      1. Anonymous Coward
        Anonymous Coward

        Re: BIOS malware eh?

        "I seem to recall, around win 98 era a virus called chernobyl which purported to flash and corrupt the bios.

        It was a bit of a non event as i recall."

        I recall the same "chernobyl" virus and had to replace a good number of boards as well as explain to the customers that it was not a warranty issue, but a virus that "bricked" their machines (only way to prove it was to scan their HDD on our test system & show them the results along with the details of the infection on various AV vendors sites). Gigabyte made a lot of money when that virus was going around with their dual-BIOS boards.

    2. aidanstevens

      Re: BIOS malware eh?

      "Financial apocalypse" sounds like fun compared to the police state the NSA, GCHQ and respective governments want us living under.

    3. Nigel 11

      Re: BIOS malware eh?

      It's been around ever since some bean-counter demanded removal of the write-protect switch from a system's flash logic circuitry.

      How it ought to be, is that to do a BIOS upgrade you'd start by taking the lid off the system and moving a jumper or switch to write-enable. Then update. Then set it back to write-protect. (Note: nothing to stop manufacturers shipping it write-enabled, if they know that their average customer is a moron. Intelligent customers would protect it on delivery -- or buy from a different manufacturer).

      How much did removing one jumper save? One cent? Probably less. Bullet, meet foot.

      1. Tom 13

        Re: How it ought to be,

        I actually prefer the Gigabyte dual BIOS system. One ROM that never gets over-written and one CMOS that can be easily updated without opening the case. If the update gets borked for any reason (power failure in the middle of the update) you can still revert to the ROM and redo the upgrade.

        But absent the dual BIOS, yes it ought to be a locked setting (dip or jumper doesn't matter to me).

        1. J.G.Harston Silver badge

          Re: How it ought to be,

          Can you overwrite the BIOS remotely? All the systems I've used you can only update the BIOS when running the BIOS admin, ie *outside* the operating system and the network stack, and you can only update the BIOS from a physical media in your grubby mit by shoving it into the appropriate receptical.

          1. Kiwi
            Linux

            Re: How it ought to be,

            I believe it's called "winflash" or something similar. I've seen a few computers with a windows-based BIOS updater. Has been a while but from what I recall it is a nice looking convenient little windows utility to update your bios.

            And it would be just as scary if there was a Linux version, unless you have a sure way of reverting to an earlier version.

            Such a tool could be used remotely.

            For that matter, look at the issues with Samsung UEFI some months back. IIRC it was booting Ubuntu from USB stick OR something in MS Office that could trash the UEFI BIOS enough that the machine would be bricked (for the average home user anyway). Something like that could also be triggered remotely I expect.

  4. herman Silver badge

    Cell phone guidance system

    What people are saying is unimportant. Where they are when they are saying it is what guides the missile. We are all guilty until proven dead.

    1. nematoad Silver badge

      Re: Cell phone guidance system

      "We are all guilty until proven dead."

      Not even then if you are Serco or G4S.

      See:

      http://www.theguardian.com/business/2013/jul/11/g4s-investigated-overcharging-millions-pounds

  5. MrT

    Sooo....

    ...by the irrefutable law of reductio ad absurdum, according to Plunkett and Macleane Alexander, we have the NSA to thank for motherboards being fitted with dual BIOS...

  6. Gene Cash Silver badge
    Facepalm

    Holy christ....

    Is this the *best* they can do? My friend's 4 year old daughter can bullshit better than that. I did better than that on a tech writing term paper.

    1. James O'Brien
      Paris Hilton

      Re: Holy christ....

      Depends on the paper Gene. Was it something that painted MS in an attractive light?

  7. Arachnoid
    Holmes

    Haystack

    Clutching at straws .....they must have so many now they could well build one

  8. Anonymous Coward
    Facepalm

    NSA is just jealous

    They didn't think of it first!

    1. Captain DaFt

      Re: NSA is just jealous

      "They didn't think of it first!"

      Are you sure they didn't?

      Agent Paranoid: "RED ALERT! Somebody's bug is overwriting our bug!"

      Agent Waffle: "Can we still monitor the affected PCs?"

      Agent Paranoid: "Nah, it's like trying to read a brick!"

      Agent Waffle: "Alert the media; "Terrorists Bricking PCs!"

  9. amanfromMars 1 Silver badge

    AAA Rated CyberIntelAIgent Property and Production Facility Sales? Another Dumb Rhetorical Question?

    Parodying that "You're gonna need a bigger boat" line in the movie, Jaws, NSA need smarter folk ...... for those who know how to work in cyber to bypass and overwhelm everything physical and terrestrial, are that which they are dealing with and ineffectually doing vain battle against, to maintain in increasingly failed and siloed power vacuums, that which controls and commands them to abuse and misuse information and intelligent feeds for the mindless retention of status quo seeds/feeds/needs.

    Use the mighty inherently worthless paper fiat dollar to buy in and direct new intelligence supply for onward control export to every other ignorant and arrogant jurisdiction/struggling executive administration. Quite obviously, does present supply not deliver peace and prosperity to all, and anything less will always create madness and mayhem and increasingly more targeted search and research and development for that and/or those who would be chief cause of novel future intelligence supply blockage.

    And indeed, such is the same easy solution for any currency paper fiat supplier to engage with and secure XSSXXXX ProVision with NEUKlearer HyperRadioProActive IT .... which be at least both Sensual and Sensitive Intellectual Property Supply Services to Order, and Tailor Made to Guarantee Successful CyberIntelAIgent Virtual Design which Astutely Anonymously Autonomously Disrupts, Degrades and Destroys Perverse Parasitic and Corrupt Collaborative Bodies/Conspiratorial Enterprises.

    And doing its Ab Fab Fabless IT Thing with you too and Oft Alone, by virtue of your doubts and ignorance in what its HyperRadioProActive IT is doing for you already ...... via the Portal of Global Operating Devices and NINJA Apps....... Networks Internetworking Novel JOINT Applications in JOINT Operations Internetworking NEUKlearer Technologies ..... for SMARTR Advanced IntelAIgent Solutions Systems Communicating Quantum Leaps in Bits and Bytes of Information and Language for Universal Transcription/Earthly Sharing/Global Systems ReBooting.

    Or is putting rabbits on moons and sending monkeys into space easier for you to accept as a more intelligent use of time and resources in this heavenly place? How most very odd. :-)

  10. Anonymous Coward
    Anonymous Coward

    Alexander lied to the US congress on multiple occasions

    First telling the Judiciary Committee that "no data" was collected on US persons, which he later admitted was "incorrect" after Snowden's relevations.

    Second was telling them that the spying had foiled 54 terror plots, but later admitted that only 13 of those were within the US, and only "one or two" were identified from collecting the phone records (who called who, when, from where, for how long, etc.)

    There were probably others that I'm not aware of, or he hasn't be caught at yet.

    So why does he think that ANYONE should believe what he was saying in the 60 Minutes interview?

  11. Adam 1

    > and it is felt the lack of such an ability helped the 9/11 plotters to evade detection

    So is this some new form of Godwin's Law I am not yet familiar with?

    1. Captain DaFt

      It's called the 9/11 Rule:

      "9/11 will be used to justify any government offense."

      1. Anonymous Coward
        Anonymous Coward

        Re: It's called the 9/11 Rule:

        Yeah and its about time they fucking moved on.

        1. Uncle Slacky Silver badge
          Joke

          Re: It's called the 9/11 Rule:

          What the difference between a cow and 9/11?

          You can't milk a cow for 12 years...

        2. Destroy All Monsters Silver badge
          Flame

          Re: It's called the 9/11 Rule:

          The more so because "9/11" had nothing to do with "connecting dots", it had to do with FBI infighting (moles being shut down out of pure spite and bureaucratic put-downs at the right moment) and possibly shenanigans about covering up a long-running deal with a mobster hitman.

          No technical system is going to help with that. Unless you get all the stupid out of the system and give everything to AIs.

          1. Tom 13

            Re: It's called the 9/11 Rule:

            It actually had a good bit to do with connecting the dots. Most specifically DoJ regs that prevented intelligence and law enforcement from sharing certain data. But admitting that would squarely blame the failed policies of a Democrat administration. And we can't have that.

            Yes, corrective action didn't require the massive rewrite of laws and the creation of a new leviathan within the big leviathan. But then that wouldn't advance Statist purposes either.

        3. Anonymous Coward
          Anonymous Coward

          Re: It's called the 9/11 Rule:

          Three thousand people died in one go, it's highly unlikely that they'll "move on" any time soon. We're still dealing with "the troubles" where a similar amount of people died, but that was over the course of decades.

          1. Uncle Slacky Silver badge
            Stop

            Re: It's called the 9/11 Rule:

            They "moved on" less than 4 years after the Pearl Harbor attack, when IIRC a similar number of people were killed.

            1. Tom 13

              Re: less than 4 years after the Pearl Harbor attack,

              1. Pearl Harbor was an attack on a military base not a civilian building. For better or worse we deem that members of the military have accepted the risk of dying for their country and treat their deaths differently from civilian deaths.

              2. Four years after Pearl Harbor we had closure. The bastages that ordered it were mostly dead and the few that were left had surrendered. They were in no position to launch any further similar assaults ANYWHERE. That is not true of the current situation.

              I'd also note that in the intervening four years we also had something the world hasn't seen since: total war. Most people regard that as a good thing. As for me, I'm willing to risk it. I think we're on the brink of another such conflict and the longer we wait the higher the chances that we move too late. But I'd wager a year's salary you disagree with me on that.

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021