Privacy International is probing hardware manufacturers about what data can be stored on peripherals after it was revealed the GCHQ specifically targeted trackpads, keyboards and monitors in its destruction of Snowden files held by the Guardian's UK office. Blighty's G-Men oversaw the destruction of storage devices and …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 23rd May 2014 05:34 GMT frank ly

This is very puzzling

Especially the inverter, which has no reason to store any kind of data and from the link supplied appears to have no mechanism for data to get into it; (unless it has a secret built-in Wi-Fi block with data processing and a flash memory store - let's go totaly paranoid here).

P.S. The 'intact' and 'destroyed' keyboard components seem to be two different items.

8 0
1. Friday 23rd May 2014 07:04 GMT Gordon 10
  
  Re: This is very puzzling
  
  exactly. If they had bothered to spend 10 mins googling with the knowledge of the original PC the component came from they could have either found an image or a cheap spare part online and then got the serial numbers of the components involved.
  
  Admittedly thats a bit of a stretch for a non-techie but you really need to get a second opinion on this type of stuff to use as a baseline if/when the manufacturers come back to you.
  
  0 0
  1. Friday 23rd May 2014 07:54 GMT nematoad
    
    Re: This is very puzzling
    
    Now we know that the lunatics have taken over the asylum.
    
    I know that the NHS is short of beds mental health beds so why don't they just change the signs at GCHQ and re-label it as a hospital? That is where most of the lunatics seem to be.
    
    This is a pathetic demonstration of rigid following of "procedures" without any thought getting in the way. As has been said here, most of these components have no storage or processing capability, or if they do, were probably put there by the likes of GCHQ at the behest of NSA.
    
    No, this is a power play to let everyone know who is in charge here. In this case GCHQ. Who knows, maybe the people supposed to be in charge . i.e. the democratically elected government, were keep in the dark about this, in the interest of "security" of course. They can't all be so stupid, can they?
    
    9 2
    1. Friday 23rd May 2014 08:51 GMT David Pollard
      
      Re: This is very puzzling
      
      "They can't all be so stupid, can they?"
      
      I wonder that sometimes the problem is that those who aren't are bright enough to know when to keep quiet.
      
      1 0
  2. Friday 23rd May 2014 12:02 GMT Flocke Kroes
    
    Numbers printed on chips tell you what the number printed on the chip is
    
    Fly over to Shenzen and tell people you are desperate for a thousand of a certain type of chip. The locals can find some obsolete kit with a part the right shape, unsolder those parts, clean them up, grind off the serial numbers and print on the right ones all ready for next day delivery.
    
    It is a bit of a challenge to do anything with an inverter, but a USB keyboard or track pad chip is far too easy. Instead of the chip you were expecting, an over-funded bunch of spies can order a die stack with a USB hub, the keyboard controller, a USB flash controller and a flash chip. Even if the target OS does not automatically install any malware called 'AUTOEXEC.BAT', it probably 'trusts' that the file system does not have maliciously selected meta-data in unexpected locations. You can buy off-the-shelf rooting dongles that use such tricks to copy a victim's hard disk. Destroying the keyboard controller and track controller is - for most people - a bit paranoid, but not actually insane.
    
    The strange thing is why did GCHQ send a couple of bored flunkies over to watch a Guardian employee destroy bits of one random computer. GCHQ and the NSA have demonstrated they can flout any inconvenient law with impunity. What does it matter if the whole world knows they are a bunch of criminals when the only courts they might ever be summoned to will preside in secret, not see any real evidence and rubber stamp them 'not guilty'. John le Carré came up with and excellent explanation for why spies' actions often make no sense:
    
    If you have to choose between conspiracy or cock-up, my instinct is to go for the cock-up every time.
    
    7 1
  3. Monday 26th May 2014 11:47 GMT Wzrd1
    
    Re: This is very puzzling
    
    It's called punitive damages. Destroying senseless items as punishment for an "offense".
    
    Law enforcement in the US used to be infamous for it, destroying random items during the course of a search and seizure under a search warrant.
    
    Eventually, the courts explained to law enforcement that a search warrant was *not* a search and destroy order and that law enforcement had to compensate for damages done to private property.
    
    0 0
2. Friday 23rd May 2014 14:58 GMT Anonymous Coward
  
  Re: This is very puzzling, (Not really)
  
  Going TOTALLY paranoid, Windows Compliant Power supplies have some intelligence these days, they report info like temperature, voltage, phase, current to certain programs like Belarc, Sci-Soft, ect. Let's see, if it has power and comms it should be suspect, right?
  
  1 0
3. Saturday 24th May 2014 21:57 GMT Truth4u
  
  Re: This is very puzzling
  
  "P.S. The 'intact' and 'destroyed' keyboard components seem to be two different items."
  
  All NSA procedures are disseminated as PowerPoint presentations and all PowerPoint presentations use random images from Google search.
  
  0 0
Friday 23rd May 2014 05:52 GMT Anonymous Coward

Errrrm....

The converter in the macbook is a DCDC converter. It boosts voltage. It's not connected to any digital circuits. This rather limits its abilities to, well, do anything with data.

Of course, if we're really into black helicopters then you could say the entire main board was changed to route something important to these chips, which, though made as small as possible by the chip vendors, were modified or augmented to not only perform their normal function but *also* store data.

As an engineer, I'm going with the "muppets from GCHQ were given vague instructions and had no idea what they were doing" angle.

16 0
1. Friday 23rd May 2014 07:08 GMT Gordon 10
  
  Re: Errrrm....
  
  I suspect this is someone ultra ultra paranoid with little engineering background badly extrapolating from the old Van Eck phreaking from CRT's and the equivalent effect thats been shown to work at a CPU level.
  
  I forget what the second effect is called but it was reported on El Reg a couple of years ago.
  
  2 0
  1. Friday 23rd May 2014 08:43 GMT Destroy All Monsters
    
    Re: Errrrm....
    
    Do you mean the FNORD effect?
    
    0 0
    1. Friday 23rd May 2014 10:34 GMT Uncle Slacky
      
      Re: Errrrm....
      
      "If you don't see the fnords, they can't hurt you..."
      
      0 0
2. Friday 23rd May 2014 12:53 GMT Alan Brown
  
  Re: Errrrm....
  
  'As an engineer, I'm going with the "muppets from GCHQ were given vague instructions and had no idea what they were doing" angle.'
  
  Next time, the grauniad guys could sing "ma na ma na" whilst the GCHQ bods are doing their job.
  
  1 1
Friday 23rd May 2014 05:53 GMT FrankAlphaXII

Seems like they were following US DoD destruction guidelines for classified information systems. GCHQ probably uses the same directives, probably all of the five eyes do in all actuality.

Anyway, once classified information is introduced to an information system, any peripheral attached to it at any time after the introduction of the classified material becomes a classified information system as well (this includes keyboards, mice, monitors, printers, scanners, webcams, packet radios including Wi-Fi and bluetooth adapters, wired NICs, modems, routers, chargers, you name it) and is subject to destruction.

Honestly, I'm very surprised they let the Guardian see the results, seems like a security risk to me. I would have had the equipment incinerated had I been running that operation but thats just me.

12 0
1. Friday 23rd May 2014 06:06 GMT Duncan Macdonald
  
  Amazon ?
  
  Just imagine the effect of putting one Top Secret document on one of Amazon's cloud servers?
  
  How many millions of components would they destroy if they followed these guidelines ?
  
  11 0
  1. Friday 23rd May 2014 07:12 GMT Gordon 10
    
    Re: Amazon ?
    
    Just imagine the fun you could have if you mentioned to the NSA that copies of the Snowden files had been found on AWS, Googledrive or Skydrive.
    
    If I worked for one of the cloud minnows I'd be tempted to start that rumour :D
    
    Assuming of course that the NSA doesnt already know exactly what clouds have copies of the Snowdon docs. Im betting there are multiple NSA spiders crawling around the Interwebs right now looking for Hashes associated with the Snowden docs.
    
    8 0
2. Friday 23rd May 2014 09:40 GMT Anonymous Coward
  
  Honestly, I'm very surprised they let the Guardian see the results, seems like a security risk to me. I would have had the equipment incinerated had I been running that operation but thats just me.
  
  I believe you've hit the nail on the head. I once spent some time with an IBM'er who worked in the Pentagon, he confirmed it's an IT equipment 'black hole'. What goes in never comes out, keyboards, mice... everything is destroyed physically onsite. Which is why I don't think letting Guardian employees see that is a security risk, there are already others outside of that circle who know this is what happens.
  
  1 0
  1. Friday 23rd May 2014 16:04 GMT Anonymous Coward
    
    > I once spent some time with an IBM'er who worked in the Pentagon, he confirmed it's
    
    > an IT equipment 'black hole'. What goes in never comes out, keyboards, mice...
    
    Well, if you knew *specific* equipment were being routed to a DoD site, it could be worth your trouble to intercept that equipment and insert snooping chips. But I don't see it happening with the sort of off-the-shelf hardware going to the likes of the Guardian's offices.
    
    Of course, if the kit is coming from IBM, there's fat-little chance of any sort of "INTELLIGENCE gathering" coming from there...
    
    1 0
Friday 23rd May 2014 05:53 GMT Anonymous Coward

Big Keyboard is Watching you...

... and recording all of your keystrokes.

2 0
Friday 23rd May 2014 06:02 GMT The Vociferous Time Waster

So yeah

So they could just be destroying all the modified kit they put in there to monitor the Graun.

14 0
Friday 23rd May 2014 07:21 GMT Anonymous Coward

Look on my works, ye Mighty, and despair!

Stagger on, weary titan!

0 0
Friday 23rd May 2014 07:31 GMT Anonymous Coward

Nothing technical to see here

This was simply an exercise in power, a childish tantrum that should not be forgotten or treated lightly. If anything, it was a test of whether security "services" (quotes because who knows who they serve) could get away with a physical act of vandalism against a newspaper that was not towing the line. How many times do we have to be warned before we take notice and act?

Good for PI for looking into this, but really, the issue is not technical.

10 1
Friday 23rd May 2014 07:34 GMT Mike Dimmick

Memory inside microcontrollers?

Current generation microcontrollers have far more memory than needed to contain the very simple program for a keyboard. You could program the keyboard controller with a document, then use some special switch or key sequence to have it type out that document on demand.

We know that "security" services sometimes engage in physical hacks, breaking in at night and replacing the keyboard with one programmed to record your keystrokes. Later they can break in again and collect the recorded data from the logging keyboard. It's not a stretch to think that journalists could use a similar approach to hide copies of documents - or at least that the goons would think that.

I doubt there's a microcontroller in the power supply unit, though!

3 0
1. Friday 23rd May 2014 16:10 GMT jelabarre59
  
  Re: Memory inside microcontrollers?
  
  > I doubt there's a microcontroller in the power supply unit, though!
  
  Perhaps not desktop/laptop kit, but big-iron zSeries and pSeries definitely are running embedded Linux in the bulk power assembly/bulk power hub. I often had to connect to them to flash new test microcode.
  
  1 0
Friday 23rd May 2014 07:39 GMT SW10

Churchillian feint

Where I live they've just shown a documentary about the feint pulled off before the D-Day landings - inflatable tanks, canvas Spitfires, planted intel; all that malarkey which pointed towards a Calais invasion.

We're probably seeing the modern equivalent here; who knows what they'll be up to whilst investigations into this chippery frippery are ongoing...

4 0
1. Friday 23rd May 2014 08:47 GMT Horridbloke
  
  Re: Churchillian feint
  
  Agreed, the whole thing smells of either misdirection or intimidation.
  
  3 0
  1. Friday 23rd May 2014 12:02 GMT Anonymous Coward
    
    Re: Churchillian feint
    
    What if the whole Snowden saga is just misinformation? I mean, if you wanted to put fear into people, would you not pretend to your citizens that you always have eyes on them?
    
    But still, I do think GCHQ has been on the case for at least 15 years monitoring as much as they could. Makes sense to use all that information if you are trying to spot threats to the nation...
    
    As for Snowden, I think the initial leak was all genuine, but I think some of the reports on the news wires since have been a bit of misinformation so now I tend to ignore reports like this... oh.... wait...
    
    0 0
Friday 23rd May 2014 08:14 GMT Anonymous Coward

Why didn't they...

Why didn't they destroy all the network cabling too ?

I mean, all that classified data that has traveled through them must

have left behind some quantum signature in those copper atoms !

5 0
1. Friday 23rd May 2014 13:58 GMT launcap
  
  Re: Why didn't they...
  
  >have left behind some quantum signature in those copper atoms !
  
  Aha - the homeopathy argument of data management :-)
  
  5 0
2. Friday 23rd May 2014 16:14 GMT jelabarre59
  
  Re: Why didn't they...
  
  Hey, they should have evacuated all the air from the building too, since some of that data must have gone over WiFi....
  
  0 0
Friday 23rd May 2014 08:28 GMT ukgnome

They destroyed this kit because.....

It was all NSA standard kit that had been in the Guardians offices since 911 and they have been harvesting and implanting data every since.

How else can you explain all those misspellings in the stories they publish.

4 0
1. Friday 23rd May 2014 11:10 GMT Anonymous Coward
  
  Re: They destroyed this kit because.....
  
  the Grauniad's stories and creative spellings far, far pre-date 9/11. They even pre-date the very existence of the very very shouty Owen "Never had a real job in his entire life but knows more about it than anyone else does" Jones.
  
  0 0
  1. Friday 23rd May 2014 12:44 GMT ukgnome
    
    Re: They destroyed this kit because.....
    
    That's what they want you to think - it's all part of the conspiracy
    
    0 0
Friday 23rd May 2014 08:36 GMT Suricou Raven

It's not that complicated.

GCHQ wanted to send a message. Their way to do that was to make their destruction as expensive and inconvenient as possible. They ordered the over-destruction simply to raise the bill for replacing it all and cause as much disruption to business as possible while new equipment was obtained.

0 1
Friday 23rd May 2014 09:05 GMT Anonymous Coward

Simple Answers are always the correct ones.

GCHQ isn't WEEE compliant and doesn't have a permit for the local council tip. So they live it to the guilty* party to dispose of.

*Guilty until they decide to you are innocent.

0 0
Friday 23rd May 2014 09:06 GMT Vladimir Plouzhnikov

Oh, dammit!

I threw away a broken mouse a couple of weeks ago - now the Government will find out all my winning DOOM mouse moves!

0 0
Friday 23rd May 2014 09:24 GMT Anonymous Coward

Reminds me of what I found inside a 3G O2 dongle once...

I happened to crack open one of those USB dongles that were popular a few years ago (do people still use them??) and have a look inside it. Anyway, nestled away on the backside of the PCB was an IC that surprised me. A quick lookup on the Interweb revealed non other than a Texas Instruments GPS SoC (can't remember the chip id, was about 4 years ago)? Hugh, I thought! There was no mention whatsoever of any GPS capability for this dongle, it wasn't a feature that was being touted as available etc.. and yet here we had a fully fledge self contained GPS tracking receiver built onto the PCB? I'm sure there's a legitimate need to track my precise position whilst I was using the dongle.... but still, makes you think!

Sleep tight.

2 0
1. Friday 23rd May 2014 09:44 GMT Anonymous Coward
  
  Re: Reminds me of what I found inside a 3G O2 dongle once...
  
  I'm seem to recall there's a requirement for all GSM devices to have GPS chips in them, so it's probably just that.
  
  0 3
  1. Friday 23rd May 2014 10:02 GMT Timmay
    
    @ obnoxiousGit
    
    Doubt it - don't think the basic GSM specification has really changed a great deal (other than addendums for 3G, LTE, etc) for years, pre-dating cheap and convenient GPS chips.
    
    Phones with built-in GPS only started coming out 7/8 years ago, after the 3G specification we still use today.
    
    I suspect the GPS chip was on there because it's the same circuitboard used in higher specification models, which do include that functionality. It's probably cheaper to just use the same design and disable (either in software or hardware) what you want to fit the cheaper model, than design, test, certify, and manufacture a whole separate board, for the sake of saving a few pence for the GPS IC.
    
    5 0
    1. Friday 23rd May 2014 10:22 GMT Anonymous Coward
      
      Re:
      
      @Timmay
      
      Sounds legit. Don't know if it had power going to it or just simply inert. However, assuming this kind of thing is common (leaving components on boards etc..), it's a prime target for being subverted.
      
      0 0
    2. Friday 23rd May 2014 10:33 GMT Stuart Castle
      
      Re: @ obnoxiousGit
      
      The industry has always done this... I remember way back in the dark ages of the 90s, when I was doing my degree, I heard of a trick ICL used to pull on their mainframes.
      
      They launched a range of mainframes, then, offered an expensive "upgrade" that doubled the disk space available. Do you know what the ICL engineer did while "upgrading" the disk storage? Flicked a switch that enabled the read/write heads on the other sides of the existing disks.
      
      Going back to the subject of what GCHQ has asked the Gruaniad to destroy, it may just be nothing more than them being over zealous and ordering the destruction of *anything* that might have cached even part of the data.
      
      0 0
      1. Friday 23rd May 2014 11:13 GMT Anonymous Coward
        
        Re: @ obnoxiousGit
        
        "They launched a range of mainframes, then, offered an expensive "upgrade" that doubled the disk space available. "
        
        At least HP required the 'engineer' to type a couple of commands, not just flick a switch. (IIRC there was also some very expensive newspaper-reading required.)
        
        0 0
      2. Friday 23rd May 2014 11:43 GMT Martin Gregorie
        
        Re: @ obnoxiousGit
        
        ...and upgrading an ICL 1902S CPU to a 1903S required one wire to be cut, to increase the clock speed, and use of a screwdriver to replace the 'ICL 1902S' badge with an 'ICL 1903S' badge.
        
        I'd be somewhat surprised if IBM and the rest of the seven dwarves didn't pull similar stunts.
        
        2 0
        
        Friday 23rd May 2014 12:01 GMT Nigel Campbell
        
        Re: @ obnoxiousGit
        
        The practice is still alive and well. Many SAN manufactures offer 'standard' and 'high-performance' firmware for their controllers. No hardware updates needed. CPU manufacturers still make multiplier locked chips.
        
        0 0
        
        Friday 23rd May 2014 16:25 GMT Anonymous Coward
        
        Re: @ obnoxiousGit
        
        > I'd be somewhat surprised if IBM and the rest of the seven dwarves
        
        > didn't pull similar stunts.
        
        They definitely did (I've heard multiple stories about it, including from my father-in-law who was an IBM salesman). I think IBM may have *invented* the process (barring the urban legend of brick masons building glass panes into chimneys ). These days IBM does the same thing, but does the change remotely in firmware.
        
        0 0
      3. Friday 23rd May 2014 12:30 GMT nematoad
        
        Re: @ obnoxiousGit
        
        "Going back to the subject of what GCHQ has asked the Gruaniad to destroy, it may just be nothing more than them being over zealous and ordering the destruction of *anything* that might have cached even part of the data."
        
        That reminds me of a story I heard about the actions of some people when electricity was replacing gas used for lighting. I was told that some people kept dead light bulbs in the sockets, "To stop the electricity leaking out". Seems to be on a par with this latest nonsense.
        
        1 0
        
        Friday 23rd May 2014 14:06 GMT Timmay
        
        @ nematoad
        
        some people kept dead light bulbs in the sockets, "To stop the electricity leaking out"
        
        Well, yes! The very same reason you must switch sockets OFF when nothing is plugged into them!!!!! It'll spill out onto the floor and cause a fire!
        
        1 0
      4. Friday 23rd May 2014 16:07 GMT Scroticus Canis
        
        Re: @ Stuart Castle
        
        Used to work for said firm back in those days and I never heard of such a disc upgrade (note the correct spelling of disc a la 90s non-IBM usage) but it might be so. Hum, thinking of it FDS350 to FDS700 and FDS2500 to FDS5000 upgrade could fit that picture.
        
        What was standard practice was the CPU/OCP (order code processor) were all the same for a given series and the fastest just weren't software slugged; pay less money and it counted to 1,000 before executing the next instruction, etc... down the range. So an upgrade was just loading a new kernel firmware module.
        
        IBM/Persatel did the same and you could for a fee boost your processing power during busy periods by entering a console command and revert to normal afterwards by same. The better performance usage was added to next months rental/maintenance charge which in truth was the big bucks earner back in the days of big iron.
        
        (why is there no "ye olde gitte" or "old codger" icon?)
        
        0 0
Friday 23rd May 2014 13:43 GMT smudge

Won't someone think of the mice?

You mentioned mice in the headline, but, as far as I can see, not in the article.

I recently worked on a large HMG project - sensitive, but not highly classified. At the end, HMG insisted that all the mice were destroyed.

Removable memory and storage media cleared in accordance with HMG standards - no problem. Destruction of printers - OK. Memory cards or chips that couldn't be removed from switches - we argued about them, but I think we destroyed them too.

But mice??? What information can a mouse retain?

0 0
1. Friday 23rd May 2014 14:45 GMT Piers
  
  Re: Won't someone think of the mice?
  
  > What information can a mouse retain?
  
  Well, since you ask, if it is a USB mouse, anything you like. You fit a USB hub and a memory stick in the case. Mouse still works, but it's a storage device as well.
  
  http://lifehacker.com/5653115/put-a-usb-dongle-inside-your-mouse-for-hidden-storage
  
  3 0
  1. Friday 23rd May 2014 16:04 GMT smudge
    
    Re: Won't someone think of the mice?
    
    It's so obvious, I'm embarrassed!
    
    In the environment in which they were used, there would have been little chance of someone modifying a mouse unobserved - and there was a good culture of "report anything suspicious". Also little chance of smuggling in a modified mouse.
    
    But since mice are cheap, why take the risk?
    
    My self-esteem has just come down a notch, and my respect for that customer has just gone up.
    
    0 0
2. Friday 23rd May 2014 16:32 GMT jelabarre59
  
  Re: Won't someone think of the mice?
  
  > But mice??? What information can a mouse retain?
  
  Depends on the mouse....
  
  http://tinyurl.com/28xwppp
  
  0 0
Friday 23rd May 2014 14:49 GMT Dan Paul

RE Smudge Won't someone think of the Mice? THEY ALREADY HAVE!

It may not be that a normal mouse would retain data, but that ANY USB device has the capability of containing a chip that COULD store data. It would be relatively simple to modify a mouse or keyboard this way. Since a typical PC Bios and boot routine "looks" for all connected USB devices during startup you could program such a device to do almost anything include keylogging, file storage, copying all save jobs, the list goes on and on. Add that there are bootable USB thumbdrives with built in AV and Operating systems and one could get VERY devious with a chip like that. That desktop you're looking at might not even be yours.

1 0
Friday 23rd May 2014 15:07 GMT Christian Berger

As with the rest of the performance, it's meant to spread FUD

The goal of this operation is to show people that you're going to have to deal with them when you want to exercise your democratic rights.

The GCHQ wants to be feared by democrats. So it makes sense for them to make you believe they compromised your computer. One way of doing that would be to modify the firmware or the hardware.

Obviously people are now thinking why they destroyed (for example) a keyboard controller. One plausible answer is to prevent people from analysing it and finding out that it is bugged. (Such things have been demonstrated)

If they want to keep up the story that they bug such things it only makes sense to go with it. Destroying parts which seemingly cannot be exploited only enforces this. After all you could use the inverter IC as a transmitter telling you the location of your victim. If you also control the service processor you can even send it data from the rest of your computer via the brightness/PWM signals.

0 0
Sunday 25th May 2014 23:09 GMT Wortel

Most power supplies today are either fully digital or have a digital compomemt managing power regulation/short circuit detection/etc. That third pin on your laptop brick is a signal pin.

It would not be too hard to modulate a signal onto the power lines in order to create serial communication lines in and around a power supply. It would be the last place people would look for data.

Rather convenient i'd say as such signals have the potential to travel quite far outside a device.

What do you think PowerLAN devices are doing?

0 0
Wednesday 28th May 2014 08:08 GMT Anonymous Coward

One of the most relevant information security industry news is that some USB peripheral devices can be hacked. I cannot find the most appealing article right now, but this one could give you an idea:

https://www.blackhat.com/us-14/briefings.html#badusb-on-accessories-that-turn-evil

Okay, most of the USB devices have an embedded processor and a code they run off the embedded flash memory. It applies to some trackpads, and it definitely applies to almost every USB memory stick. Not sure about the keyboards though. The proof of concept exploit was applicable to a limited number of USB sticks, by converting them to a generic computers with an ARM processor.

As long as NSA/GCHQ know about the vulnerability, they are doing the right thing by destroying whatever intelligent chips that could bee keeping any memory, or that could have been hacked otherwise.

Privacy International might want to add these clean up technics to their arsenal too.

0 0