+ Reply to Thread
Page 3 of 3 FirstFirst 1 3
Results 41 to 46 of 46

Thread: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

  1. Link to Post #41
    Avalon Member Bob's Avatar
    Join Date
    23rd June 2013
    Location
    North America
    Age
    66
    Posts
    6,467
    Thanks
    11,403
    Thanked 26,693 times in 5,731 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Certainly we have heard of corrupted firmware in hard drives.. Corrupted hardware though as Paul says which would not go off until some controlled event happens.. And then systems which are not on the internet, or arpanet in-house.. If they've networked in-house, how soon before some other device is able to leak out what has been captured, in a non-obvious "networked" way? How about information destruction, where it takes a multitude of those "secure machines" doing an action where the sum total of the machines then creates the "deed", not just one machine with only a portion of the "code" to be carried out - distributed processing and distributed "activity".. an in-house viral network in other words, right in the middle of an ultra-secure (off the grid) military network..

    Seems to me cat and mice and how rats and mazes and webs are created will define how deep it goes.

    My point being the military IS circulating to all it's subscribers, that the argument from Apple and others thusly compromised is real, and to take Apple and other's poo poo'ing the attacks as mis-information fluff..
    Each of us play our part in creating a new story for humanity and our planet ~

  2. The Following 3 Users Say Thank You to Bob For This Post:

    avid (17th October 2018), Paul (17th October 2018), TargeT (17th October 2018)

  3. Link to Post #42
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    70
    Posts
    26,486
    Thanks
    25,737
    Thanked 119,443 times in 19,423 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    One "random" example of a partial means of constructing such a covert communication channel comes to my mind just now.

    Setting up secure comm links between computers requires random numbers, from which secure keys are generated.

    What happens if the random number generator uses a clever bit of stenography, to hide a few bits of information in the slightly less than really random numbers that it generates. Then some other hidden chip, or hidden logic on a processor chip, could watch the data traffic, observe those "not quite so random" public keys pass by, and decide that now was the time to do something, such as to tell some other "not so random" random number generator near to it to "send out" some response data.

    Not one single bit, much less an entire packet, of unexpected data would show up to those watching for "uninvited traffic" on the wire, or in the air. Only an imperfect selection, or sequencing, of keys derived from not quite so random numbers would be visible, to those who knew what to look for.
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  4. The Following 3 Users Say Thank You to Paul For This Post:

    avid (17th October 2018), Bob (17th October 2018), TargeT (17th October 2018)

  5. Link to Post #43
    Virgin Islands Avalon Member TargeT's Avatar
    Join Date
    30th June 2011
    Location
    St. Croix
    Age
    39
    Posts
    7,164
    Thanks
    20,523
    Thanked 36,807 times in 6,696 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by Paul (here)
    One "random" example of a partial means of constructing such a covert communication channel comes to my mind just now.

    Setting up secure comm links between computers requires random numbers, from which secure keys are generated.

    What happens if the random number generator uses a clever bit of stenography, to hide a few bits of information in the slightly less than really random numbers that it generates.
    It's still a connection, connections can be tracked, unless they have compromised both end points (two "known good" systems that are allowed to connected, this is a possibility for sure; just a lot more difficult).

    I don't even really care what is in the Packets, I'm looking at Meta data (where is the packet going, is this a normal connection, what is the reason for the session etc...).

    Just like obama said "we aren't listening to your phone calls, it's just meta data"... and then proceeds to launch hellfire missiles at targets because of meta data...



    Quote Posted by Paul (here)
    Then some other hidden chip, or hidden logic on a processor chip, could watch the data traffic, observe those "not quite so random" public keys pass by, and decide that now was the time to do something, such as to tell some other "not so random" random number generator near to it to "send out" some response data.
    But there you have both ingress and egress which should be monitored and controlled; security Onion (the Bro aspect specifically) would catch this in a heartbeat with the correct rules set up.

    Quote Posted by Paul (here)
    Not one single bit, much less an entire packet, of unexpected data would show up to those watching for "uninvited traffic" on the wire, or in the air. Only an imperfect selection, or sequencing, of keys derived from not quite so random numbers would be visible, to those who knew what to look for.
    Anything that enters or leaves is looked at, but not "listened to" it's mostly about meta data.

    if you have a good understanding of what your network is suppose to be doing, it's very easy to catch when it's behaving aberrantly... we have gotten very good at this.

    If you want a break down, I'll provide one; however the TCP/IP protocol is very well defined, nothing "gets around it" as of yet because the network devices in between wouldn't know what to do with anything that doesn't follow the standard (or at least mostly follow the standard, there are a few exceptions like malformed packets etc.. but they are still packets).

    Traffic analysis & flow control, statefull packet inspection; but mostly traffic patterning and fingerprinting will prevent exfiltration of data, command and control channels.. pretty much everything.

    I think this is why it's so easy to make money in IT security... once you know what your doing (and, it's a VAST amount of knowledge) it's fairly easy to be highly effective.
    There was a 1: 400,000,000,000,000 chance of you being born: what have you done with your miraculous life today?

  6. The Following User Says Thank You to TargeT For This Post:

    Bob (17th October 2018)

  7. Link to Post #44
    Avalon Member Flash's Avatar
    Join Date
    26th December 2010
    Location
    Montreal
    Posts
    8,857
    Thanks
    35,747
    Thanked 47,854 times in 8,169 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by TargeT (here)
    Quote Posted by Paul (here)
    One "random" example of a partial means of constructing such a covert communication channel comes to my mind just now.

    Setting up secure comm links between computers requires random numbers, from which secure keys are generated.

    What happens if the random number generator uses a clever bit of stenography, to hide a few bits of information in the slightly less than really random numbers that it generates.
    It's still a connection, connections can be tracked, unless they have compromised both end points (two "known good" systems that are allowed to connected, this is a possibility for sure; just a lot more difficult).

    I don't even really care what is in the Packets, I'm looking at Meta data (where is the packet going, is this a normal connection, what is the reason for the session etc...).

    Just like obama said "we aren't listening to your phone calls, it's just meta data"... and then proceeds to launch hellfire missiles at targets because of meta data...



    Quote Posted by Paul (here)
    Then some other hidden chip, or hidden logic on a processor chip, could watch the data traffic, observe those "not quite so random" public keys pass by, and decide that now was the time to do something, such as to tell some other "not so random" random number generator near to it to "send out" some response data.
    But there you have both ingress and egress which should be monitored and controlled; security Onion (the Bro aspect specifically) would catch this in a heartbeat with the correct rules set up.

    Quote Posted by Paul (here)
    Not one single bit, much less an entire packet, of unexpected data would show up to those watching for "uninvited traffic" on the wire, or in the air. Only an imperfect selection, or sequencing, of keys derived from not quite so random numbers would be visible, to those who knew what to look for.
    Anything that enters or leaves is looked at, but not "listened to" it's mostly about meta data.

    if you have a good understanding of what your network is suppose to be doing, it's very easy to catch when it's behaving aberrantly... we have gotten very good at this.

    If you want a break down, I'll provide one; however the TCP/IP protocol is very well defined, nothing "gets around it" as of yet because the network devices in between wouldn't know what to do with anything that doesn't follow the standard (or at least mostly follow the standard, there are a few exceptions like malformed packets etc.. but they are still packets).

    Traffic analysis & flow control, statefull packet inspection; but mostly traffic patterning and fingerprinting will prevent exfiltration of data, command and control channels.. pretty much everything.

    I think this is why it's so easy to make money in IT security... once you know what your doing (and, it's a VAST amount of knowledge) it's fairly easy to be highly effective.
    Sooo interesting Target, thank you

    As surprising as it may seem, this makes me think of neurolinguistic programming NLP.
    NLP knowledge is based on languace usage. Following the patterns, you may infer, or deduce, the mind programming (neuro) of a person.
    The keys are in the meta looking at language usage. Never in the content like it would be in regular psychotherapies. In therapies using NLP, you are not looking at the content because it is not necessary for intervention. You are looking at the ways language (linguistic) is used.

    From there you can easily profile someone’s personnality and use the right meta keys to communicate or intervene.

    You can do the same thing with groups although it is more complex, like the groups linguistic metadata used by -shish don’t remember his name - in his attempts to predict the future.

    Very interesting.
    How to let the desire of your mind become the desire of your heart - Gurdjieff

  8. The Following User Says Thank You to Flash For This Post:

    Bob (17th October 2018)

  9. Link to Post #45
    United States Administrator Paul's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Age
    70
    Posts
    26,486
    Thanks
    25,737
    Thanked 119,443 times in 19,423 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by TargeT (here)
    But there you have both ingress and egress which should be monitored and controlled; security Onion (the Bro aspect specifically) would catch this in a heartbeat with the correct rules set up.
    If there are zero additional bits or bytes sent or received, and if all information sent or received is exactly as expected and desired, except for subtle patterns in the random numbers used to generate keys, then such correct rules are impossible. There are no additional or malformed or specially formed packets to look for. There is nothing in the data contents of the packet to look for. None. Ever.

    One would have to know how the random numbers were being specially selected to construct such a rule, which would be a challenge on the scale of Britain's cracking of Germany's Enigma code in World War II ... with much stronger mathematics on the side of those hiding their communications in the random number generator (which is becoming part of the chip logic.)
    *** Avalon Forum Guidelines - Membership Guidelines.
    *** ProjectAvalonStatus.net - Check here for forum status.
    Formerly known as "ThePythonicCow", aka "Cow", "Mooster", ...

  10. The Following User Says Thank You to Paul For This Post:

    Bob (17th October 2018)

  11. Link to Post #46
    Avalon Member Bob's Avatar
    Join Date
    23rd June 2013
    Location
    North America
    Age
    66
    Posts
    6,467
    Thanks
    11,403
    Thanked 26,693 times in 5,731 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    I've seen crypto keys cracked and I have used specifically injected pseudo random patterns, and it does not show up as a flag that can be seen.
    Each of us play our part in creating a new story for humanity and our planet ~

  12. The Following User Says Thank You to Bob For This Post:

    Paul (17th October 2018)

+ Reply to Thread
Page 3 of 3 FirstFirst 1 3

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts