+ Reply to Thread
Page 3 of 3 FirstFirst 1 3
Results 41 to 46 of 46

Thread: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

  1. Link to Post #41
    Unsubscribed
    Join Date
    23rd June 2013
    Location
    North America
    Age
    72
    Posts
    6,884
    Thanks
    12,723
    Thanked 29,293 times in 6,140 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Certainly we have heard of corrupted firmware in hard drives.. Corrupted hardware though as Paul says which would not go off until some controlled event happens.. And then systems which are not on the internet, or arpanet in-house.. If they've networked in-house, how soon before some other device is able to leak out what has been captured, in a non-obvious "networked" way? How about information destruction, where it takes a multitude of those "secure machines" doing an action where the sum total of the machines then creates the "deed", not just one machine with only a portion of the "code" to be carried out - distributed processing and distributed "activity".. an in-house viral network in other words, right in the middle of an ultra-secure (off the grid) military network..

    Seems to me cat and mice and how rats and mazes and webs are created will define how deep it goes.

    My point being the military IS circulating to all it's subscribers, that the argument from Apple and others thusly compromised is real, and to take Apple and other's poo poo'ing the attacks as mis-information fluff..

  2. Link to Post #42
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,566
    Thanks
    30,489
    Thanked 138,348 times in 21,474 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    One "random" example of a partial means of constructing such a covert communication channel comes to my mind just now.

    Setting up secure comm links between computers requires random numbers, from which secure keys are generated.

    What happens if the random number generator uses a clever bit of stenography, to hide a few bits of information in the slightly less than really random numbers that it generates. Then some other hidden chip, or hidden logic on a processor chip, could watch the data traffic, observe those "not quite so random" public keys pass by, and decide that now was the time to do something, such as to tell some other "not so random" random number generator near to it to "send out" some response data.

    Not one single bit, much less an entire packet, of unexpected data would show up to those watching for "uninvited traffic" on the wire, or in the air. Only an imperfect selection, or sequencing, of keys derived from not quite so random numbers would be visible, to those who knew what to look for.
    My quite dormant website: pauljackson.us

  3. The Following 4 Users Say Thank You to ThePythonicCow For This Post:

    avid (17th October 2018), Bob (17th October 2018), palehorse (15th December 2022), TargeT (17th October 2018)

  4. Link to Post #43
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,656 times in 8,694 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by Paul (here)
    One "random" example of a partial means of constructing such a covert communication channel comes to my mind just now.

    Setting up secure comm links between computers requires random numbers, from which secure keys are generated.

    What happens if the random number generator uses a clever bit of stenography, to hide a few bits of information in the slightly less than really random numbers that it generates.
    It's still a connection, connections can be tracked, unless they have compromised both end points (two "known good" systems that are allowed to connected, this is a possibility for sure; just a lot more difficult).

    I don't even really care what is in the Packets, I'm looking at Meta data (where is the packet going, is this a normal connection, what is the reason for the session etc...).

    Just like obama said "we aren't listening to your phone calls, it's just meta data"... and then proceeds to launch hellfire missiles at targets because of meta data...



    Quote Posted by Paul (here)
    Then some other hidden chip, or hidden logic on a processor chip, could watch the data traffic, observe those "not quite so random" public keys pass by, and decide that now was the time to do something, such as to tell some other "not so random" random number generator near to it to "send out" some response data.
    But there you have both ingress and egress which should be monitored and controlled; security Onion (the Bro aspect specifically) would catch this in a heartbeat with the correct rules set up.

    Quote Posted by Paul (here)
    Not one single bit, much less an entire packet, of unexpected data would show up to those watching for "uninvited traffic" on the wire, or in the air. Only an imperfect selection, or sequencing, of keys derived from not quite so random numbers would be visible, to those who knew what to look for.
    Anything that enters or leaves is looked at, but not "listened to" it's mostly about meta data.

    if you have a good understanding of what your network is suppose to be doing, it's very easy to catch when it's behaving aberrantly... we have gotten very good at this.

    If you want a break down, I'll provide one; however the TCP/IP protocol is very well defined, nothing "gets around it" as of yet because the network devices in between wouldn't know what to do with anything that doesn't follow the standard (or at least mostly follow the standard, there are a few exceptions like malformed packets etc.. but they are still packets).

    Traffic analysis & flow control, statefull packet inspection; but mostly traffic patterning and fingerprinting will prevent exfiltration of data, command and control channels.. pretty much everything.

    I think this is why it's so easy to make money in IT security... once you know what your doing (and, it's a VAST amount of knowledge) it's fairly easy to be highly effective.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  5. The Following User Says Thank You to TargeT For This Post:

    Bob (17th October 2018)

  6. Link to Post #44
    Avalon Member Flash's Avatar
    Join Date
    26th December 2010
    Location
    Montreal
    Posts
    9,636
    Thanks
    38,023
    Thanked 53,684 times in 8,938 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by TargeT (here)
    Quote Posted by Paul (here)
    One "random" example of a partial means of constructing such a covert communication channel comes to my mind just now.

    Setting up secure comm links between computers requires random numbers, from which secure keys are generated.

    What happens if the random number generator uses a clever bit of stenography, to hide a few bits of information in the slightly less than really random numbers that it generates.
    It's still a connection, connections can be tracked, unless they have compromised both end points (two "known good" systems that are allowed to connected, this is a possibility for sure; just a lot more difficult).

    I don't even really care what is in the Packets, I'm looking at Meta data (where is the packet going, is this a normal connection, what is the reason for the session etc...).

    Just like obama said "we aren't listening to your phone calls, it's just meta data"... and then proceeds to launch hellfire missiles at targets because of meta data...



    Quote Posted by Paul (here)
    Then some other hidden chip, or hidden logic on a processor chip, could watch the data traffic, observe those "not quite so random" public keys pass by, and decide that now was the time to do something, such as to tell some other "not so random" random number generator near to it to "send out" some response data.
    But there you have both ingress and egress which should be monitored and controlled; security Onion (the Bro aspect specifically) would catch this in a heartbeat with the correct rules set up.

    Quote Posted by Paul (here)
    Not one single bit, much less an entire packet, of unexpected data would show up to those watching for "uninvited traffic" on the wire, or in the air. Only an imperfect selection, or sequencing, of keys derived from not quite so random numbers would be visible, to those who knew what to look for.
    Anything that enters or leaves is looked at, but not "listened to" it's mostly about meta data.

    if you have a good understanding of what your network is suppose to be doing, it's very easy to catch when it's behaving aberrantly... we have gotten very good at this.

    If you want a break down, I'll provide one; however the TCP/IP protocol is very well defined, nothing "gets around it" as of yet because the network devices in between wouldn't know what to do with anything that doesn't follow the standard (or at least mostly follow the standard, there are a few exceptions like malformed packets etc.. but they are still packets).

    Traffic analysis & flow control, statefull packet inspection; but mostly traffic patterning and fingerprinting will prevent exfiltration of data, command and control channels.. pretty much everything.

    I think this is why it's so easy to make money in IT security... once you know what your doing (and, it's a VAST amount of knowledge) it's fairly easy to be highly effective.
    Sooo interesting Target, thank you

    As surprising as it may seem, this makes me think of neurolinguistic programming NLP.
    NLP knowledge is based on languace usage. Following the patterns, you may infer, or deduce, the mind programming (neuro) of a person.
    The keys are in the meta looking at language usage. Never in the content like it would be in regular psychotherapies. In therapies using NLP, you are not looking at the content because it is not necessary for intervention. You are looking at the ways language (linguistic) is used.

    From there you can easily profile someone’s personnality and use the right meta keys to communicate or intervene.

    You can do the same thing with groups although it is more complex, like the groups linguistic metadata used by -shish don’t remember his name - in his attempts to predict the future.

    Very interesting.
    How to let the desire of your mind become the desire of your heart - Gurdjieff

  7. The Following User Says Thank You to Flash For This Post:

    Bob (17th October 2018)

  8. Link to Post #45
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,566
    Thanks
    30,489
    Thanked 138,348 times in 21,474 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    Quote Posted by TargeT (here)
    But there you have both ingress and egress which should be monitored and controlled; security Onion (the Bro aspect specifically) would catch this in a heartbeat with the correct rules set up.
    If there are zero additional bits or bytes sent or received, and if all information sent or received is exactly as expected and desired, except for subtle patterns in the random numbers used to generate keys, then such correct rules are impossible. There are no additional or malformed or specially formed packets to look for. There is nothing in the data contents of the packet to look for. None. Ever.

    One would have to know how the random numbers were being specially selected to construct such a rule, which would be a challenge on the scale of Britain's cracking of Germany's Enigma code in World War II ... with much stronger mathematics on the side of those hiding their communications in the random number generator (which is becoming part of the chip logic.)
    My quite dormant website: pauljackson.us

  9. The Following User Says Thank You to ThePythonicCow For This Post:

    Bob (17th October 2018)

  10. Link to Post #46
    Unsubscribed
    Join Date
    23rd June 2013
    Location
    North America
    Age
    72
    Posts
    6,884
    Thanks
    12,723
    Thanked 29,293 times in 6,140 posts

    Default Re: Apparently China just can't resist embedding spyware (It's worse - lots worse. See Post #32)

    I've seen crypto keys cracked and I have used specifically injected pseudo random patterns, and it does not show up as a flag that can be seen.

+ Reply to Thread
Page 3 of 3 FirstFirst 1 3

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts