So basically I discovered that encrypting your HDD/SSD is pointless if it's firmware has been infected with spyware from the NSA.
Is it possible to completely erase the firmware and put an opensource version on there?
I know that trying to protect your PC against the NSA is pretty much pointless (they can just mirror your HD on a million other drives and brute force their way in in minutes) but I'd rather try to close all backdoors present in hardware.
I already use libreboot on my T400 and gentoo so I'm on the right track
sources:
http://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/
http://spritesmods.com/?art=hddhack&page=6
Hiding something?
>>54704722
hi NSA
no, I just value privacy
>>54704748
the nsa does not give a fuck about you. The only way they could get access to your encrypted data is if it was worth millions. You're not worth their time.
>>54704748
Why?
>>54704794
>>54704800
I know that they don't care about me.
It's just me being autistic probably.
I'm just asking if it's been proven possible yes or no and if yes, how to do it.
>>54704825
Okay cool. Well I don't know, but I'm curious now too. It sounds like it should be possible, anything is possible, right? With hardware it just involves slightly more dicking about.
>>54704794
I am sorry that you don't think my life is interesting, but that doesn't give you the right to invade my privacy.
If people on this board who does stuff like that for fun, can't get privacy, how is people who actually need it going to?
>>54704794
caring about privacy is about principles, not practicality
people make a big deal about privacy not because they themselves need it, but to create the tools so that it is available to other people who do need it
>>54704691
Your post screams you dont know shit about encryption AND backdoors (firmwares either)
>>54704691
And the chinks who build your board also installed firmware that duplicates all your network controller data and sends it to they're monitoring server.
Go to sleep dad.
Time to bring up a new open architecture.
>>54704691
Welcome to a year ago.
Its been something of a suspicion within the security researchers for years
I use whatever xubuntu uses by default which i think is good enough. The question is though, what if the drive itself is backdoored
why even waste your time encrypting? if the government have any reason to suspect there is evidence for a crime on your hard drive they can hold you in a cell until you tell them the password, your expectations for encryption is a lot like thinking that because you lock your door police cant enter your home under any circumstances because 'privacy'
>>54706531
Who says its just for the police? I dont want niggers stealing my shit
This is basically a battle you can't win. If the firmware is infected it can pretend to be wiped, while not actually being wiped were you to attempt to install open source firmware.
You could buy a new hard drive, but what if that's delivered infected?
Regardless, not much point in hard drive encryption from the government in my eyes, unless you're doing something illegal and there's a chance your drive will be seized. As long as your computer is on, hard drive encryption does nothing and that's when most anyone is gonna try to attack you. Why infect your firmware if they can just lift the files directly from your computer?
>>54706634
keep it all on the cloud :^)
>>54706531
>not keeping a cellphone detonatable thermite grenade in your laptop
They can't find evidence that doesn't exist.
>>54705065
I'd definitely be more concerned about the chinks.Even with the whole firmware thing put aside, they are relentless with their attempts to get into everything attached to the internet. Who knows what their government sponsored agencies are capable of.I don't trust anything entirely,in terms of security,to protect my shit anymore.
>>54704794
>You're not worth their time.
>The NSA catalogs and stores petabytes of worthless data.
>>54706644
Why would compute be on
>>54704691
>brute force their way in in minutes
Yeah AES256 isn't a couple of minutes kind of encryption
>>54704691
It depends, device specific or vendor encryption is compromised by nsa. But open source tool like veracrypt/dm crypt are ok. If these tools are used together with full disk encryption (maybe even os running live) then even backdoored firmware has no effect.
>>54706655
Sure, just get the guaranteed 10+ years in the pen for destruction of evidence, attempted murder of a federal agent etc etc.
>>54704691
>tfw intel ssds (EVEN THE OLDEST ONES) are NOT affected
I was telling you guys to get Intel. You said no because MUH SAMSHIT. Now enjoy your firmware viruses.
Kek
>>54706878
a petabyte isn't very much theses days, grandad.
I wonder if an encrypted VM system could be devised where,upon entering a password on the main OS,the virtual machine is silently destroyed in the background? Say you have encryption on the main OS,it has the password apple for normal unlocking,and the password apple1 to unlock the OS AND destroy the VM.Something like this would be useful,imho.
>>54706878
>>54707086
Actually zettabytes of data.
>>54707086
No it wouldnt because it makes no sense. If it runs in ram (vm) then it cannot be encrypted. If main os is running but locked, fbi/nsa will copy contents of ram and with that also encryption/decryption keys
You're sort of Not Even Wrong.
Points:
- NSA cannot crack strong encryption, your stuff about "mirror"/"brute-force" is bullshit, unless you choose a weak passphrase - use at least 100 bits of real entropy and you're good, try Diceware
- can try to work around encryption: coldboot/remanance/NONSTOP
- Possible paths any really determined attacker could try to take to inject malware: SPI Flash/UEFI/BIOS/Intel ME/CPU microcode (); PCI/PCIe device option ROMs (NIC is a solid favourite, see BULLDOZER); bootloader on modified HDD/SSD used as a boot drive, except with Secure Boot with non-default keys (IRATEMONK, installed via TWISTEDKILT); modified RAM (e.g. WOLF SPIDER, lab only); Thunderbolt/Firewire DMA (unless range-protected with VT-d); keyboard devices, e.g. USB, if you are logged on/can type, or keylog (e.g. COPPERHEAD, COTTONMOUTH, WILDIDOL)
- all of these are tested but most of them are crazy talk when 99% of targets just open invoice.docm.pdf.scr
- also, even if you are a diplomatic target it would probably be much cheaper and less hassle to roofie you or just flash tits and get you very very drunk
- but trying several different techniques at once is SOP for major intel orgs
- libreboot is not a supported platform for implant dev, most of the paths are fruitless - sign your bootloader and encrypt your hard disk and you're more or less golden against HDD firmware
- disk encryption modes don't provide authentication, so malleability attacks remain possible for those with persistent or repeated access
tl;dr: You're being needlessly paranoid, which can make for an interesting topic of discussion but not a very fruitful one. Tailor your defences to your actual threat model, which is, I quote "niggers stealing your shit". It's a Thinkpad T400, not a Macbook. You're probably good against that anyway. UV mark it with your address, encrypt the drive, you're probably good.
>>54707014
Still better than indefinitely
How about you just never allow a device with an active internet connection to interface with your NSA secure HDD or SSD?
>>54706486
that's the whole point of OP's post
>>54707025
source? if you don't provide a reliable source you're just another shill
>>54707316
This may seem like a good option, but how can I shitpost on 4chan then?
>>54704691
Libreboot
>>54710565
>Libreboot has support for fam15h AMD hardware (~2012 gen) and some older Intel platforms (~2006-2009 gen). We also have support for some ARM chipsets (rk3288)
Great.
>>54710658
He asked how. He never specified anything other than that. Libreboot would work, and not at all be optimal. Depends on how bad you want the end result.
>>54708581
>This may seem like a good option, but how can I shitpost on 4chan then?
SSH through a line you trust (preferably one on your home network) onto a computer who's sole responsibility is to interface to the internet, and wait for the NSA to get tired of your shit and just cave in your door
did any of you guys even read the article? this affects windows only..
>>54704794
>just leave your front door unlocked or opened, we guarantee thieves won't give a fuck about you
>>54706655
SURELY REMOTE-DETONATED THERMITE GRENADES ARE COMPLETELY LEGAL. 10/10 would reccomend
>>54710794
D A T A D I O D E S
A
T
A
D
I
O
D
E
S
>>54706644
What does it even matter if the firmware is infected? It's still going to write the bytes to the drive. How would it be smart enough to know "Oh now he's writing random data to wipe stuff instead of meaningful data. I'd better not write this data, just pretend to."? Same goes for encryption. Or am I being an asshat?
>>54711171
It's possible
https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
>>54710826
Did you even read the article? The second link clearly shows someone hacking into a linux machine using hacked firmware in his HDD
>>54711229
That's really cool, and scary. Thanks for the read.
>>54706531
They can't force you to tell them your password, you need to read a fucking book, or at least do a Google search.
>>54710843
more like
>someone could possibly break in my house better go live in a bunker forever
If the nsa wants your data bad enough they're going to get it. 99% of people using encryption are not worth the effort it takes to decrypt
>>54711439
Enjoy your indefinite detention when you don't give up your password.
>>54710859
In the US, as long as the structure is not burned (cuz then it's arson), and you have no more than 0.25 oz useable explosive it's all good. And unless they claim it as evidence first, I can't see how they could do shit.
Nichrome wire ignites magnesium starter, which sets off thermite, of an amount which will render the harddrive useless, but not burn the place to the ground. Zero explosives.
The times have come, when it's better to not have any private data on a computer that's connected to any network and have a computer disconnected from everything to store some private data if you really have to. It all goes down to trust to another human - in this case to the people who built and programmed your computer. Do you trust them? I have no reason to do so. It's really simple when you think about it. Looking for a good security implementation is futile. I think it's better to think what cool things can you do with a computer instead. Drop the security obsession, it's toxic and stops you from doing other things.
>>54711439
https://nakedsecurity.sophos.com/2016/04/28/suspect-who-wont-decrypt-hard-drives-jailed-indefinitely/
well thanks for proving my point buddy
Don't use passwords or encryption.
Use a stateless browser.
Keep everything in da cloud.
Fucking judge going to order you to give passwords for shit they don't even know you use? lel
>>54706957
I think you are missing the point, if your firmware has malware it doesn't matter what you do with the content.
Btw: blackhat usa memory sinkhole x86 really cool one
Also remember those kids who rm -rf their bios? Being able to write your bios in the latest msi laptops screams i like to be backdoored?
who fucking cares? no one here has firmware infected by the fucking nsa
jesus christ you people are fucking retarded
Just encrypt individual folders or files.
>>54715682
Lmao, are you fucking retarded?
Thats not even a doubt, everything is compromised or have security holes tm(software, so's,firmware), are you so fucking braindead?
Memory sinkhole x86, easily oberwritten bios in latest stuff, also microsoft botnet everywhere, you are a fucking ignorant.
>>54715739
>LOL MUH BOTNET
you are literally a /g/ tool. whatever helps you fit in here i guess.
here is a fucking tip: if the nsa actually cared about you nothing would stop them. grow a fucking brain you child
they can steal your encryption key and keylog your password, but they would still need physical access for your disk encryption to actually matter. you don't understand the threat model.
>>54715748
You just proved my point, if the nsa cared nothing would stop them, intense debate kek
>>54715773
If your firmware is compromissed they already have access, they don't even nees keyloggers... why people who don't know shit give their worthless opinions?
>>54715809
And then what? They still need physical access otherwise they upload your data and since retards like you have no concept of logging.
Trying to look smart is not working.
>>54715836
Who said anything about them uploading it anywhere? Why on earth would they do that? Do you see how limited are you, and even worse, project your own logical flaws on others?
Looking smart? To impress you? Lmao, yeah bro they will all remember that red pilled anon, and oh wait, we are anons, idgaf of what your worthless opinion about me is
>>54715879
So then they need physical access to the drive. In which case you wouldn't last one night in jail anyways you fucking turbo nerd.
Go back to your linux shill threads.
How paranoid are you people ffs
>>54715933
Not paranoid enough.
The only way to be sure of your computer integrity is to build your own hardware.
That's a pain so instead I simulate a computer in Dwarf Fortress that runs on water wheels and screw pumps. Which in turn runs a copy of Minecraft that is simulating it's own computer.
Autism Inception.
>>54715677
>no effect
If the encryption is somehow done in the drive firmware or the drive controller has direct memory access then maybe. Otherwise all it can do is send your encrypted-by-not-the-drive data to the NSA. And even they can't crack AES256.
>Rewriting BIOS because of the efivars bug
All they could do is change a few config options the EFI exposed to the OS, not the entire firmware.
>>54715903
How do you jump from them not uploading it to phisical access? Lmfao, never shilled anything related to linux
>>54715978
kek
>>54715987
>you just said maybe, rest is irrelevant
If you and me can come with a maybe in a 2 minute discussion just as I wope up, imagine NSA with millions of shekels
>All they could do is change a few config options the EFI exposed to the OS, not the entire firmware.
thanks for the info, then again, the specific vuln is nothing but an example
>>54711674
>having all these knowledge regarding explosives
Nice, you just set yourself up for investigation
>>54716085
Don't worry, he seems ready. kek
>>54716085
>Knowledge regarding explosives
Or y'know, paid attention & got blinded in 8th grade science. The laws part comes from reading the NFA.
>>54716118
When the ATF can figure out how to entrap people who aren't literally retarded, arresting people because "shoestrings r masheengunz, and copper wool iz a suppressor", or hell, manage to park correctly, then I might consider them a hazard to anything other than a neighbors dog.
>>54716160
The problem is, they probably can, but they can't legally prove it, it is a very tricky part of the equation that most people overlook, the thing is, by the time they want to use it, it will be late. I just want to avoid not being in control, which is impossible in [current year] and will become harder and harder.
It is an interesting topic, about how police often use illegal means to internally prove it, and then find for a legal way to prove you are guilty, once you know who did what, you can find other ways of incriminating them.
>>54716229
Have you read what those fuckwits do? they set up a "sting shop" for months, can't catch so much as a dumbass gangster, so to save face they charged the actual mental deficient they hired to stock shelves.
That or they harass people for months on end to try to get someone to say "fuck it, if I do what you say will you leave me alone" then slap them with conspiracy to commit tax evasion, if they didn't actually do it. If they actually make something illegal, then its tax evasion & whatever else they can come up with (Selling/producing title II items without a licence).
If they can come up with anything, they break in and leave a statue of a hand flipping the bird.
>>54715978
>The only way to be sure of your computer integrity is to build your own hardware.
This, but we'd have to start from scratch. I'm sure there are anons ou there doing this, ofcourse they wouldn't reveal it to the world or they'd be infected by NSA spyware in no time. Let's just hope that one day, if they've finished their computer and it's ready to be massproduced, we can finally live in freedom
>inb4 the NSA finds out anyway and we'll allways be their puppet
>>54716322
If only we could have affordable FPGA's that could handle multicore and hit a decent clockspeed.
>>54716322
really all that needs to happen is to repeal the unconstitutional patriot act. Unfortunately if Hillary becomes president and she will, she has said her goal is to crate laws that get around the second amendment. If things keep following this pattern the president after her will create laws that take away the first amendment and then whats left? we just have to get used to being the governments bitch. because if the right to assemble and have free speech is gone we might as well live in a dictatorship. we'll be like every other shitbag country and all that our forefathers had fought for will be lost. It will lead to a very nasty cavil war against people that were just a few years ago perfectly upstanding citizens. the liberals against anyone that isnt a far left fascist.
>>54717574
>far left
>fascist
>>54706806
the chinks only care about your money, the NSA wants you to accept your fate as a pawn of the government
>>54704691
Only if you use standard solutions.
Change a couple details in the implementation, compile everything yourself, and suddenly NSA can't get to you.
You wouldn't imagine how easily you can keep hackers away by renaming all basic terminal tools, switching the order of parameters, and making a couple basic modifications to compilers so only you can make proper code they'll accept. Come up with your own norm which you use everywhere, and suddenly people will be completely unable to do anything.
