Submit documents to WikiLeaks

Click here: => easexdtobas.fastdownloadcloud.ru/dt?s=YToyOntzOjc6InJlZmVyZXIiO3M6MzA6Imh0dHA6Ly9iYW5kY2FtcC5jb21fZHRfcG9zdGVyLyI7czozOiJrZXkiO3M6MTY6Ik5zYSB3aWtpcGVkaWEgcGwiO30=


Others have made comments that appear as if they are fact when they are not. In August 2013, following the Snowden leaks, new details about the NSA's data mining activity were revealed. It also includes offensive cyberwarfare capabilities, like injecting malware into remote computers.

Office of the Under Secretary of Defense Comptroller , USA. Legal opinions on the NSA's bulk collection program have differed. Modern voice switches now have this capability built in, yet Internet equipment almost always requires some kind of intelligent Deep Packet Inspection probe to get the job done.

Submit documents to WikiLeaks

The implant will enable covert functions to be remotely executed within the router via an Internet connection. After the transfer process is complete, the PBD will be installed in the router's boot ROM via an upgrade command. The PBD will then be activated after a system reboot. Once activated, the ROC operators will be able to use DNT's HAMMERMILL Insertion Tool HIT to control the PBD as it captures and examines all IP packets passing through the host router. The cover name for this joint project is TURBOPANDA. Page, with graphics, is. General information about TAO and the catalog is. This one is interesting. It basically turns the router into an eavesdropping platform. In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on. Do we have more details about BANANAGLEE besides the codename? The description doesn't explicitly say, but I imagine that the internal functioning is an extra set of rules, much like the router would normally use, but geared more towards an intrusion detection system like SNORT. If it's ever found in the wild by a disinterested not gov't- or corporate-employed researcher, I bet there will be some real revelations... I would also guess that there is a potential for a noticeable performance hit--try looking for everything, and the router starts bogging down. Next thing you know, the local maintenance department is digging into the system or looking at replacing it because it's bogging down the system. I would guess that the performance impact is one of the things the ROC would watch--balancing stealthiness against the eavesdropping requests. Every piece of hardware, every piece of software, every operating system, every BIOS, every firmware, every chip, every motherboard. Not because open source enables every individual to verify, indeed not everyone has the expertise to understand. But because the principle of openness makes it harder to hide things. What grows in the darkness of secrecy withers in the light of openness. Closed source, more secrecy, making things unchangeable, and pointless talking heads assuring everyone everything's ok are not the answers. More freedom and openness is the answer. To be clear, open source is not a panacea. Being open does not guarantee something is trustworthy. It only guarantees it CAN BECOME trustworthy, over time, with enough peer review. Whereas closed source is impossible to become trustworthy, by virtue of its resistance to review. No verify, no trust, ever. Verify, someday maybe trust. The age of consumer devices being designed to do firmware updates without physical presence and approval of the owner needs to come to an end. Companies will complain about 'field units' and sending staff in a truck to some remote installation, but hey, if you want real security, too bad, suck it up and send someone to throw the switch for the upgrade. Having the option to use a physical write protection switch is always a good thing, but beware that some such switches already existing on some media devices are in fact software switches that don't offer any real protection... For example, if a compromised router comes across data that needs to be sent back to the ROC, how does it get there stealthily? Maybe there is an NSA version of TOR installed along with the PDB--some obfuscated destination that, once it gets into the right hands, gets routed appropriately. But that, by itself, wouldn't cover the fact that the traffic output from a compromised router would be much higher than it should be. I'm not sure what kind of traffic analysis would need to be done, but if the router is making copies of interesting data and redirecting it to the ROC, then the packet count going into the server should be significantly different from that coming out. A safe in your house made of tinfoil is secure if nobody can find it, sure, but the best solution is a safe nobody can open if it's found. Anybody that gets in your house when you're out of town will have ample time to find your tinfoil safe. On the other hand, if I take a letter, and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism--and you still can't open the safe and read the letter--that's security. Clearly they can't echo everything because it'll be noticed by volume alone. But they don't have to echo the whole stream, because they mostly have it already if they have the backbone compromised. What they need is the keys for encrypted traffic going onto the Internet e. VPN between office branches , and the internal traffic that doesn't go out. Leaking keys should be really easy because the volume is so small. Piggyback it on DNS queries, respond to a few of the usual torrent of breakin attempts that any Internet-exposed box gets. Routine NTP time checks? And I'd guess a good implant would do some observing; if there's a lot of Facebook traffic, just add a few packets from time to time. If there's a lot of porn site visiting, add a few more. Google, Gmail, Yahoo, etc. Exfiltrating larger quantities of internal-only traffic would seem harder, but in the common office-to-office VPN scenario, if they can observe the traffic at some point they can sneak in a few extra packets or fields. As long as the other end has also been compromised so it doesn't object... When I look at what goes in and what comes out of the enterprise-grade VPN box here, I see all kinds of mostly TCP stuff on the inside, HTTP, FTP, Windows SMB, etc, and nothing but RFC 4303 ESP packets on the outside. Packet sniffing on both sides at once tells me nothing; it would take much better tools to see anything amiss. Most of my recent routers have less and less ability to monitor or modify. I see why now. They don't want users to have control. I don't think the NSA needs to use their tricks on American hardware, the backdoors and loggers are already built into the chip. As for delivery home, I'm not sure how it would play out. If I were a super-secret paranoid spy agency, guaranteed delivery would be a lot more important than depending on another hacked site to gather up your messages-in-a-bottle. If you're trying to keep a random admin from stumbling upon your secret DarkNet routing tables, I guess you could reserve some memory--especially since a lot of these are firmware updates. Getting toward the outer limits of my expertise, but could oddball memory usage be a worthwhile indicator of a compromise? Depending on the CPU architecture, they might have been able to make their backdoor live entirely in RAM instead. I'd almost prefer firmware that automatically reflashes itself weekly, from updates the manufacturers' HTTPS site. Sure, it's an easy path in for anyone who can compel the CA or the manufacturer to deliver you dodgy firmware - but at least that's a legal path. How does handing permanent access to the first random hacker NSA or not with an exploit for your old firmware help any? As an end, it can be achieved by taking control of the situation in one way or another. Physical control may prevent an attack by interposing an obstacle to big to be physically moved. Epistemological control may prevent an attack by denying an attacker the knowledge that they need to interfere. I understand that a black-bag job can do a firmware update even if one must flip a switch to enable the update; and that in-RAM non-persistant malware doesn't need to update the firmware. I'm just saying, hardware write-protect to persistent storage is one of many defenses that nowadays just seems to be out of fashion. I'm old enough to remember floppy discs that had a hole cut in the side or a slot that could be closed to control writing. It's always bothered me that USB keys similarly should all have a hardware switch to prevent writing and the SD card standard didn't mandate that the write-protect switch was implemented either! Seems to me that when it come to terrorists and serious spies the NSA and GCHQ are now a busted flush. Both the US and UK governments could save big bucks by cutting back both operations. Then again what useful information could looking into folk's computers and comms discover - what Uzbek tank commanders eat for breakfast, the colour of Mrs Merkel's underwear, the sex antics of oil sheiks, the latest method India uses to manufacture some drug or other. Interesting but nearly useless. Of more use - who buys typewriter ribbons on Ebay. Much more sinister is passing across the doings of local political opponents - very wrong, let politicians flog each other in public - to use spying is to subvert democracy. As for understanding the intentions of governments - that is what embassy parties are for - local knowledge - getting into bed literally with your target. Similarly with industrial secrets - there are really very few secrets - what matters is the state of education and sophistication within a nation. A close study of trade press and academic journals and the blogs reveals a lot - what one can do, so can another. Then there is the cost. From a cold financial point of view the damage terrorists do does not amount to much and there is no evidence spying has any real chance of stopping terrorists - the ones that have been publicly unmasked were pretty poor specimens. But any terror event is embarrassing to the politicians, it makes them look powerless and to avoid that seems worth any cost to the taxpayer. Maybe what really scares the politicians is just you and me. David D-databases can grow pretty quickly, so offline persistence is a question--does HEADWATER run the exploit autonomously and report, or only when told to with a live stream? If it's ever found in the wild by a disinterested not gov't- or corporate-employed researcher, I bet there will be some real revelations... As long as the other end has also been compromised so it doesn't object... When I look at what goes in and what comes out of the enterprise-grade VPN box here, I see all kinds of mostly TCP stuff on the inside, HTTP, FTP, Windows SMB, etc, and nothing but RFC 4303 ESP packets on the outside. Packet sniffing on both sides at once tells me nothing; it would take much better tools to see anything amiss. There may be no need to sneak a few packets to the government - the whole stream may be legal. Modern voice switches now have this capability built in, yet Internet equipment almost always requires some kind of intelligent Deep Packet Inspection probe to get the job done. In both cases, the intercept-function must single out a subscriber named in a warrant for intercept and then immediately send some headers-only or all full content of the intercepted data to an LEA. The LEA will then process this data with analysis software that is specialized towards criminal investigations. Didn't FX Lindner had an presentation about Huawei? From what I remember the software on them was so bad than even your grandmother could write an exploit for them. As it is most certainly used against you. CC and EAL is also pretty laughable, you only have t look at the TOR to realise the assurance is only valid when left in the box i a dark room with the moon aligned to Pluto. I guess i'm just a paranoid old security consultant but these revelations dont surprise me, though they are interesting to look at in the clear light of day. This assumes the router operator is an honest broker and not just a shill for the NSA or its Chinese counterpart. Imagine that the router has the ability to compute a one-time pad member number. If there's any error the device can't start up. If there's an error after that you can do any number of things such as take the router offline, raise an alarm, etc. I think this gives three possible places to attack: the router, home, and man-in-the-middle. Assuming that the crypto is sufficiently good you ought not to be able to predict what the sum should have been so you can't either force the router to emit it or have a MITM emit it. That leaves a compromise of the central device, which is always possible but I would hope easier to detect. There are fewer of them and they can be in more monitored and checked locations than a distributed network of routers. You could say that I haven't solved the problem - just moved it upstream. More importantly, as someone inside this industry and with an intimate knowledge of the hardware and software involved, it is a well-known secret that Huawei simply steals or copies other companies software and designs. So the bigger question here is whether this backdoor existed in some IP they stole from elsewhere, or if it is in the part of the code that they wrote themselves? In other words, if this works on a Huawei device, it is entirely possible there are other devices in the industry with the same weakness. Thing is, CALEA applies to telcos and ISPs and such, and the NSA is already in a position to tell them what to do via NSLs and the like. CALEA doesn't provide for telling a company to spy on its own employees. In the manual, it is said that this is actually a huawei router. This is also what wikipedia says: Looking at the configuration interface, it becomes clear that this router has a builtin firewall, that can not be switched off. But strangely one also can not configure i. Indeed, if one does a firmware reset, the router gets automagically the newest firmware after the restart. It is perhaps this way that the NSA can get into huawei routers. The only way to work around to this would be, as far as i know, to throw the huawei router aka speedport. Other routers might have other backdoors, as one sees from this backdoor, where an undocumented service lists on port 32764 that spills out your wlan passwort into the internet: the search machine shodan now lists 13219 routers on the worldwide net that have this backdoor open: It is somewhat scarry, that three manufracturers produce routers with exactly the same backdoor. This is the recent list of devices with that behavior: Cisco WAP4410N-E 2. I could not really jibe Cisco's sketchy explanation with what EV reported in such fantastic detail, attributing it to the common denominator in all these devices, SerComm. This vulnerability can be triggered from the LAN interfaces of the Cisco WRVS4400N Wireless-N Gigabit Security Router and the Cisco RVS4000 4-port Gigabit Security Router from the wireless LAN WLAN and the LAN interfaces of the Cisco WAP4410N Wireless-N Access Point. This vulnerability is due to an undocumented test interface in the TCP service listening on port 32764 of the affected device. An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system. An exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration. The exploit can also allow the attacker to issue arbitrary commands on the device with escalated privileges. This vulnerability is documented in Cisco bug ID CSCum37566 registered customers only for the Cisco WAP4410N Wireless-N Access Point; Cisco bug IDs CSCum43693 registered customers only and CSCum43700 registered customers only for the WRVS4400N Wireless-N Gigabit Security Router; and Cisco bug ID CSCum43685 registered customers only for the Cisco RVS4000 4-port Gigabit Security Router. This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID CVE-2014-0659. Are we talking Tier 1 or Tier 2 or Tier 3 providers — or all of them? I agree that Huawei probably has easily hacked or stolen software. But, it is also possible the NSA weakened their software. Level 3 is an example of that type of link Level 3 is composed of Global Crossing with multinational links. Level 3 was tapped why not others? It would be a great way to push-out the NSA firmware and software exploits. Benni Your post was in-depth and unpleasantly surprising. From your tone you seem to be indicating that the back-doors are from the Factory it would seem unlike — but possible - that all those routers were interdicted and exploited during shipping. I find it hard not to think the NSA did not twist some arms and get those routers and firewalls exploited or ready for exploitation. A-team: Did cisco really fix this now? For example, Netgear was asked in its supportforum here: by a frensh customer in the year 2003 about exactly this backdoor. C't wonders here: why these manufacturers with the notable exception of cisco are merely just saying that they are investigating this. Without proposing a fix, or telling how these backdoors came into the routers. By the way, according to washington post, currently, nsa has infected 10. A-team: Did cisco really fix this now? For example, Netgear was asked in its supportforum here: by a frensh customer in the year 2003 about exactly this backdoor. C't wonders here: why these manufacturers with the notable exception of cisco are merely just saying that they are investigating this. Without proposing a fix, or telling how these backdoors came into the routers. By the way, according to washington post, currently, nsa has infected 10. I myself have nothing to fear as I have nothing to hide but checked anyway: port closed! Sercomm is the Taiwanese company that actually manufactures routers and firmware for resellers such as Cisco. It was founded in 1992. Here is a list of embedded devices -- it matches the list of known affected routers according to arstechnica:.

Built on 350 acres 140 ha; 0. Advanced users, if they wish, can also add a further layer of encryption to their submission using. It was an organization responsible for information gathering only. On June 21, the US government requests the Hong Kong government extradite Snowden. Met June 30, 2013. Strong implications and third-party articles making that conclusion some with ex-NSA sources are prevalent, but Kaspersky has never publicly stated that connection. You write many words. Between 1974 and 1979, of the 20,511 job applicants who took polygraph tests, 695 3. Retrieved June 18, 2013. Caballeros As of 2013NSA has about a dozen directorates, which are designated by a letter, although not all of them are publicly known. I'm just saying, hardware write-protect to persistent storage is one of many defenses that nowadays just seems to be out nsa wikipedia pl fashion.