1 00:00:00,380 --> 00:00:05,670 Herald: Good morning to this last minute edition to our “Fahrplan” today. 2 00:00:05,670 --> 00:00:09,540 There will probably be time for a few minutes of Q&A in the end, so you can 3 00:00:09,540 --> 00:00:15,160 ask questions here or on IRC and Twitter via our Signal Angels. 4 00:00:15,160 --> 00:00:19,560 Please welcome Jake Appelbaum, independent journalist, 5 00:00:19,560 --> 00:00:23,510 for his talk “To Protect And Infect Part 2”. 6 00:00:23,510 --> 00:00:29,690 *applause* 7 00:00:29,690 --> 00:00:35,840 Jacob: Okay. Alright. Thanks so much for coming so early in the morning. 8 00:00:35,840 --> 00:00:38,550 Or maybe not so early in the morning for most of you apparently since 9 00:00:38,550 --> 00:00:44,150 you’ve all been up for more than an hour. But I’m gonna talk today a little bit 10 00:00:44,150 --> 00:00:48,669 about some things that we’ve heard about at the conference and I’m gonna talk a bit 11 00:00:48,669 --> 00:00:52,740 about some things that you have not probably ever heard about in your life and 12 00:00:52,740 --> 00:00:55,680 are even worse than your worst nightmares. 13 00:00:55,680 --> 00:01:00,200 So recently we heard a little bit about some of the low-end corporate spying 14 00:01:00,200 --> 00:01:04,900 that’s often billed as being sort of like the hottest, most important stuff, so the 15 00:01:04,900 --> 00:01:09,340 FinFisher, the HackingTeam, the VUPEN. And sort of in that order it becomes 16 00:01:09,340 --> 00:01:14,490 more sophisticated and more and more tied in with the National Security Agency. 17 00:01:14,490 --> 00:01:17,660 There are some Freedom of Information Act requests that have gone out that actually 18 00:01:17,660 --> 00:01:23,670 show VUPEN being an NSA contractor writing exploits, that there are some ties there. 19 00:01:23,670 --> 00:01:28,010 This sort of covers the… sort of… the whole gamut, I believe, 20 00:01:28,010 --> 00:01:31,650 which is that, you know you can buy these like little pieces of forensics hardware. 21 00:01:31,650 --> 00:01:35,240 And just as a sort of fun thing I bought some of those and then I looked at 22 00:01:35,240 --> 00:01:38,670 how they worked and I noticed that this ‘Mouse Jiggler’, you plug it in and 23 00:01:38,670 --> 00:01:42,860 the idea is that it like keeps your screen awake. So have any of you seen that 24 00:01:42,860 --> 00:01:46,910 at all? It’s a piece of forensics hardware so your screensaver doesn’t activate. 25 00:01:46,910 --> 00:01:51,290 So I showed it to one of the systemd developers, and now when you plug those 26 00:01:51,290 --> 00:01:55,901 into a Linux box that runs systemd, they automatically lock the screen 27 00:01:55,901 --> 00:02:02,081 when it sees the USB ID. *applause* 28 00:02:02,081 --> 00:02:05,470 So when people talk about Free Software, ‘free as in freedom’, that’s part of 29 00:02:05,470 --> 00:02:09,260 what they’re talking about. So there are some other things which I’m not going 30 00:02:09,260 --> 00:02:11,660 to really talk a lot about it because basically this is all bullshit that 31 00:02:11,660 --> 00:02:15,420 doesn’t really matter and we can defeat all of that. This is individualized things 32 00:02:15,420 --> 00:02:20,060 we can defend against. But I want to talk a little bit about how it’s 33 00:02:20,060 --> 00:02:23,960 not necessarily the case that because they’re not the most fantastic, they’re 34 00:02:23,960 --> 00:02:27,720 not the most sophisticated, that therefore we shouldn’t worry about it. 35 00:02:27,720 --> 00:02:31,320 This is Rafael. I met him when I was in Oslo in Norway 36 00:02:31,320 --> 00:02:36,449 for the Oslo Freedom Forum, and basically he asked me to look at his computer 37 00:02:36,449 --> 00:02:40,400 because he said, “You know, something seems to be wrong with it. I think that 38 00:02:40,400 --> 00:02:43,750 there’s something, you know, slowing it down.” And I said: 39 00:02:43,750 --> 00:02:46,260 “Well, I’m not going to find anything. I don’t have any tools. We are just 40 00:02:46,260 --> 00:02:49,580 going to like sit at the computer…” And I looked at it, and it has to be 41 00:02:49,580 --> 00:02:53,200 the lamest back door I’ve ever found. It was basically a very small program that 42 00:02:53,200 --> 00:02:56,980 would just run in a loop and take screenshots. And it failed to upload 43 00:02:56,980 --> 00:03:01,160 some of the screenshots, and so there were 8 GB of screenshots in his home directory. 44 00:03:01,160 --> 00:03:04,570 *laughter and applause* And I said, “I’m sorry to break it to you 45 00:03:04,570 --> 00:03:09,440 but I think that you’ve been owned. And… by a complete idiot.” 46 00:03:09,440 --> 00:03:14,429 *laughter* And he, he, yeah, he was, 47 00:03:14,429 --> 00:03:17,829 he was really… actually, he felt really violated and then he told me what he does, 48 00:03:17,829 --> 00:03:21,080 which is he’s an investigative journalist who works with top secret documents 49 00:03:21,080 --> 00:03:25,680 all the time, with extreme, extreme operational security to protect 50 00:03:25,680 --> 00:03:30,820 his sources. But when it came to computing J[ournalism] school failed him. 51 00:03:30,820 --> 00:03:35,530 And as a result, he was compromised pretty badly. He was not using 52 00:03:35,530 --> 00:03:38,129 a specialized operating system like Tails, which if you’re a journalist 53 00:03:38,129 --> 00:03:40,910 and you’re not using Tails you should probably be using Tails unless 54 00:03:40,910 --> 00:03:44,410 you really know what you’re doing. Apple did a pretty good job at 55 00:03:44,410 --> 00:03:48,839 revoking this application, and it was, you know, in theory it stopped, but there are 56 00:03:48,839 --> 00:03:52,950 lots of samples from the same group and this group that did this is tied to 57 00:03:52,950 --> 00:03:57,670 a whole bunch of other attacks across the world, actually, which is why 58 00:03:57,670 --> 00:04:03,320 it’s connected up there with Operation Hangover. The scary thing, though, is that 59 00:04:03,320 --> 00:04:06,689 this summer, after we’d met, he was actually arrested relating to some 60 00:04:06,689 --> 00:04:11,238 of these things. And now, as I understand it, he’s out, but, 61 00:04:11,238 --> 00:04:14,690 you know, when you mess with a military dictatorship it messes with you back. 62 00:04:14,690 --> 00:04:18,900 So even though that’s one of the lamest backdoors, his life is under threat. 63 00:04:18,900 --> 00:04:23,519 So just simple things can cause serious, serious harm to regular people that are 64 00:04:23,519 --> 00:04:27,990 working for some kind of truth telling. And that to me is really a big part 65 00:04:27,990 --> 00:04:31,869 of my motivation for coming here to talk about what I’m going to talk about next, 66 00:04:31,869 --> 00:04:35,069 which is that for every person that we learn about like Rafael, I think there are 67 00:04:35,069 --> 00:04:39,530 lots of people we will never learn about, and that’s, to me that’s very scary, 68 00:04:39,530 --> 00:04:43,320 and I think we need to bring some transparency, and that’s what we’re 69 00:04:43,320 --> 00:04:47,130 going to talk about now. And I really want to emphasize this point. Even though 70 00:04:47,130 --> 00:04:50,839 they’re not technically impressive, they are actually still harmful, and that, 71 00:04:50,839 --> 00:04:55,410 that is really a key point to drive home. I mean, some of the back doors that 72 00:04:55,410 --> 00:04:59,849 I’ve seen are really not sophisticated, they’re not really that interesting, and 73 00:04:59,849 --> 00:05:03,640 in some cases they’re common off-the-shelf purchases between businesses, 74 00:05:03,640 --> 00:05:08,650 so it’s like business-to-business exploitation software development. 75 00:05:08,650 --> 00:05:13,490 I feel like that’s really kind of sad, and I also think we can change this. 76 00:05:13,490 --> 00:05:19,190 We can turn this around by exposing it. So, what’s it all about, though? 77 00:05:19,190 --> 00:05:24,219 Fundamentally it’s about control, baby, and that is what we’re going to get into. 78 00:05:24,219 --> 00:05:27,679 It’s not just about control of machines. What happened with Rafael is about 79 00:05:27,679 --> 00:05:31,520 control of people. And fundamentally when we talk about things like internet 80 00:05:31,520 --> 00:05:35,669 freedom and we talk about tactical surveillance and strategic surveillance, 81 00:05:35,669 --> 00:05:39,529 we’re talking about control of people through the machinery that they use. 82 00:05:39,529 --> 00:05:43,529 And this is a really, I think a really kind of – you know I’m trying 83 00:05:43,529 --> 00:05:46,979 to make you laugh a little bit because what I’m going to show you today 84 00:05:46,979 --> 00:05:53,219 is wrist-slitting depressing. So. Part 2, or Act 2 of Part 2. 85 00:05:53,219 --> 00:05:57,760 Basically the NSA, they want to be able to spy on you, and 86 00:05:57,760 --> 00:06:00,580 if they have 10 different options for spying on you that you know about, 87 00:06:00,580 --> 00:06:06,119 they have 13 ways of doing it and they do all 13. So that’s a pretty scary thing, 88 00:06:06,119 --> 00:06:11,329 and basically their goal is to have total surveillance of everything that 89 00:06:11,329 --> 00:06:15,339 they’re interested in. So there really is no boundary to what they want to do. 90 00:06:15,339 --> 00:06:19,020 There is only sometimes a boundary of what they are funded to be able to do and 91 00:06:19,020 --> 00:06:23,819 the amount of things they’re able to do at scale. They seem to just do those things 92 00:06:23,819 --> 00:06:27,199 without thinking too much about it. And there are specific tactical things 93 00:06:27,199 --> 00:06:30,690 where they have to target a group or an individual, and those things seem limited 94 00:06:30,690 --> 00:06:35,650 either by budgets or simply by their time. And as we have released today 95 00:06:35,650 --> 00:06:39,980 on Der Spiegel’s website, which it should be live – I just checked, it should be live 96 00:06:39,980 --> 00:06:44,350 for everyone here – we actually show a whole bunch of details 97 00:06:44,350 --> 00:06:49,780 about their budgets as well as the individuals involved with the NSA 98 00:06:49,780 --> 00:06:53,479 and the Tailored Access Operations group in terms of numbers. So it should give you 99 00:06:53,479 --> 00:06:58,889 a rough idea showing that there was a small period of time in which the internet 100 00:06:58,889 --> 00:07:02,589 was really free and we did not have people from the U.S. military that were watching 101 00:07:02,589 --> 00:07:07,029 over it and exploiting everyone on it, and now we see every year 102 00:07:07,029 --> 00:07:11,779 that the number of people who are hired to break into people’s computers as part of 103 00:07:11,779 --> 00:07:16,700 grand operations, those people are growing day by day, actually. In every year 104 00:07:16,700 --> 00:07:21,820 there are more and more people that are allocated, and we see this growth. So 105 00:07:21,820 --> 00:07:26,249 that’s the goal: non-attribution, and total surveillance, and they want to do it 106 00:07:26,249 --> 00:07:30,689 completely in the dark. The good news is that they can’t. So, 107 00:07:30,689 --> 00:07:34,849 now I’m going to show you a bit about it. But first, before I show you any pictures, 108 00:07:34,849 --> 00:07:38,989 I want to sort of give you the big picture from the top down. So there is 109 00:07:38,989 --> 00:07:43,249 a planetary strategic surveillance system, and there – well, there are many of them 110 00:07:43,249 --> 00:07:48,410 actually. Everything from I think off-planetary surveillance gear, which is 111 00:07:48,410 --> 00:07:51,749 probably the National Reconnaissance Office and their satellite systems 112 00:07:51,749 --> 00:07:54,669 for surveillance like the Keyhole satellites – these are all things most, 113 00:07:54,669 --> 00:07:58,389 for the most part we actually know about these things. They’re on Wikipedia. 114 00:07:58,389 --> 00:08:01,109 But I want to talk a little bit more about the internet side of things because 115 00:08:01,109 --> 00:08:04,639 I think that’s really fascinating. So part of what we are releasing today 116 00:08:04,639 --> 00:08:07,759 with ‘Der Spiegel’, or what has actually been released – just to be clear 117 00:08:07,759 --> 00:08:11,710 on the timeline, I’m not disclosing it first, I’m working as an independent 118 00:08:11,710 --> 00:08:15,340 journalist summarizing the work that we have already released onto the internet 119 00:08:15,340 --> 00:08:19,430 as part of a publication house that went through a very large editorial process 120 00:08:19,430 --> 00:08:23,710 in which we redacted all the names of agents and information about those names, 121 00:08:23,710 --> 00:08:26,159 including their phone numbers and e-mail addresses. 122 00:08:26,159 --> 00:08:29,019 *applause* 123 00:08:29,019 --> 00:08:32,890 And I should say that I actually think that the laws here are wrong, 124 00:08:32,890 --> 00:08:36,810 because they are in favor of an oppressor who is criminal. 125 00:08:36,810 --> 00:08:41,160 So when we redact the names of people who are engaged in criminal activity including 126 00:08:41,160 --> 00:08:45,420 drone murder, we are actually not doing the right thing, but I believe that 127 00:08:45,420 --> 00:08:49,200 we should comply with the law in order to continue to publish, and I think 128 00:08:49,200 --> 00:08:55,740 that’s very important. *applause* 129 00:08:55,740 --> 00:09:00,030 We also redacted the names of victims of NSA surveillance, 130 00:09:00,030 --> 00:09:04,890 because we think that there’s a balance. Unfortunately there is a serious problem 131 00:09:04,890 --> 00:09:08,630 which is that the U.S. government asserts that you don’t have standing to prove 132 00:09:08,630 --> 00:09:12,270 that you’ve been surveilled unless we release that kind of information, 133 00:09:12,270 --> 00:09:15,040 but we don’t want to release that kind of information in case it could be 134 00:09:15,040 --> 00:09:18,680 a legitimate target, and we – I’m really uncomfortable with that term, but let’s 135 00:09:18,680 --> 00:09:22,280 say that there is a legitimate target, the most legitimate target, and we didn’t want 136 00:09:22,280 --> 00:09:25,900 to make that decision. But we did also want to make sure 137 00:09:25,900 --> 00:09:29,230 that we didn’t harm someone, but we also wanted to show concrete examples. 138 00:09:29,230 --> 00:09:32,470 So if you look at the ‘Spiegel’ stuff online, we redacted the names even of those 139 00:09:32,470 --> 00:09:36,490 who were victimized by the NSA’s oppressive tactics, which I think 140 00:09:36,490 --> 00:09:39,600 actually goes further than is necessary, but I believe that it strikes 141 00:09:39,600 --> 00:09:43,150 the right balance to ensure continued publication and also to make sure 142 00:09:43,150 --> 00:09:46,700 that people are not harmed and that legitimate good things, however rare 143 00:09:46,700 --> 00:09:52,090 they may be, they are also not harmed. So if you’ve been targeted by the NSA 144 00:09:52,090 --> 00:09:54,490 and you would have found out today if we had taken a different decision, 145 00:09:54,490 --> 00:09:59,190 I’m really sorry, but this is the thing I think that keeps us alive, 146 00:09:59,190 --> 00:10:02,200 so this is the choice that I think is the right choice, and I think it’s also 147 00:10:02,200 --> 00:10:06,310 the safest choice for everyone. So that said, basically the NSA has 148 00:10:06,310 --> 00:10:10,630 a giant dragnet surveillance system that they call TURMOIL. TURMOIL is a passive 149 00:10:10,630 --> 00:10:14,520 interception system. That passive interception system essentially spans 150 00:10:14,520 --> 00:10:17,980 the whole planet. Who here has heard about the Merkel phone incident? 151 00:10:17,980 --> 00:10:21,740 Some of you heard about Chancellor Merkel? So we revealed that in ‘Der Spiegel’, and 152 00:10:21,740 --> 00:10:25,770 what we found was that they tasked her for surveillance. And I’ll talk a little bit 153 00:10:25,770 --> 00:10:29,030 about that later. But basically the way that this works is that they have this 154 00:10:29,030 --> 00:10:34,020 huge passive set of sensors; and any data that flows past it, they actually look at it. 155 00:10:34,020 --> 00:10:37,880 So there was a time in the past where surveillance meant looking at anything 156 00:10:37,880 --> 00:10:43,010 at all. And now the NSA tries to basically twist the words 157 00:10:43,010 --> 00:10:46,780 of every person who speaks whatever language they’re speaking in, and they 158 00:10:46,780 --> 00:10:50,560 try to say that it’s only surveillance if after they collect it and record it 159 00:10:50,560 --> 00:10:55,500 to a database, and analyze it with machines, only if – I think – an NSA agent 160 00:10:55,500 --> 00:10:59,690 basically looks at it personally and then clicks 161 00:10:59,690 --> 00:11:03,750 “I have looked at this” do they call it surveillance. 162 00:11:03,750 --> 00:11:07,410 Fundamentally I really object to that because if I ran a TURMOIL collection 163 00:11:07,410 --> 00:11:10,220 system – that is passive signals intelligence systems collecting data 164 00:11:10,220 --> 00:11:14,120 from the whole planet, everywhere they possibly can – I would go to prison 165 00:11:14,120 --> 00:11:17,990 for the rest of my life. That’s the balance, right? 166 00:11:17,990 --> 00:11:21,520 Jefferson talks about this. He says, you know, “That which the government 167 00:11:21,520 --> 00:11:25,160 is allowed to do but you are not, this is a tyranny.” There are some exceptions 168 00:11:25,160 --> 00:11:29,820 to that, but the CFAA in the United States, the Computer Fraud and Abuse Act, 169 00:11:29,820 --> 00:11:33,720 you know, it’s so draconian for regular people, 170 00:11:33,720 --> 00:11:38,260 and the NSA gets to do something like intercepting 7 billion people all day long 171 00:11:38,260 --> 00:11:42,820 with no problems, and the rest of us are not even allowed to experiment 172 00:11:42,820 --> 00:11:47,440 for improving the security of our own lives without being put in prison 173 00:11:47,440 --> 00:11:51,700 or under threat of serious indictment, and that I think is a really important point. 174 00:11:51,700 --> 00:11:55,730 So the TURMOIL system is a surveillance system, and it is a dragnet surveillance 175 00:11:55,730 --> 00:12:00,150 system that is a general warrant dragnet surveillance if there ever was one. 176 00:12:00,150 --> 00:12:04,030 And now we shot the British over this when we started our revolution. We called them 177 00:12:04,030 --> 00:12:06,970 “general writs of assistance.” These were generalized warrants which 178 00:12:06,970 --> 00:12:10,730 we considered to be a tyranny. And TURMOIL is the digital version of a 179 00:12:10,730 --> 00:12:15,410 general writ of assistance system. And the general writ of assistance itself, 180 00:12:15,410 --> 00:12:18,530 it’s not clear if it even exists, because it’s not clear to me that a judge 181 00:12:18,530 --> 00:12:21,910 would understand anything that I just said. 182 00:12:21,910 --> 00:12:27,310 *applause* 183 00:12:27,310 --> 00:12:31,920 Okay, so now we’re gonna get scary. So that’s just the passive stuff. 184 00:12:31,920 --> 00:12:36,120 There exists another system that’s called TURBINE, and we revealed about this system 185 00:12:36,120 --> 00:12:41,040 in the ‘Spiegel’ publications today as well. So if TURMOIL 186 00:12:41,040 --> 00:12:47,210 is deep packet inspection, then TURBINE is deep packet injection. 187 00:12:47,210 --> 00:12:52,130 And it is the system that combined together with a thing… 188 00:12:52,130 --> 00:12:55,820 – with TURMOIL and TURBINE you can create a platform which they have consolidated 189 00:12:55,820 --> 00:13:01,900 which they call QFIRE. QFIRE is essentially a way to programmatically 190 00:13:01,900 --> 00:13:05,790 look at things that flow across the internet that they see with TURMOIL 191 00:13:05,790 --> 00:13:09,770 and then using TURBINE they’re able to actually inject packets to try to do attacks, 192 00:13:09,770 --> 00:13:13,720 and I’ll describe some of those attacks in detail in a moment. But essentially 193 00:13:13,720 --> 00:13:17,430 the interesting thing about QFIRE also is that they have a thing that’s called 194 00:13:17,430 --> 00:13:22,300 a diode. So if you have for example a large number 195 00:13:22,300 --> 00:13:24,670 of systems where you control them, you might say: “Hey, what are you doing 196 00:13:24,670 --> 00:13:27,590 on that backbone?”, “Hey, what’s going on with these systems?” And they could say, 197 00:13:27,590 --> 00:13:30,930 well, you know, we paid for access, we’re doing this, it’s all legal, etcetera. 198 00:13:30,930 --> 00:13:33,830 QFIRE has this really neat little detail which is that they compromise 199 00:13:33,830 --> 00:13:36,770 other people’s routers and then redirect through them so that they can beat 200 00:13:36,770 --> 00:13:40,160 the speed of light. And how they do that is that they have 201 00:13:40,160 --> 00:13:43,480 a passive sensor that’s nearby, a thing that they can inject from. 202 00:13:43,480 --> 00:13:47,649 And when they see that that thing sees a selector that is interesting to them 203 00:13:47,649 --> 00:13:51,689 or is doing a thing that they would like to tamper with in some way, then they 204 00:13:51,689 --> 00:13:55,350 take a packet, they encapsulate the packet, they send it to the diode, 205 00:13:55,350 --> 00:14:00,210 which might be your home router potentially, and then that home router 206 00:14:00,210 --> 00:14:05,410 decapsulates that packet and sends it out. And because that is very close to you, 207 00:14:05,410 --> 00:14:10,170 and let’s say you’re visiting Yahoo, then the Yahoo packet will not beat you. 208 00:14:10,170 --> 00:14:14,740 That is, they will not beat the NSA or GCHQ. So it’s a race condition. 209 00:14:14,740 --> 00:14:17,940 And so they basically are able to control this whole system and then 210 00:14:17,940 --> 00:14:23,250 to localize attacks in that process. So that’s a pretty – 211 00:14:23,250 --> 00:14:27,530 pretty scary stuff, actually. And while it is a digital thing, I think it’s important 212 00:14:27,530 --> 00:14:30,790 to understand that this is what Jefferson talked about when he talked about tyranny. 213 00:14:30,790 --> 00:14:34,300 This is turnkey tyranny, and it’s not that it’s coming, it’s actually here. It’s just 214 00:14:34,300 --> 00:14:38,210 merely the question about whether or not they’ll use it in a way that we think is 215 00:14:38,210 --> 00:14:42,480 a good way or not a good way. One of the scariest parts about this is that 216 00:14:42,480 --> 00:14:47,810 for this system or these sets of systems to exist, we have been kept vulnerable. 217 00:14:47,810 --> 00:14:51,500 So it is the case that if the Chinese, if the Russians, if people here 218 00:14:51,500 --> 00:14:55,980 wish to build this system, there’s nothing that stops them. And in fact the NSA has 219 00:14:55,980 --> 00:15:00,210 in a literal sense retarded the process by which we would secure the internet 220 00:15:00,210 --> 00:15:04,740 because it establishes a hegemony of power, their power in secret, 221 00:15:04,740 --> 00:15:08,760 to do these things. And in fact I’ve seen evidence that shows that there are so many 222 00:15:08,760 --> 00:15:12,320 compromises taking place between the different Five Eyes signals intelligence 223 00:15:12,320 --> 00:15:16,200 groups that they actually have lists that explain, “If you see this back door 224 00:15:16,200 --> 00:15:20,610 on the system, contact a friendly agency. You’ve just recompromised the machine 225 00:15:20,610 --> 00:15:24,760 of another person.” So when we talk about this, 226 00:15:24,760 --> 00:15:29,020 we have to consider that this is designed for at-scale exploitation. 227 00:15:29,020 --> 00:15:33,099 And as far as I can tell it’s being used for at-scale exploitation. 228 00:15:33,099 --> 00:15:38,541 Which is not really in my mind a targeted particularized type of thing, 229 00:15:38,541 --> 00:15:42,270 but rather it’s fishing operations. It’s fishing expeditions. It’s 230 00:15:42,270 --> 00:15:47,200 more like fishing crusades, if you will. And in some cases, looking at the evidence 231 00:15:47,200 --> 00:15:51,380 that seems to be what it is. Targeting Muslims, I might add. Because that’s 232 00:15:51,380 --> 00:15:54,800 what they’re interested in doing. So that said, that’s the internet, 233 00:15:54,800 --> 00:15:58,270 and we get all the way down to the bottom and we get to the Close Access Operations 234 00:15:58,270 --> 00:16:02,940 and Off-Net. Off-Net and Close Access Operations are pretty scary things, 235 00:16:02,940 --> 00:16:06,249 but basically this is what we would call a black bag job. That’s where these guys, 236 00:16:06,249 --> 00:16:10,260 they break into your house, they put something in your computer and 237 00:16:10,260 --> 00:16:13,350 they take other things out of your computer. Here’s an example. 238 00:16:13,350 --> 00:16:16,240 First top secret document of the talk so far. 239 00:16:16,240 --> 00:16:18,480 This is a Close Access Operations box. 240 00:16:18,480 --> 00:16:22,470 It is basically car metasploit for the NSA, 241 00:16:22,470 --> 00:16:25,190 which is an interesting thing. But basically they say that the attack is 242 00:16:25,190 --> 00:16:30,140 undetectable, and it’s sadly a laptop running free software. 243 00:16:30,140 --> 00:16:34,890 It is injecting packets. And they say that they can do this from as far away as 244 00:16:34,890 --> 00:16:40,459 8 miles to inject packets, so presumably using this they’re able to exploit 245 00:16:40,459 --> 00:16:45,590 a kernel vulnerability of some kind, parsing the wireless frames, and, yeah. 246 00:16:45,590 --> 00:16:50,000 I’ve heard that they actually put this hardware, from sources inside of the NSA 247 00:16:50,000 --> 00:16:54,420 and inside of other intelligence agencies, that 248 00:16:54,420 --> 00:16:58,160 they actually put this type of hardware on drones so that they fly them over areas 249 00:16:58,160 --> 00:17:02,219 that they’re interested in and they do mass exploitation of people. 250 00:17:02,219 --> 00:17:05,579 Now, we don’t have a document that substantiates that part, but 251 00:17:05,579 --> 00:17:08,239 we do have this document that actually claims that they’ve done it from up to 252 00:17:08,239 --> 00:17:12,879 8 miles away. So that’s a really interesting thing because it tells us 253 00:17:12,879 --> 00:17:17,490 that they understand that common wireless cards, probably running Microsoft Windows, 254 00:17:17,490 --> 00:17:21,259 which is an American company, that they know about vulnerabilities and they 255 00:17:21,259 --> 00:17:25,369 keep them a secret to use them. This is part of a constant theme of sabotaging 256 00:17:25,369 --> 00:17:29,989 and undermining American companies and American ingenuity. As an American, 257 00:17:29,989 --> 00:17:33,419 while generally not a nationalist, I find this disgusting, especially as someone 258 00:17:33,419 --> 00:17:38,000 who writes free software and would like my tax dollars to be spent 259 00:17:38,000 --> 00:17:40,650 on improving these things. And when they know about them I don’t want them 260 00:17:40,650 --> 00:17:43,890 to keep them a secret because all of us are vulnerable. 261 00:17:43,890 --> 00:17:45,950 It’s a really scary thing. 262 00:17:45,950 --> 00:17:52,270 *applause* 263 00:17:52,270 --> 00:17:55,829 And it just so happens that at my house, myself and many of my friends, 264 00:17:55,829 --> 00:17:58,859 when we use wireless devices – Andy knows what I’m talking about, 265 00:17:58,859 --> 00:18:03,300 a few other people here – all the time we have errors 266 00:18:03,300 --> 00:18:07,950 in certain machines which are set up at the house, in some cases as a honey pot 267 00:18:07,950 --> 00:18:11,919 – thanks, guys – where kernel panic after kernel panic, 268 00:18:11,919 --> 00:18:15,659 exactly in the receive handler of the Linux kernel where you would expect 269 00:18:15,659 --> 00:18:19,619 this specific type of thing to take place. So I think that if we talk about 270 00:18:19,619 --> 00:18:23,369 the war coming home, we probably will find that this is not just used in places 271 00:18:23,369 --> 00:18:27,299 where there’s a literal war on but where they decide that it would be useful, 272 00:18:27,299 --> 00:18:31,730 including just parking outside your house. Now I only have an hour today, 273 00:18:31,730 --> 00:18:35,660 so I’m gonna have to go through some other stuff pretty quickly. I want to make 274 00:18:35,660 --> 00:18:40,679 a couple of points clear. This wasn’t clear, even though it was written 275 00:18:40,679 --> 00:18:46,280 in the New York Times by my dear friend Laura Poitras, who is totally fantastic 276 00:18:46,280 --> 00:18:51,520 by the way, and… you are great. But 15 years of data retention – 277 00:18:51,520 --> 00:18:55,769 *applause* 278 00:18:55,769 --> 00:18:59,969 So the NSA has 15 years of data retention. 279 00:18:59,969 --> 00:19:03,649 It’s a really important point to drive home. I joked with Laura 280 00:19:03,649 --> 00:19:06,470 when she wrote the New York Times article with James Risen, she should do the math 281 00:19:06,470 --> 00:19:10,659 for other people and say “15 years”. She said: “They can do the math on their own, 282 00:19:10,659 --> 00:19:15,729 I believe in them”. I just wanna do the math for you. 15 years, that’s scary! 283 00:19:15,729 --> 00:19:19,559 I don’t ever remember voting on that, I don’t ever remember even having 284 00:19:19,559 --> 00:19:24,170 a public debate about it. And that includes content as well as metadata. 285 00:19:24,170 --> 00:19:30,090 So they use this metadata. They search through this metadata retroactively. 286 00:19:30,090 --> 00:19:33,599 They do what’s called ‘tasking’, that is, they find a set of selectors – so that’s 287 00:19:33,599 --> 00:19:38,090 a set of unique identifiers, e-mail addresses, cookies, MAC addresses, IMEIs… 288 00:19:38,090 --> 00:19:42,010 whatever is useful. Voice prints potentially, depending on the system. 289 00:19:42,010 --> 00:19:46,570 And then they basically task those selectors 290 00:19:46,570 --> 00:19:51,499 for specific activities. So that ties together with some of the attacks 291 00:19:51,499 --> 00:19:55,499 which I’ll talk about, but essentially QUANTUMINSERTION and things that are 292 00:19:55,499 --> 00:20:01,350 like QUANTUMINSERTION, they’re triggered as part of the TURMOIL and TURBINE system 293 00:20:01,350 --> 00:20:05,839 and the QFIRE system, and they’re all put together so that they can automate 294 00:20:05,839 --> 00:20:09,390 attacking people based on the plain text traffic that transits the internet 295 00:20:09,390 --> 00:20:13,299 or based on the source or destination IP addresses. 296 00:20:13,299 --> 00:20:16,270 This is a second top secret document. 297 00:20:16,270 --> 00:20:21,310 This is an actual NSA lolcat 298 00:20:21,310 --> 00:20:25,730 for the QUANTUMTHEORY program. 299 00:20:25,730 --> 00:20:29,290 *applause* 300 00:20:29,290 --> 00:20:33,150 You’ll notice it’s a black cat, hiding. Okay. 301 00:20:33,150 --> 00:20:36,900 So there are a few people in the audience that are still not terrified enough, and 302 00:20:36,900 --> 00:20:40,270 there are a few people that as part of their process for coping with 303 00:20:40,270 --> 00:20:44,589 this horrible world that we have found ourselves in, they will say the following: 304 00:20:44,589 --> 00:20:48,259 “There’s no way they’ll ever find me. I’m not interesting.” So I just want to dispel 305 00:20:48,259 --> 00:20:52,879 that notion and show you a little bit about how they do that. So we mentioned 306 00:20:52,879 --> 00:20:56,899 TURMOIL, which is the dragnet surveillance, and TURBINE, which is deep packet injection, 307 00:20:56,899 --> 00:21:00,839 and QFIRE, where we tie it all together, and this is an example of something which 308 00:21:00,839 --> 00:21:03,839 I think actually demonstrates a crime but I’m not sure, I’m not a lawyer, I’m 309 00:21:03,839 --> 00:21:07,729 definitely not your lawyer, and I’m certainly not the NSA’s lawyer. 310 00:21:07,729 --> 00:21:11,511 But this is the MARINA system. This is merely one of many systems where they 311 00:21:11,511 --> 00:21:15,350 actually have full content as well as metadata. Taken together, they do 312 00:21:15,350 --> 00:21:19,160 contact chaining, where they find out you guys are all in the same room with me 313 00:21:19,160 --> 00:21:24,990 – which reminds me, let’s see, I’ve got this phone… 314 00:21:24,990 --> 00:21:31,040 Okay. That’s good. Let’s turn that on. So now… 315 00:21:31,040 --> 00:21:34,480 *laughter* You’re welcome. 316 00:21:34,480 --> 00:21:37,640 *laughter* You have no idea! 317 00:21:37,640 --> 00:21:40,379 *laughter* But I just wanted to make sure that 318 00:21:40,379 --> 00:21:44,069 if there was any question about whether or not you are exempt from needing to do 319 00:21:44,069 --> 00:21:47,689 something about this, that that is dispelled. 320 00:21:47,689 --> 00:21:53,489 *applause* 321 00:21:53,489 --> 00:21:58,950 Okay? Cell phone’s on. Great. So. Hey, guys! 322 00:21:58,950 --> 00:22:02,760 *laughter* So, the MARINA system is a 323 00:22:02,760 --> 00:22:07,689 contact chaining system as well as a system that has data, and in this case 324 00:22:07,689 --> 00:22:12,849 what we see is in fact reverse contact and forward contact graphing. So, 325 00:22:12,849 --> 00:22:17,129 any lawyers in the audience? If there are American citizens in this database, 326 00:22:17,129 --> 00:22:21,140 is reverse targeting like this illegal? Generally? Is it possible that that 327 00:22:21,140 --> 00:22:26,420 could be considered illegal? *Someone from audience mumbling* 328 00:22:26,420 --> 00:22:29,330 Yeah, so, interesting. If it’s called reverse contacts instead of 329 00:22:29,330 --> 00:22:34,550 reverse targeting – yeah, exactly. So, you’ll also notice the, 330 00:22:34,550 --> 00:22:40,000 on the right-hand side, webcam photos. 331 00:22:40,000 --> 00:22:43,779 So, just in case you’re wondering, in this case this particular target, 332 00:22:43,779 --> 00:22:47,480 I suppose that he did not or she did not have a webcam. 333 00:22:47,480 --> 00:22:50,400 Good for them. If not, you should follow the EFF’s advice and you should put 334 00:22:50,400 --> 00:22:54,460 a little sticker over your webcam. But you’ll also note that they try to find 335 00:22:54,460 --> 00:22:57,649 equivalent identifiers. So every time there’s a linkable identifier that you 336 00:22:57,649 --> 00:23:03,189 have on the internet, they try to put that and tie it together and contact chain it, 337 00:23:03,189 --> 00:23:08,090 and they try to show who you are among all of these different potential identifiers – 338 00:23:08,090 --> 00:23:11,189 if you have 5 e-mail addresses, they would link them together – and then they try 339 00:23:11,189 --> 00:23:14,300 to find out who all your friends are. You’ll also note at the bottom here, 340 00:23:14,300 --> 00:23:18,969 logins and passwords. So they’re also doing dragnet surveillance 341 00:23:18,969 --> 00:23:22,879 in which they extract – the feature set extraction where they know semantically 342 00:23:22,879 --> 00:23:26,459 what a login and a password is in a particular protocol. And in this case 343 00:23:26,459 --> 00:23:30,780 this guy is lucky, I suppose, and they were not able to get passwords or webcam, 344 00:23:30,780 --> 00:23:34,159 but you’ll note that they were able to get his contacts and they were able to see 345 00:23:34,159 --> 00:23:38,429 in fact 29, give or take, received messages as well, 346 00:23:38,429 --> 00:23:41,829 of which there are these things. Now in this case we have redacted the e-mail 347 00:23:41,829 --> 00:23:45,980 and instant messenger information, but this is an example of how 348 00:23:45,980 --> 00:23:49,720 *laughs* you can’t hide from these things, and 349 00:23:49,720 --> 00:23:54,400 thinking that they won’t find you is a fallacy. So this is basically 350 00:23:54,400 --> 00:23:59,219 the difference between taking one wire and clipping onto it in a particularized 351 00:23:59,219 --> 00:24:02,350 suspicious way where they’re really interested, they have a particularized 352 00:24:02,350 --> 00:24:05,609 suspicion, they think that someone is a criminal, they think someone has taken 353 00:24:05,609 --> 00:24:10,040 some serious steps that are illegal, and instead what they do is they put all of us 354 00:24:10,040 --> 00:24:14,220 under surveillance, record all of this data that they possibly can, and then 355 00:24:14,220 --> 00:24:17,829 they go looking through it. Now in the case of Chancellor Merkel, 356 00:24:17,829 --> 00:24:22,510 when we revealed NSRL 2002-388, what we showed was that 357 00:24:22,510 --> 00:24:26,369 they were spying on Merkel. And by their own admission 3 hops away, that’s everyone 358 00:24:26,369 --> 00:24:30,360 in the German Parliament and everyone here. 359 00:24:30,360 --> 00:24:35,930 So that’s pretty serious stuff. It also happens that if you should be visiting 360 00:24:35,930 --> 00:24:41,939 certain websites, especially if you’re a Muslim, it is the case that you can be 361 00:24:41,939 --> 00:24:47,059 attacked automatically by this system. Right? So that would mean that 362 00:24:47,059 --> 00:24:50,379 they would automatically start to break into systems. That’s what they would call 363 00:24:50,379 --> 00:24:55,430 ‘untasked targeting’. Interesting idea that they call that targeted surveillance. 364 00:24:55,430 --> 00:24:58,669 To me that doesn’t really sound too much like targeted surveillance unless 365 00:24:58,669 --> 00:25:02,659 what you mean by carpet bombing, it – you know, I mean it just – you know, like… it 366 00:25:02,659 --> 00:25:07,780 just doesn’t… it doesn’t strike me right. It’s not my real definition of ‘targeted’. 367 00:25:07,780 --> 00:25:11,129 It’s not well defined. It’s not that a judge has said, “Yes, this person is 368 00:25:11,129 --> 00:25:14,579 clearly someone we should target.” Quite the opposite. This is something where 369 00:25:14,579 --> 00:25:19,460 some guy who has a system has decided to deploy it and they do it however they like 370 00:25:19,460 --> 00:25:22,539 whenever they would like. And while there are some restrictions, it’s clear that 371 00:25:22,539 --> 00:25:27,030 the details about these programs do not trickle up. And even if they do, they 372 00:25:27,030 --> 00:25:31,289 do not trickle up in a useful way. So this is important, because members 373 00:25:31,289 --> 00:25:36,049 of the U.S. Congress, they have no clue about these things. Literally, in the case 374 00:25:36,049 --> 00:25:42,599 of the technology. Ask a Congressman about TCP/IP. Forget it. 375 00:25:42,599 --> 00:25:46,559 You can’t even get a meeting with them. I’ve tried. Doesn’t matter. Even if you 376 00:25:46,559 --> 00:25:49,909 know the secret interpretation of Section 215 of the Patriot Act and you go 377 00:25:49,909 --> 00:25:52,619 to Washington, D.C. and you meet with their aides, they still won’t talk to you 378 00:25:52,619 --> 00:25:56,000 about it. Part of that is because they don’t have a clue, and another part of it 379 00:25:56,000 --> 00:26:00,099 is because they can’t talk about it, because they don’t have a political solution. 380 00:26:00,099 --> 00:26:02,929 Absent a political solution, it’s very difficult to get someone to admit that 381 00:26:02,929 --> 00:26:06,370 there is a problem. Well, there is a problem, so we’re going to create 382 00:26:06,370 --> 00:26:09,649 a political problem and also talk about some of the solutions. 383 00:26:09,649 --> 00:26:12,589 The Cypherpunks generally have come up with some of the solutions 384 00:26:12,589 --> 00:26:16,610 when we talk about encrypting the entire internet. That would end dragnet mass 385 00:26:16,610 --> 00:26:20,719 surveillance in a sense, but it will come back in a different sense 386 00:26:20,719 --> 00:26:25,569 even with encryption. We need both a marriage of a technical solution 387 00:26:25,569 --> 00:26:30,580 and we need a political solution to go with it, and if we don’t have 388 00:26:30,580 --> 00:26:35,480 those 2 things, we will unfortunately be stuck here. But at the moment the NSA, 389 00:26:35,480 --> 00:26:40,489 basically, I feel, has more power than anyone in the entire world – any one 390 00:26:40,489 --> 00:26:44,800 agency or any one person. So Emperor Alexander, the head of the NSA, really has 391 00:26:44,800 --> 00:26:50,149 a lot of power. If they want to right now, they’ll know that the IMEI of this phone 392 00:26:50,149 --> 00:26:55,230 is interesting. It’s very warm, which is another funny thing, and they would be 393 00:26:55,230 --> 00:26:59,129 able to break into this phone almost certainly and then turn on the microphone, 394 00:26:59,129 --> 00:27:03,270 and all without a court. So that to me is really scary. 395 00:27:03,270 --> 00:27:06,889 And I especially dislike the fact that if you were to be building these 396 00:27:06,889 --> 00:27:10,550 types of things, they treat you as an opponent, if you wish to be able to 397 00:27:10,550 --> 00:27:14,000 fulfill the promises that you make to your customers. And as someone who writes 398 00:27:14,000 --> 00:27:18,159 security software I think that’s bullshit. 399 00:27:18,159 --> 00:27:22,179 So. Here’s how they do a bit of it. So there are different programs. 400 00:27:22,179 --> 00:27:25,860 So QUANTUMTHEORY, QUANTUMNATION, QUANTUMBOT, QUANTUMCOPPER 401 00:27:25,860 --> 00:27:29,389 and QUANTUMINSERT. You’ve heard of a few of them. I’ll just go through them real quick. 402 00:27:29,389 --> 00:27:33,449 QUANTUMTHEORY essentially has a whole arsenal of zero-day exploits. 403 00:27:33,449 --> 00:27:38,490 Then the system deploys what’s called a SMOTH, or a seasoned moth. 404 00:27:38,490 --> 00:27:43,540 And a seasoned moth is an implant which dies after 30 days. 405 00:27:43,540 --> 00:27:48,549 So I think that these guys either took a lot of acid or read a lot of Philip K. Dick, 406 00:27:48,549 --> 00:27:51,759 potentially both! *applause* 407 00:27:51,759 --> 00:27:55,379 And they thought Philip K. Dick wasn’t dystopian enough. 408 00:27:55,379 --> 00:27:59,869 “Let’s get better at this”. And after reading VALIS, I guess, 409 00:27:59,869 --> 00:28:04,760 they went on, and they also have as part of QUANTUMNATION 410 00:28:04,760 --> 00:28:08,849 what’s called VALIDATOR or COMMONDEER. Now these are first-stage payloads 411 00:28:08,849 --> 00:28:13,940 that are done entirely in memory. These exploits essentially are where they 412 00:28:13,940 --> 00:28:18,279 look around to see if you have what are called PSPs, and this is to see, like, 413 00:28:18,279 --> 00:28:21,730 you know, if you have Tripwire, if you have Aid, if you have some sort of 414 00:28:21,730 --> 00:28:25,549 system tool that will detect if an attacker is tampering with files or 415 00:28:25,549 --> 00:28:28,659 something like this, like a host intrusion detection system. 416 00:28:28,659 --> 00:28:33,689 So VALIDATOR and COMMONDEER, which, I mean, clearly the point of COMMONDEER, 417 00:28:33,689 --> 00:28:36,659 while it’s misspelled here – it’s not actually… I mean that’s the name 418 00:28:36,659 --> 00:28:40,649 of the program… but the point is to make a pun on commandeering your machine. So, 419 00:28:40,649 --> 00:28:44,550 you know, when I think about the U.S. Constitution in particular, we talk about 420 00:28:44,550 --> 00:28:49,300 not allowing the quartering of soldiers – and, gosh, you know? 421 00:28:49,300 --> 00:28:53,629 Commandeering my computer sounds a lot like a digital version of that, and 422 00:28:53,629 --> 00:28:57,379 I find that’s a little bit confusing, and mostly in that I don’t understand 423 00:28:57,379 --> 00:29:01,219 how they get away with it. But part of it is because until right now we didn’t know 424 00:29:01,219 --> 00:29:05,679 about it, in public, which is why we’re releasing this in the public interest, 425 00:29:05,679 --> 00:29:09,400 so that we can have a better debate about whether or not that counts, in fact, 426 00:29:09,400 --> 00:29:14,189 as a part of this type of what I would consider to be tyranny, or perhaps 427 00:29:14,189 --> 00:29:18,719 you think it is a measured and reasonable thing. I somehow doubt that. But 428 00:29:18,719 --> 00:29:23,070 in any case, QUANTUMBOT is where they hijack IRC bots, because why not? 429 00:29:23,070 --> 00:29:26,490 They thought they would like to do that, and an interesting point is that 430 00:29:26,490 --> 00:29:31,320 they could in theory stop a lot of these botnet attacks and 431 00:29:31,320 --> 00:29:35,200 they have decided to maintain that capability, but they’re not yet doing it 432 00:29:35,200 --> 00:29:38,749 except when they feel like doing it for experiments or when they do it to 433 00:29:38,749 --> 00:29:42,699 potentially use them. It’s not clear exactly how they use them. But 434 00:29:42,699 --> 00:29:46,350 the mere fact of the matter is that that suggests they’re even in fact able to do 435 00:29:46,350 --> 00:29:49,850 these types of attacks, they’ve tested these types of attacks against botnets. 436 00:29:49,850 --> 00:29:53,879 And that’s the program you should FOIA for. We’ve released a little bit of detail 437 00:29:53,879 --> 00:29:57,890 about that today as well. And QUANTUMCOPPER to me is really scary. 438 00:29:57,890 --> 00:30:01,719 It’s essentially a thing that can interfere with TCP/IP and it can do things 439 00:30:01,719 --> 00:30:06,799 like corrupt file downloads. So if you imagine the Great Firewall of China, 440 00:30:06,799 --> 00:30:10,289 so-called – that’s for the whole planet. 441 00:30:10,289 --> 00:30:14,319 So if the NSA wanted to tomorrow, they could kill every anonymity system 442 00:30:14,319 --> 00:30:20,259 that exists by just forcing everyone who connects to an anonymity system to reset 443 00:30:20,259 --> 00:30:24,750 just the same way that the Chinese do right now in China with the Great Firewall 444 00:30:24,750 --> 00:30:28,589 of China. So that’s like the NSA builds the equivalent of the Great Firewall 445 00:30:28,589 --> 00:30:33,999 of Earth. That’s, to me that’s a really scary, heavy-handed thing, 446 00:30:33,999 --> 00:30:39,080 and I’m sure they only use it for good. *clears throat* 447 00:30:39,080 --> 00:30:44,520 But, yeah. Back here in reality that to me is a really scary thing, especially 448 00:30:44,520 --> 00:30:48,610 because one of the ways that they are able to have this capability, as I mentioned, 449 00:30:48,610 --> 00:30:52,979 is these diodes. So what that suggests is that they actually repurpose 450 00:30:52,979 --> 00:30:56,260 other people’s machines in order to reposition and to gain a capability 451 00:30:56,260 --> 00:31:01,349 inside of an area where they actually have no legitimacy inside of that area. 452 00:31:01,349 --> 00:31:07,049 That to me suggests it is not only heavy-handed, that they have probably some 453 00:31:07,049 --> 00:31:12,289 tools to do that. You see where I’m going with this. Well, QUANTUMINSERTION, 454 00:31:12,289 --> 00:31:16,119 this is also an important point, because this is what was used against Belgacom, 455 00:31:16,119 --> 00:31:22,060 this is what’s used by a whole number of unfortunately players in the game where 456 00:31:22,060 --> 00:31:26,409 basically what they do is they inject a packet. So you have a TCP connection, 457 00:31:26,409 --> 00:31:30,169 Alice wants to talk to Bob, and for some reason Alice and Bob have not heard 458 00:31:30,169 --> 00:31:34,880 about TLS. Alice sends an HTTP request to Bob. Bob is Yahoo. 459 00:31:34,880 --> 00:31:40,799 NSA loves Yahoo. And basically they inject a packet which will get to Alice 460 00:31:40,799 --> 00:31:44,429 before Yahoo is able to respond, right? And the thing is that if that was a 461 00:31:44,429 --> 00:31:48,960 TLS connection, the man-on-the-side attack would not succeed. 462 00:31:48,960 --> 00:31:53,180 That’s really key. If they were using TLS, the man-on-the-side attack could at best, 463 00:31:53,180 --> 00:31:56,330 as far as we understand it at the moment, they could tear down the TLS session but 464 00:31:56,330 --> 00:31:59,659 they couldn’t actually actively inject. So that’s a man-on-the-side attack. 465 00:31:59,659 --> 00:32:05,349 We can end that attack with TLS. When we deploy TLS everywhere 466 00:32:05,349 --> 00:32:09,559 then we will end that kind of attack. So there was a joke, you know, when you 467 00:32:09,559 --> 00:32:12,820 download .mp3s, you ride with communism – from the ’90s, some of you may 468 00:32:12,820 --> 00:32:19,060 remember this. When you bareback with the internet, you ride with the NSA. 469 00:32:19,060 --> 00:32:24,450 *applause* 470 00:32:24,450 --> 00:32:28,969 Or you’re getting a ride, going for a ride. So the TAO infrastructure, 471 00:32:28,969 --> 00:32:33,449 Tailored Access and Operations. Some of the FOXACID URLs are public. 472 00:32:33,449 --> 00:32:38,309 FOXACID is essentially like a watering hole type of attack where you go to, 473 00:32:38,309 --> 00:32:43,759 you go to a URL. QUANTUMINSERT puts like an iframe or puts some code 474 00:32:43,759 --> 00:32:46,729 in your web browser, which you then execute, which then causes you to 475 00:32:46,729 --> 00:32:50,569 load resources. One of the resources that you load while you’re loading CNN.com, 476 00:32:50,569 --> 00:32:55,180 for example, which is one of their examples, they – you like that, by the way? 477 00:32:55,180 --> 00:32:59,050 So, you know, that’s an extremist site. So *coughs* 478 00:32:59,050 --> 00:33:03,020 you might have heard about that. A lot of Republicans in the United States read it. 479 00:33:03,020 --> 00:33:08,130 So – right before they wage illegal imperialist wars. So, 480 00:33:08,130 --> 00:33:12,620 the point is that you go to a FOXACID server and it basically does a survey 481 00:33:12,620 --> 00:33:17,899 of your box and decides if it can break into it or not, and then it does. 482 00:33:17,899 --> 00:33:22,409 Yep, that’s basically it. And the FOXACID URLs, a few of them are public. 483 00:33:22,409 --> 00:33:27,139 Some of the details about that have been made public, about how the structure 484 00:33:27,139 --> 00:33:31,060 of the URLs are laid out and so on. An important detail is that they pretend 485 00:33:31,060 --> 00:33:34,340 that they’re Apache, but they actually do a really bad job. So they’re 486 00:33:34,340 --> 00:33:38,230 like Hacking Team, maybe it’s the same guys, I doubt it though, the NSA wouldn’t 487 00:33:38,230 --> 00:33:43,790 slum with scumbags like that, but… Basically you can tell, you can find them, 488 00:33:43,790 --> 00:33:47,610 because they aren’t really Apache servers. They pretend to be, something else. 489 00:33:47,610 --> 00:33:51,020 The other thing is that none of their infrastructure is in the United States. 490 00:33:51,020 --> 00:33:56,480 So, real quick anonymity question. You have a set of things and you know that 491 00:33:56,480 --> 00:34:01,919 a particular attacker never comes from one place. Every country on the planet 492 00:34:01,919 --> 00:34:06,439 potentially, but never one place. The one place where most of the internet is. 493 00:34:06,439 --> 00:34:10,050 What does that tell you in terms of anonymity? It tells you usually that 494 00:34:10,050 --> 00:34:14,960 they’re hiding something about that one place. Maybe there’s a legal requirement 495 00:34:14,960 --> 00:34:19,020 for this. It’s not clear to me. But what is totally clear to me is that if you see 496 00:34:19,020 --> 00:34:22,720 this type of infrastructure and it is not in the United States, there is a chance, 497 00:34:22,720 --> 00:34:28,289 especially today, that it’s the NSA’s Tailored Access and Operations division. 498 00:34:28,289 --> 00:34:34,490 And here’s an important point. When the NSA can’t do it, they bring in GCHQ. 499 00:34:34,490 --> 00:34:38,820 So, for example, for targeting certain Gmail selectors, they can’t do it. 500 00:34:38,820 --> 00:34:42,740 And in the documents we released today, we show that they say: “If you have 501 00:34:42,740 --> 00:34:46,800 a partner agreement form and you need to target, there are some additional selectors 502 00:34:46,800 --> 00:34:51,330 that become available should you need them”. So when we have a limit 503 00:34:51,330 --> 00:34:54,640 of an intelligence agency in the United States, or here in Germany or 504 00:34:54,640 --> 00:34:58,690 something like this, we have to recognize that information is a currency 505 00:34:58,690 --> 00:35:03,380 in an unregulated market. And these guys, they trade that information, and 506 00:35:03,380 --> 00:35:08,260 one of the ways they trade that is like this. And they love Yahoo. 507 00:35:08,260 --> 00:35:15,470 So, little breather? 508 00:35:15,470 --> 00:35:18,630 It’s always good to make fun of the GCHQ with Austin Powers! 509 00:35:18,630 --> 00:35:22,200 *laughter* Okay. Another classified document here. 510 00:35:22,200 --> 00:35:27,310 That’s actual NSA OpenOffice or Powerpoint clip art of their horrible headquarters 511 00:35:27,310 --> 00:35:31,440 that you see in every news story, I can’t wait to see a different photo of the NSA 512 00:35:31,440 --> 00:35:38,470 someday. But you’ll notice right here they explain how QUANTUM works. Now SSO is 513 00:35:38,470 --> 00:35:43,200 a Special Source Operations site. So you’ve seen U.S. embassies? Usually 514 00:35:43,200 --> 00:35:46,430 the U.S. embassy has dielectric panels on the roof, that’s what we showed in Berlin, 515 00:35:46,430 --> 00:35:51,870 it was called “DAS NEST” on the cover of ‘Der Spiegel’. That’s an SSO site. 516 00:35:51,870 --> 00:35:55,900 So they see that this type of stuff is taking place, they do an injection and 517 00:35:55,900 --> 00:36:01,650 they try to beat the Yahoo packet back. Now another interesting point is 518 00:36:01,650 --> 00:36:07,820 that for the Yahoo packet to be beaten, the NSA must impersonate Yahoo. 519 00:36:07,820 --> 00:36:11,230 This is a really important detail because what it tells us is that they are 520 00:36:11,230 --> 00:36:16,300 essentially conscripting Yahoo and saying that they are Yahoo. So they are 521 00:36:16,300 --> 00:36:20,960 impersonating a U.S. company to a U.S. company user 522 00:36:20,960 --> 00:36:24,530 and they are not actually supposed to be in this conversation at all. 523 00:36:24,530 --> 00:36:29,140 And when they do it, then they of course – basically if you’re using Yahoo, 524 00:36:29,140 --> 00:36:32,620 you’re definitely going to get owned. So – and I don’t just mean that in that 525 00:36:32,620 --> 00:36:37,270 Yahoo is vulnerable, they are, but I mean people that use Yahoo tend to 526 00:36:37,270 --> 00:36:40,380 – maybe it’s a bad generalization, but, you know – they’re not the most 527 00:36:40,380 --> 00:36:43,150 security-conscious people on the planet, they don’t keep their computers up to date, 528 00:36:43,150 --> 00:36:47,220 I’m guessing, and that’s probably why they love Yahoo so much. They also love 529 00:36:47,220 --> 00:36:51,340 CNN.com, which is some other… I don’t know what that says, it’s like a sociological 530 00:36:51,340 --> 00:36:56,900 study of compromise. But that’s an important detail. So the SSO site sniffs 531 00:36:56,900 --> 00:36:59,820 and then they do some injection, they redirect you to FOXACID. That’s for 532 00:36:59,820 --> 00:37:04,261 web browser exploitation. They obviously have other exploitation techniques. 533 00:37:04,261 --> 00:37:08,930 Okay. So now. We all know that cellphones are vulnerable. 534 00:37:08,930 --> 00:37:13,530 Here’s an example. This is a base station 535 00:37:13,530 --> 00:37:17,790 that the NSA has that, I think it’s the first time ever anyone’s ever revealed 536 00:37:17,790 --> 00:37:22,340 an NSA IMSI catcher. So, here it is. Well, actually the second time, because 537 00:37:22,340 --> 00:37:25,320 ‘Der Spiegel’ did it this morning. But you know what I mean. 538 00:37:25,320 --> 00:37:30,300 *applause* 539 00:37:30,300 --> 00:37:35,060 So they call it ‘Find, Fix and Finish targeted handset users’. 540 00:37:35,060 --> 00:37:38,940 Now it’s really important to understand when they say “targeting” you would think 541 00:37:38,940 --> 00:37:43,370 ‘massive collection’, right? Because what are they doing? They’re pretending to be 542 00:37:43,370 --> 00:37:48,540 a base station. They want to overpower. They want to basically be the phone 543 00:37:48,540 --> 00:37:51,630 that you connect to… or the phone system that you connect to. And that means 544 00:37:51,630 --> 00:37:54,740 lots of people are going to connect potentially. So it’s not just one 545 00:37:54,740 --> 00:37:59,430 targeted user. So hopefully they have it set up so that if you need to dial 911, 546 00:37:59,430 --> 00:38:02,990 or here in Europe 112 – you know, by the way, if you ever want to find 547 00:38:02,990 --> 00:38:05,740 one of these things try to call different emergency numbers and note which ones 548 00:38:05,740 --> 00:38:09,960 route where. Just as a little detail. Also note that sometimes if you go 549 00:38:09,960 --> 00:38:14,420 to the Ecuadorian embassy you will receive a welcome message from Uganda Telecom. 550 00:38:14,420 --> 00:38:18,670 Because the British when they deployed the IMSI catcher against Julian Assange 551 00:38:18,670 --> 00:38:23,150 at the Ecuadorian embassy made the mistake of not reconfiguring the spy gear they [had] 552 00:38:23,150 --> 00:38:27,390 deployed in Uganda [before] when they deployed in London. 553 00:38:27,390 --> 00:38:33,330 *applause* 554 00:38:33,330 --> 00:38:38,420 And this can be yours for only US$ 175.800. 555 00:38:38,420 --> 00:38:43,120 And this covers GSM and PCS and DCS and a bunch of other stuff. 556 00:38:43,120 --> 00:38:46,870 So basically if you use a cell phone – forget it. It doesn’t matter 557 00:38:46,870 --> 00:38:50,520 what you’re doing. The exception may be Cryptophone and Redphone. In fact 558 00:38:50,520 --> 00:38:54,660 I’d like to just give a shoutout to the people who work on free software, and 559 00:38:54,660 --> 00:38:57,640 software which is actually secure. Like Moxie Marlinspike – I’m so sorry I mention 560 00:38:57,640 --> 00:39:02,300 your name in my talk, but don’t worry, your silence won’t protect you! 561 00:39:02,300 --> 00:39:05,160 I think it’s really important to know Moxie is one of the very few people 562 00:39:05,160 --> 00:39:08,270 in the world who builds technologies that is both free and open source, and 563 00:39:08,270 --> 00:39:12,940 as far as I can tell he refuses to do anything awful. No backdoors or anything. 564 00:39:12,940 --> 00:39:18,170 And from what I can tell this proves that we need things like that. 565 00:39:18,170 --> 00:39:22,000 This is absolutely necessary because they replace the infrastructure we connect to. 566 00:39:22,000 --> 00:39:25,920 It’s like replacing the road that we would walk on, and adding tons of spy gear. 567 00:39:25,920 --> 00:39:30,250 And they do that too, we’ll get to that. Okay. 568 00:39:30,250 --> 00:39:33,601 So I’m gonna go a little quick through these because I think it’s better that you 569 00:39:33,601 --> 00:39:36,600 go online and you adjust. And I wanna have a little bit of time for questions. 570 00:39:36,600 --> 00:39:41,290 But basically here’s an example of how even if you disable a thing the thing is 571 00:39:41,290 --> 00:39:45,480 not really disabled. So if you have a WiFi card in your computer the SOMBERKNAVE 572 00:39:45,480 --> 00:39:51,080 program, which is another classified document here, they basically repurpose 573 00:39:51,080 --> 00:39:55,060 your WiFi gear. They say: “You’re not using that WiFi card? We’re gonna scan 574 00:39:55,060 --> 00:39:58,350 for WiFi nearby, we’re gonna exfiltrate data by finding an open WiFi network 575 00:39:58,350 --> 00:40:01,310 and we’re gonna jump on it”. So they’re actually using other people’s 576 00:40:01,310 --> 00:40:05,480 wireless networks in addition to having this stuff in your computer. And this is 577 00:40:05,480 --> 00:40:11,030 one of the ways they beat a so-called air-gapped target computer. 578 00:40:11,030 --> 00:40:14,400 Okay, so here’s some of the software implants. Now we’re gonna name a bunch 579 00:40:14,400 --> 00:40:18,800 of companies because – fuck those guys basically, for collaborating when they do, 580 00:40:18,800 --> 00:40:22,540 and fuck them for leaving us vulnerable when they do. 581 00:40:22,540 --> 00:40:26,030 *applause* 582 00:40:26,030 --> 00:40:29,930 And I mean that in the most loving way because some of them are victims, actually. 583 00:40:29,930 --> 00:40:33,400 It’s important to note that we don’t yet understand which is which. 584 00:40:33,400 --> 00:40:36,930 So it’s important to name them, so that they have to go on record, and so that 585 00:40:36,930 --> 00:40:40,310 they can say where they are, and so that they can give us enough rope 586 00:40:40,310 --> 00:40:44,370 to hang themselves. I really want that to happen because I think it’s important 587 00:40:44,370 --> 00:40:47,820 to find out who collaborated and who didn’t collaborate. In order to have truth 588 00:40:47,820 --> 00:40:51,840 and reconciliation we need to start with a little of truth. So STUCCOMONTANA 589 00:40:51,840 --> 00:40:55,660 is basically BadBIOS if you guys have heard about that. I feel very bad 590 00:40:55,660 --> 00:40:59,070 for Dragos, he doesn’t really talk to me right now. I think he might be kinda mad. 591 00:40:59,070 --> 00:41:04,880 But after I was detained – by the US Army on US soil, I might add – 592 00:41:04,880 --> 00:41:08,490 they took a phone from me. Now it shouldn’t matter but it did. They also 593 00:41:08,490 --> 00:41:11,420 I think went after all my phone records so they didn’t need to take the phone. But 594 00:41:11,420 --> 00:41:14,170 for good measure, they just wanted to try to intimidate me which is exactly 595 00:41:14,170 --> 00:41:19,710 the wrong thing to do to me. But as he told the story after that happened 596 00:41:19,710 --> 00:41:23,180 all of his computers including his Xbox were compromised. And he says 597 00:41:23,180 --> 00:41:27,870 even to this day that some of those things persist. And he talks about the BIOS. 598 00:41:27,870 --> 00:41:32,990 Here’s a document that shows clearly that they actually re-flash the BIOS 599 00:41:32,990 --> 00:41:37,410 and they also have other techniques including System Management Mode 600 00:41:37,410 --> 00:41:42,260 related rootkits and that they have persistence inside of the BIOS. 601 00:41:42,260 --> 00:41:46,380 It’s an incredibly important point. This is evidence that the thing that Dragos 602 00:41:46,380 --> 00:41:50,150 talked about, maybe he doesn’t have it, but it really does exist. 603 00:41:50,150 --> 00:41:54,990 Now the question is how would he find it? We don’t have the forensics tools yet. 604 00:41:54,990 --> 00:41:58,420 We don’t really have the capabilities widely deployed in the community 605 00:41:58,420 --> 00:42:02,230 to be able to know that, and to be able to find it. Here’s another one. 606 00:42:02,230 --> 00:42:06,740 This one’s called SWAP. In this case it replaces the Host Protected Area 607 00:42:06,740 --> 00:42:11,580 of the hard drive, and you can see a little graph where there’s target systems, 608 00:42:11,580 --> 00:42:14,860 you see the internet, Interactive OPS, so they’ve got like a guy who is hacking you 609 00:42:14,860 --> 00:42:19,350 in real time, the People’s Liberation Army… uh, NSA! And… 610 00:42:19,350 --> 00:42:22,370 *laughter* And you can see all of these different 611 00:42:22,370 --> 00:42:25,190 things about it. Each one of these things, including SNEAKERNET, these are 612 00:42:25,190 --> 00:42:29,520 different programs, most of which we revealed today in ‘Der Spiegel’. 613 00:42:29,520 --> 00:42:32,880 But you’ll notice that it’s Windows, Linux, FreeBSD and Solaris. 614 00:42:32,880 --> 00:42:38,250 How many Al Qaeda people use Solaris, do you suppose? 615 00:42:38,250 --> 00:42:42,390 This tells you a really important point. They are interested in compromising 616 00:42:42,390 --> 00:42:46,960 the infrastructure of systems, not just individual people. 617 00:42:46,960 --> 00:42:50,460 They want to take control and literally colonize those systems 618 00:42:50,460 --> 00:42:55,490 with these implants. And that’s not part of the discussion. People are not talking 619 00:42:55,490 --> 00:42:59,880 about that because they don’t know about that yet. But they should. Because 620 00:42:59,880 --> 00:43:03,500 in addition to the fact that Sun is a U.S. company which they are building 621 00:43:03,500 --> 00:43:07,710 capabilities against – that to me, really, it really bothers me; I can’t tell you 622 00:43:07,710 --> 00:43:10,700 how much that bothers me – we also see that they’re attacking Microsoft, 623 00:43:10,700 --> 00:43:13,670 another U.S. company, and Linux and FreeBSD, where there are a lot of people 624 00:43:13,670 --> 00:43:15,900 that are building it from all around the world. So they’re attacking not only 625 00:43:15,900 --> 00:43:19,260 collective efforts and corporate efforts, but basically every option 626 00:43:19,260 --> 00:43:24,660 you possibly can, from end users down to telecom core things. 627 00:43:24,660 --> 00:43:28,830 Here’s another one, DEITYBOUNCE. This is for Dell, 628 00:43:28,830 --> 00:43:33,840 so Dell PowerEdge 1850, 2850, 1950, 2950… 629 00:43:33,840 --> 00:43:37,910 RAID servers using any of the following BIOS versions. Right? 630 00:43:37,910 --> 00:43:41,950 So just in case you’re wondering, hey Dell, why is that? Curious about that. 631 00:43:41,950 --> 00:43:45,810 Love to hear your statements about it. So if you write YARA sigs [signatures] 632 00:43:45,810 --> 00:43:49,930 and you’re interested in looking for NSA malware, look for things 633 00:43:49,930 --> 00:43:55,080 that use RC6, so look for the constants that you might find in RC6. 634 00:43:55,080 --> 00:43:59,650 And when they run, if they emit UDP traffic – we’ve actually seen a sample 635 00:43:59,650 --> 00:44:03,620 of this but we were not able to capture it, sadly, but 636 00:44:03,620 --> 00:44:07,750 emitting UDP traffic that is encrypted. You know, people that I’ve worked with 637 00:44:07,750 --> 00:44:10,830 on things related to this, they’ve even, they’ve had their house black bagged. 638 00:44:10,830 --> 00:44:13,640 They’ve had pretty bad stuff happen to them. That’s their story to tell. 639 00:44:13,640 --> 00:44:19,170 But one of the interesting details is that after those events occurred, 640 00:44:19,170 --> 00:44:23,630 these types of things were seen. Ben has a really bad idea for those guys, 641 00:44:23,630 --> 00:44:27,310 I might add, because I wouldn’t have put this slide in if that had not occurred. 642 00:44:27,310 --> 00:44:29,880 But if you want to look for it, you’ll find it. I know some people that have 643 00:44:29,880 --> 00:44:33,860 looked with YARA sigs and they have in fact found things related to this, 644 00:44:33,860 --> 00:44:37,000 so I suspect a lot of malware researchers in the near future are going to have 645 00:44:37,000 --> 00:44:40,970 a lot of stuff to say about this particular slide. I’ll leave that to them. 646 00:44:40,970 --> 00:44:44,910 I think it’s very important to go looking for these things, especially to find out 647 00:44:44,910 --> 00:44:49,850 who is victimized by them. Here’s an iPhone back door. 648 00:44:49,850 --> 00:44:56,330 So DROPOUTJEEP, so you can see it right there. 649 00:44:56,330 --> 00:45:01,420 So, SMS, contact list retrieval, voicemail, hot microphone, 650 00:45:01,420 --> 00:45:06,850 camera capture, cell tower location. Cool. Do you think Apple helped them with that? 651 00:45:06,850 --> 00:45:10,140 I don’t know. I hope Apple will clarify that. I think it’s really important 652 00:45:10,140 --> 00:45:14,070 that Apple doesn’t. Here’s a problem. I don’t really believe 653 00:45:14,070 --> 00:45:18,290 that Apple didn’t help them. I can’t prove it yet, but they literally claim 654 00:45:18,290 --> 00:45:24,420 that any time they target an iOS device, that it will succeed for implantation. 655 00:45:24,420 --> 00:45:28,620 Either they have a huge collection of exploits that work against Apple products, 656 00:45:28,620 --> 00:45:31,730 meaning that they are hoarding information about critical systems that 657 00:45:31,730 --> 00:45:35,430 American companies produce and sabotaging them, 658 00:45:35,430 --> 00:45:40,080 or Apple sabotaged it themselves. Not sure which one it is! 659 00:45:40,080 --> 00:45:43,180 I’d like to believe that since Apple didn’t join the PRISM program until 660 00:45:43,180 --> 00:45:49,580 after Steve Jobs died that maybe it’s just that they write shitty software. 661 00:45:49,580 --> 00:45:52,960 We know that’s true! *laughter* 662 00:45:52,960 --> 00:45:58,040 *applause* 663 00:45:58,040 --> 00:46:02,320 Here’s a HVT, high-value target. This is a high-value target 664 00:46:02,320 --> 00:46:05,770 being targeted with a back door for Windows CE Thuraya phones. 665 00:46:05,770 --> 00:46:11,290 So if you have a Thuraya phone and you’re wondering if it was secure – yeah maybe. 666 00:46:11,290 --> 00:46:15,220 Good luck! Here’s one where they replaced the hard drive firmware. 667 00:46:15,220 --> 00:46:19,340 There was a talk at OHM this year [OHM2013] where a guy talked about 668 00:46:19,340 --> 00:46:22,960 replacing hard drive firmware. You were onto something. 669 00:46:22,960 --> 00:46:25,850 You were really onto something. Whoever you are, you were onto something. 670 00:46:25,850 --> 00:46:29,540 Because the NSA has a program here, IRATEMONK, and that’s exactly 671 00:46:29,540 --> 00:46:32,600 what they do. They replace the firmware in the hard drive, so it doesn’t matter 672 00:46:32,600 --> 00:46:37,160 if you reformat the hard drive, you’re done. The firmware itself can do 673 00:46:37,160 --> 00:46:42,320 a whole bunch of stuff. So. Here are the names of the hard drive companies 674 00:46:42,320 --> 00:46:47,480 were it works: Western Digital, Seagate, Maxtor and Samsung, and of course 675 00:46:47,480 --> 00:46:52,380 they support FAT, NTFS, EXT3 and UFS. They probably now have support for 676 00:46:52,380 --> 00:46:56,490 additional file systems, but this is what we can prove. Please note 677 00:46:56,490 --> 00:47:00,770 at the bottom left and the bottom right: “Status: Released and Deployed. 678 00:47:00,770 --> 00:47:06,000 Ready for Immediate Delivery”. And: “Unit Cost: $0”. 679 00:47:06,000 --> 00:47:11,550 It’s free! No, you can’t get it. It’s not free as in free software. 680 00:47:11,550 --> 00:47:15,270 It’s free as in “You’re owned!”. *laughter* 681 00:47:15,270 --> 00:47:19,580 *applause* 682 00:47:19,580 --> 00:47:22,930 I want to give a shoutout to Karsten Nohl and Luca [Luca Melette] for their 683 00:47:22,930 --> 00:47:26,460 incredible talk where they showed this exact attack without knowing that 684 00:47:26,460 --> 00:47:30,940 they had found it. Right? They say – yeah, absolutely. 685 00:47:30,940 --> 00:47:35,230 *applause* 686 00:47:35,230 --> 00:47:39,300 Important point. The NSA says that when they know about these things, that 687 00:47:39,300 --> 00:47:42,350 nobody will come to harm, no one will be able to find them, they’ll never be able 688 00:47:42,350 --> 00:47:47,180 to be exploited by another third party. Karsten found this exact vulnerability. 689 00:47:47,180 --> 00:47:51,930 They were able to install a Java applet on the SIM card without user interaction, 690 00:47:51,930 --> 00:47:55,170 and it was based on the service provider’s security configuration, which is exactly 691 00:47:55,170 --> 00:47:58,740 what the NSA says here, and they talk about attacking the same toolkit 692 00:47:58,740 --> 00:48:02,760 inside of the phone; and Karsten found the same vulnerability 693 00:48:02,760 --> 00:48:07,140 and attacked it in the wild. This is perfect evidence, not only of 694 00:48:07,140 --> 00:48:10,960 how badass Karsten and Luca are – they are, no question – but also about 695 00:48:10,960 --> 00:48:16,210 how wrong the NSA is with this balance. Because for every Karsten and Luca, there 696 00:48:16,210 --> 00:48:21,420 are hundreds of people who are paid to do this full-time and never tell us about it. 697 00:48:21,420 --> 00:48:29,000 *applause* 698 00:48:29,000 --> 00:48:32,760 Important detail. Do you see that ‘interdiction’ phrase right there? 699 00:48:32,760 --> 00:48:35,770 “Through remote access” – in other words, we broke into your computer – 700 00:48:35,770 --> 00:48:40,420 “or interdiction” – in other words, we stole your fucking mail. Now. 701 00:48:40,420 --> 00:48:43,471 This is a really important point. We all have heard about these paranoid 702 00:48:43,471 --> 00:48:46,380 crazy people talking about people breaking into their houses – that’s happened to me 703 00:48:46,380 --> 00:48:49,700 a number of times – motherfuckers, getting you back – it’s really important 704 00:48:49,700 --> 00:48:53,460 to understand this process is one that threatens all of us. 705 00:48:53,460 --> 00:48:59,170 The sanctity of the postal system has been violated. I mean – whoa! 706 00:48:59,170 --> 00:49:02,340 God, it makes me so angry, you know? You can’t even send a letter without 707 00:49:02,340 --> 00:49:05,940 being spied on, but even worse that they tamper with it! It’s not enough that 708 00:49:05,940 --> 00:49:10,510 the U.S. Postal Service records all of this information and keeps it 709 00:49:10,510 --> 00:49:13,640 – that’s not enough. They also have to tamper with the packages! So every time 710 00:49:13,640 --> 00:49:18,050 you buy from Amazon, for example, every time you buy anything on the internet, 711 00:49:18,050 --> 00:49:22,230 there is the possibility that they will actually take your package and change it. 712 00:49:22,230 --> 00:49:25,340 One of the ways that I’ve heard that they change it is that they will actually 713 00:49:25,340 --> 00:49:29,800 take the case of your computer and they will injection mold a hardware back door 714 00:49:29,800 --> 00:49:33,680 into the case of the computer. So that even if you were to look 715 00:49:33,680 --> 00:49:37,350 at the motherboard or have it serviced, you would not see this. It merely 716 00:49:37,350 --> 00:49:42,120 just needs to be in the proximity of the motherboard. So. 717 00:49:42,120 --> 00:49:46,920 Let’s talk about hardware implants that they will put into your devices. 718 00:49:46,920 --> 00:49:52,160 Here’s one. This is called BULLDOZER. It’s a PCI bus hardware implant. 719 00:49:52,160 --> 00:49:55,740 Pretty scary, doesn’t look so great, but let’s go on a little bit. Okay? 720 00:49:55,740 --> 00:49:59,180 Here’s one where they actually exploit the BIOS and System Management Mode. 721 00:49:59,180 --> 00:50:02,480 There’s a big graph that shows all of these various different interconnections, 722 00:50:02,480 --> 00:50:06,360 which is important. Then they talk about the long-range comms, INMARSAT, VSAT, 723 00:50:06,360 --> 00:50:10,430 NSA MEANS and Future Capabilities. I think NSA MEANS exists. Future Capabilities 724 00:50:10,430 --> 00:50:14,860 seems self-explanatory. “This hardware implant provides 725 00:50:14,860 --> 00:50:19,860 2-way RF communication.” Interesting. So you disable all the wireless cards, 726 00:50:19,860 --> 00:50:23,420 whatever you need. There you go. They just added a new one in there and 727 00:50:23,420 --> 00:50:27,910 you don’t even know. Your system has no clue about it. Here’s a hardware back door 728 00:50:27,910 --> 00:50:31,800 which uses the I2C interface, because no one in the history of time 729 00:50:31,800 --> 00:50:35,160 other than the NSA probably has ever used it. That’s good to know that finally 730 00:50:35,160 --> 00:50:40,690 someone uses I2C for something – okay, other than fan control. But, 731 00:50:40,690 --> 00:50:43,890 look at that! It’s another American company that they are sabotaging. 732 00:50:43,890 --> 00:50:48,210 They understand that HP’s servers are vulnerable, and they decided, 733 00:50:48,210 --> 00:50:52,960 instead of explaining that this is a problem, they exploit it. And IRONCHEF, 734 00:50:52,960 --> 00:50:56,800 through interdiction, is one of the ways that they will do that. 735 00:50:56,800 --> 00:51:01,810 So I wanna really harp on this. Now it’s not that I think European companies 736 00:51:01,810 --> 00:51:06,950 are worth less. I suspect especially after this talk that won’t be true, 737 00:51:06,950 --> 00:51:10,480 in the literal stock sense, but I don’t know. I think it’s really important 738 00:51:10,480 --> 00:51:13,700 to understand that they are sabotaging American companies because of the 739 00:51:13,700 --> 00:51:17,950 so-called home-field advantage. The problem is that as an American who writes 740 00:51:17,950 --> 00:51:22,430 software, who wants to build hardware devices, this really chills my expression 741 00:51:22,430 --> 00:51:25,490 and it also gives me a problem, which is that people say: “Why would I use 742 00:51:25,490 --> 00:51:29,840 what you’re doing? You know, what about the NSA?” 743 00:51:29,840 --> 00:51:35,000 Man, that really bothers me. I don’t deserve the Huawei taint, 744 00:51:35,000 --> 00:51:39,260 and the NSA gives it. And President Obama’s own advisory board 745 00:51:39,260 --> 00:51:43,550 that was convened to understand the scope of these things has even agreed with me 746 00:51:43,550 --> 00:51:47,820 about this point, that this should not be taking place, that hoarding of zero-day 747 00:51:47,820 --> 00:51:52,640 exploits cannot simply happen without thought processes that are reasonable 748 00:51:52,640 --> 00:51:58,070 and rational and have an economic and social valuing where we really think about 749 00:51:58,070 --> 00:52:03,010 the broad-scale impact. Now. I’m gonna go on to a little bit more. 750 00:52:03,010 --> 00:52:07,230 Here’s where they attack SIM cards. This is MONKEYCALENDAR. So it’s actually 751 00:52:07,230 --> 00:52:11,670 the flow chart of how this would work. So in other words, they told you all of 752 00:52:11,670 --> 00:52:16,690 the ways in which you should be certainly, you know, looking at this. So if you ever 753 00:52:16,690 --> 00:52:22,090 see your handset emitting encrypted SMS that isn’t Textsecure, you now have 754 00:52:22,090 --> 00:52:27,350 a pretty good idea that it might be this. Here’s another example. If you have 755 00:52:27,350 --> 00:52:33,830 a computer in front of you… I highly encourage you to buy the Samsung SGH-X480C 756 00:52:33,830 --> 00:52:38,740 – that’s the preferred phone of the NSA for attacking another person’s phone. 757 00:52:38,740 --> 00:52:43,000 I’m not exactly sure why, but an important point is, they add the back door, then 758 00:52:43,000 --> 00:52:47,830 they send an SMS from a regular phone – what does that tell you? What does that 759 00:52:47,830 --> 00:52:51,670 tell you about the exploitation process? It tells you that it’s actually something 760 00:52:51,670 --> 00:52:55,060 which is pretty straightforward, pretty easy to do, doesn’t require 761 00:52:55,060 --> 00:52:59,220 specialized access to the telecoms once they’ve gotten your phone compromised. 762 00:52:59,220 --> 00:53:02,730 That to me suggests that other people might find it, other people might use 763 00:53:02,730 --> 00:53:06,680 these techniques. Okay, here’s a USB hardware implant called COTTONMOUTH. 764 00:53:06,680 --> 00:53:10,910 We released this in ‘Spiegel’ today as well. See the little red parts. It will 765 00:53:10,910 --> 00:53:14,100 provide a wireless bridge onto the target network with the ability to load 766 00:53:14,100 --> 00:53:18,640 exploit software. Here’s a little bit of extra details about that. It actually 767 00:53:18,640 --> 00:53:23,240 shows the graph at the bottom, how they do this, how they get around, how they beat 768 00:53:23,240 --> 00:53:27,370 the air gap with these things. And they talk a bit about being GENIE compliant. 769 00:53:27,370 --> 00:53:31,790 So GENIE, and for the rest of these programs, these are – like DROPOUTJEEP 770 00:53:31,790 --> 00:53:35,530 is part of the CHIMNEYPOOL programs, and COTTONMOUTH is part of the rest of 771 00:53:35,530 --> 00:53:41,130 these programs over here. These are huge programs where they’re trying to beat 772 00:53:41,130 --> 00:53:45,240 a whole bunch of different adversaries, and different capabilities are required. 773 00:53:45,240 --> 00:53:48,820 And this is one of the probably I think more interesting ones, but here’s 774 00:53:48,820 --> 00:53:53,460 the next revision of it where it’s in a USB plug, not actually in the cable. 775 00:53:53,460 --> 00:53:58,120 And look, 50 units for US$ 200,000. It’s really cheap. 776 00:53:58,120 --> 00:54:03,920 You like my editorializing there, I hope? So, $200,000, okay. 777 00:54:03,920 --> 00:54:08,740 And here’s where you look for it. If you happen to have an x-ray machine, 778 00:54:08,740 --> 00:54:14,450 look for an extra chip. And that’s a HOWLERMONKEY radiofrequency transmitter. 779 00:54:14,450 --> 00:54:18,750 Well what’s a HOWLERMONKEY? We’ll talk about that in a second, but basically 780 00:54:18,750 --> 00:54:23,730 this is for ethernet, here. This is the FIREWALK. It can actually do injection 781 00:54:23,730 --> 00:54:27,370 bidirectionally on the ethernet controller into the network that it’s sitting on. 782 00:54:27,370 --> 00:54:30,270 So it doesn’t even have to do things directly to the computer. It can actually 783 00:54:30,270 --> 00:54:33,800 inject packets directly into the network, according to the specification sheet, 784 00:54:33,800 --> 00:54:39,400 which we released today on Der Spiegel’s website. As it says, 785 00:54:39,400 --> 00:54:43,510 ‘active injection of ethernet packets onto the target network’. Here’s another one 786 00:54:43,510 --> 00:54:50,020 from Dell with an actual FLUXBABBITT hardware implant for the PowerEdge 2950. 787 00:54:50,020 --> 00:54:55,360 This uses the JTAG debugging interface of the server. Why did Dell leave 788 00:54:55,360 --> 00:55:00,080 a JTAG debugging interface on these servers? Interesting, right? Because, 789 00:55:00,080 --> 00:55:04,060 it’s like leaving a vulnerability in. Is that a bug door or a back door or 790 00:55:04,060 --> 00:55:09,380 just a mistake? Well hopefully they will change these things or at least make it so 791 00:55:09,380 --> 00:55:12,730 that if you were to see this you would know that you had some problems. 792 00:55:12,730 --> 00:55:15,970 Hopefully Dell will release some information about how to mitigate 793 00:55:15,970 --> 00:55:19,640 this advanced persistent threat. Right? Everything that the U.S. Government 794 00:55:19,640 --> 00:55:25,190 accuse the Chinese of doing – which they are also doing, I believe – we are learning 795 00:55:25,190 --> 00:55:30,580 that the U.S. Government has been doing to American companies. That to me is really 796 00:55:30,580 --> 00:55:34,600 concerning, and we’ve had no public debate about these issues, and in many cases 797 00:55:34,600 --> 00:55:38,530 all the technical details are obfuscated away and they are just completely 798 00:55:38,530 --> 00:55:43,280 outside of the purview of discussions. In this case we learn more about Dell, and 799 00:55:43,280 --> 00:55:47,330 which models. And here’s the HOWLERMONKEY. These are actually photographs 800 00:55:47,330 --> 00:55:52,620 of the NSA implanted chips that they have when they steal your mail. 801 00:55:52,620 --> 00:55:55,590 So after they steal your mail they put a chip like this into your computer. 802 00:55:55,590 --> 00:56:00,190 So the one, the FIREWALK one is the ethernet one, and 803 00:56:00,190 --> 00:56:05,170 that’s an important one. You probably will notice that these look pretty simple, 804 00:56:05,170 --> 00:56:09,850 common off-the-shelf parts. So. 805 00:56:09,850 --> 00:56:15,650 Whew! All right. Who here is surprised by any of this? 806 00:56:15,650 --> 00:56:20,881 *waits for audience reaction* I’m really, really, really glad to see 807 00:56:20,881 --> 00:56:24,640 that you’re not all cynical fuckers and that someone here would admit 808 00:56:24,640 --> 00:56:29,710 that they were surprised. Okay, who here is not surprised? *waits* 809 00:56:29,710 --> 00:56:34,510 I’m going to blow your fucking mind! *laughter* 810 00:56:34,510 --> 00:56:39,240 Okay. We all know about TEMPEST, right? Where the NSA pulls data 811 00:56:39,240 --> 00:56:42,240 out of your computer, irradiate stuff and then grab it, right? Everybody 812 00:56:42,240 --> 00:56:44,251 who raised their hand and said they’re not surprised, you already knew 813 00:56:44,251 --> 00:56:49,370 about TEMPEST, right? Right? Okay. Well. 814 00:56:49,370 --> 00:56:53,460 What if I told you that the NSA had a specialized technology for beaming 815 00:56:53,460 --> 00:56:57,550 energy into you and to the computer systems around you, would you believe 816 00:56:57,550 --> 00:57:01,000 that that was real or would that be paranoid speculation of a crazy person? 817 00:57:01,000 --> 00:57:05,000 *laughter* Anybody? You cynical guys 818 00:57:05,000 --> 00:57:08,090 holding up your hand saying that you’re not surprised by anything, raise your hand 819 00:57:08,090 --> 00:57:12,100 if you would be unsurprised by that. *laughter* 820 00:57:12,100 --> 00:57:16,770 Good. And it’s not the same number. It’s significantly lower. It’s one person. 821 00:57:16,770 --> 00:57:23,710 Great. Here’s what they do with those types of things. That exists, by the way. 822 00:57:23,710 --> 00:57:29,910 When I told Julian Assange about this, he said: “Hmm. I bet the people who were 823 00:57:29,910 --> 00:57:33,890 around Hugo Chavez are going to wonder what caused his cancer.” And I said: 824 00:57:33,890 --> 00:57:37,490 “You know, I hadn’t considered that. But, you know, I haven’t found any data 825 00:57:37,490 --> 00:57:42,640 about human safety about these tools. Has the NSA performed tests where they 826 00:57:42,640 --> 00:57:48,070 actually show that radiating people with 1 kW of RF energy 827 00:57:48,070 --> 00:57:51,360 at short range is safe?” *laughter* 828 00:57:51,360 --> 00:57:56,450 My God! No, you guys think I’m joking, right? Well, yeah, here it is. 829 00:57:56,450 --> 00:58:00,720 This is a continuous wave generator, a continuous wave radar unit. 830 00:58:00,720 --> 00:58:05,250 You can detect its use because it’s used between 1 and 2 GHz and 831 00:58:05,250 --> 00:58:09,630 its bandwidth is up to 45 MHz, user adjustable, 2 watts 832 00:58:09,630 --> 00:58:12,790 using an internal amplifier. External amplifier makes it possible to go 833 00:58:12,790 --> 00:58:19,230 up to 1 kilowatt. 834 00:58:19,230 --> 00:58:25,210 I’m just gonna let you take that in for a moment. *clears throat* 835 00:58:25,210 --> 00:58:31,840 Who’s crazy now? *laughter* 836 00:58:31,840 --> 00:58:35,010 Now, I’m being told I only have one minute, so I’m going to have to go 837 00:58:35,010 --> 00:58:39,480 a little bit quicker. I’m sorry. Here’s why they do it. This is an implant 838 00:58:39,480 --> 00:58:43,950 called RAGEMASTER. It’s part of the ANGRYNEIGHBOR family of tools, 839 00:58:43,950 --> 00:58:47,340 *laughter* where they have a small device that they 840 00:58:47,340 --> 00:58:52,490 put in line with the cable in your monitor and then they use this radar system 841 00:58:52,490 --> 00:58:57,070 to bounce a signal – this is not unlike the Great Seal bug that [Leon] Theremin 842 00:58:57,070 --> 00:59:01,060 designed for the KGB. So it’s good to know we’ve finally caught up with the KGB, 843 00:59:01,060 --> 00:59:06,540 but now with computers. They send the microwave transmission, 844 00:59:06,540 --> 00:59:10,700 the continuous wave, it reflects off of this chip and then they use this device 845 00:59:10,700 --> 00:59:15,320 to see your monitor. 846 00:59:15,320 --> 00:59:20,780 Yep. So there’s the full life cycle. First they radiate you, 847 00:59:20,780 --> 00:59:24,500 then you die from cancer, then you… win? Okay, so, 848 00:59:24,500 --> 00:59:30,080 here’s the same thing, but this time for keyboards, USB and PS/2 keyboards. 849 00:59:30,080 --> 00:59:34,560 So the idea is that it’s a data retro-reflector. Here’s another thing, 850 00:59:34,560 --> 00:59:38,200 but this one, the TAWDRYYARD program, is a little bit different. It’s a beacon, so 851 00:59:38,200 --> 00:59:44,390 this is where probably then they kill you with a drone. 852 00:59:44,390 --> 00:59:48,910 That’s pretty scary stuff. They also have this for microphones to gather room bugs 853 00:59:48,910 --> 00:59:52,610 for room audio. Notice the bottom. It says all components are common off the shelf 854 00:59:52,610 --> 00:59:57,140 and are so non-attributable to the NSA. Unless you have this photograph 855 00:59:57,140 --> 01:00:01,700 and the product sheet. Happy hunting! 856 01:00:01,700 --> 01:00:07,950 *applause* 857 01:00:07,950 --> 01:00:12,380 And just to give you another idea, this is a device they use to be able to actively 858 01:00:12,380 --> 01:00:15,990 hunt people down. This is a hunting device, right? Handheld finishing tool 859 01:00:15,990 --> 01:00:22,910 used for geolocation targeting handsets in the field. So! 860 01:00:22,910 --> 01:00:28,860 Who was not surprised by this? I’m so glad to have finally reached the point 861 01:00:28,860 --> 01:00:33,240 where no one raised their hand except that one guy who I think misheard me. 862 01:00:33,240 --> 01:00:38,300 *laughter* Or you’re brilliant. And 863 01:00:38,300 --> 01:00:41,040 please stay in our community and work on open research! 864 01:00:41,040 --> 01:00:42,750 *somebody off mike shouts:* Audience: Maybe he can add something! 865 01:00:42,750 --> 01:00:47,310 Yeah! And if you work for the NSA, I’d just like to encourage you 866 01:00:47,310 --> 01:00:51,690 to leak more documents! *laughter* 867 01:00:51,690 --> 01:00:58,202 *applause, cheers* 868 01:00:58,202 --> 01:01:04,737 *applause* 869 01:01:04,737 --> 01:01:11,588 *applause* 870 01:01:11,588 --> 01:01:18,488 *applause, cheers, whistles* 871 01:01:18,488 --> 01:01:25,258 *applause, cheers, whistles, ovation* 872 01:01:25,258 --> 01:01:31,988 *applause, ovation* 873 01:01:31,988 --> 01:01:38,748 *applause, cheers, ovation* 874 01:01:38,748 --> 01:01:45,698 *applause, ovation* 875 01:01:45,698 --> 01:01:48,820 Herald: Thank you very much, Jake. 876 01:01:48,820 --> 01:01:52,760 Thank you. I’m afraid we ran all out of time for the Q&A. 877 01:01:52,760 --> 01:01:55,570 I’m very sorry for anyone who wanted to ask questions. 878 01:01:55,570 --> 01:01:58,400 Jacob: But we do have a press conference. Well, if you guys… you know, 879 01:01:58,400 --> 01:02:01,310 I’d say: “occupy the room for another 5 minutes”, or… know that there’s 880 01:02:01,310 --> 01:02:04,220 a press conference room that will be opened up, where we can all ask 881 01:02:04,220 --> 01:02:07,260 as many questions as we want, in 30 minutes, if you’re interested. 882 01:02:07,260 --> 01:02:11,480 And I will basically be available until I’m assassinated to answer questions. 883 01:02:11,480 --> 01:02:18,600 *laughter, applause* So… 884 01:02:18,600 --> 01:02:22,250 in the immortal words of Julian Assange: Remember, no matter what happens, 885 01:02:22,250 --> 01:02:26,409 even if there’s a videotape of it, it was murder! Thank you! 886 01:02:26,409 --> 01:02:30,339 Herald: Thank you. Please give a warm round of applause to Jake Appelbaum! 887 01:02:30,339 --> 01:02:33,339 *applause* 888 01:02:33,339 --> 01:02:37,796 *silent postroll* 889 01:02:37,796 --> 01:02:42,403 *Subtitles created by c3subtitles.de in the year 2016. Join, and help us!*