Today in "Is it For Real, or another episode of Madame Secretary"

a thoughtful web.

Good ideas and conversation. No ads, no tracking. Login or Take a Tour!

Today in "Is it For Real, or another episode of Madame Secretary" · 6

goobster · 2814 days ago

arstechnica.com · #technology · #hacking

Project Sauron.

A hacking toolkit that is basically undetectable, with multitudes of reconfigurable modules that intelligently hide their existence, and even jump air-gapped computers with trusted USB software and sources.

And it's most likely state sponsored.

I know the episodes of "Madame Secretary" are topical, and all, but ... damn. This is straight out of the "Air Force One security hack" storyline.

tweet · print · htmlmarkup tips · 0

oyster · 2814 days ago · link ·

To do this, the malware uses specially prepared USB storage drives that have a virtual file system that isn't viewable by the Windows operating system.

So am I understanding right that an actual person would have to bring a USB to the computer ?

+discuss+discuss

–

user-inactivated · 2814 days ago · link ·

Yes, but not necessarily the attacker themselves. USB drives are a great delivery mechanism because they get handed out so many places, so all you have to do is hand them out in the right area and bank on some number of people being clueless enough to plug them into their work box.

+discuss+discuss

–

goobster · 2814 days ago · link ·

But it is even more nefarious than that. Your institution (the NSA, for example) will have "special" USB sticks that you are authorized to use because they are "protected".

The Sauron kit even works on these protected USB sticks! It knows what the protection software is and how it works, and knows how to work around it.

So it doesn't even take a dumb user picking up a random USB and sticking it in their computer. All it needs is for this USB to have been used on another computer that is (basically invisibly) infected with Sauron.

That is some Grade A nastiness, right there, my friends.

+discuss+discuss

–

oyster · 2813 days ago · link ·

So I guess that means, since they have the protection software, that the NSA wasn't worried about using these protected USB's on specific devices only and so that's how it got on ? Like they can plug those USB's in to any computer ? Or maybe could is a better word.

+discuss+discuss

–

goobster · 2813 days ago · link ·

Well, security has many levels.

One of the most reliable methods to secure a computer is to "air gap" it, which means that it connects to no network, no wireless, no other computer. The only way to move files onto it is with a USB.

So if you want to hack into an air-gapped computer, you need to compromise a USB that has been approved for use in that computer. And that is, effectively, what this hack circumvented.

Incidentally, they can now hack air-gapped computers by getting close enough to it with a sensitive antenna, and listening to the electrical pulses put out by the individual keys on the keyboard! It's a bit like electronic semaphore. But, it has been proven to work reliably.

+discuss+discuss

–

user-inactivated · 2806 days ago · link ·

Incidentally, they can now hack air-gapped computers by getting close enough to it with a sensitive antenna

You say "now", but the NATO selection process for TEMPEST-secure devices comes from 1981. Way before that, there was laser eavesdropping and the KGB bugging the American embassy through "electromagnetic flooding", whatever that is.