Here's the rootkits track from Black Hat 2008 --- keep in mind that this is almost a decade old and that it's public work:
* Deeper Door: Exploiting NIC Chipsets
* A New Breed of Rootkit: The System Management Mode Rootkit
* Insane Detection of Insane Rootkits
* Crafting OS X Kernel Rootkits
* Viral Infections on Cisco IOS
* Detecting And Preventing Xen Hypervisor Subversions
* Bluepilling (implementing a hypervisor rootkit) The Xen Hypervisor
This is just one year's work. If you summed all of it together, you're talking ~2.5 FTEs across 7 different research projects which we will very generously assume took a full year to develop (spoiler: no, none of them did). People who can write hypervisor rootkits command a pretty decent salary, but it's not 2x the prevailing SFBA senior salary. So this is at most mid-single-digit millions worth of work.
I don't know why the CIA has this team of people bumbling around with DLL injectors and AV bypasses. Maybe it's some weird turf thing they're doing against NSA? But the stuff in the CIA leaks is not the standard you need to be protecting yourself against.
Also just because some information got leaked, doesn't mean that there aren't more units / projects at the CIA where maybe the more skilled people are working and where the "good" attacks don't get leaked.
This looks to be the kind of stuff for the day in, day out operations.
Creating antibiotic-resistant bacteria is a bad idea. Don't use linezolid when you could use vancomycin.
Don't use your fancy rootkit if the boring DLL injector you give the contractors works just as well.
If I were CIA in the current political climate, I would simply slightly modify a Russian exploit toolchain and exfiltrate data to CIA controlled C&C. One dev can do the work and with a couple of days of effort it would get past all major AVs.
Creating this sort of malware isn't expensive, so why not do it.
There's a big difference between broadband spray and pray malware, and malware you actually want to hit a target with.
If you know average tools won't detect it, then why get fancy when you have something that's proven reliable and if discovered is unlikely to have your victim substantially improve their processes?
Also, the hextuple-agent in me wants to think the simple exploits were leaked intentionally to distract from the whatever-else-it-is-they-don't-want-you-to-know.
I don't want to rush to judge them because not everyone can be at the top and if it works it works. If I can pop a box using powershell, it's way easier than having to develop some kernel level hack. Additionally when anyones 'private' conversations get leaked they always look like a fool because it shows us being vulnerable and asking dumb questions, but a lot of the posts really do remind me more of the sysadmin who learned some python instead of the cutting edge of private industry.
There's two ways microcode goes on Intel CPUs. The first is when it gets flashed in at the factory onto an OTP ROM. The second is when it gets uploaded to a block of internal RAM by your computer, every time it boots. That's why packages like this one (https://www.archlinux.org/packages/extra/any/intel-ucode/) exist.
One is set at the factory, one is set by your computer every time, once at boot, before the completion of boot. Also, it's very carefully signed, so even if you managed to put a bootkit before the OS boot, you would need to steal Intel's microcode key.
Microcode is not targetable. Few things at that level are. (A decent example of something that might be more targetable at that level is a hard drive controller. Less difficult but still not easy.) The amount of engineering needed to pull off an exploit that is "99.9% chance" unnoticeable, but still persistent, is much more than that of a "99% chance".
(I know nothing of AMD's CPUs and their microcode, but I'm guessing it's much of the same.)
Scenario 1: Supply chain interdiction. You don't need to target the CPU only after it has been manufactured and put into whatever you want to hack, you can start way earlier, including at the factory.
Scenario 2: Getting the signing keys from hardware manufacturers, including Intel, seems quite feasible for state actors. You don't even need hacking (I assume Intel's keys are kept air-gapped) or relying on secret court orders, plain old spycraft would probably do the trick.
That said, my argument can be rephrased to consider the hard-drive controller or other peripheral firmware rootkits instead, if you prefer and care only about scenarios where the rootkit must be delivered over the network to a clean system without attacking the CPU manufacturer.
It was a big deal at the time known as "l'affaire gemplus" and it prompted the french government to set up the "Fonds stratégique d'investissement" or strategic investment fund, sort of a french in-q-tel.
Intel being a US company it is probable the US agencies have their ways with them.
This is why I run libreboot and I neutralized the IME by flashing my BIOS using SOIC-8 chip clips and a Bus Pirate.
I guess I'm paranoid.
I guess you refer to a procedure as described in
I would say what you did is to "neutralize" the ME firmware part in the flash BIOS. But this is only firmware that the ME loads additionally to load applications like e.g. AMT.
The ME has it's own internal ROM containing it's very own firmware which is inaccessible and can not be modified.
So what you have is libreboot running on top of a still functional IME. All you gained is, that you got your BIOS of choice installed, and to remove some ME apps from the flash image. Correct me if I am wrong.
I'd expect a microcode-level rootkit to run a five-nines success rate evading detection unless used against someone who's paranoid enough to have _something_ in place to detect it, and I'd venture further that the 3LAs of the world are smart enough not to target the infosec-paranoids of the world.
Admittedly, the best rootkits probably target the network equipment as well as the host.
At the host level, most organizations wouldn't be able to detect an unmasked trojan running as its own separate user process unless its signature was already known or its behavior caught by a blacklist-based IDS.
Also rootkits are way overrated. What you do when you compromise an organization is you open a connection to your C&C on a few machines to keep your foothold if any reboot. If you need to get in you just connect to one of those boxes and just continue on. You never have to drop anything on the hard disk which makes it much stealthier.
fair enough, but the like the person above said, it can be very important to hide/obfuscate the identity of the snooper. Stuxnet would have been more effective if experts could not immediately point to US/Israel.
On the other side, there's an organization that by definition asks you to take them on their word that everything they good is for your own good...
Of course WikiLeaks wants ordinary people to be vaguely afraid of using Signal and WhatsApp. End-to-end encryption is very much counter to their goals.
I don't trust signal, a centralized that requires a phone number while pretending to be secure and providing some anonymity is flawed by design and begging to be exploited.
Get off the FUD brigade.
FWIW, I strongly disagree with this stance: if the recipient's key changes while the message is in-flight, that message should never be resent/delivered without the sender's explicit approval. Imagine that Bob is a political activist planning a protest. Bob is wondering why his IMs to a co-conspirator Alice aren't being delivered; Bob's wonder turns to fear when he hears on the news that Alice has been detained. Fear turns into terror when Bob sees his messages subsequently get two blue ticks as WhatsApp happily delivers his IMs to a new phone belonging to the secret police. Only afterwards does WhatsApp notify Bob that Alice's key has changed
> Wasn't whatsapp all over the news for its "replace the encryption key transparently without notifying the user" feature ? Also facebook.
Which was a conscious design decision. Not doing that (even for people that had turned on "notify on key changes"), would let whatsapp know which users could be securely MITM'd. Neither is a very good choice, but an understandable trade-off when it comes to security vs usability.
You can do lots of things when you've owned someone's phone. The big news is that they're targeting phones instead of services.
Given that, it's very peculiar to focus on the services WikiLeaks wants you to be afraid of anyway, when they're mentioned nowhere in the documents.
What would those goals be?
Release it and let people figure it out or shut the fuck up.
Snowden is a hero. Assange is an asshat.
Also Assange would be Poitras/Greenwald here not Snowden.
::: THIS ARCHIVE FILE IS STILL BEING EXAMINED BY WIKILEAKS. :::
::: IT MAY BE RELEASED IN THE NEAR FUTURE. WHAT FOLLOWS IS :::
::: AN AUTOMATICALLY GENERATED LIST OF ITS CONTENTS: :::
Find a better justification for your beliefs.
The CIA works abroad, not on American soil, so none of these tools are being used against the American people anyway (thats the NSA's job). I imagine this is part of a network or "library" of exploits they have, in case they encounter say a North Korean laptop with Windows 98 and they need something in a pinch.
>doesn't mean that there aren't more units
Exactly, thats why they call it a "leak" and not a "turn the hose on full blast."
I don't think you can underestimate how stupid these big bureaucracies can be.
But never underestimate your opponent, and all that...
Actually the vault7 leak is the first in a series and it is clearly stated that this is only a portion of the CIA tools:
> Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. (..) The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
Edit: Maybe someone can answer this question for me.. So from the Snowden leaks, we know the extent of the NSA toolkits and the requirements which need to be met to utilize them. Now we know some of the CIA's capabilities, and after Apple refused to unlock the San Bernardino Shooter's iPhone, we found out the FBI was playing some sort of politics, by claiming that justice might not be served without Apple's intervention, and proceeded to publicly shame the ethical position Apple took. So why on earth was Obama trying to force Apple's hand in that matter? Soon as Apple said no, the FBI somehow found the single magical person willing and able to defeat the privately enhanced security of the shooter's 5S? Makes no sense to me.
The most interesting tool I found in the leaks was the bug that jumps airgap to make Nero burn trojaned binaries. If we see more tools like this come out of the woodwork, it shows that the CIA is at least in some ways keeping their teeth sharp.
I believe that the FBI and Obama both played politics for a few reasons, namely:
- Obama and the FBI probably withheld a reasonable amount of information from each other regarding the case
- This was all a charade to bring the topic into the public sphere. It backfired, but the aim was to allow future high-profile cases on which concurrent evidence trails are harder to establish. Once it backfired, Comey came out with a public letter admonishing the American people, comparing us to children. He stated that with Rule 41 coming into effect, the FBI would use its expanded powers to collect information for the following year. They would then use that information in an upcoming "adult conversation" the FBI wishes to have with the public about the future of open, libre encryption.
We should be expecting that "conversation" to take place this year. And I don't expect it to be much of a dialogue so much as a monologue. I expect the FBI to either directly or indirectly (thru Wikileaks, etc) release information that "proves" that backdoored encryption and its inherent reduced security is necessary for public safety. There is a saying we all know and love about the merits of this particular trade-off
I'm certain the FBI always had that contact on standby. They probably received multiple unprompted bids from various hacking companies during the public run of the case. They wanted to flex how much pull they had over a giant like Apple. Even though they seemingly failed, they came out with a huge data point: The American people need further brainwashing and ideological shifting before attempting a full coup over libre encryption in America.
I hope that things make a little more sense now.
/puts on tinfoil hat
There is also the other option which is that trust in American tech companies has been sketchy at best following the NSA leaks and this was a chance for the Obama administration to allow companies to reestablish some legitimacy when it came to security by making the US government look evil but having the corporations 'prove' that they are not backdoored by the NSA. They can still break in the covert way, but it makes it look tech companies are not as compromised as the NSA leaks would suggest.
they might also used the whole stunt as a way to inform the public that they have the capability so that next time around at the interview goes "look kid, we do have the capability to unlock the phone, but it's costly, nasty, annoying for everyone involved and will put your refusal in a very very bad light in front of the judge and jury, why you don't just give the code and we tell the judge you cooperated?"
The FBI --- our domestic intelligence agency --- has been doing kernel keyloggers since at least 2003.
All speculation, of course.
Simple attacks are often (sadly;still) the most effective.
Some of the most talented software engineers in the world work intelligence, and they can write better than you, exploit faster than you, debug more thoroughly than you, etc.
State intelligence is especially dangerous and devious. The average security researcher doesn't stand a chance, much less the average basement hacker.
Understanding what the CIA does and why they do it is designed to be more or less impossible from the outside. It's the nature of intelligence really, to be incomprehensible from outside the sphere.
I read the Snowden leaks. I know what type of tools they're using. I know the type of holes that their public facing infrastructure has. I know the type of holes that their government officials that they're supposed to be protecting have. I know how fucked the security environment is right now. The CIA doesn't even use HSTS or CSP headers for fucks sakes (lol, they get an F on observatory.mozilla.org) so we are not dealing with an organization of godlike power.
These people work in a bureaucracy. Some of them are geniuses that write stuxnet or break HTTPS ciphers, most are not. Most are dll or SQL injection kiddies. Or they use grep to filter emails.
I didn't mean to insult your prowess or whatever, but people gotta understand the level that they operate at. It's insane
I don't think there's much more to the CIA than what's in these leaks. To do anything more, you'd need tens of thousands of people and huge server farms. You can't hide that stuff.
I truly doubt this for a multitude of reasons, but pay alone suggests otherwise.
> new cuck times
I'm very familiar with business intelligence, and I'm somewhat familiar with govt intelligence though I've never actually filled a contract or anything, I've spoken with plenty who have, and have worked with a few as well.
The intelligence universe is completely parallel to the rest of the world. People just don't get it.
For the other 20% of targets who are serious about security (High-level government actors in countries that can invest a lot of money into serious computer security.) The CIA probably has a bunch of high-level tools that were not leaked.
Could you expand on why you feel the CIA in particular would have high-quality remote exploitation capabilities? Assume a talented hacker wants to join the government. Why would they choose to work for the CIA and not the NSA or the FBI?
I'm not saying the CIA does second-rate work in general, but perhaps their remote access work is second-rate in comparison to the NSA/FBI and to the very talented echelons of the private sector.
That was exactly the vibe I got from the leak as well. I don't know why people are going crazy over this, thinking Notepad++ or all Samsung SmartTVs are backdoored.
Who knows, maybe LD_PRELOAD is also an amazing method to hack programs?
Got to have something to spend the budget on to ask for more next year?
Maybe they are just trawling and they have more skilled people pick out the wheat from the chaff or combine exploits. It would make sense if there are some bigger picture people directing the contractors. A library of low-level shit might be useful if you're building entire frameworks.
Silt builds up at classification boundaries. You should expect to see a bunch of S crap that can't get to the TS tools, TS crap that can't get the compartments needed for the great tools---all in service of not devaluing the tech.
This was the U silt pile.
DLL injection seems like a perfectly fine hammer in the toolbox for that purpose. Nobody is claiming that they are using it for anything more than targeting specific applications once they have already gained system access. How they got that access might make for more interesting documents.
The CIA is in the business of obtaining information, not malware research.
What's impressive about things like Stuxnet is the amount of work and coordination it must have took to make it. The actual techniques were rather unremarkable.
Didn't Stuxnet involve backdooring Siemens PLCs? I find that pretty remarkable. In general, extremely sophisticated exploits that target critical infrastructure require attacks that haven't already been considered, be it for delivery or execution.
Are you calling Notepad++ or the CIA silly, here?
If the first case (which I assume) you're comically missing the point yourself, which is a big middle finger to a hostile government agency. This is an international Open Source software, used worldwide, that has taken a stance against US politics before (export restrictions).
So yeah maybe it is to embarrass the CIA, but not quite in the way you describe.
By publicly releasing this "fix", they're making a noise calling out LOOK WHAT THE CIA IS DOING PEOPLE, instead of shrugging "eh, is that all, I sure hope they got better exploits from my tax money" and "gosh I wonder why whoever released all this is angry with the US or something, I bet it's cause they're biased".
Now there's a public post on their site, on record, being shared everywhere that says BUGFIX BECAUSE THE CIA ACTIVELY TARGETED OUR SOFTWARE, so that people know this is no longer some "'They' could potentially do X and Y" but that it's actually happening and in this particular case "They" are the CIA.
I think you understand perfectly well how this sends a very different message to a very different (broader) audience than the (admittedly much more serious) revelations at Blackhat conferences. You remember that all these serious capabilities have been around for a long time, but the public didn't really take it seriously because many people believe "they wouldn't really" or the attacks were surely theoretical or otherwise we'd hear more about it, right? Or even when the capabilities have been right there, clear as day, for a decade, to actually assume "They" are really listening on your Samsung Smart TV's microphones (or you name it), has been flat out conspiracy nut territory or at best you could say "surely they only deploy these capabilities on a very small, targeted scale, responsibly".
And now they're not. We know it's happening. New proof of new scandalous breaches of privacy of individual indiscriminate members of the public comes out every other month or so. The whole world knows that the US/UK surveillance apparatus has spiralled out of control and is surveilling, spying and collecting data on everyone, everywhere. To say now, let's not make a big deal out of this because it just confirms what everybody could have known all along, is an idea that should have its motives questioned (by which I mean, you should maybe ask yourself, not that you're doing it deliberately).
Does Notepad++ really believe that with this fix they've successfully defended their software against CIA (or other gov.actor) exploits? Of course not. But they do get to make a big fuss out of it. And that's important too. If the police beat you up, is that something to make a big fuss out of and try to fix and make sure they don't get away with, even if it doesn't help with them still getting away with actually shooting people dead elsewhere? You can argue about that, but I wouldn't call it "silly".
Are there now people who will think "phew at least now Notepad++ is protected against CIA hacks"--well, probably, quite a few. But you're not addressing or helping those people by talking about Blackhat and hypervisor rootkits.
(... and if it's the second case, "silly" is a bit of an understatement given what these people have been up to the past half century or so--it's not actually quite as funny as in the film Burn after reading)
Sticking with the CIA, though, let's say we apply the bill of rights in its most stringent interpretation; then the CIA can't hack into anything that any American might use to communicate to, without an American warrant. That would be totally unrealistic, and the result would be no tech toys for the CIA. They would be at a significant disadvantage compared to other intelligence and manipulation agencies around the world.
Or perhaps another spin on it... does the Bill of Rights apply in the case where an ISIS combatant is firing on a US Marine, where the combatant happens to be an American? The Marine won't know that, and will treat them as a combatant. The Bill of Rights doesn't seem to apply in this case. Given that to be the case, then should the Bill of Rights apply where the CIA is hacking into equipment that a non-American is using and might use to communicate with an American?
But they (US+UK) are, agencies that have been allowed natural access to the infrastructure and resources required to implement surveillance on such a global scale. So much so that other intelligence agencies are making deals to get access via them. So, say, the Dutch AIVD, they don't have the majority of Internet data flowing through their territory (with nearly all large tech companies being US, clouds, browsers, software etc) so they can't directly abuse this access, because their scope is limited, unfortunately they can still trade for it because we have two nice big ports with transatlantic Internet cable connections (unless we already traded US access to those for something else, I don't know). So sure, they're being bad, but they're also limited, and they're not the root of the problem.
The US and the UK are in a very unique position for global Internet surveillance.
If Notepad++ wants to push an update that fixes DLL search paths purely for symbolic reasons, so that all their users are aware of what the CIA is doing by seeing the changelog, that's another thing entirely, and yes, I agree that's useful.
Of course it is. Notepad++ is an international project and these reasons are exactly why I upvoted this story.
(I'm honestly a bit confused as to what other reason one could come up with that is not an insult to Notepad++ developers' intelligence--"There, we fixed the DLL inject-y thing, finally now our users will be safe from CIA hacks"??)
So, yeah, we're fucked, yes?
He fucking nailed it. This is what all of us are feeling. It's almost like, we are collectively being punished by trying to make shit more secure. It makes me dysphoric with hopelessness.
I can no longer proudly claim the West is free. We are living in a surveillance state. It's going to be hard to point fingers at other authoritative regimes around the world using the same tools.
I sometimes feel as if the West is a giant hypocrisy because of the double standards it upholds but relatively better than it's counterparts. Lesser evils.
That's a little disrespectful to those who actually lived in surveillance states. Is your neighbor watching you, ready to report you to the state for suspected subversive activities?
Even if you were engaged in actual subversive activities, like reading and publishing terrorist propaganda or selling drugs at scale, Tor makes it possible to do this with relatively little risk to yourself. It's still risky, but nothing like it used to be. And even if the government knows that you do these things, how much of a threat do you need to pose before they'll act against you in particular? The governments of old would routinely act against large numbers of their population for far less.
I'm not arguing for complacency, but it's important to keep perspective.
I believe the original intent was mostly about reporting unattended bags that could contain bombs, not reporting your neighbor for hosting a socialist book club or whatever. Obviously it's vague and broad enough that it could be bent to more sinister purposes though.
Perhaps a slightly different context but I have heard this almost verbatim a few days ago on buses and trains in Birmingham, UK.
If I'm not mistaken too, I believe that "If you have nothing to hide, you have nothing to fear" is also something the Govt used a few years ago.
The content of the ad includes someone looking at someones trash, seeing some common chemicals and assuming they are making a bomb.
No it's not, and I highly resent this argument. It inevitably ends up with, but it's not at stasi levels... yet... When in truth what we have now would have made the Stasi have wet dreams! So stop it with this variation of affective fallacy already. Even if it was, somehow, disrespectful, which I don't think it is, even it was, who cares? It doesn't and shouldn't change the conversation whatsover. We are having a discussion about the current state of our mass modern surveillance engine, not about any other time in history (though they might be relevant to learn from).
Also, at this stage, if we don't talk about the potential before it gets too bad, we won't be able to stop it. Binney and Drake both refer to the current state as the "turn-key totalitarian state", and Drake for example got his start spying on east Germany during the cold war! As a matter of fact, if anything, I would find it to be highly respectful, for we are trying to prevent a similar fate those before us have failed to prevent.
"Tor makes it possible to do this with relatively little risk to yourself."
Nope, when they own enough fiber backbone nodes owning the tor network becomes much less non-trivial. Also, targeting tor-browser 0days, along with, as we can see from the NSA and CIA leaks, direct comprimise of machine, make tor not nearly as useful as a tool of anonymity as you seem to think. (Still useful, don't hate me J Appelbaum...)
"how much of a threat do you need to pose before they'll act against you in particular?"
Easy, all you need is to be effective and credible. It's been seen time and time again, since COINTELPRO and on. If you are just ranting and raving, maybe doing a protest or two, no one gives a fuck (other than to enter your name into a database somewhere). The second your protest actually starts doing something, or your dissident political campaign affects change in some way, thats when you become a target.
"The governments of old would routinely act against large numbers of their population for far less."
What's your point? First of all, with the surveillance engine storage, there is nothing to prevent the sudden repeal of ex post facto and suddenly they start walking the cat backwards 5 years, enmasse, against any potential dissidents. Remember there are over 1.1 million Americans on the "Terror Watch List", with no transparency of how they got there or any recourse to get off.
You say you aren't arguing for complacency, only for perspective, but your rhetoric does not match your claim.
Internet manifestos like yours or ones that end with "I can no longer proudly claim the West is free. We are living in a surveillance state." empirically don't do shit except help convince people on the sidelines that people who care about the formation of a surveillance state seem to be kind of paranoid.
Actually want to get people to care? Talk about very well substantiated examples that touch things most people are familiar with. It's not like Snowden failed to give us a wide selection. Even if COINTELPRO's soul sequel is in place, you're better off going with a soft sell that hits closer to home than a hard sell that fewer people will identify with.
Indeed. The first is the state of matter and has been for quite a while, the second is wishful thinking.
Totally agreed. This kind argument is almost always provided in exasperated language that invokes the No True Scotsman fallacy.
Do we really need to wait until it 'x bad' before it's ok to say we have a problem? And if so, who gets to define 'x'?
Take a step back before exploding in rage at what should be a polite discussion on the internet.
First, the west is freer than the rest because it is more able to criticize even the little things.
Second, electronic surveillance is not longer even one of the little things. It happens out of sight, and mostly out of mind, so authorities now act without the kinds of restraint usual in the west. And rich western governments are actually more capable of this sort of thing that most others.
: The fate of empires and the search for survival by Sir John Glubb
This is possible and more probable than it used to be a couple decades ago. But it's more under the guise of "terrorism" than subversion nowadays.
And it's not neighbor but the middle man between you and people you interact online with that is doing the surveillance (ever heard of facebook ? google ?). It's been a little while now since we've entered the surveillance capitalism society and it is dealing with subversion through behavioral prediction and modification.
It's already in use, one example is police in California.
That's the argument surveillance states use "sure we do these things, but it's not like we are full-on like <insert worse country here>"
Also Don Ho (NPP's author) is from China. (Studied and lived most of his life in France though, so in my books he's French)
Are you sure? How long do you spend talking to your neighbor each day?
See Jacob Applebaum, Laura Poitras, Glenn Greenwald among others. Journalists, filmmakers, programmers, doesn't matter. The point is that if you don't move enough, you won't really notice the chains.
> A surveillance state is a country where the government engages in pervasive surveillance of large numbers of its citizens and visitors.
Ever heard of Snowden instantly stopping the conspiracy theory accusation by releasing internal document showing it was actually happening ?
Surveillance state is not about what you are able to post on facebook. The modern surveillance state welcomes this kind of public posting, it provides data for behavior control through behavioral prediction and modification.
Thus, an H1B holder in the US may need to remove from Facebook any friends who become protestors in case they are asked to hand over their phone at a border crossing.
This represents a material loss to Americans in the Facebook context.
That is absolutely 100% false. There is no law or regulation that prohibits anyone, including work visa holders, from criticizing the government. I'm floored someone would even think that.
I'm honestly curious what led you to believe that?
Now, even if it's not illegal, I'd say it's _unwise_. Leave the protesting to US citizens, as they are afforded more protections.
No really disrespectful. It is a valid concern that what other had to suffer could be a real future potential, realized through technological mean. The human reporter is taking away from the equation. But I get where your are coming from having experienced this second hand.
Maybe not to the state, but neighbors are absolutely watching neighbors ready to report to the court of social justice for suspected undesirable opinions. This has led to people losing their families and careers for views that other people disagreed with.
Remember it's not the judge that decides if you're guilty; it's the jury.
What's worse, if your neighbour consented to watching you and is actively reporting, or if the surveillance state doesn't even need your neighbour's consent to watch you because these neighbours (and family, friends, partner, etc) are all on Facebook, voluntarily carrying GPS-tracked recording devices everywhere they go, even into your bedroom--thereby making any defensive choice you can make for yourself useless, not joining Facebook, taking care what happens to your phone, etc.
Certainly you can argue it's more disheartening and chilling if, through propaganda, your neighbour voluntarily chooses to report you to the state.
On the other hand, the part where the state doesn't even need consent, that they can watch you much more closely and accurately, all the while your neighbours believe everything is fine--that's also pretty bad.
I'm all for perspective, but can we agree that it's just different? Maybe they don't carry people off to secret prisons quite as often any more. But the level and depth of surveillance is a lot worse, they know a lot more about everybody. And the propaganda, they don't need it to convince your neighbours to spy on you to make sure you're not doing anything subversive, no they control the Facebook feeds and the media's narrative to attack the concept of "subversive" itself.
> And even if the government knows that you do these things, how much of a threat do you need to pose before they'll act against you in particular? The governments of old would routinely act against large numbers of their population for far less.
But what if today, for the governments it is easier to not just act against you in particular, they defuse the whole threat on a much wider scale, the "terrorist propaganda" with a truckload of "fake news" (already there, just a little nudge into the spotlight).
I suppose that yes, if you carefully add all the pros and cons together, these old surveillance states were in fact worse. Given that I believe torture is one of the worst possible things you can do to a person, and that happened on a much larger scale, if you're keeping score that really makes it worse. On the other hand what we have now in the West is also pretty bad. And the level and depth of surveillance and control is worse now. Just because something that was worse was called a "surveillance state", doesn't mean we are also living in one now, and that it's doing bad things to our freedoms.
(granted your last line pretty much tried to say this, I felt like I needed to add some words)
Yes. They are actively encouraged to do so by the government: https://www.youtube.com/watch?v=FENOAIrHSl8
For people who still think we aren't, ask yourself why Americans think of breakfast when you say "Bacon and Eggs." That was an advertising campaign by Edward Bernays (Freud's nephew). He also helped the tobacco industry increase the number of women who smoked cigarettes (lookup "Torches of Freedom").
You might not think that product advertising relates to propaganda, but Bernays was the father of "Public Relations." The first public relations department was for the US government, and he chose that term because Propaganda had a bad connotation to it. Public Relations is literally a weasel word/phrase to replace Propaganda.
These are important things to consider when you think about voting and "free will." Advertising has been used to make people think quality diamonds are rare (they're not), bacon and eggs are a standard breakfast and that tobacco is a symbol of womens' liberation. If you acknowledge that, you also have to realize advertising has convinced much of America there are only two political parties worth voting for, and that they're different (even thought they universally enact the same foreign policy. Bush Jr = 2 wars, Obama = 5 wars, Trump/Hillary = both will/would bring more war. I ask you, when has a war protest or congress ever stopped any of these wars from happening?)
Finally, the CIA has admitted to having operatives in US magazines for decades, and they refuse to answer if they have operatives in US television (https://youtu.be/U1Qt6a-vaNM?t=2h30m35s).
We've been in 1984 for decades prior to 1984.
He's also the guy behind "engineering of consent", the use of press releases, fear of communism during cold war, and much much more.
I'm not so sure we've been in 1984, there is a valid case for us living in a brave new world or at least a mix of both 1984 and a brave new world.
Don't fret though - the security state has been building for a long time: http://www.huppi.com/kangaroo/CIAtimeline.html
See UKUSA agreement  and echelon  for a primer on how global surveillance started mid 20th century.
You will know it's really over when everyone simply gives up their liberties in exchange of security, economy or national pride.
Anarchy is the only true freedom. Any social contract (i.e. government) limits freedom.
Still, saying the west is not free is disingenuous. One can still have many freedoms in a surveillance state. For example, I can criticize Trump without fear of being sent to a labor camp in a surveillance state. I can attempt to spread my religious beliefs without being randomly kidnapped.
Limits on freedom does not always translate into less free. Limits on owning nuclear bombs can be seen as an increase in freedom for those who don't own them.
I would disagree here, limits on owning nuclear weapons is sort of capping the decrease of freedom for those who don't.
A strict ban of nuclear weapons is required not to impact freedom of others.
So your analogy fails as a ban on freedom always translate into less free.
Actually I fails to see how putting limits on freedom would not limit freedom. Arguing otherwise does not make much sense.
Having the freedom to do something does not imply that this freedom will be used. Pretty much anybody is free to commit suicide, but does not.
If the freedom exists, it will be used by someone, because people do commit suicide.
Less limits can lead to more freedom, but some restrictions of freedom can also increase freedom.
For instance by having conscription a lesser evil government can protect itself against bigger evil government.
Case in point, Finland against Soviet Union during World War 2. By forcing Fins to serve in the Finnish army, Finland kept their independence from a totalitarian communistic rule and evolved themselves to one of the most free countries in the world.
Try copypasting a few lines from 4chan's /pol/ in other mediums and see how far your freedom gets you.
Are jack-booted federal thugs going to kick in my door tonight and kidnap me now? Tell me more about my lack of freedom as I shoot my glock out my car window while spinning donuts on my property.
In Iran you go to prison for criticizing the president. In Malaysia (and other Muslim countries) you get kidnapped for trying to spread Christianity. In China you disappear if you start agitating for dissension on any medium. Someone merely observing you isn't taking away your freedom to say or do things.
What happens to people with the unpopular opinions? Well, Berkeley.
I can say things in America that people deeply disagree with, including the government, and I still will won't go to jail. I can join the KKK or Neo-Nazis without repercussion. I can call for genocide or revolution on facebook or twitter, and the government will ignore me. That is the freedom we have in the USA.
If you join the neo-nazis (or any similarly unpopular group) and posts that on facebook, you will lose your job, your customers will shun you, and if you are sufficiently famous the media will make sure it stays on your record forever. You will also have no platform and no way to gather like-minded people. Whatever social media you use will ban you or seek to limit your voice constantly and in imaginative ways (cf shadowban). Whatever hosting service you use to communicate with your group will shut you down unannounced when you are of sufficient size, forcing you to move, bleeding members all the while. Paypal will refuse to process your donations.
At some point somebody will dig through your past writings/interviews and misconstrue you as a pedophile.
At the end of the day you will be just another destitute crackpot that nobody pays attention to. Why bother with the jackboots?
To be fair, doxing is a problem and -- especially as a group -- people can get awfully close to that line of the law. This does need to be addressed, though I'm not sure how.
If the government outsources the jackbooting to private sector, does it stamp your face less hard? What if I design a governing structure that's distributed between a small elected 'government' branch and a large, permanent network of corporations?
Richard Spencer is still on Twitter, and still definitely has an audience—though the video of him being attacked is now very well known. Alex Jones has the President's ear. Steve Bannon is an advisor to the President with access to classified information. The President is, well, the President, despite plenty of material that could be and was used to accuse him as a pedophile. (I realize this is pedantically incorrect—I also realize the general public doesn't really care.)
Milo fared less well, but apparently appearing to advocate pederasty was a bridge too far even for many of his fans. Directing a harassment mob towards a celebrity was a bridge too far for Twitter, despite years of spewing the same not-exacty-PC views.
And espousing supposedly PC views isn't exactly safe either. Remember that time Anita Sarkeesian received multiple bomb threats for threatening to say unpopular words in public? What was THAT about, and why weren't the freedom lovers jumping to her defense in droves?
On a tangential note, this constant demand to focus on other causes whenever somebody points out something's wrong is a big part why most activism fail. Every cause gets piggybacked on by a hundred 'greater' causes that it has to expend all its resources to support. Every member has to agree with all one hundred or they can gtfo. At the end of the day nobody gets anything done, but at least you can show your friends on Facebook how virtuous you are.
It's almost as if hardly anyone cares about free speech beyond using it as a shield against meaningful opposition.
> At the end of the day nobody gets anything done, but at least you can show your friends on Facebook how virtuous you are.
For such a useless and thus non-threatening group, they sure get a lot of blowback. Let's be real—I couldn't have possibly cared less what Alex Jones had to say until people started parroting his unsubstantiated conspiracy theories en masse.
And there's something way deeper going on with fierce opposition to social justice movements than a burning desire to prevent people from continuing to be wrong on the Internet.
> In sociology, deviance describes an action or behavior that violates social norms, including a formally enacted rule (e.g., crime), as well as informal violations of social norms (e.g., rejecting folkways and mores). [...] Norms are rules and expectations by which members of society are conventionally guided. Deviance is an absence of conformity to these norms. Social norms differ from culture to culture. [...]
Note that the opposite of deviance in this context would be "normality", the Gaussian bell.
Howard S. Becker  is one key contributor to this topic. His outstanding book "Outsiders" (1963) is one of the best food for thought I've ever read.
Deviance being such a key concept in pretty much every human group/society/civilization and even fictional stories, it's generally agreed upon that it's a characteristic of our species' social interactions (whether biological or psychological or both), more innate than acquired (since we all evolved towards these behaviors, probably back in immemorial times when it had a survival purpose).
Moving on to political science, specifically law-making and state 'architecture' (i.e. Constitutional Law, that which creates Institutions and ultimately defines a Regime such as Democracy or Dictatorship), most schools of thought in 'free'/'democratic' countries are very conscious of the intricacies of protecting minorities and their opinions/rights. It is an integral part of the praxis of making law and you will find such fail-safe mechanisms even in authoritarian regimes (notoriously in China where, believe it or not, citizens have much local power on paper). Obviously in the real world, politics and corruption shift all of this, from the netherland of 'toxic deviance' to the promised land of 'hot-buzz-bait cause'.
Where I personally think political science is mistaken is precisely in labelling regimes into 3-4-5 neat categories; imho every country has some of each kind and should be rated on a scale for each kind of regime. It's the idea that democracy is never an absolute but a freaking wide spectrum, and that you can live in a 'weak state of democracy' combined with a 'normally high state of surveillance or authoritarianism'. And maybe a 'touch of dictatorship' emanating from the top exec office (usually PM, President) or top spiritual order (e.g. theocracy). Currently in the West, given the oligarchic configuration of the elite and the relatively high degree of corruption and low level of public debate, I wouldn't rate our countries very high on the democratic scale (the People has little power if any); freedom still is at an all-time high in the grander movement of history; however the development of surveillance technologies opens a wide door towards authoritarianism (also unlocked by an oligarchic rule).
I have one faith in the fact that big data is also possibly the solution to aggregating public opinion in ways that previous generations could only dream of (if we care to make the machine intelligence necessary for that), and that we also now (well, soon) have the capability to tailor a regime to each and every individual if need be (there's something to be said about a huge victory for freedom if we ever get to that, basically "make your own --pizza-- regime").
There is still the matter of circle-jerking once we're all free to group with like-minded individuals; but that one may prove to be a hard problem for humans.
Different countries have different freedoms. If you think political speech is the most important freedom, then good for you, but some people think being free to have whatever they want without paying is even better.
You can't call for genocide in the US if you're too specific. That's part of what's not counted as free speech. Nor can you publish information like what Snowden and Manning did, nor information protected by an NDA, nor threaten to kill someone. There's a long list of what you're not allowed to say in America. Sure it's largely a subset of what you're not allowed to say in China or Iran, but it's not exactly a subset.
In short, you're defining free speech to be the specific and narrow meaning that has evolved over hundreds of years of US politics and law. That's only one arbitrary way to define it.
Even worse. In America in the '60's and 70's, civilians were forced to fight in the Vietnam war! You would be imprisoned if you didn't go to war. That's the extreme opposite of freedom. Today, there's a huge amount of unjustified imprisonment of innocent people. Again, that's the opposite of freedom.
I'm not sure what you are trying to argue. In parts of Africa you are "free" to loot villages and rape women. Convincing me that America is just as free as China or Iran (just in different ways) is a hard sell because I value different freedoms with different weights. The freedom to steal people's IP and profit from it is not a freedom that is very beneficial for humanity.
> Today, there's a huge amount of unjustified imprisonment of innocent people
Do you have any evidence that the imprisoned people are innocent? Or are you referring to drug arrests? In those cases the people are definitely guilty of the crime (possession, using drugs). Sure, you may disagree with current drug laws/punishment, but law enforcement doesn't arrest literally innocent people and throw them in jail except on extremely rare and unusual occasions.
Flint tap water being more drinkable than ammonia does not make it potable.
As a Malaysian, there's plenty to criticize about my country, but this is the first time I've heard of this. Got a source?
If the US didn't have one of the worst prison record of the world, been known for kidnapping, assassinating and disappearing people all over the world you may have a point. Right now you're just looking like a fool boasting about not being black, muslim and having the privileges of not having been the target of what the US government has been known for doing for decades.
Regarding freedom of speech, the United States does have the concept more strongly encoded in law than the other 3. China's Constitution has Article 35, but apparently there is little enforcement of these rights (http://www.rfa.org/english/news/china/constitution-day-prote...), so such is toothless. I am not aware of a freedom of speech law in Iran, nor I was able to Google one.
Malaysia does have freedom of speech protections with Article 10. Having said that, the legalese is not as strong as the US's Amendment 1 -- the Sedition Act overrules Article 10, for instance. So criticizing the leader in Malaysia could bring you into legal trouble, unlike in the United States.
The First Amendment is not completely unbounded either, but unless you can demonstrate a US equivalent to Malaysia's Sedition Act (Malaysia being the country with the strongest freedom of speech protections of the three being compared), well, I think the OP has a point.
I mean I know I am not that important but it would have boosted my ego. Way to go NSA. Thanks for nothing.
If this world is corrupted then spies are among us here too
(I miss John C. Dvorak)
1. Downloaded .bin.zip and .bin.x64.zip from https://notepad-plus-plus.org/download/v7.3.2.html
2. Verified sha1 against https://notepad-plus-plus.org/repository/7.x/7.3.2/npp.7.3.2... (for posterity: E32326B860815688302DF006C37395F13E24AABD and C81E940B04BAF11DE485068D9DCA4CD5CCE0E418)
3. Extracted SciLexer.dll from zips
4. Generated sha1 of SciLexer.dll
Note: The machine I tested this already had v7.3.2 installed. The hash of SciLexer.dll from my (x86) install matches the above, but independent verification is recommended over taking my word for it.
My tin foil hat thinks no.
v7.3.2 is the latest version without the cert check, and is thus the latest possibly vulnerable version.
But if (as in this case) we're trying to mitigate, broadly, against a threat with the resources of the CIA, SHA1 should be considered completely inappropriate now, even though the recent SHA1 announcement was with respect to collisions rather than a preimage attack.
Surely requesting they post SHA256 hashes is the appropriate step?
 obviously after the leaks this specific attack is more likely to be coopted by many additional actors, but I don't think that's enough to explode my point.
No, however the part where they produced a collision and not a pre-image attack, is :)
We should be moving away from SHA1, but it's unlikely that they're hoarding a pre-image attack on SHA1 and have spent the (probably rather large) amount of resources to produce one for this DLL in particular.
> This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.
The CIA attack is an application directory attack, and the application directory is a trusted location on Windows. See: https://blogs.msdn.microsoft.com/oldnewthing/20161013-00/?p=...
I guess the attack allowed them to inject code into a Notepad++ process without breaking the signature on notepad++.exe itself. There's probably some value to the CIA doing this, or they wouldn't have done it (...right?)
Useless, yes. Nobody thinks he should solve the problems of the world, that's just a message.
However in practice we don't have a full signed and verified stack.
Haha, nice try.
No, it should embarrass the entire US public.
CIA is not some autonomous entity, its actions directly relate to the will and wants of the US government. People are not going to stand by and clap as their text editors are wiretapped. Note: I noticed the homing behavior when using it in wine, so I switched to PSPad.
This has been the case for a very long time.
Nothing is new under the sun - but now lots of people are seeing things for what they are.
Because if it's the former, it's trivial to just sign dll with any key and add it to the local trusted store (if needed).
If CIA is already on your compromised machine and they want to target user of Notepad++, then they would just patched Notepad++ itself.
For instance, can adding a key to the local trusted store allow someone to forge a windows update?
Is there someone I can follow on Twitter that's doing great analysis?
It is also the first time I have seen evidence that they also target Linux, since they have a hijacked "CMD prompt" on Linux, whatever that means. They may also have targeted Linux with the other software packages of cause.
This is really scary.
if you had high opinions of those programs, you have bigger problems
My point was more the length of the list of commonly used software than the quality of each item on the list.
Notepad++ 666 Friday the 13th edition
Notepad++ 6.6.4 Tiananmen June Fourth Incident Edition
Notepad++ Workers' Day Edition (v6.6)
The last release (v6.2.3) - End of World Edition
Notepad++ 5.7 release (outside the USA)
Then again I've seen a few of Linus' emails... shrugs
Right click the file scilexer.dll in your notepad folder and select properties. Then verify the certificate manually.
Another way is to download the same version from the notepad++ website and compare your version with theirs.
Really I wouldn't worry so much as long as you're not a CIA target they have no incentive to spent the time to deploy such a DLL on your system.
SciLexer.dll is for Scintilla, which is a fancy GUI widget for code. The lexer is part of the parser that determines the things like what code to highlight, scope folding, etc.
> Checking the certificate of a DLL makes it harder to hack. Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.
This is actually more secure as vim doesn't support plugin signing. (Not that this signing matters until you verify the entire stack which very few people do).
All signing does is prove it wasn't modified, not that it's legit.