subject:"Re\: \[Tails\-dev\] BIOS attack"

Re: [Tails-dev] BIOS attack

2018-02-02 Thread Tobias Frei

Hi,

"in all likelihood": When you hear hoofbeats, think of horses not zebras.
;)

https://en.wikipedia.org/wiki/Soft_error

Best regards
Tobias Frei

On Fri, Feb 2, 2018, 21:50  wrote:

> Thanks Tobias,
> It is always good to know that contact has been made.
> What a shame that it is not likely to be one of those scenarios that you
> outline :(
>
> I do accept that it could be a bizarre coincidence, but.
>
>
> "While the scenario outlined below is very 'Grand Jeu' I will not be at
> all surprised to learn that you believe this to be a hack."
> 
>
> This must be taken seriously.
> I haven't carefully crafted the email to waste peoples valuable time.
> There is every reason to consider the event as a realistic scenario.
>
> It may not be.
> That would be great.
>
> My problem is that, like most people, I never studied digital security.
> I'm having to catch up; but I can't - it's too complex.
>
> I got Tails, and some secure mailboxes.
> However, with hindsight; logically, this is merely a security layer to be
> overcome.
>
> Anyway, my guess is: that is what happened.
>
> For a variety of reasons, it would be useful to know.
> Even if we can't run tests.
>
> Can such a hack be implemented with a mobile phone?
> Is the laptop in all likelihood lost?
>
> Are there any devs that can answer these questions?
>
> I'm one of the good guys.
> I'd appreciate some help on this :)
>
>
>
>
> --
> Securely sent with Tutanota. Claim your encrypted mailbox today!
> https://tutanota.com
>
> 2. Feb 2018 19:12 by tob...@freiwuppertal.de:
>
>
> Hey,
>
> Disclaimer: I am a regular user, not a security expert. I am not a
> developer in this project, I'm subscribed to the list because I ran a Tails
> mirror for some years.
>
> Three things that came to my naive mind when reading:
>
> - Cui bono?
> - Hanlon's Razor
> - Number of users vs. Coincidence
>
> Is there any reason for an attack? Does the specific worker have any
> theoretical reason to be malicious here?
>
> Also, when a product is used by a billion people, a bug with a probability
> of "only 1:100" will occur about 1000 times. Extremely unlikely
> scenarios can suddenly actually happen when many people are using the same
> software. It is almost guaranteed that somewhere in the world, an
> earthquake will occur in the moment someone starts their computer. The
> computer, however, did not cause the earthquake to happen.
>
> There is a wonderful book called "Spurious Correlations". It makes fun of
> exactly this problem.
>
> Best regards
> Tobias Frei
>
>
> On Fri, Feb 2, 2018, 19:40  wrote:
>
>> Excuse me - I have joined this group to discuss what may have been a
>> 'high end' BIOS attack.
>> I am presuming that this group contains the most knowledgeable people.
>> I need that.
>>
>> While the scenario outlined below is very 'Grand Jeu' I will not be at
>> all surprised to learn that you believe this to be a hack.
>>
>> ---
>>
>> This is exactly what happened:
>>
>> Laptop circa 2011 (bios date)
>> AMD DCP C-50
>> Tails 3.5 loaded from a USB drive
>>
>> At a friends - laptop on the table in kitchen (pre-arranged over the
>> phone).
>> Workmen are doing jobs.
>> (The IP box can give the WiFi connection at the press of a button)  ;)
>>
>> A Libre Office doc saved in the session - other docs saved on a mounted
>> removable drive.
>>
>> One worker comes in the kitchen - he starts tapping away on his mobile
>> (just 3 meters away).
>>
>> Note - he has no need to be in the kitchen to get a signal - the walls
>> are thick, so outside would be better (if you don't have the wifi code).
>>
>> He makes a final tap, and walks... and my pc shuts down.
>> Some code appeared, but it shut down.
>>
>> Obviously it could be coincidental; but I'm sick of frigging coincidences.
>> The shutdown was simultaneous to his final tap on his mobile.
>>
>> -
>>
>> Post reboot - no apparent problems, other than it seemed to take slightly
>> longer to log into accounts.
>> I carried out my communications.
>>
>> A day later, I posted an email to tails-support-priv...@boum.org (on
>> this question).
>> I received no reply.
>>
>> Researched  BIOS attacks, and checked my bios version.
>> https://www.schneier.com/blog/archives/2015/03/bios_hacking.html
>>
>> Talk of :
>> "Their exploit turns down existing protections in place to prevent
>> re-flashing of the firmware, enabling the implant to be inserted and
>> executed.
>>
>> The devious part of their exploit is that they've found a way to insert
>> their agent into System Management Mode, which is used by firmware and runs
>> separately from the operating system, managing various hardware controls.
>> System Management Mode also has access to memory, which puts supposedly
>> secure operating systems such as Tails in the line of fire of the implant."
>>
>>
>> Also:

Re: [Tails-dev] BIOS attack

2018-02-02 Thread james.john.jones

Thanks Tobias,
It is always good to know that contact has been made.
What a shame that it is not likely to be one of those scenarios that you 
outline :(

I do accept that it could be a bizarre coincidence, but.

"While the scenario outlined below is very 'Grand Jeu' I will not be at all 
surprised to learn that you believe this to be a hack."


This must be taken seriously.
I haven't carefully crafted the email to waste peoples valuable time.
There is every reason to consider the event as a realistic scenario.

It may not be.
That would be great.

My problem is that, like most people, I never studied digital security.  
I'm having to catch up; but I can't - it's too complex.

I got Tails, and some secure mailboxes.
However, with hindsight; logically, this is merely a security layer to be 
overcome.

Anyway, my guess is: that is what happened.

For a variety of reasons, it would be useful to know.
Even if we can't run tests.

Can such a hack be implemented with a mobile phone?
Is the laptop in all likelihood lost?

Are there any devs that can answer these questions?

I'm one of the good guys.
I'd appreciate some help on this :)



--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com

2. Feb 2018 19:12 by tob...@freiwuppertal.de:


> Hey,
> Disclaimer: I am a regular user, not a security expert. I am not a developer 
> in this project, I'm subscribed to the list because I ran a Tails mirror for 
> some years.
>
> Three things that came to my naive mind when reading:
>
> - Cui bono?
> - Hanlon's Razor
> - Number of users vs. Coincidence
>
> Is there any reason for an attack? Does the specific worker have any 
> theoretical reason to be malicious here?
>
> Also, when a product is used by a billion people, a bug with a probability of 
> "only 1:100" will occur about 1000 times. Extremely unlikely scenarios 
> can suddenly actually happen when many people are using the same software. It 
> is almost guaranteed that somewhere in the world, an earthquake will occur in 
> the moment someone starts their computer. The computer, however, did not 
> cause the earthquake to happen.
>
> There is a wonderful book called "Spurious Correlations". It makes fun of 
> exactly this problem.
>
> Best regards 
> Tobias Frei 
>
>
>
> On Fri, Feb 2, 2018, 19:40  <> james.john.jo...@tutanota.com> > wrote:
>
>>   >> Excuse me - I have joined this group to discuss what may have 
>> been a 'high end' BIOS attack.
>> I am presuming that this group contains the most knowledgeable people.
>> I need that.
>>
>> While the scenario outlined below is very 'Grand Jeu' I will not be at all 
>> surprised to learn that you believe this to be a hack.
>>
>> ---
>>
>> This is exactly what happened:
>>
>> Laptop circa 2011 (bios date)
>> AMD DCP C-50
>> Tails 3.5 loaded from a USB drive
>>
>> At a friends - laptop on the table in kitchen (pre-arranged over the phone).
>> Workmen are doing jobs.
>> (The IP box can give the WiFi connection at the press of a button)  ;)
>>
>> A Libre Office doc saved in the session - other docs saved on a mounted 
>> removable drive.
>>
>> One worker comes in the kitchen - he starts tapping away on his mobile (just 
>> 3 meters away).
>>
>> Note - he has no need to be in the kitchen to get a signal - the walls are 
>> thick, so outside would be better (if you don't have the wifi code).
>>
>> He makes a final tap, and walks... and my pc shuts down.
>> Some code appeared, but it shut down.
>>
>> Obviously it could be coincidental; but I'm sick of frigging coincidences.
>> The shutdown was simultaneous to his final tap on his mobile.
>>
>> -
>>
>> Post reboot - no apparent problems, other than it seemed to take slightly 
>> longer to log into accounts.
>> I carried out my communications.
>>
>> A day later, I posted an email to >> tails-support-priv...@boum.org>>  (on 
>> this question).
>> I received no reply.
>>
>> Researched  BIOS attacks, and checked my bios version.
>> https://www.schneier.com/blog/archives/2015/03/bios_hacking.html
>>
>> Talk of :
>> "Their exploit turns down existing protections in place to prevent 
>> re-flashing of the firmware, enabling the implant to be inserted and 
>> executed.
>> The devious part of their exploit is that they've found a way to insert 
>> their agent into System Management Mode, which is used by firmware and runs 
>> separately from the operating system, managing various hardware controls. 
>> System Management Mode also has access to memory, which puts supposedly 
>> secure operating systems such as Tails in the line of fire of the implant."
>>
>>
>>
>>
>> Also:
>>
>> "The method used to get at the BIOS then allows the likes of GCHQ et al to 
>> get at other modifiable ROM in the likes of HDs, Sound Chips, Network cards 
>> and other "below the OS" areas.
>> Having done this they can then put the main

Re: [Tails-dev] BIOS attack

2018-02-02 Thread Tobias Frei

Hey,

Disclaimer: I am a regular user, not a security expert. I am not a
developer in this project, I'm subscribed to the list because I ran a Tails
mirror for some years.

Three things that came to my naive mind when reading:

- Cui bono?
- Hanlon's Razor
- Number of users vs. Coincidence

Is there any reason for an attack? Does the specific worker have any
theoretical reason to be malicious here?

Also, when a product is used by a billion people, a bug with a probability
of "only 1:100" will occur about 1000 times. Extremely unlikely
scenarios can suddenly actually happen when many people are using the same
software. It is almost guaranteed that somewhere in the world, an
earthquake will occur in the moment someone starts their computer. The
computer, however, did not cause the earthquake to happen.

There is a wonderful book called "Spurious Correlations". It makes fun of
exactly this problem.

Best regards
Tobias Frei


On Fri, Feb 2, 2018, 19:40  wrote:

> Excuse me - I have joined this group to discuss what may have been a 'high
> end' BIOS attack.
> I am presuming that this group contains the most knowledgeable people.
> I need that.
>
> While the scenario outlined below is very 'Grand Jeu' I will not be at all
> surprised to learn that you believe this to be a hack.
>
> ---
>
> This is exactly what happened:
>
> Laptop circa 2011 (bios date)
> AMD DCP C-50
> Tails 3.5 loaded from a USB drive
>
> At a friends - laptop on the table in kitchen (pre-arranged over the
> phone).
> Workmen are doing jobs.
> (The IP box can give the WiFi connection at the press of a button)  ;)
>
> A Libre Office doc saved in the session - other docs saved on a mounted
> removable drive.
>
> One worker comes in the kitchen - he starts tapping away on his mobile
> (just 3 meters away).
>
> Note - he has no need to be in the kitchen to get a signal - the walls are
> thick, so outside would be better (if you don't have the wifi code).
>
> He makes a final tap, and walks... and my pc shuts down.
> Some code appeared, but it shut down.
>
> Obviously it could be coincidental; but I'm sick of frigging coincidences.
> The shutdown was simultaneous to his final tap on his mobile.
>
> -
>
> Post reboot - no apparent problems, other than it seemed to take slightly
> longer to log into accounts.
> I carried out my communications.
>
> A day later, I posted an email to tails-support-priv...@boum.org (on this
> question).
> I received no reply.
>
> Researched  BIOS attacks, and checked my bios version.
> https://www.schneier.com/blog/archives/2015/03/bios_hacking.html
>
> Talk of :
> "Their exploit turns down existing protections in place to prevent
> re-flashing of the firmware, enabling the implant to be inserted and
> executed.
>
> The devious part of their exploit is that they've found a way to insert
> their agent into System Management Mode, which is used by firmware and runs
> separately from the operating system, managing various hardware controls.
> System Management Mode also has access to memory, which puts supposedly
> secure operating systems such as Tails in the line of fire of the implant."
>
>
> Also:
> "The method used to get at the BIOS then allows the likes of GCHQ et al to
> get at other modifiable ROM in the likes of HDs, Sound Chips, Network cards
> and other "below the OS" areas.
>
> Having done this they can then put the main BIOS back the way it was, so
> that it's harder to find what they have been up to."
>
> -
>
> Rebooted to Tails.
> Tails warns: can't check for upgrades.
>
> Tutanota mailbox warns: Couldn't connect to server - it seems like you are
> offline.
> But I was online, and could see my mailbox.
> -
>
> First thing is:
> Have you received this mail?
> Could someone respond, to confirm this?
>
> Does it seem likely that I have been hacked?
> Is there any way of knowing eg. running tests?
> If it has been hacked - is the laptop now unusable?
> If I was hacked - have they got everything that I've done since that point
> (and the data off my drives)?
>
> I'm cool either way.
> What's done is done; but I'd rather know
>
> BTW, I tried to get a riseup email, but it kept demanding an invite code.
> Anyway, I figured that I first need to check with you guys re my current
> status, before doing anything else.
>
>  Thanks :)
>
> --
> Securely sent with Tutanota. Claim your encrypted mailbox today!
> https://tutanota.com
> ___
> Tails-dev mailing list
> Tails-dev@boum.org
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
> tails-dev-unsubscr...@boum.org.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list,

Re: [Tails-dev] BIOS attack

Re: [Tails-dev] BIOS attack

Re: [Tails-dev] BIOS attack

3 matches

Site Navigation

Mail list logo

Footer information