Thanks Tobias,
It is always good to know that contact has been made.
What a shame that it is not likely to be one of those scenarios that you 
outline :(

I do accept that it could be a bizarre coincidence, but.....

"While the scenario outlined below is very 'Grand Jeu' I will not be at all 
surprised to learn that you believe this to be a hack."

This must be taken seriously.
I haven't carefully crafted the email to waste peoples valuable time.
There is every reason to consider the event as a realistic scenario.

It may not be.
That would be great.

My problem is that, like most people, I never studied digital security.  
I'm having to catch up; but I can't - it's too complex.

I got Tails, and some secure mailboxes.
However, with hindsight; logically, this is merely a security layer to be 

Anyway, my guess is: that is what happened.

For a variety of reasons, it would be useful to know.
Even if we can't run tests.

Can such a hack be implemented with a mobile phone?
Is the laptop in all likelihood lost?

Are there any devs that can answer these questions?

I'm one of the good guys.
I'd appreciate some help on this :)

Securely sent with Tutanota. Claim your encrypted mailbox today!

2. Feb 2018 19:12 by

> Hey,
> Disclaimer: I am a regular user, not a security expert. I am not a developer 
> in this project, I'm subscribed to the list because I ran a Tails mirror for 
> some years.
> Three things that came to my naive mind when reading:
> - Cui bono?
> - Hanlon's Razor
> - Number of users vs. Coincidence
> Is there any reason for an attack? Does the specific worker have any 
> theoretical reason to be malicious here?
> Also, when a product is used by a billion people, a bug with a probability of 
> "only 1:1000000" will occur about 1000 times. Extremely unlikely scenarios 
> can suddenly actually happen when many people are using the same software. It 
> is almost guaranteed that somewhere in the world, an earthquake will occur in 
> the moment someone starts their computer. The computer, however, did not 
> cause the earthquake to happen.
> There is a wonderful book called "Spurious Correlations". It makes fun of 
> exactly this problem.
> Best regards 
> Tobias Frei 
> On Fri, Feb 2, 2018, 19:40  <>> > wrote:
>>           >> Excuse me - I have joined this group to discuss what may have 
>> been a 'high end' BIOS attack.
>> I am presuming that this group contains the most knowledgeable people.
>> I need that.
>> While the scenario outlined below is very 'Grand Jeu' I will not be at all 
>> surprised to learn that you believe this to be a hack.
>> ---------------------------------------
>> This is exactly what happened:
>> Laptop circa 2011 (bios date)
>> AMD DCP C-50
>> Tails 3.5 loaded from a USB drive
>> At a friends - laptop on the table in kitchen (pre-arranged over the phone).
>> Workmen are doing jobs.
>> (The IP box can give the WiFi connection at the press of a button)  ;)
>> A Libre Office doc saved in the session - other docs saved on a mounted 
>> removable drive.
>> One worker comes in the kitchen - he starts tapping away on his mobile (just 
>> 3 meters away).
>> Note - he has no need to be in the kitchen to get a signal - the walls are 
>> thick, so outside would be better (if you don't have the wifi code).
>> He makes a final tap, and walks... and my pc shuts down.
>> Some code appeared, but it shut down.
>> Obviously it could be coincidental; but I'm sick of frigging coincidences.
>> The shutdown was simultaneous to his final tap on his mobile.
>> ---------------------------------------------
>> Post reboot - no apparent problems, other than it seemed to take slightly 
>> longer to log into accounts.
>> I carried out my communications.
>> A day later, I posted an email to >>>>  (on 
>> this question).
>> I received no reply.
>> Researched  BIOS attacks, and checked my bios version.
>> Talk of :
>> "Their exploit turns down existing protections in place to prevent 
>> re-flashing of the firmware, enabling the implant to be inserted and 
>> executed.
>> The devious part of their exploit is that they've found a way to insert 
>> their agent into System Management Mode, which is used by firmware and runs 
>> separately from the operating system, managing various hardware controls. 
>> System Management Mode also has access to memory, which puts supposedly 
>> secure operating systems such as Tails in the line of fire of the implant."
>> Also:
>> "The method used to get at the BIOS then allows the likes of GCHQ et al to 
>> get at other modifiable ROM in the likes of HDs, Sound Chips, Network cards 
>> and other "below the OS" areas.
>> Having done this they can then put the main BIOS back the way it was, so 
>> that it's harder to find what they have been up to."
>> ---------------------------------------------
>> Rebooted to Tails.
>> Tails warns: can't check for upgrades.
>> Tutanota mailbox warns: Couldn't connect to server - it seems like you are 
>> offline.
>> But I was online, and could see my mailbox.
>> ---------------------------------------------
>> First thing is:
>> Have you received this mail?
>> Could someone respond, to confirm this?
>> Does it seem likely that I have been hacked?
>> Is there any way of knowing eg. running tests?
>> If it has been hacked - is the laptop now unusable?
>> If I was hacked - have they got everything that I've done since that point 
>> (and the data off my drives)?
>> I'm cool either way.
>> What's done is done; but I'd rather know
>> BTW, I tried to get a riseup email, but it kept demanding an invite code.
>> Anyway, I figured that I first need to check with you guys re my current 
>> status, before doing anything else.
>>  Thanks :)
>> --
>> Securely sent with Tutanota. Claim your encrypted mailbox today!
>>>>   >> _______________________________________________
>> Tails-dev mailing list
>> To unsubscribe from this list, send an empty email to >> 
>>>> .
Tails-dev mailing list
To unsubscribe from this list, send an empty email to

Reply via email to