How NSA access was built into Windows


Recommended Posts

then you turn on UPnP or IPv6 and your theory breaks :)

 

there's a few other targeted attacks that would break it to. granted an attack using UPnP would mostly need to be targeted anyway, or it would first need to bomb the router to find what ports are open which in many routers would block it anyway, and even if it finds an open port it would need an attack vector on that port. so UPnP isn't really a problem.

Link to comment
Share on other sites

then you turn on UPnP or IPv6 and your theory breaks :)

 

there's a few other targeted attacks that would break it to. granted an attack using UPnP would mostly need to be targeted anyway, or it would first need to bomb the router to find what ports are open which in many routers would block it anyway, and even if it finds an open port it would need an attack vector on that port. so UPnP isn't really a problem.

UPnP is initialized by the client which sends a packet to the router letting it know about its intentions. This lets the router know that if it receives traffic for a certain protocol, send it to this machine or that machine. Its just an automated port-forwarding protocol.

 

IPv6 gives everyone a public address. Completely different to the subject matter. IPv6 allows the internet be what it was designed to be, an all connected network. That invalidates all my statements regarding NAT because every client is directly reachable and NAT isn't existing on those networks. Although, there's very few ISP's which actually provide CPE's which are IPv6 and IPv4 supporting, let alone give them both an address. Your probably looking at 20~ years before IPv6 becomes the norm. Especially when more providers are investing in CG-NAT rather than a correct IPv6 deployment.

Link to comment
Share on other sites

You know, the original article was about the NSA and a supposed back door in Windows.  NAT is a side issue.  How about you consider the scenario of a Starbucks or Internet caf? with free WI-FI instead.

 

Even though I was taken for a ride by the purpose of NSAKEY in my post on page 1, the rest of my post stands IMHO.  You'd have to have no understanding of the technicalities of Windows to think that the details as posted would give secret remote access.

Link to comment
Share on other sites

UPnP is initialized by the client which sends a packet to the router letting it know about its intentions. This lets the router know that if it receives traffic for a certain protocol, send it to this machine or that machine. Its just an automated port-forwarding protocol.

 

IPv6 gives everyone a public address. Completely different to the subject matter. IPv6 allows the internet be what it was designed to be, an all connected network. That invalidates all my statements regarding NAT because every client is directly reachable and NAT isn't existing on those networks. Although, there's very few ISP's which actually provide CPE's which are IPv6 and IPv4 supporting, let alone give them both an address. Your probably looking at 20~ years before IPv6 becomes the norm. Especially when more providers are investing in CG-NAT rather than a correct IPv6 deployment.

UPnP opens the port, it doesn't care about the data outside of UDP and TCP. 

 

Problem with IPv6, is while it restores the internet to what it's supposed to be, a lot of tech wannabes don't understand the implication of it, and the tech idiots don't understand it anyway and their ISP never tells them, granted that category of users will have their windows or internet security firewall on anyway. 

You know, the original article was about the NSA and a supposed back door in Windows.  NAT is a side issue.  How about you consider the scenario of a Starbucks or Internet caf? with free WI-FI instead.

 

Even though I was taken for a ride by the purpose of NSAKEY in my post on page 1, the rest of my post stands IMHO.  You'd have to have no understanding of the technicalities of Windows to think that the details as posted would give secret remote access.

 

 

You have to understand that these articles are made for two kinds of people. The techies who are also paranoid conspiracy theorists who will ignore all their tech knowledge if there's a conspiracy theory they can apply instead. and then there's the tech idiots, also known as regular people, who just don't know better and think tech conspiracy nut journalists who don't know anything about the tech they're writing about are more trustworthy than their actual tech specialists locally. 

Link to comment
Share on other sites

Still haven't gave any evidence to prove me wrong. I never said your sources were wrong, just over explaining a simple fact.

 

So, could you please explain how it is impossible to hijack a connection and/or relay a spoofed malicious packet to a member of the internal network relying on NAT alone?

Link to comment
Share on other sites

So, could you please explain how it is impossible to hijack a connection and/or relay a spoofed malicious packet to a member of the internal network relying on NAT alone?

 

 

That would be what I referred to as a targeted attack earlier. it's "nearly" impossible to defend yourself against a targeted attack by a dedicated and skilled hacker with enough time, with consumer grade equipment. 

Link to comment
Share on other sites

That would be what I referred to as a targeted attack earlier. it's "nearly" impossible to defend yourself against a targeted attack by a dedicated and skilled hacker with enough time, with consumer grade equipment. 

 

I absolutely agree. I've always heard from friends I trust on security that nothing is truly secure, it's just degrees of difficulty. I would also assume that the NSA is capable of the greatest degree of difficulty possible.

 

It's my contention as well that the operative mechanism in defending against any sophisticated attack would be the firewall, intrusion detection, etc., not the NAT.

Link to comment
Share on other sites

This NSAKEY thing was all over the place when it was discovered. Turns out, it doesn't actually mean what OP says it means.

there's only a few things that it could actually do. and plus, I am sure the NSA has access to the WIndows source code and kernel directly. knowing them, they have deals with Intel and AMD to have debug access on the CPUs which would allow them to bypass any protection mechasnism or code isolation on a computer, giving them super root access regardless of OS settings. there is no limit to how far the NSA goes with this, asking and getting backdoors into things.

 

but what proof do you have that the NSA key's don't give access to decryption and password cracking capabilities? if all the NSA wanted was to protect their own systems or network, they could install their own keys on the side like everyone else. this is definitely backdoor access type **** into how Windows handles encryption.

 

you know, it's possible that there can be more than one key that can decrypt a certain crypto; possible that Windows has built in backdoors like this for the NSA. like I said, they also think OpenSSL has backdoors like this. that no one knows if the code is secure or not because it's impossible to tell.

Link to comment
Share on other sites

there's only a few things that it could actually do. and plus, I am sure the NSA has access to the WIndows source code and kernel directly. knowing them, they have deals with Intel and AMD to have debug access on the CPUs which would allow them to bypass any protection mechasnism or code isolation on a computer, giving them super root access regardless of OS settings. there is no limit to how far the NSA goes with this, asking and getting backdoors into things.

 

but what proof do you have that the NSA key's don't give access to decryption and password cracking capabilities? if all the NSA wanted was to protect their own systems or network, they could install their own keys on the side like everyone else. this is definitely backdoor access type **** into how Windows handles encryption.

 

you know, it's possible that there can be more than one key that can decrypt a certain crypto; possible that Windows has built in backdoors like this for the NSA. like I said, they also think OpenSSL has backdoors like this. that no one knows if the code is secure or not because it's impossible to tell.

 

There would be a lot less conspiracy theorists if they had some basic knowledge of how technology works. 

 

As for the next paragraph, read up on what te NSAKey actually is, please, and how useless an encryption key would be if it was stored like that. exactly what purpose do you think an encryption key would have stored in the registry ? 

Link to comment
Share on other sites

There would be a lot less conspiracy theorists if they had some basic knowledge of how technology works. 

yeah did you see the AMD cpu that the hackers had cracked the debug password to a few years ago? the password was passed to the CPU and gave the hacker ability to execute any code they wanted above the operating system. these types of backdoors are built into every CPU..

 

http://news.techeye.net/security/hackable-debug-mode-found-in-amd-cpus

 

looks like there's also a whole bunch of hidden CPUs features there that the NSA can unlock - basically run software on AMD CPUs in stealth rootkit mode with god ability. No one ever linked it to the NSA, but you know why that's there. Intel's CPUs have not been cracked by the public, so the elusive features remain for top secret clearance users only, so far.

 

 

 

As for the next paragraph, read up on what te NSAKey actually is, please, and how useless an encryption key would be if it was stored like that. exactly what purpose do you think an encryption key would have stored in the registry ? 

I have already read up enough about that. thanks, and yeah it sounds like a backdoor into Windows giving them the ability to reverse engineer, decrypt things easier, and hide things that the user would have no control over.

Link to comment
Share on other sites

Backdoors into our computers would be useless anyway, unless they had a court order to place you under surveillance any data collected via such covert means would be completely inadmissible in law in most Western countries.

Link to comment
Share on other sites

yeah did you see the AMD cpu that the hackers had cracked the debug password to a few years ago? the password was passed to the CPU and gave the hacker ability to execute any code they wanted above the operating system. these types of backdoors are built into every CPU..

 

http://news.techeye.net/security/hackable-debug-mode-found-in-amd-cpus

 

looks like there's also a whole bunch of hidden CPUs features there that the NSA can unlock - basically run software on AMD CPUs in stealth rootkit mode with god ability. No one ever linked it to the NSA, but you know why that's there. Intel's CPUs have not been cracked by the public, so the elusive features remain for top secret clearance users only, so far.

 

 

 

I have already read up enough about that. thanks, and yeah it sounds like a backdoor into Windows giving them the ability to reverse engineer, decrypt things easier, and hide things that the user would have no control over.

:rolleyes:

 

 

and really, a registry key is a bacdoor into windows ? would you PLEASE explain that one... if there was a backdoor it would be hidden in the code, and there wouldn't be a visible key in the registry where it serves absolutely no purpose. 

 

Also you obviously didn't understand a single thing that was said in the article you quoted, since NOTHING there had anything to do with your wild conspiracy claims. 

Link to comment
Share on other sites

Backdoors into our computers would be useless anyway, unless they had a court order to place you under surveillance any data collected via such covert means would be completely inadmissible in law in most Western countries.

lol. you think the NSA cares about what the court system says about this? they specialize in black ops dude, warrantless tapping and monitoring that is done without judicial involvement. the information being gathered is done in secret, without court consent most of the time. the CIA uses it, the NSA, DoD, FBI.. and you know, they get away with it because often times it leads to nothing big. it is sometimes used in courts, and the way they get by with that is by keeping it secret from the court and public defenders how they obtained the information. it's all done under the guise of "national security". you don't have any idea how hard it would be to prove how they really obtained information on you man, you have no protections court or constitutional provided that are actually honored by any government agents.

:rolleyes:

 

 

and really, a registry key is a bacdoor into windows ? would you PLEASE explain that one... if there was a backdoor it would be hidden in the code, and there wouldn't be a visible key in the registry where it serves absolutely no purpose. 

I was under the understanding this NSAKey was hidden in the DLL, only discoverable after a hacker reverse engineered and decompiled the code.

 

is this NSAKey in the registry of every system now? it would only be one component to crypto. one part of a key that allows them greater access to how the cryptography services in Windows worked. it could allow them to decrypt anything they wanted without effort. you know, at least Windows encrypted stuff. and the running of signed code with higher security clearances and methods to bypass Windows security. that's what it does. so what are you talking about? why are you dismissing this?

Link to comment
Share on other sites

Even the worst lawyers in the world know about inadmissable evidence, I'd like to see how the hell you think they would sneak it into trials on such a massive scale with nobody noticing.

Link to comment
Share on other sites

I was under the understanding this NSAKey was hidden in the DLL, only discoverable after a hacker reverse engineered and decompiled the code.

 

is this NSAKey in the registry of every system now? it would only be one component to crypto. one part of a key that allows them greater access to how the cryptography services in Windows worked. it could allow them to decrypt anything they wanted without effort. you know, at least Windows encrypted stuff. and the running of signed code with higher security clearances and methods to bypass Windows security. that's what it does. so what are you talking about? why are you dismissing this?

 

It's in the registry of every windows after Windows95, and has nothing to do with the NSA, again, read up on what it ACTUALLY does instead of making up conspiracy theories in your head based on a variable name. 

 

the rest of your post again, shows a complete lack of understanding how cryptography works, just like your knowledge of how CPU's work. 

Even the worst lawyers in the world know about inadmissable evidence, I'd like to see how the hell you think they would sneak it into trials on such a massive scale with nobody noticing.

 

secret police, and black abduction teams and silent assasinations, and such of course. what did you think ? 

Link to comment
Share on other sites

Even the worst lawyers in the world know about inadmissable evidence, I'd like to see how the hell you think they would sneak it into trials on such a massive scale with nobody noticing.

like the NSA and DA did recently. they falsified the information on how they obtained the evidence. there's a story about it right here:

 

http://yro.slashdot.org/story/13/06/19/0326244/nsas-role-in-terror-cases-concealed-from-defense-lawyers

 

they merely don't have to disclose the truth on how evidence was obtained, or who provided it. and they make up information to include it, fabricating information about the who, what, and where. they might use the information to generate false password and dictionary attacks for example, suddenly "breaking in" at the opportune time, when they really used other resources to crack and break in. they never have any obligation to disclose their real methods of operation.

 

and you might be right that most of the time the NSA has no reason to want to provide this information for use in the court systems. they wouldn't want to risk disclosing that they were actually in your system or spying on you in some way. this is being done all the time, and it's done just to invade your privacy and rights, they would rather keep tabs on you without risk of exposure and get you in other ways if they have to.

the rest of your post again, shows a complete lack of understanding how cryptography works, just like your knowledge of how CPU's work. 

well I have no examples to show anything else. I think you're the one who's clueless. this is pretty comprehensive. and it's you who has no clue on anything. you're stuck in a fantasy world here. the article on the AMD password thing is already out there; there are passwords and debug features on every CPU that grants backdoor super user access, for running additional code, above the operating system. this lets them modify code in execution, run rootkits, and more, all above detection of the operating system or user level applications. read up some more about it, follow the links to the other articles if you must.

Link to comment
Share on other sites

If evidence comes from a spotty source it will be ruled as inadmissible. I really don't think the NSA are as smart as you seem to think they are, the thing about IT geeks is that there are plenty about that are just as smart as the people the government employs and if they smell a rat they would say so.

Link to comment
Share on other sites

If evidence comes from a spotty source it will be ruled as inadmissible. I really don't think the NSA are as smart as you seem to think they are, the thing about IT geeks is that there are plenty about that are just as smart as the people the government employs and if they smell a rat they would say so.

it didn't in that case man. and honestly, you have no idea how to tell or prove it came from a spotty source. the system isn't as clean as you think it is, and you gotta have proof man. it's not like you're the NSA or FBI agents or DA doing all this stuff. the court has faith in these people, and as a defendant, you can't just make a claim that this evidence was somehow discovered improperly or without a warrant, unless it's some easy case where they broke into your house or something obviously when no warrant was provided. these types of defenses to have evidence dismissed or found inadmissible only work when they don't cover their tracks man. they may very well use these covert spy techniques or illegal means to crack or gain access to something, and then use that to pursue a warrant, and include that information they gained illegally down the line without in fact saying how or where it was originally obtained. it might just be used to "legitimately" conduct the investigation afterwards. you're a fool to think this isn't how it gets done.

 

face it, you have no legitimate protection out there.

Link to comment
Share on other sites

You don't have to prove that it came from a spotty source, the legal system has to provide a chain of information that proves it's legitimate. Juries are made up of normal people not government spies so the argument that illegally obtained evidence would just slip by en masse just doesn't hold any water.

Link to comment
Share on other sites

well I have no examples to show anything else. I think you're the one who's clueless. this is pretty comprehensive. and it's you who has no clue on anything. you're stuck in a fantasy world here. the article on the AMD password thing is already out there; there are passwords and debug features on every CPU that grants backdoor super user access, for running additional code, above the operating system. this lets them modify code in execution, run rootkits, and more, all above detection of the operating system or user level applications. read up some more about it, follow the links to the other articles if you must.

 

Would you please read that article and understan it and see that it has NOTHING in relation to your wild claims, and it has nothing to do with backdoor access or anything. seriously, it's like you read it but something completely else that what it actually says is what you actually read. 

 

it's a maintenance mode, and you have to hack the damn cpu to activate it, and it doesn't run in normal mode bu allows you to modify the cpu to oveclock it and such. It's not a backdoor tool.

 

but this is pointless, I can see arguing common sense and that the man isn't out to get you with you is as pointless as arguing religion with a christian evangelist. 

Link to comment
Share on other sites

You don't have to prove that it came from a spotty source, the legal system has to provide a chain of information that proves it's legitimate. Juries are made up of normal people not government spies so the argument that illegally obtained evidence would just slip by en masse just doesn't hold any water.

tell me when that works for you. juries are clueless noobs who believe like 73% of them that the government is doing them a favor by spying on everybody. so if their opinion is different from yours, your screwed man. you would have to have some extremely overwhelming evidence in your favor to support any illegal activity occurred in your case. there's also a good chance that most courts wouldn't even let you make the argument to the juries about this type of crap. they would sensor you and restrict your argument to directly talking about the alleged acts you committed. sure you could deny it, and say it happened another way, but the jury is free to not care, the judge can say you can't introduce evidence to support yourself, and in the end, even when everything is legit, nothing gets proven and the jury and judge doesn't care about any of your crazy claims that this was done illegitimately. no. most defense attorney's also aren't looking to expose government corruption or abuse, so you're likely to just get ****ed. our system is garbage dude, no protection at all, and no extensive review to determine how evidence was obtained, or to investigate any of your claims is usually ever made, and it doesn't just happen automatically.

Link to comment
Share on other sites

Would you please read that article and understan it and see that it has NOTHING in relation to your wild claims, and it has nothing to do with backdoor access or anything. seriously, it's like you read it but something completely else that what it actually says is what you actually read. 

 

it's a maintenance mode, and you have to hack the damn cpu to activate it, and it doesn't run in normal mode bu allows you to modify the cpu to oveclock it and such. It's not a backdoor tool.

 

but this is pointless, I can see arguing common sense and that the man isn't out to get you with you is as pointless as arguing religion with a christian evangelist. 

I read the article years ago. it allows them to fully bypass any of the normal security features in the CPU. for example, memory isolation, which is a protection the OS provides to prevent "limited users" from accessing certain parts of memory and hardware. they can modify anything in memory in debug mode, access additional registers, and basically run anything they want on your system.

 

it has nothing to do with overclocking or anything else. you're pretty much unknowledgeable about anything like this. if you were a programmer you'd also understand what this could be used for, but right now you're completely talking out your ass.

 

http://hardware.slashdot.org/story/10/11/12/047243/hidden-debug-mode-found-in-amd-processors

 

here's an example of it's use:

 

limited mode software sets a register with a certain password

limited mode software suddenly can execute code in debug mode, without hardware or software level security restrictions.

limited mode software can read/write to any part of memory, giving it access to sensitive data in the operating system and has admin access without the operating systems knowledge

limited mode software has complete stealth ability if it decides to do something it wants

 

boom. whatever the software is designed to do at this point, it has admin access without having admin access. there are other articles about this out there.

 

there are many features on the CPU which are locked down but made available in debug mode. it is backdoor access to your hardware and software, or allows a lot of special things to happen and be done that cannot normally be done on an x86 CPU.

Link to comment
Share on other sites

So, could you please explain how it is impossible to hijack a connection and/or relay a spoofed malicious packet to a member of the internal network relying on NAT alone?

 

By the attacks you've been posting about here. I've never said the NAT attacks which you've posted aren't possible or hard even, they're easy attacks. I could upload malicious code on a website and be able to open ports to an internal machine quite easily.

 

There's the NAT Pinning attack which you described. It's essentially some Javascript which just literally calls a URL with a port defined. Once this has been done, the router knows that, that port means that machine so you can send packets against that port and that public IP address and you know it's hitting that internal machine which sent the request.

 

Another way would be to exploit UPnP using a virus or some other malicious code. This would be way more dangerous. You could build software that would periodically make calls out, so you can call it. You could push UPnP requests to open any port and exploit any protocol. There's some very scarey things you can do with some protocols. For example, I'm pretty sure its RDP or another remote desktop protocol which allows a reverse calls. For example, I tell you to connect to me. So control can be gained without your knowledge.

 

Those attacks to be honest, are quite easy to do, especially if you own a website. In the terms of this post and the way NSA would need the backdoor, NAT makes it completely unfeasible because the backdoor is waiting for the connection. The back door isn't prompting for a connection. Without this there is no way to talk to an internal host. Every consumer CPE or even big routers (I've tested this on a Juniper MX960, they're the bees knees of routers) drop packets incoming with a NAT when it hasn't got an entry on the NAT translation table. If a packet is dropped, there's nothing you can do about it.

 

That would be what I referred to as a targeted attack earlier. it's "nearly" impossible to defend yourself against a targeted attack by a dedicated and skilled hacker with enough time, with consumer grade equipment. 

 

You're right, there's attacks for most things. Look at ARP attacks for large networks, they're scary. For example inside my University network I could point the whole network to use a server I setup with just a clone facebook login page to get everyone's details but when you log-in it restores to the original site. I wouldn't have a clue myself if I was generally browsing. You even can do it without breaking SSL, scary or what?

 

I absolutely agree. I've always heard from friends I trust on security that nothing is truly secure, it's just degrees of difficulty. I would also assume that the NSA is capable of the greatest degree of difficulty possible.

 

It's my contention as well that the operative mechanism in defending against any sophisticated attack would be the firewall, intrusion detection, etc., not the NAT.

 

Hardly anything is secure, but it the terms of what the NSA would need its not feasible unless the backdoor made the connection first.

 

NAT is not a security measure. A good summary of why NAT is a bad idea, including the security issues, is given in RFC 4966: "Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status."

 

http://www.ietf.org/rfc/rfc4966.txt

 

Thats 100% right, its a common misconception that NAT was designed as a security feature as well as a IP saving mechanism. Although with how NAT technically works, it provides some security features which are quite good to the average consumer. 

Link to comment
Share on other sites

This topic is now closed to further replies.