[verax]

So I found out, there is a new NSA exploit that is entirely out of band and operates on the CPU microcode level. Basically these days with SoC (system on a chip) and the level of integration, the CPU is basically a computer in and of itself, and the CPU microcode processing is like a CPU within a CPU. This exploit can draws power from the CMOS battery of the computer, so even if computer is completely powered off and unplugged from the wall it will still work. It sends/recieves info completely out of band communications, so cannot be detected by something like wireshark or a firewall or any splitter or means of deep packet inspection. All of this can be triggered and remotely activated by the built in 3G capabilities found in any modern processor such as part of Intels (Anti Theft) measures. (For example, a Stingray like device can remotely activate the built in backdoors miles an miles away from your location - and this is for air gapped computers, for computer connected to the Internet it is much easier) Once activated, it backdoors the AES-NI component of the processor and instructing it to store all master encryption keys in a hidden section of the processor itself on the CPU chip. The CPU then communicates directly with the memory sticks (DMA in a direct memory access type of fashion) and ethernet/network adapters, bypassing the operating system, harddrive, and even much of the normal /regular motherboard itself. In essence, it is running its own computer within a computer, completely oblivious to the end user. Thus none of this can be detected in the works or caught in the act.

So sensitive information can be siphoned away via ethernet cable even when the computer is completely turned off and even when there is not a harddrive and not a working operating system. (here is to looking at you, TAILS) It is even capable of querying the memory directly to extract private key and encryption key information directly (no need for privilege escalation or zero day exploits since it does this out of band, at the microcode/firmware level outside the realms of any operating system) from RAM even after the computer has been shutdown (via cold boot attack methods), and then uploading that to a Echelon/NSA/CIA/CSS/etc station either via radio embedded on the motherboard (if you purchased your PC from amazon, etc), the via 3G chip on the chip, via high frequency acoustic channeling (a la Bad BIOS exploits) or via out of band via direct network ethernet adapter access (again bypassing completely the OS or rest of the motherboard) using its own secret encryption transport protocol (hint, not TCP/IP) or via very low frequency comms by modulating the power of the computer itself to communicate via the power outlet, /electric grid itself. It can then instruct the harddrive itself, via the controller , to storage large amounts of data that it wants to steal/siphon away in the service sectors of modern harddrives, (in encrypted format only accessible/decryptable by NSA of course) so that the end user cannot detect its existence at all (because the harddrive itself is compromised on the firmware/controller level and simply won't show it, and even if you could manage to somehow swap it out with another identical harddrive controller that was clean, you still couldn't read it because it would be encrypted and look nothing like but a high entropy bunch of randomness junk data)

Since all encryption software do not encrypt the master key in the RAM, and since all Full Disk Encryption software these days use the Intel AES-NI by default this means that it is trivial for the NSA to crack any encryption and any disk encryption, there is no brute force or cracking needed. This includes bitlocker, Truecrypt, PGP, bitmessage, HTTPS, OTR, etc etc etc

Also, once exploit is infected, it can be tasked to do other things like infect the controllers and firmware of devices on the same computer, like BIOS of the motherboard, like usb sticks, mouse, keyboard, monitors, graphics card, other PCI components, harddrives, web cams, and almost anything and everything, and yes even SD cards have firmware and micro controllers.... for example, it will essentially rootkit your usb keyboard and make it into a keylogger to record your keystrokes and mouse movements (thus attacking the "inputs" of the "end points" - the weakest point of failure other than being able to read minds to extract passwords) ... so if you accidentally use the now infected keyboard with an air gapped computer, the air gapped computer itself is now infected, and vice versa. Using this method it can essentially map an entire air gapped network of disconnected computers, like cisco cdp neighboor discovery but much more powerful... the air gap systems themselves become an interconnected web of exploits that have akin to swarm like intelligence and emergent properties and that sort of stuff.. It is capable of then hijacking your router and spreading to all the wifi connected /ethernet connected devices in your home, including any consoles, tv, smart car, etc etc... anything connected directly to a wall outlet is considered compromised.

[KaiserJeep]

I have been working on computer hardware design for 37 years. This message is total BS and should be disregarded entirely.

Somebody is trying very hard to start a new conspiracy rumor. Don't fall for it. I decided to reply rather than simply report this bogus message to the Moderator, so that if you see this elsewhere, you will be forewarned.

[verax]

$this->bbcode_second_pass_quote('KaiserJeep', 'I') have been working on computer hardware design for 37 years. This message is total BS and should be disregarded entirely.

Somebody is trying very hard to start a new conspiracy rumor. Don't fall for it. I decided to reply rather than simply report this bogus message to the Moderator, so that if you see this elsewhere, you will be forewarned.

[KaiserJeep]

You are talking nonsense from a hardware perspective. You cannot change the rules of physics and the circuits simply do not work the way you think they do.

I'm not saying it is impossible to build a computer to capture information from the users, in fact I am sure that many intelligence agencies have done so. But such computers do not function as you have described. Nor am I going to aid your deceptions by giving you more accurate descriptions of the internal components and how they would need to be re-designed towards that end. I am virtually certain that you would take anything I taught you and use it to improve the next iteration of your fantastical fictional story on some other web forum.

Please go away and do not trouble us with your delusions. Perhaps you should consider the dangers implicit in the new generation of microprocessor-controlled bathroom fixtures. Surely that is more - shall I say fertile ground - for paranoid technology fantasies.

[Outcast_Searcher]

$this->bbcode_second_pass_quote('verax', '')$this->bbcode_second_pass_quote('KaiserJeep', 'I') have been working on computer hardware design for 37 years. This message is total BS and should be disregarded entirely.

Somebody is trying very hard to start a new conspiracy rumor. Don't fall for it. I decided to reply rather than simply report this bogus message to the Moderator, so that if you see this elsewhere, you will be forewarned.

[SeaGypsy]

Chemtrails!

[SeaGypsy]

KJ the kids love this shit.
Ever since building 7 everytime some half believable conspiracy gets written up there are millions waiting & eager to believe. Amazingly they usually are blind to the paradox involved in wasting precious time in paranoid delusion at worst & stuff we mere mortals can do nothing about at best.

[verax]

$this->bbcode_second_pass_quote('SeaGypsy', 'K')J the kids love this shit.
Ever since building 7 everytime some half believable conspiracy gets written up there are millions waiting & eager to believe. Amazingly they usually are blind to the paradox involved in wasting precious time in paranoid delusion at worst & stuff we mere mortals can do nothing about at best.

[SeaGypsy]

Except in the case of peak oil only an imbecile would argue it is not real. In this case it appears you have cut & pasted an extremely technical argument for which you are unable a defense when countered by an expert in the field.

[Outcast_Searcher]

$this->bbcode_second_pass_quote('SeaGypsy', 'E')xcept in the case of peak oil only an imbecile would argue it is not real. In this case it appears you have cut & pasted an extremely technical argument for which you are unable a defense when countered by an expert in the field.

[Keith_McClary]

$this->bbcode_second_pass_quote('verax', 'T')his exploit can draws power from the CMOS battery of the computer, so even if computer is completely powered off and unplugged from the wall it will still work. It sends/recieves info completely out of band communications, so cannot be detected by something like wireshark or a firewall or any splitter or means of deep packet inspection. All of this can be triggered and remotely activated by the built in 3G capabilities found in any modern processor such as part of Intels (Anti Theft) measures. (For example, a Stingray like device can remotely activate the built in backdoors miles an miles away from your location - and this is for air gapped computers, for computer connected to the Internet it is much easier) Once activated, it backdoors the AES-NI component of the processor and instructing it to store all master encryption keys in a hidden section of the processor itself on the CPU chip. The CPU then communicates directly with the memory sticks (DMA in a direct memory access type of fashion) and ethernet/network adapters, bypassing the operating system, harddrive, and even much of the normal /regular motherboard itself. In essence, it is running its own computer within a computer, completely oblivious to the end user. Thus none of this can be detected in the works or caught in the act.

[davep]

There is no way a CMOS battery can power the ethernet ports. And SoC is more for mobile devices, which don't have the extra CMOS battery. It seems a rather confusing mishmash of known exploits.

If you want to see some of the stuff the NSA can do, take a look at the Equation Group that has been merrily hacking away for 14 years:

http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage

http://arstechnica.com/security/2015/03/new-smoking-gun-further-ties-nsa-to-omnipotent-equation-group-hackers/

[davep]

Oh, and some references would be useful. Air-gapping is known to be compromised, but your alphabet soup of exploit components doesn't wash.

[davep]

Also, why would the NSA expend so much effort to get the encryption key for a disk-encrypted air-gapped computer? The potential air-gapped transfer rate is REALLY low, so the only really effective use is to steal OTHER private keys (SSH, PGP etc) or password info that is stored on the air-gapped computer for security purposes (it would be impossible to transfer the disk contents) or if you were stupid enough to use the same passphrase for different full-disk encrypted computers (and even then, there is little point as the info you want will not be available straight from RAM - also, it's easy for the NSA to start a payload implant process from e.g. disk firmware - but the point is to use it as a starting point for other payloads). Generally, the further payload process would require the computer to be on. You're conflating lots of different threats here. The air-gap exploit is real, but your explanation is dubious to say the least.

[Outcast_Searcher]

$this->bbcode_second_pass_quote('Keith_McClary', '
')It's a watch battery:

It keeps the time while the computer is powered off. Doing the above would run down the battery in seconds (or however long a watch battery would light a 60 watt bulb) and this would result in an error screen when the computer is rebooted.

[KaiserJeep]

The answer to your question is that the BIOS battery is slightly larger and soldered to the motherboard today. In an application where the PC is only powered on for 8 hours and 5 days per week, modern batteries will last over 10 years, which is frequently longer than the PC's lifetime. However, even today there is not enough power in such a battery to even reset the CPU, much less allow microcode execution. The CPU remains the most power-intensive part of the PC, with it's huge heatsink. Nor will the BIOS battery power an Ethernet or WiFi connection.

While there are designs based on nonvolatile memories requiring no battery power, PCs are very price sensitive products and the simple BIOS battery and cheaper ROMs are still common.