On Tue, Jun 16, 2015 at 5:26 PM, Sean Lynch <seanl@literati.org> wrote:
Lots of words, very few details. Fonts getting a "bit pixellated"? Are you kidding me?
http://www.pcworld.com/article/2921092/gpu-malware-can-also-affect-windows-p... There's an endless number of ways that malware that don't follow any neat process isolation model with clean usage of API:s can cause what would be experienced as glitches. Hiding executables in GPU memory assigned to fonts can do that. And yes, that's 100% possible.
Packages "piggybacking on other packages"? This is all very imprecise language for someone who is attempting to convince us that something very grave is going on. And as usual, not a single hex dump of a single packet. Not of any of the packets supposedly spewing out of their supposedly disabled Ethernet port, not out of their supposedly disabled wifi card, not of one of these supposedly piggybacked packages.
They might not want to show examples of the injection attacks in order to not reveal how they're detecting the traffic. Look up NSA's Turmoil and Quantum Insert.
I'm not saying these capabilities don't exist; I'm sure they do. I'm not even saying the author is lying or stupid.
First of all, it is written mostly for a non-technical audience. Second, you're a bit stuck on the high-level models of computers here, you're not considering how the effects of binary level tampering and code exploits and altering RAM and even firmware for persistence attacks ( http://www.wired.com/2015/02/nsa-firmware-hacking/) might manifest themselves. To somebody who thought he really did secure his systems well, the signs that well obscured malware will show will make it look like your computer has ghosts.
Even assuming some of these claims are true, not asking for more evidence robs us of the ability to defend ourselves. Running off to build f2f networks is fun and all, but it's not going to do a lick of good if we have no idea what we're up against beyond some vague descriptions, especially when you consider that the capabilities of our adversaries go well beyond the technological. There is such a thing as technological security that's "too good", when you've spent all your time defending against technological attacks only to succomb to, as others on this thread have pointed out, a rubber hose.
One problem is that the attacks change too fast. Holding off until they change it themselves can allow you to detect even more of their activity than anybody would if you told the world right away. Otherwise they'll instantly stop the particular attacks you detected and switch to something else. At best one could release details of how to analyze your old offline backups for signs of infections.