TL;DR below 2014-12-29 19:13 GMT+01:00 Александр <afalex169@gmail.com>:
If all else fails, the NSA and its allies resort to brute force:
1. They hack their target's computers/
Hardly brute force the way they do it. The trick is (imho) small (ie: little complexity/code) validated (ie: using good tricks) attack surfaces. Attack surface being (for every (sub-)system) that which is able to receive potentially exploitative info. So, again, make the security-sensitive code as obviously and undeniably correct as possible. And don't run any code that doesn't follow the guidelines. (That includes every consumer-oriented OS ever, I guess)
2.
They hack Internet routers to get to the secret encryption.
Ehh? Don't trust your network, it's silly to do so anyway. Or is this the in-house routers? I think it kind of comes back to the first point. Maybe "LANs don't have fences" is a thing to live by. Internet protocols have never been that secure; everything about ARP spoofing still makes me cringe a little, and having all those weak wifi-encryption schemes is also very silly.
3. T
hey intercept computers on the way to their targets, open them and insert spy gear before they even reach their destination.
This one is the one to *really* worry about. In fact, you should worry they didn't already produce the hardware with exploits build in (*COUgh* Intel Remote Administration *COUGH*) . I've yet to find a way for a rational entity of any kind to objectively confirm it's own execution without a trusted third party (although I could of course not be sure that I didn't already find a way, because how could I trust myself to understand trust?) and my personal favorite horror scenario is waking up in a world where all my computers are little espionage boxes and I end up incapable of fixing it because, well, everything anyone ever works with is a little NSA observatory. Most of the NSA's stuff had FETs for creating a radar-observable readout. Radiation shielding your device is probably not very effective, but it's a start. Jamming is probably more effective, and also probably not very effective. Thing is, real life things are finicky. Perhaps a little more noise makes it unworkable, who knows? You *could* use "mirror neurons" for computers, simply replicate some of the OPs from another person and voila, the NSA doesn't really know whom they're spying on. Plausible deniability. A fake (recorded/streamed) USB session, some webbrowsing, etc. This is a pretty silly idea, not really worth it in 99.99% of the cases. Tamper evident SOCs designed/produced under supervision of trusted authority (a consortium of properly incentive-ed trustworthish parties, or something like that) could mitigate this problem too. This strikes me as surprisingly realistic; it seems fair to pay twice the usual cost-per-performance to obtain a trustable die. If one also makes it open source it'd be a god amongst SOCs. But remember, in the land of the blind the one eyed man's king. This isn't my field though, so I'll pass on this challenge. TL;DR (To recap:) Hacks? Don't be hackable (it's reasonably possible) Router hacks? Irrelavant; don't trust your network (you don't need to) Physical tempering? Apply lotion to ease the pain (am software guy)