On 02/11/2014 02:32 PM, Rich Jones wrote:
In all of the Snowden docs that have been released so far, has anybody seen any mention of any NSA programs designed to subvert compilers?
Compilers seems like an extremely prime target for manipulation, but as far as I am aware there hasn't been anything mentioned about this yet. Has anybody here heard anything that I haven't?
My guess would be things like network card drivers, or the firmware in network cards - anything that has supervisor level access to the entire machine is a prime target, but as more NICs get things like iSCSI support/ToE and the like, have both opportunity to hide something in the onboard acceleration engines as well as a mechanism to communicate upstream. As we've seen there are plenty of "open source" linux kernel drivers for NICs and video cards that are really binaries. Plenty of room to hide stuff there, but the hardware itself is a better target, especially if the firmware they carry cannot be downloaded by the computer for forensic analysis, and especially if there's some sort of open DMA access from the device to the full memory of the machine that the OS cannot detect. Maybe they'd add stuff to tcp/udp packets as an out of band channel, or in the case of wireless stuff transmit on unused nearby frequencies that the hardware is capable of transmitting on, but cannot be detected with normal wifi/bluetooth sniffers. Bluetooth, and wifi would also be great targets because they can communicate with the outside world, or maybe the USB controllers themselves because stuff like bluetooth modules are often implemented as on-board USB devices - at least they are on Mac notebooks. On Mac notebooks, the keyboard, bluetooth controller, camera and IR receiver all run off the USB bus - so that would be a great place to sniff such traffic, and would also be able to transmit it out to nearby bugs. Even if the OS thinks the device is disabled and not in use, it could still be able to function as a sniffer/transmitter, and it's power consumption hidden in a low-power mode. If you have access to the kernel, or firmware in some critical part of a machine or the hardware itself, that's more than enough - no need to subvert the compilers. There's plenty of out of band access/theft recovery stuff in most notebooks/servers these days, and compiler generated output could always be analyzed by folks looking for vulnerabilities to exploit. Since there are only a handful of chip manufacturers, subverting those would be the path of least resistance and most gain, and companies like Dell, HP, or Apple wouldn't even have to know, nor detect the presence of such stuff. The other path is that 90% of the stuff out there runs windows, so you could always hide stuff as a worm/trojan, which we've seen with stuxnet and the like.