Brad Ideas
Crazy ideas, inventions, essays and links from Brad Templeton
Brad IdeasCrazy ideas, inventions, essays and links from Brad Templeton |
|
|
|
NavigationUser loginIf you like this blog, do me a favour and start your Amazon shopping (especially a kindle) from this link, and I'll get a cut. Recent comments
Top EssaysRecent blog posts
BlogrollFellow EFF Folks
Cory Doctorow Larry Lessig Ed Felten Dave Farber John Perry Barlow EFF Deep Links Dave Sifry Syndicate |
This is possible
But in fact it might be simpler to just assure there are security flaws, and then build the botnets, or have them built by your front organizations, which are of course not in the USA. Or just exploiting those that are already there.
Directly compromising Windows is a dangerous thing for the NSA to do. Aside from the fact it is still not supposed to operate inside the USA at all, this could hurt the security of Americans against foreign spies. In fact, the NSA is supposed to be helping to make U.S. computers more secure, it is part of their mission. To go directly against that mission is not beyond them but scandalous if discovered.
Of course this does not apply to foreign spy agencies, they could compromise Windows without breaking their rules. But since Windows is run in so many countries, again this has the risk of scandal.
On the other hand, paying botnet rings to run secret code on non-domestic computers to spy on the owners of those computers would not be the same sort of major scandal. (Creation of the botnets directly would be a scandal, but one they can hide much more easily.) They would mostly get an “attaboy” for spying on foreign computers. They might create a problem with allies if they spied on the computers of allied governments if they were caught, but frankly everybody knows that each spy agency spies on its allies. It’s part of the game, though still not something to be caught at.
To do this, they would want to build a system that can identify honeypots and make sure never to put spy code into them. That’s hard to do for a criminal hacker ring but easily within the abilities of a big spy agency. Ideally they would use other methods to determine the IP blocks or other attributes of “computers of interest” they wish to spy on, confirm that they really have these computers, and then briefly load spy code in them to rootkit the systems and look for interesting files.
Detection of this would require a very clever honeypot that knows how to look like a “computer of interest” — once we define what a computer of interest is. I would bet that computers in rural Pakistan, for example, and Iraq, are commonly computers of interest.