1
00:00:00,380 --> 00:00:05,670
Herald: Good morning to this last minute
edition to our “Fahrplan” today.

2
00:00:05,670 --> 00:00:09,540
There will probably be time for a few
minutes of Q&A in the end, so you can

3
00:00:09,540 --> 00:00:15,160
ask questions here or on IRC
and Twitter via our Signal Angels.

4
00:00:15,160 --> 00:00:19,560
Please welcome Jake Appelbaum,
independent journalist,

5
00:00:19,560 --> 00:00:23,510
for his talk
“To Protect And Infect Part 2”.

6
00:00:23,510 --> 00:00:29,690
*applause*

7
00:00:29,690 --> 00:00:35,840
Jacob: Okay. Alright. Thanks so much
for coming so early in the morning.

8
00:00:35,840 --> 00:00:38,550
Or maybe not so early in the morning
for most of you apparently since

9
00:00:38,550 --> 00:00:44,150
you’ve all been up for more than an hour.
But I’m gonna talk today a little bit

10
00:00:44,150 --> 00:00:48,669
about some things that we’ve heard about
at the conference and I’m gonna talk a bit

11
00:00:48,669 --> 00:00:52,740
about some things that you have not
probably ever heard about in your life and

12
00:00:52,740 --> 00:00:55,680
are even worse than your worst nightmares.

13
00:00:55,680 --> 00:01:00,200
So recently we heard a little bit about
some of the low-end corporate spying

14
00:01:00,200 --> 00:01:04,900
that’s often billed as being sort of like
the hottest, most important stuff, so the

15
00:01:04,900 --> 00:01:09,340
FinFisher, the HackingTeam, the VUPEN.
And sort of in that order it becomes

16
00:01:09,340 --> 00:01:14,490
more sophisticated and more and more
tied in with the National Security Agency.

17
00:01:14,490 --> 00:01:17,660
There are some Freedom of Information Act
requests that have gone out that actually

18
00:01:17,660 --> 00:01:23,670
show VUPEN being an NSA contractor writing
exploits, that there are some ties there.

19
00:01:23,670 --> 00:01:28,010
This sort of covers the… sort of…
the whole gamut, I believe,

20
00:01:28,010 --> 00:01:31,650
which is that, you know you can buy these
like little pieces of forensics hardware.

21
00:01:31,650 --> 00:01:35,240
And just as a sort of fun thing I bought
some of those and then I looked at

22
00:01:35,240 --> 00:01:38,670
how they worked and I noticed that this
‘Mouse Jiggler’, you plug it in and

23
00:01:38,670 --> 00:01:42,860
the idea is that it like keeps your screen
awake. So have any of you seen that

24
00:01:42,860 --> 00:01:46,910
at all? It’s a piece of forensics hardware
so your screensaver doesn’t activate.

25
00:01:46,910 --> 00:01:51,290
So I showed it to one of the systemd
developers, and now when you plug those

26
00:01:51,290 --> 00:01:55,901
into a Linux box that runs systemd,
they automatically lock the screen

27
00:01:55,901 --> 00:02:02,081
when it sees the USB ID.
*applause*

28
00:02:02,081 --> 00:02:05,470
So when people talk about Free Software,
‘free as in freedom’, that’s part of

29
00:02:05,470 --> 00:02:09,260
what they’re talking about. So there are
some other things which I’m not going

30
00:02:09,260 --> 00:02:11,660
to really talk a lot about it because
basically this is all bullshit that

31
00:02:11,660 --> 00:02:15,420
doesn’t really matter and we can defeat
all of that. This is individualized things

32
00:02:15,420 --> 00:02:20,060
we can defend against. But I want
to talk a little bit about how it’s

33
00:02:20,060 --> 00:02:23,960
not necessarily the case that because
they’re not the most fantastic, they’re

34
00:02:23,960 --> 00:02:27,720
not the most sophisticated, that
therefore we shouldn’t worry about it.

35
00:02:27,720 --> 00:02:31,320
This is Rafael. I met him when
I was in Oslo in Norway

36
00:02:31,320 --> 00:02:36,449
for the Oslo Freedom Forum, and basically
he asked me to look at his computer

37
00:02:36,449 --> 00:02:40,400
because he said, “You know, something
seems to be wrong with it. I think that

38
00:02:40,400 --> 00:02:43,750
there’s something, you know,
slowing it down.” And I said:

39
00:02:43,750 --> 00:02:46,260
“Well, I’m not going to find anything.
I don’t have any tools. We are just

40
00:02:46,260 --> 00:02:49,580
going to like sit at the computer…”
And I looked at it, and it has to be

41
00:02:49,580 --> 00:02:53,200
the lamest back door I’ve ever found. It
was basically a very small program that

42
00:02:53,200 --> 00:02:56,980
would just run in a loop and take
screenshots. And it failed to upload

43
00:02:56,980 --> 00:03:01,160
some of the screenshots, and so there were
8 GB of screenshots in his home directory.

44
00:03:01,160 --> 00:03:04,570
*laughter and applause*
And I said, “I’m sorry to break it to you

45
00:03:04,570 --> 00:03:09,440
but I think that you’ve been owned.
And… by a complete idiot.”

46
00:03:09,440 --> 00:03:14,429
*laughter*
And he, he, yeah, he was,

47
00:03:14,429 --> 00:03:17,829
he was really… actually, he felt really
violated and then he told me what he does,

48
00:03:17,829 --> 00:03:21,080
which is he’s an investigative journalist
who works with top secret documents

49
00:03:21,080 --> 00:03:25,680
all the time, with extreme, extreme
operational security to protect

50
00:03:25,680 --> 00:03:30,820
his sources. But when it came to computing
J[ournalism] school failed him.

51
00:03:30,820 --> 00:03:35,530
And as a result, he was compromised
pretty badly. He was not using

52
00:03:35,530 --> 00:03:38,129
a specialized operating system like
Tails, which if you’re a journalist

53
00:03:38,129 --> 00:03:40,910
and you’re not using Tails you should
probably be using Tails unless

54
00:03:40,910 --> 00:03:44,410
you really know what you’re doing.
Apple did a pretty good job at

55
00:03:44,410 --> 00:03:48,839
revoking this application, and it was, you
know, in theory it stopped, but there are

56
00:03:48,839 --> 00:03:52,950
lots of samples from the same group
and this group that did this is tied to

57
00:03:52,950 --> 00:03:57,670
a whole bunch of other attacks across
the world, actually, which is why

58
00:03:57,670 --> 00:04:03,320
it’s connected up there with Operation
Hangover. The scary thing, though, is that

59
00:04:03,320 --> 00:04:06,689
this summer, after we’d met, he was
actually arrested relating to some

60
00:04:06,689 --> 00:04:11,238
of these things. And now, as
I understand it, he’s out, but,

61
00:04:11,238 --> 00:04:14,690
you know, when you mess with a military
dictatorship it messes with you back.

62
00:04:14,690 --> 00:04:18,900
So even though that’s one of the lamest
backdoors, his life is under threat.

63
00:04:18,900 --> 00:04:23,519
So just simple things can cause serious,
serious harm to regular people that are

64
00:04:23,519 --> 00:04:27,990
working for some kind of truth telling.
And that to me is really a big part

65
00:04:27,990 --> 00:04:31,869
of my motivation for coming here to talk
about what I’m going to talk about next,

66
00:04:31,869 --> 00:04:35,069
which is that for every person that we
learn about like Rafael, I think there are

67
00:04:35,069 --> 00:04:39,530
lots of people we will never learn about,
and that’s, to me that’s very scary,

68
00:04:39,530 --> 00:04:43,320
and I think we need to bring some
transparency, and that’s what we’re

69
00:04:43,320 --> 00:04:47,130
going to talk about now. And I really want
to emphasize this point. Even though

70
00:04:47,130 --> 00:04:50,839
they’re not technically impressive, they
are actually still harmful, and that,

71
00:04:50,839 --> 00:04:55,410
that is really a key point to drive home.
I mean, some of the back doors that

72
00:04:55,410 --> 00:04:59,849
I’ve seen are really not sophisticated,
they’re not really that interesting, and

73
00:04:59,849 --> 00:05:03,640
in some cases they’re common off-the-shelf
purchases between businesses,

74
00:05:03,640 --> 00:05:08,650
so it’s like business-to-business
exploitation software development.

75
00:05:08,650 --> 00:05:13,490
I feel like that’s really kind of sad,
and I also think we can change this.

76
00:05:13,490 --> 00:05:19,190
We can turn this around by exposing it.
So, what’s it all about, though?

77
00:05:19,190 --> 00:05:24,219
Fundamentally it’s about control, baby,
and that is what we’re going to get into.

78
00:05:24,219 --> 00:05:27,679
It’s not just about control of machines.
What happened with Rafael is about

79
00:05:27,679 --> 00:05:31,520
control of people. And fundamentally
when we talk about things like internet

80
00:05:31,520 --> 00:05:35,669
freedom and we talk about tactical
surveillance and strategic surveillance,

81
00:05:35,669 --> 00:05:39,529
we’re talking about control of people
through the machinery that they use.

82
00:05:39,529 --> 00:05:43,529
And this is a really, I think a really
kind of – you know I’m trying

83
00:05:43,529 --> 00:05:46,979
to make you laugh a little bit because
what I’m going to show you today

84
00:05:46,979 --> 00:05:53,219
is wrist-slitting depressing.
So. Part 2, or Act 2 of Part 2.

85
00:05:53,219 --> 00:05:57,760
Basically the NSA, they want
to be able to spy on you, and

86
00:05:57,760 --> 00:06:00,580
if they have 10 different options for
spying on you that you know about,

87
00:06:00,580 --> 00:06:06,119
they have 13 ways of doing it and they
do all 13. So that’s a pretty scary thing,

88
00:06:06,119 --> 00:06:11,329
and basically their goal is to have
total surveillance of everything that

89
00:06:11,329 --> 00:06:15,339
they’re interested in. So there really
is no boundary to what they want to do.

90
00:06:15,339 --> 00:06:19,020
There is only sometimes a boundary of
what they are funded to be able to do and

91
00:06:19,020 --> 00:06:23,819
the amount of things they’re able to do at
scale. They seem to just do those things

92
00:06:23,819 --> 00:06:27,199
without thinking too much about it. And
there are specific tactical things

93
00:06:27,199 --> 00:06:30,690
where they have to target a group or an
individual, and those things seem limited

94
00:06:30,690 --> 00:06:35,650
either by budgets or simply by their time.
And as we have released today

95
00:06:35,650 --> 00:06:39,980
on Der Spiegel’s website, which it should
be live – I just checked, it should be live

96
00:06:39,980 --> 00:06:44,350
for everyone here – we actually
show a whole bunch of details

97
00:06:44,350 --> 00:06:49,780
about their budgets as well as the
individuals involved with the NSA

98
00:06:49,780 --> 00:06:53,479
and the Tailored Access Operations group
in terms of numbers. So it should give you

99
00:06:53,479 --> 00:06:58,889
a rough idea showing that there was a
small period of time in which the internet

100
00:06:58,889 --> 00:07:02,589
was really free and we did not have people
from the U.S. military that were watching

101
00:07:02,589 --> 00:07:07,029
over it and exploiting everyone on
it, and now we see every year

102
00:07:07,029 --> 00:07:11,779
that the number of people who are hired to
break into people’s computers as part of

103
00:07:11,779 --> 00:07:16,700
grand operations, those people are growing
day by day, actually. In every year

104
00:07:16,700 --> 00:07:21,820
there are more and more people that are
allocated, and we see this growth. So

105
00:07:21,820 --> 00:07:26,249
that’s the goal: non-attribution, and total
surveillance, and they want to do it

106
00:07:26,249 --> 00:07:30,689
completely in the dark. The good
news is that they can’t. So,

107
00:07:30,689 --> 00:07:34,849
now I’m going to show you a bit about it.
But first, before I show you any pictures,

108
00:07:34,849 --> 00:07:38,989
I want to sort of give you the big picture
from the top down. So there is

109
00:07:38,989 --> 00:07:43,249
a planetary strategic surveillance system,
and there – well, there are many of them

110
00:07:43,249 --> 00:07:48,410
actually. Everything from I think
off-planetary surveillance gear, which is

111
00:07:48,410 --> 00:07:51,749
probably the National Reconnaissance
Office and their satellite systems

112
00:07:51,749 --> 00:07:54,669
for surveillance like the Keyhole
satellites – these are all things most,

113
00:07:54,669 --> 00:07:58,389
for the most part we actually know about
these things. They’re on Wikipedia.

114
00:07:58,389 --> 00:08:01,109
But I want to talk a little bit more about
the internet side of things because

115
00:08:01,109 --> 00:08:04,639
I think that’s really fascinating. So
part of what we are releasing today

116
00:08:04,639 --> 00:08:07,759
with ‘Der Spiegel’, or what has actually
been released – just to be clear

117
00:08:07,759 --> 00:08:11,710
on the timeline, I’m not disclosing it
first, I’m working as an independent

118
00:08:11,710 --> 00:08:15,340
journalist summarizing the work that we
have already released onto the internet

119
00:08:15,340 --> 00:08:19,430
as part of a publication house that went
through a very large editorial process

120
00:08:19,430 --> 00:08:23,710
in which we redacted all the names of
agents and information about those names,

121
00:08:23,710 --> 00:08:26,159
including their phone numbers
and e-mail addresses.

122
00:08:26,159 --> 00:08:29,019
*applause*

123
00:08:29,019 --> 00:08:32,890
And I should say that I actually think
that the laws here are wrong,

124
00:08:32,890 --> 00:08:36,810
because they are in favor of
an oppressor who is criminal.

125
00:08:36,810 --> 00:08:41,160
So when we redact the names of people who
are engaged in criminal activity including

126
00:08:41,160 --> 00:08:45,420
drone murder, we are actually not doing
the right thing, but I believe that

127
00:08:45,420 --> 00:08:49,200
we should comply with the law in order
to continue to publish, and I think

128
00:08:49,200 --> 00:08:55,740
that’s very important.
*applause*

129
00:08:55,740 --> 00:09:00,030
We also redacted the names of
victims of NSA surveillance,

130
00:09:00,030 --> 00:09:04,890
because we think that there’s a balance.
Unfortunately there is a serious problem

131
00:09:04,890 --> 00:09:08,630
which is that the U.S. government asserts
that you don’t have standing to prove

132
00:09:08,630 --> 00:09:12,270
that you’ve been surveilled unless
we release that kind of information,

133
00:09:12,270 --> 00:09:15,040
but we don’t want to release that kind
of information in case it could be

134
00:09:15,040 --> 00:09:18,680
a legitimate target, and we – I’m really
uncomfortable with that term, but let’s

135
00:09:18,680 --> 00:09:22,280
say that there is a legitimate target, the
most legitimate target, and we didn’t want

136
00:09:22,280 --> 00:09:25,900
to make that decision. But we
did also want to make sure

137
00:09:25,900 --> 00:09:29,230
that we didn’t harm someone, but we
also wanted to show concrete examples.

138
00:09:29,230 --> 00:09:32,470
So if you look at the ‘Spiegel’ stuff online,
we redacted the names even of those

139
00:09:32,470 --> 00:09:36,490
who were victimized by the NSA’s
oppressive tactics, which I think

140
00:09:36,490 --> 00:09:39,600
actually goes further than is necessary,
but I believe that it strikes

141
00:09:39,600 --> 00:09:43,150
the right balance to ensure continued
publication and also to make sure

142
00:09:43,150 --> 00:09:46,700
that people are not harmed and that
legitimate good things, however rare

143
00:09:46,700 --> 00:09:52,090
they may be, they are also not harmed.
So if you’ve been targeted by the NSA

144
00:09:52,090 --> 00:09:54,490
and you would have found out today
if we had taken a different decision,

145
00:09:54,490 --> 00:09:59,190
I’m really sorry, but this is the thing
I think that keeps us alive,

146
00:09:59,190 --> 00:10:02,200
so this is the choice that I think is the
right choice, and I think it’s also

147
00:10:02,200 --> 00:10:06,310
the safest choice for everyone.
So that said, basically the NSA has

148
00:10:06,310 --> 00:10:10,630
a giant dragnet surveillance system that
they call TURMOIL. TURMOIL is a passive

149
00:10:10,630 --> 00:10:14,520
interception system. That passive
interception system essentially spans

150
00:10:14,520 --> 00:10:17,980
the whole planet. Who here has heard
about the Merkel phone incident?

151
00:10:17,980 --> 00:10:21,740
Some of you heard about Chancellor Merkel?
So we revealed that in ‘Der Spiegel’, and

152
00:10:21,740 --> 00:10:25,770
what we found was that they tasked her
for surveillance. And I’ll talk a little bit

153
00:10:25,770 --> 00:10:29,030
about that later. But basically the way
that this works is that they have this

154
00:10:29,030 --> 00:10:34,020
huge passive set of sensors; and any data
that flows past it, they actually look at it.

155
00:10:34,020 --> 00:10:37,880
So there was a time in the past where
surveillance meant looking at anything

156
00:10:37,880 --> 00:10:43,010
at all. And now the NSA tries
to basically twist the words

157
00:10:43,010 --> 00:10:46,780
of every person who speaks whatever
language they’re speaking in, and they

158
00:10:46,780 --> 00:10:50,560
try to say that it’s only surveillance
if after they collect it and record it

159
00:10:50,560 --> 00:10:55,500
to a database, and analyze it with
machines, only if – I think – an NSA agent

160
00:10:55,500 --> 00:10:59,690
basically looks at it
personally and then clicks

161
00:10:59,690 --> 00:11:03,750
“I have looked at this” do
they call it surveillance.

162
00:11:03,750 --> 00:11:07,410
Fundamentally I really object to that
because if I ran a TURMOIL collection

163
00:11:07,410 --> 00:11:10,220
system – that is passive signals
intelligence systems collecting data

164
00:11:10,220 --> 00:11:14,120
from the whole planet, everywhere they
possibly can – I would go to prison

165
00:11:14,120 --> 00:11:17,990
for the rest of my life.
That’s the balance, right?

166
00:11:17,990 --> 00:11:21,520
Jefferson talks about this. He says, you
know, “That which the government

167
00:11:21,520 --> 00:11:25,160
is allowed to do but you are not, this is
a tyranny.” There are some exceptions

168
00:11:25,160 --> 00:11:29,820
to that, but the CFAA in the United
States, the Computer Fraud and Abuse Act,

169
00:11:29,820 --> 00:11:33,720
you know, it’s so draconian
for regular people,

170
00:11:33,720 --> 00:11:38,260
and the NSA gets to do something like
intercepting 7 billion people all day long

171
00:11:38,260 --> 00:11:42,820
with no problems, and the rest of us
are not even allowed to experiment

172
00:11:42,820 --> 00:11:47,440
for improving the security of our own
lives without being put in prison

173
00:11:47,440 --> 00:11:51,700
or under threat of serious indictment, and
that I think is a really important point.

174
00:11:51,700 --> 00:11:55,730
So the TURMOIL system is a surveillance
system, and it is a dragnet surveillance

175
00:11:55,730 --> 00:12:00,150
system that is a general warrant dragnet
surveillance if there ever was one.

176
00:12:00,150 --> 00:12:04,030
And now we shot the British over this when
we started our revolution. We called them

177
00:12:04,030 --> 00:12:06,970
“general writs of assistance.” These
were generalized warrants which

178
00:12:06,970 --> 00:12:10,730
we considered to be a tyranny. And
TURMOIL is the digital version of a

179
00:12:10,730 --> 00:12:15,410
general writ of assistance system. And
the general writ of assistance itself,

180
00:12:15,410 --> 00:12:18,530
it’s not clear if it even exists, because
it’s not clear to me that a judge

181
00:12:18,530 --> 00:12:21,910
would understand
anything that I just said.

182
00:12:21,910 --> 00:12:27,310
*applause*

183
00:12:27,310 --> 00:12:31,920
Okay, so now we’re gonna get scary.
So that’s just the passive stuff.

184
00:12:31,920 --> 00:12:36,120
There exists another system that’s called
TURBINE, and we revealed about this system

185
00:12:36,120 --> 00:12:41,040
in the ‘Spiegel’ publications
today as well. So if TURMOIL

186
00:12:41,040 --> 00:12:47,210
is deep packet inspection, then
TURBINE is deep packet injection.

187
00:12:47,210 --> 00:12:52,130
And it is the system that combined
together with a thing…

188
00:12:52,130 --> 00:12:55,820
– with TURMOIL and TURBINE you can create
a platform which they have consolidated

189
00:12:55,820 --> 00:13:01,900
which they call QFIRE. QFIRE is
essentially a way to programmatically

190
00:13:01,900 --> 00:13:05,790
look at things that flow across the
internet that they see with TURMOIL

191
00:13:05,790 --> 00:13:09,770
and then using TURBINE they’re able to
actually inject packets to try to do attacks,

192
00:13:09,770 --> 00:13:13,720
and I’ll describe some of those attacks
in detail in a moment. But essentially

193
00:13:13,720 --> 00:13:17,430
the interesting thing about QFIRE also
is that they have a thing that’s called

194
00:13:17,430 --> 00:13:22,300
a diode. So if you have for
example a large number

195
00:13:22,300 --> 00:13:24,670
of systems where you control them, you
might say: “Hey, what are you doing

196
00:13:24,670 --> 00:13:27,590
on that backbone?”, “Hey, what’s going on
with these systems?” And they could say,

197
00:13:27,590 --> 00:13:30,930
well, you know, we paid for access, we’re
doing this, it’s all legal, etcetera.

198
00:13:30,930 --> 00:13:33,830
QFIRE has this really neat little detail
which is that they compromise

199
00:13:33,830 --> 00:13:36,770
other people’s routers and then redirect
through them so that they can beat

200
00:13:36,770 --> 00:13:40,160
the speed of light. And how
they do that is that they have

201
00:13:40,160 --> 00:13:43,480
a passive sensor that’s nearby,
a thing that they can inject from.

202
00:13:43,480 --> 00:13:47,649
And when they see that that thing sees
a selector that is interesting to them

203
00:13:47,649 --> 00:13:51,689
or is doing a thing that they would like
to tamper with in some way, then they

204
00:13:51,689 --> 00:13:55,350
take a packet, they encapsulate the
packet, they send it to the diode,

205
00:13:55,350 --> 00:14:00,210
which might be your home router
potentially, and then that home router

206
00:14:00,210 --> 00:14:05,410
decapsulates that packet and sends it out.
And because that is very close to you,

207
00:14:05,410 --> 00:14:10,170
and let’s say you’re visiting Yahoo, then
the Yahoo packet will not beat you.

208
00:14:10,170 --> 00:14:14,740
That is, they will not beat the NSA
or GCHQ. So it’s a race condition.

209
00:14:14,740 --> 00:14:17,940
And so they basically are able to
control this whole system and then

210
00:14:17,940 --> 00:14:23,250
to localize attacks in that
process. So that’s a pretty –

211
00:14:23,250 --> 00:14:27,530
pretty scary stuff, actually. And while it
is a digital thing, I think it’s important

212
00:14:27,530 --> 00:14:30,790
to understand that this is what Jefferson
talked about when he talked about tyranny.

213
00:14:30,790 --> 00:14:34,300
This is turnkey tyranny, and it’s not that
it’s coming, it’s actually here. It’s just

214
00:14:34,300 --> 00:14:38,210
merely the question about whether or not
they’ll use it in a way that we think is

215
00:14:38,210 --> 00:14:42,480
a good way or not a good way. One
of the scariest parts about this is that

216
00:14:42,480 --> 00:14:47,810
for this system or these sets of systems
to exist, we have been kept vulnerable.

217
00:14:47,810 --> 00:14:51,500
So it is the case that if the Chinese,
if the Russians, if people here

218
00:14:51,500 --> 00:14:55,980
wish to build this system, there’s nothing
that stops them. And in fact the NSA has

219
00:14:55,980 --> 00:15:00,210
in a literal sense retarded the process
by which we would secure the internet

220
00:15:00,210 --> 00:15:04,740
because it establishes a hegemony
of power, their power in secret,

221
00:15:04,740 --> 00:15:08,760
to do these things. And in fact I’ve seen
evidence that shows that there are so many

222
00:15:08,760 --> 00:15:12,320
compromises taking place between the
different Five Eyes signals intelligence

223
00:15:12,320 --> 00:15:16,200
groups that they actually have lists that
explain, “If you see this back door

224
00:15:16,200 --> 00:15:20,610
on the system, contact a friendly agency.
You’ve just recompromised the machine

225
00:15:20,610 --> 00:15:24,760
of another person.” So
when we talk about this,

226
00:15:24,760 --> 00:15:29,020
we have to consider that this is
designed for at-scale exploitation.

227
00:15:29,020 --> 00:15:33,099
And as far as I can tell it’s being
used for at-scale exploitation.

228
00:15:33,099 --> 00:15:38,541
Which is not really in my mind a
targeted particularized type of thing,

229
00:15:38,541 --> 00:15:42,270
but rather it’s fishing operations.
It’s fishing expeditions. It’s

230
00:15:42,270 --> 00:15:47,200
more like fishing crusades, if you will.
And in some cases, looking at the evidence

231
00:15:47,200 --> 00:15:51,380
that seems to be what it is. Targeting
Muslims, I might add. Because that’s

232
00:15:51,380 --> 00:15:54,800
what they’re interested in doing.
So that said, that’s the internet,

233
00:15:54,800 --> 00:15:58,270
and we get all the way down to the bottom
and we get to the Close Access Operations

234
00:15:58,270 --> 00:16:02,940
and Off-Net. Off-Net and Close Access
Operations are pretty scary things,

235
00:16:02,940 --> 00:16:06,249
but basically this is what we would call a
black bag job. That’s where these guys,

236
00:16:06,249 --> 00:16:10,260
they break into your house, they put
something in your computer and

237
00:16:10,260 --> 00:16:13,350
they take other things out of your
computer. Here’s an example.

238
00:16:13,350 --> 00:16:16,240
First top secret document
of the talk so far.

239
00:16:16,240 --> 00:16:18,480
This is a Close Access Operations box.

240
00:16:18,480 --> 00:16:22,470
It is basically car
metasploit for the NSA,

241
00:16:22,470 --> 00:16:25,190
which is an interesting thing. But
basically they say that the attack is

242
00:16:25,190 --> 00:16:30,140
undetectable, and it’s sadly
a laptop running free software.

243
00:16:30,140 --> 00:16:34,890
It is injecting packets. And they say that
they can do this from as far away as

244
00:16:34,890 --> 00:16:40,459
8 miles to inject packets, so presumably
using this they’re able to exploit

245
00:16:40,459 --> 00:16:45,590
a kernel vulnerability of some kind,
parsing the wireless frames, and, yeah.

246
00:16:45,590 --> 00:16:50,000
I’ve heard that they actually put this
hardware, from sources inside of the NSA

247
00:16:50,000 --> 00:16:54,420
and inside of other
intelligence agencies, that

248
00:16:54,420 --> 00:16:58,160
they actually put this type of hardware on
drones so that they fly them over areas

249
00:16:58,160 --> 00:17:02,219
that they’re interested in and they
do mass exploitation of people.

250
00:17:02,219 --> 00:17:05,579
Now, we don’t have a document
that substantiates that part, but

251
00:17:05,579 --> 00:17:08,239
we do have this document that actually
claims that they’ve done it from up to

252
00:17:08,239 --> 00:17:12,879
8 miles away. So that’s a really
interesting thing because it tells us

253
00:17:12,879 --> 00:17:17,490
that they understand that common wireless
cards, probably running Microsoft Windows,

254
00:17:17,490 --> 00:17:21,259
which is an American company, that they
know about vulnerabilities and they

255
00:17:21,259 --> 00:17:25,369
keep them a secret to use them. This is
part of a constant theme of sabotaging

256
00:17:25,369 --> 00:17:29,989
and undermining American companies and
American ingenuity. As an American,

257
00:17:29,989 --> 00:17:33,419
while generally not a nationalist, I find
this disgusting, especially as someone

258
00:17:33,419 --> 00:17:38,000
who writes free software and would
like my tax dollars to be spent

259
00:17:38,000 --> 00:17:40,650
on improving these things. And when they
know about them I don’t want them

260
00:17:40,650 --> 00:17:43,890
to keep them a secret because
all of us are vulnerable.

261
00:17:43,890 --> 00:17:45,950
It’s a really scary thing.

262
00:17:45,950 --> 00:17:52,270
*applause*

263
00:17:52,270 --> 00:17:55,829
And it just so happens that at my house,
myself and many of my friends,

264
00:17:55,829 --> 00:17:58,859
when we use wireless devices
– Andy knows what I’m talking about,

265
00:17:58,859 --> 00:18:03,300
a few other people here –
all the time we have errors

266
00:18:03,300 --> 00:18:07,950
in certain machines which are set up at
the house, in some cases as a honey pot

267
00:18:07,950 --> 00:18:11,919
– thanks, guys – where kernel
panic after kernel panic,

268
00:18:11,919 --> 00:18:15,659
exactly in the receive handler of the
Linux kernel where you would expect

269
00:18:15,659 --> 00:18:19,619
this specific type of thing to take place.
So I think that if we talk about

270
00:18:19,619 --> 00:18:23,369
the war coming home, we probably will
find that this is not just used in places

271
00:18:23,369 --> 00:18:27,299
where there’s a literal war on but where
they decide that it would be useful,

272
00:18:27,299 --> 00:18:31,730
including just parking outside your house.
Now I only have an hour today,

273
00:18:31,730 --> 00:18:35,660
so I’m gonna have to go through some
other stuff pretty quickly. I want to make

274
00:18:35,660 --> 00:18:40,679
a couple of points clear. This wasn’t
clear, even though it was written

275
00:18:40,679 --> 00:18:46,280
in the New York Times by my dear friend
Laura Poitras, who is totally fantastic

276
00:18:46,280 --> 00:18:51,520
by the way, and… you are great.
But 15 years of data retention –

277
00:18:51,520 --> 00:18:55,769
*applause*

278
00:18:55,769 --> 00:18:59,969
So the NSA has 15 years
of data retention.

279
00:18:59,969 --> 00:19:03,649
It’s a really important point to
drive home. I joked with Laura

280
00:19:03,649 --> 00:19:06,470
when she wrote the New York Times article
with James Risen, she should do the math

281
00:19:06,470 --> 00:19:10,659
for other people and say “15 years”. She
said: “They can do the math on their own,

282
00:19:10,659 --> 00:19:15,729
I believe in them”. I just wanna do the
math for you. 15 years, that’s scary!

283
00:19:15,729 --> 00:19:19,559
I don’t ever remember voting on that,
I don’t ever remember even having

284
00:19:19,559 --> 00:19:24,170
a public debate about it. And that
includes content as well as metadata.

285
00:19:24,170 --> 00:19:30,090
So they use this metadata. They search
through this metadata retroactively.

286
00:19:30,090 --> 00:19:33,599
They do what’s called ‘tasking’, that is,
they find a set of selectors – so that’s

287
00:19:33,599 --> 00:19:38,090
a set of unique identifiers, e-mail
addresses, cookies, MAC addresses, IMEIs…

288
00:19:38,090 --> 00:19:42,010
whatever is useful. Voice prints
potentially, depending on the system.

289
00:19:42,010 --> 00:19:46,570
And then they basically
task those selectors

290
00:19:46,570 --> 00:19:51,499
for specific activities. So that ties
together with some of the attacks

291
00:19:51,499 --> 00:19:55,499
which I’ll talk about, but essentially
QUANTUMINSERTION and things that are

292
00:19:55,499 --> 00:20:01,350
like QUANTUMINSERTION, they’re triggered
as part of the TURMOIL and TURBINE system

293
00:20:01,350 --> 00:20:05,839
and the QFIRE system, and they’re all put
together so that they can automate

294
00:20:05,839 --> 00:20:09,390
attacking people based on the plain
text traffic that transits the internet

295
00:20:09,390 --> 00:20:13,299
or based on the source or
destination IP addresses.

296
00:20:13,299 --> 00:20:16,270
This is a second top secret document.

297
00:20:16,270 --> 00:20:21,310
This is an actual NSA lolcat

298
00:20:21,310 --> 00:20:25,730
for the QUANTUMTHEORY program.

299
00:20:25,730 --> 00:20:29,290
*applause*

300
00:20:29,290 --> 00:20:33,150
You’ll notice it’s a black cat, hiding. Okay.

301
00:20:33,150 --> 00:20:36,900
So there are a few people in the audience
that are still not terrified enough, and

302
00:20:36,900 --> 00:20:40,270
there are a few people that as part
of their process for coping with

303
00:20:40,270 --> 00:20:44,589
this horrible world that we have found
ourselves in, they will say the following:

304
00:20:44,589 --> 00:20:48,259
“There’s no way they’ll ever find me. I’m
not interesting.” So I just want to dispel

305
00:20:48,259 --> 00:20:52,879
that notion and show you a little bit
about how they do that. So we mentioned

306
00:20:52,879 --> 00:20:56,899
TURMOIL, which is the dragnet surveillance,
and TURBINE, which is deep packet injection,

307
00:20:56,899 --> 00:21:00,839
and QFIRE, where we tie it all together,
and this is an example of something which

308
00:21:00,839 --> 00:21:03,839
I think actually demonstrates a crime but
I’m not sure, I’m not a lawyer, I’m

309
00:21:03,839 --> 00:21:07,729
definitely not your lawyer, and I’m
certainly not the NSA’s lawyer.

310
00:21:07,729 --> 00:21:11,511
But this is the MARINA system. This is
merely one of many systems where they

311
00:21:11,511 --> 00:21:15,350
actually have full content as well as
metadata. Taken together, they do

312
00:21:15,350 --> 00:21:19,160
contact chaining, where they find out you
guys are all in the same room with me

313
00:21:19,160 --> 00:21:24,990
– which reminds me, let’s
see, I’ve got this phone…

314
00:21:24,990 --> 00:21:31,040
Okay. That’s good. Let’s
turn that on. So now…

315
00:21:31,040 --> 00:21:34,480
*laughter*
You’re welcome.

316
00:21:34,480 --> 00:21:37,640
*laughter*
You have no idea!

317
00:21:37,640 --> 00:21:40,379
*laughter*
But I just wanted to make sure that

318
00:21:40,379 --> 00:21:44,069
if there was any question about whether
or not you are exempt from needing to do

319
00:21:44,069 --> 00:21:47,689
something about this,
that that is dispelled.

320
00:21:47,689 --> 00:21:53,489
*applause*

321
00:21:53,489 --> 00:21:58,950
Okay? Cell phone’s on.
Great. So. Hey, guys!

322
00:21:58,950 --> 00:22:02,760
*laughter*
So, the MARINA system is a

323
00:22:02,760 --> 00:22:07,689
contact chaining system as well as a
system that has data, and in this case

324
00:22:07,689 --> 00:22:12,849
what we see is in fact reverse contact
and forward contact graphing. So,

325
00:22:12,849 --> 00:22:17,129
any lawyers in the audience? If there
are American citizens in this database,

326
00:22:17,129 --> 00:22:21,140
is reverse targeting like this illegal?
Generally? Is it possible that that

327
00:22:21,140 --> 00:22:26,420
could be considered illegal?
*Someone from audience mumbling*

328
00:22:26,420 --> 00:22:29,330
Yeah, so, interesting. If it’s called
reverse contacts instead of

329
00:22:29,330 --> 00:22:34,550
reverse targeting – yeah, exactly.
So, you’ll also notice the,

330
00:22:34,550 --> 00:22:40,000
on the right-hand side, webcam photos.

331
00:22:40,000 --> 00:22:43,779
So, just in case you’re wondering,
in this case this particular target,

332
00:22:43,779 --> 00:22:47,480
I suppose that he did not or
she did not have a webcam.

333
00:22:47,480 --> 00:22:50,400
Good for them. If not, you should follow
the EFF’s advice and you should put

334
00:22:50,400 --> 00:22:54,460
a little sticker over your webcam. But
you’ll also note that they try to find

335
00:22:54,460 --> 00:22:57,649
equivalent identifiers. So every time
there’s a linkable identifier that you

336
00:22:57,649 --> 00:23:03,189
have on the internet, they try to put that
and tie it together and contact chain it,

337
00:23:03,189 --> 00:23:08,090
and they try to show who you are among all
of these different potential identifiers –

338
00:23:08,090 --> 00:23:11,189
if you have 5 e-mail addresses, they would
link them together – and then they try

339
00:23:11,189 --> 00:23:14,300
to find out who all your friends are.
You’ll also note at the bottom here,

340
00:23:14,300 --> 00:23:18,969
logins and passwords. So they’re
also doing dragnet surveillance

341
00:23:18,969 --> 00:23:22,879
in which they extract – the feature set
extraction where they know semantically

342
00:23:22,879 --> 00:23:26,459
what a login and a password is in a
particular protocol. And in this case

343
00:23:26,459 --> 00:23:30,780
this guy is lucky, I suppose, and they
were not able to get passwords or webcam,

344
00:23:30,780 --> 00:23:34,159
but you’ll note that they were able to get
his contacts and they were able to see

345
00:23:34,159 --> 00:23:38,429
in fact 29, give or take,
received messages as well,

346
00:23:38,429 --> 00:23:41,829
of which there are these things. Now in
this case we have redacted the e-mail

347
00:23:41,829 --> 00:23:45,980
and instant messenger information,
but this is an example of how

348
00:23:45,980 --> 00:23:49,720
*laughs*
you can’t hide from these things, and

349
00:23:49,720 --> 00:23:54,400
thinking that they won’t find you
is a fallacy. So this is basically

350
00:23:54,400 --> 00:23:59,219
the difference between taking one wire and
clipping onto it in a particularized

351
00:23:59,219 --> 00:24:02,350
suspicious way where they’re really
interested, they have a particularized

352
00:24:02,350 --> 00:24:05,609
suspicion, they think that someone is a
criminal, they think someone has taken

353
00:24:05,609 --> 00:24:10,040
some serious steps that are illegal, and
instead what they do is they put all of us

354
00:24:10,040 --> 00:24:14,220
under surveillance, record all of this
data that they possibly can, and then

355
00:24:14,220 --> 00:24:17,829
they go looking through it. Now
in the case of Chancellor Merkel,

356
00:24:17,829 --> 00:24:22,510
when we revealed NSRL 2002-388,
what we showed was that

357
00:24:22,510 --> 00:24:26,369
they were spying on Merkel. And by their
own admission 3 hops away, that’s everyone

358
00:24:26,369 --> 00:24:30,360
in the German Parliament
and everyone here.

359
00:24:30,360 --> 00:24:35,930
So that’s pretty serious stuff. It also
happens that if you should be visiting

360
00:24:35,930 --> 00:24:41,939
certain websites, especially if you’re
a Muslim, it is the case that you can be

361
00:24:41,939 --> 00:24:47,059
attacked automatically by this system.
Right? So that would mean that

362
00:24:47,059 --> 00:24:50,379
they would automatically start to break
into systems. That’s what they would call

363
00:24:50,379 --> 00:24:55,430
‘untasked targeting’. Interesting idea
that they call that targeted surveillance.

364
00:24:55,430 --> 00:24:58,669
To me that doesn’t really sound too
much like targeted surveillance unless

365
00:24:58,669 --> 00:25:02,659
what you mean by carpet bombing, it – you
know, I mean it just – you know, like… it

366
00:25:02,659 --> 00:25:07,780
just doesn’t… it doesn’t strike me right.
It’s not my real definition of ‘targeted’.

367
00:25:07,780 --> 00:25:11,129
It’s not well defined. It’s not that a
judge has said, “Yes, this person is

368
00:25:11,129 --> 00:25:14,579
clearly someone we should target.” Quite
the opposite. This is something where

369
00:25:14,579 --> 00:25:19,460
some guy who has a system has decided to
deploy it and they do it however they like

370
00:25:19,460 --> 00:25:22,539
whenever they would like. And while there
are some restrictions, it’s clear that

371
00:25:22,539 --> 00:25:27,030
the details about these programs do not
trickle up. And even if they do, they

372
00:25:27,030 --> 00:25:31,289
do not trickle up in a useful way. So
this is important, because members

373
00:25:31,289 --> 00:25:36,049
of the U.S. Congress, they have no clue
about these things. Literally, in the case

374
00:25:36,049 --> 00:25:42,599
of the technology. Ask a Congressman
about TCP/IP. Forget it.

375
00:25:42,599 --> 00:25:46,559
You can’t even get a meeting with them.
I’ve tried. Doesn’t matter. Even if you

376
00:25:46,559 --> 00:25:49,909
know the secret interpretation of Section
215 of the Patriot Act and you go

377
00:25:49,909 --> 00:25:52,619
to Washington, D.C. and you meet with
their aides, they still won’t talk to you

378
00:25:52,619 --> 00:25:56,000
about it. Part of that is because they
don’t have a clue, and another part of it

379
00:25:56,000 --> 00:26:00,099
is because they can’t talk about it,
because they don’t have a political solution.

380
00:26:00,099 --> 00:26:02,929
Absent a political solution, it’s very
difficult to get someone to admit that

381
00:26:02,929 --> 00:26:06,370
there is a problem. Well, there is a
problem, so we’re going to create

382
00:26:06,370 --> 00:26:09,649
a political problem and also talk
about some of the solutions.

383
00:26:09,649 --> 00:26:12,589
The Cypherpunks generally have
come up with some of the solutions

384
00:26:12,589 --> 00:26:16,610
when we talk about encrypting the entire
internet. That would end dragnet mass

385
00:26:16,610 --> 00:26:20,719
surveillance in a sense, but it will
come back in a different sense

386
00:26:20,719 --> 00:26:25,569
even with encryption. We need both
a marriage of a technical solution

387
00:26:25,569 --> 00:26:30,580
and we need a political solution
to go with it, and if we don’t have

388
00:26:30,580 --> 00:26:35,480
those 2 things, we will unfortunately be
stuck here. But at the moment the NSA,

389
00:26:35,480 --> 00:26:40,489
basically, I feel, has more power than
anyone in the entire world – any one

390
00:26:40,489 --> 00:26:44,800
agency or any one person. So Emperor
Alexander, the head of the NSA, really has

391
00:26:44,800 --> 00:26:50,149
a lot of power. If they want to right now,
they’ll know that the IMEI of this phone

392
00:26:50,149 --> 00:26:55,230
is interesting. It’s very warm, which is
another funny thing, and they would be

393
00:26:55,230 --> 00:26:59,129
able to break into this phone almost
certainly and then turn on the microphone,

394
00:26:59,129 --> 00:27:03,270
and all without a court.
So that to me is really scary.

395
00:27:03,270 --> 00:27:06,889
And I especially dislike the fact that
if you were to be building these

396
00:27:06,889 --> 00:27:10,550
types of things, they treat you as an
opponent, if you wish to be able to

397
00:27:10,550 --> 00:27:14,000
fulfill the promises that you make to your
customers. And as someone who writes

398
00:27:14,000 --> 00:27:18,159
security software
I think that’s bullshit.

399
00:27:18,159 --> 00:27:22,179
So. Here’s how they do a bit of it.
So there are different programs.

400
00:27:22,179 --> 00:27:25,860
So QUANTUMTHEORY, QUANTUMNATION,
QUANTUMBOT, QUANTUMCOPPER

401
00:27:25,860 --> 00:27:29,389
and QUANTUMINSERT. You’ve heard of a few
of them. I’ll just go through them real quick.

402
00:27:29,389 --> 00:27:33,449
QUANTUMTHEORY essentially has
a whole arsenal of zero-day exploits.

403
00:27:33,449 --> 00:27:38,490
Then the system deploys what’s called
a SMOTH, or a seasoned moth.

404
00:27:38,490 --> 00:27:43,540
And a seasoned moth is an
implant which dies after 30 days.

405
00:27:43,540 --> 00:27:48,549
So I think that these guys either took a
lot of acid or read a lot of Philip K. Dick,

406
00:27:48,549 --> 00:27:51,759
potentially both!
*applause*

407
00:27:51,759 --> 00:27:55,379
And they thought Philip K. Dick
wasn’t dystopian enough.

408
00:27:55,379 --> 00:27:59,869
“Let’s get better at this”.
And after reading VALIS, I guess,

409
00:27:59,869 --> 00:28:04,760
they went on, and they also have
as part of QUANTUMNATION

410
00:28:04,760 --> 00:28:08,849
what’s called VALIDATOR or COMMONDEER.
Now these are first-stage payloads

411
00:28:08,849 --> 00:28:13,940
that are done entirely in memory.
These exploits essentially are where they

412
00:28:13,940 --> 00:28:18,279
look around to see if you have what are
called PSPs, and this is to see, like,

413
00:28:18,279 --> 00:28:21,730
you know, if you have Tripwire, if you
have Aid, if you have some sort of

414
00:28:21,730 --> 00:28:25,549
system tool that will detect if an
attacker is tampering with files or

415
00:28:25,549 --> 00:28:28,659
something like this, like
a host intrusion detection system.

416
00:28:28,659 --> 00:28:33,689
So VALIDATOR and COMMONDEER, which,
I mean, clearly the point of COMMONDEER,

417
00:28:33,689 --> 00:28:36,659
while it’s misspelled here – it’s not
actually… I mean that’s the name

418
00:28:36,659 --> 00:28:40,649
of the program… but the point is to make
a pun on commandeering your machine. So,

419
00:28:40,649 --> 00:28:44,550
you know, when I think about the U.S.
Constitution in particular, we talk about

420
00:28:44,550 --> 00:28:49,300
not allowing the quartering of
soldiers – and, gosh, you know?

421
00:28:49,300 --> 00:28:53,629
Commandeering my computer sounds
a lot like a digital version of that, and

422
00:28:53,629 --> 00:28:57,379
I find that’s a little bit confusing, and
mostly in that I don’t understand

423
00:28:57,379 --> 00:29:01,219
how they get away with it. But part of it
is because until right now we didn’t know

424
00:29:01,219 --> 00:29:05,679
about it, in public, which is why we’re
releasing this in the public interest,

425
00:29:05,679 --> 00:29:09,400
so that we can have a better debate
about whether or not that counts, in fact,

426
00:29:09,400 --> 00:29:14,189
as a part of this type of what I would
consider to be tyranny, or perhaps

427
00:29:14,189 --> 00:29:18,719
you think it is a measured and reasonable
thing. I somehow doubt that. But

428
00:29:18,719 --> 00:29:23,070
in any case, QUANTUMBOT is where
they hijack IRC bots, because why not?

429
00:29:23,070 --> 00:29:26,490
They thought they would like to do
that, and an interesting point is that

430
00:29:26,490 --> 00:29:31,320
they could in theory stop a lot
of these botnet attacks and

431
00:29:31,320 --> 00:29:35,200
they have decided to maintain that
capability, but they’re not yet doing it

432
00:29:35,200 --> 00:29:38,749
except when they feel like doing it for
experiments or when they do it to

433
00:29:38,749 --> 00:29:42,699
potentially use them. It’s not clear
exactly how they use them. But

434
00:29:42,699 --> 00:29:46,350
the mere fact of the matter is that that
suggests they’re even in fact able to do

435
00:29:46,350 --> 00:29:49,850
these types of attacks, they’ve tested
these types of attacks against botnets.

436
00:29:49,850 --> 00:29:53,879
And that’s the program you should FOIA
for. We’ve released a little bit of detail

437
00:29:53,879 --> 00:29:57,890
about that today as well. And
QUANTUMCOPPER to me is really scary.

438
00:29:57,890 --> 00:30:01,719
It’s essentially a thing that can
interfere with TCP/IP and it can do things

439
00:30:01,719 --> 00:30:06,799
like corrupt file downloads. So if you
imagine the Great Firewall of China,

440
00:30:06,799 --> 00:30:10,289
so-called – that’s for the whole planet.

441
00:30:10,289 --> 00:30:14,319
So if the NSA wanted to tomorrow, they
could kill every anonymity system

442
00:30:14,319 --> 00:30:20,259
that exists by just forcing everyone who
connects to an anonymity system to reset

443
00:30:20,259 --> 00:30:24,750
just the same way that the Chinese do
right now in China with the Great Firewall

444
00:30:24,750 --> 00:30:28,589
of China. So that’s like the NSA builds
the equivalent of the Great Firewall

445
00:30:28,589 --> 00:30:33,999
of Earth. That’s, to me that’s
a really scary, heavy-handed thing,

446
00:30:33,999 --> 00:30:39,080
and I’m sure they only use it for good.
*clears throat*

447
00:30:39,080 --> 00:30:44,520
But, yeah. Back here in reality that to
me is a really scary thing, especially

448
00:30:44,520 --> 00:30:48,610
because one of the ways that they are able
to have this capability, as I mentioned,

449
00:30:48,610 --> 00:30:52,979
is these diodes. So what that suggests
is that they actually repurpose

450
00:30:52,979 --> 00:30:56,260
other people’s machines in order to
reposition and to gain a capability

451
00:30:56,260 --> 00:31:01,349
inside of an area where they actually
have no legitimacy inside of that area.

452
00:31:01,349 --> 00:31:07,049
That to me suggests it is not only
heavy-handed, that they have probably some

453
00:31:07,049 --> 00:31:12,289
tools to do that. You see where I’m going
with this. Well, QUANTUMINSERTION,

454
00:31:12,289 --> 00:31:16,119
this is also an important point, because
this is what was used against Belgacom,

455
00:31:16,119 --> 00:31:22,060
this is what’s used by a whole number of
unfortunately players in the game where

456
00:31:22,060 --> 00:31:26,409
basically what they do is they inject
a packet. So you have a TCP connection,

457
00:31:26,409 --> 00:31:30,169
Alice wants to talk to Bob, and for some
reason Alice and Bob have not heard

458
00:31:30,169 --> 00:31:34,880
about TLS. Alice sends an HTTP
request to Bob. Bob is Yahoo.

459
00:31:34,880 --> 00:31:40,799
NSA loves Yahoo. And basically they
inject a packet which will get to Alice

460
00:31:40,799 --> 00:31:44,429
before Yahoo is able to respond, right?
And the thing is that if that was a

461
00:31:44,429 --> 00:31:48,960
TLS connection, the man-on-the-side
attack would not succeed.

462
00:31:48,960 --> 00:31:53,180
That’s really key. If they were using TLS,
the man-on-the-side attack could at best,

463
00:31:53,180 --> 00:31:56,330
as far as we understand it at the moment,
they could tear down the TLS session but

464
00:31:56,330 --> 00:31:59,659
they couldn’t actually actively inject.
So that’s a man-on-the-side attack.

465
00:31:59,659 --> 00:32:05,349
We can end that attack with TLS.
When we deploy TLS everywhere

466
00:32:05,349 --> 00:32:09,559
then we will end that kind of attack. So
there was a joke, you know, when you

467
00:32:09,559 --> 00:32:12,820
download .mp3s, you ride with communism
– from the ’90s, some of you may

468
00:32:12,820 --> 00:32:19,060
remember this. When you bareback with
the internet, you ride with the NSA.

469
00:32:19,060 --> 00:32:24,450
*applause*

470
00:32:24,450 --> 00:32:28,969
Or you’re getting a ride, going for
a ride. So the TAO infrastructure,

471
00:32:28,969 --> 00:32:33,449
Tailored Access and Operations. Some
of the FOXACID URLs are public.

472
00:32:33,449 --> 00:32:38,309
FOXACID is essentially like a watering
hole type of attack where you go to,

473
00:32:38,309 --> 00:32:43,759
you go to a URL. QUANTUMINSERT
puts like an iframe or puts some code

474
00:32:43,759 --> 00:32:46,729
in your web browser, which you then
execute, which then causes you to

475
00:32:46,729 --> 00:32:50,569
load resources. One of the resources that
you load while you’re loading CNN.com,

476
00:32:50,569 --> 00:32:55,180
for example, which is one of their
examples, they – you like that, by the way?

477
00:32:55,180 --> 00:32:59,050
So, you know, that’s an extremist site. So
*coughs*

478
00:32:59,050 --> 00:33:03,020
you might have heard about that. A lot of
Republicans in the United States read it.

479
00:33:03,020 --> 00:33:08,130
So – right before they wage
illegal imperialist wars. So,

480
00:33:08,130 --> 00:33:12,620
the point is that you go to a FOXACID
server and it basically does a survey

481
00:33:12,620 --> 00:33:17,899
of your box and decides if it can break
into it or not, and then it does.

482
00:33:17,899 --> 00:33:22,409
Yep, that’s basically it. And the FOXACID
URLs, a few of them are public.

483
00:33:22,409 --> 00:33:27,139
Some of the details about that have been
made public, about how the structure

484
00:33:27,139 --> 00:33:31,060
of the URLs are laid out and so on.
An important detail is that they pretend

485
00:33:31,060 --> 00:33:34,340
that they’re Apache, but they actually
do a really bad job. So they’re

486
00:33:34,340 --> 00:33:38,230
like Hacking Team, maybe it’s the same
guys, I doubt it though, the NSA wouldn’t

487
00:33:38,230 --> 00:33:43,790
slum with scumbags like that, but…
Basically you can tell, you can find them,

488
00:33:43,790 --> 00:33:47,610
because they aren’t really Apache servers.
They pretend to be, something else.

489
00:33:47,610 --> 00:33:51,020
The other thing is that none of their
infrastructure is in the United States.

490
00:33:51,020 --> 00:33:56,480
So, real quick anonymity question. You
have a set of things and you know that

491
00:33:56,480 --> 00:34:01,919
a particular attacker never comes from one
place. Every country on the planet

492
00:34:01,919 --> 00:34:06,439
potentially, but never one place. The
one place where most of the internet is.

493
00:34:06,439 --> 00:34:10,050
What does that tell you in terms of
anonymity? It tells you usually that

494
00:34:10,050 --> 00:34:14,960
they’re hiding something about that one
place. Maybe there’s a legal requirement

495
00:34:14,960 --> 00:34:19,020
for this. It’s not clear to me. But what
is totally clear to me is that if you see

496
00:34:19,020 --> 00:34:22,720
this type of infrastructure and it is not
in the United States, there is a chance,

497
00:34:22,720 --> 00:34:28,289
especially today, that it’s the NSA’s
Tailored Access and Operations division.

498
00:34:28,289 --> 00:34:34,490
And here’s an important point. When the
NSA can’t do it, they bring in GCHQ.

499
00:34:34,490 --> 00:34:38,820
So, for example, for targeting certain
Gmail selectors, they can’t do it.

500
00:34:38,820 --> 00:34:42,740
And in the documents we released today,
we show that they say: “If you have

501
00:34:42,740 --> 00:34:46,800
a partner agreement form and you need to
target, there are some additional selectors

502
00:34:46,800 --> 00:34:51,330
that become available should you
need them”. So when we have a limit

503
00:34:51,330 --> 00:34:54,640
of an intelligence agency in the United
States, or here in Germany or

504
00:34:54,640 --> 00:34:58,690
something like this, we have to recognize
that information is a currency

505
00:34:58,690 --> 00:35:03,380
in an unregulated market. And these
guys, they trade that information, and

506
00:35:03,380 --> 00:35:08,260
one of the ways they trade that is like
this. And they love Yahoo.

507
00:35:08,260 --> 00:35:15,470
So, little breather?

508
00:35:15,470 --> 00:35:18,630
It’s always good to make fun of
the GCHQ with Austin Powers!

509
00:35:18,630 --> 00:35:22,200
*laughter*
Okay. Another classified document here.

510
00:35:22,200 --> 00:35:27,310
That’s actual NSA OpenOffice or Powerpoint
clip art of their horrible headquarters

511
00:35:27,310 --> 00:35:31,440
that you see in every news story, I can’t
wait to see a different photo of the NSA

512
00:35:31,440 --> 00:35:38,470
someday. But you’ll notice right here they
explain how QUANTUM works. Now SSO is

513
00:35:38,470 --> 00:35:43,200
a Special Source Operations site. So
you’ve seen U.S. embassies? Usually

514
00:35:43,200 --> 00:35:46,430
the U.S. embassy has dielectric panels on
the roof, that’s what we showed in Berlin,

515
00:35:46,430 --> 00:35:51,870
it was called “DAS NEST” on the cover
of ‘Der Spiegel’. That’s an SSO site.

516
00:35:51,870 --> 00:35:55,900
So they see that this type of stuff is
taking place, they do an injection and

517
00:35:55,900 --> 00:36:01,650
they try to beat the Yahoo packet back.
Now another interesting point is

518
00:36:01,650 --> 00:36:07,820
that for the Yahoo packet to be beaten,
the NSA must impersonate Yahoo.

519
00:36:07,820 --> 00:36:11,230
This is a really important detail because
what it tells us is that they are

520
00:36:11,230 --> 00:36:16,300
essentially conscripting Yahoo and saying
that they are Yahoo. So they are

521
00:36:16,300 --> 00:36:20,960
impersonating a U.S. company
to a U.S. company user

522
00:36:20,960 --> 00:36:24,530
and they are not actually supposed
to be in this conversation at all.

523
00:36:24,530 --> 00:36:29,140
And when they do it, then they of course
– basically if you’re using Yahoo,

524
00:36:29,140 --> 00:36:32,620
you’re definitely going to get owned. So
– and I don’t just mean that in that

525
00:36:32,620 --> 00:36:37,270
Yahoo is vulnerable, they are, but
I mean people that use Yahoo tend to

526
00:36:37,270 --> 00:36:40,380
– maybe it’s a bad generalization,
but, you know – they’re not the most

527
00:36:40,380 --> 00:36:43,150
security-conscious people on the planet,
they don’t keep their computers up to date,

528
00:36:43,150 --> 00:36:47,220
I’m guessing, and that’s probably why
they love Yahoo so much. They also love

529
00:36:47,220 --> 00:36:51,340
CNN.com, which is some other… I don’t know
what that says, it’s like a sociological

530
00:36:51,340 --> 00:36:56,900
study of compromise. But that’s an
important detail. So the SSO site sniffs

531
00:36:56,900 --> 00:36:59,820
and then they do some injection, they
redirect you to FOXACID. That’s for

532
00:36:59,820 --> 00:37:04,261
web browser exploitation. They obviously
have other exploitation techniques.

533
00:37:04,261 --> 00:37:08,930
Okay. So now. We all know
that cellphones are vulnerable.

534
00:37:08,930 --> 00:37:13,530
Here’s an example. This is a base station

535
00:37:13,530 --> 00:37:17,790
that the NSA has that, I think it’s the
first time ever anyone’s ever revealed

536
00:37:17,790 --> 00:37:22,340
an NSA IMSI catcher. So, here it is.
Well, actually the second time, because

537
00:37:22,340 --> 00:37:25,320
‘Der Spiegel’ did it this morning.
But you know what I mean.

538
00:37:25,320 --> 00:37:30,300
*applause*

539
00:37:30,300 --> 00:37:35,060
So they call it ‘Find, Fix and
Finish targeted handset users’.

540
00:37:35,060 --> 00:37:38,940
Now it’s really important to understand
when they say “targeting” you would think

541
00:37:38,940 --> 00:37:43,370
‘massive collection’, right? Because what
are they doing? They’re pretending to be

542
00:37:43,370 --> 00:37:48,540
a base station. They want to overpower.
They want to basically be the phone

543
00:37:48,540 --> 00:37:51,630
that you connect to… or the phone system
that you connect to. And that means

544
00:37:51,630 --> 00:37:54,740
lots of people are going to connect
potentially. So it’s not just one

545
00:37:54,740 --> 00:37:59,430
targeted user. So hopefully they have it
set up so that if you need to dial 911,

546
00:37:59,430 --> 00:38:02,990
or here in Europe 112 – you know,
by the way, if you ever want to find

547
00:38:02,990 --> 00:38:05,740
one of these things try to call different
emergency numbers and note which ones

548
00:38:05,740 --> 00:38:09,960
route where. Just as a little detail.
Also note that sometimes if you go

549
00:38:09,960 --> 00:38:14,420
to the Ecuadorian embassy you will receive
a welcome message from Uganda Telecom.

550
00:38:14,420 --> 00:38:18,670
Because the British when they deployed
the IMSI catcher against Julian Assange

551
00:38:18,670 --> 00:38:23,150
at the Ecuadorian embassy made the mistake
of not reconfiguring the spy gear they [had]

552
00:38:23,150 --> 00:38:27,390
deployed in Uganda [before]
when they deployed in London.

553
00:38:27,390 --> 00:38:33,330
*applause*

554
00:38:33,330 --> 00:38:38,420
And this can be yours
for only US$ 175.800.

555
00:38:38,420 --> 00:38:43,120
And this covers GSM and PCS and
DCS and a bunch of other stuff.

556
00:38:43,120 --> 00:38:46,870
So basically if you use a cell phone
– forget it. It doesn’t matter

557
00:38:46,870 --> 00:38:50,520
what you’re doing. The exception may
be Cryptophone and Redphone. In fact

558
00:38:50,520 --> 00:38:54,660
I’d like to just give a shoutout to the
people who work on free software, and

559
00:38:54,660 --> 00:38:57,640
software which is actually secure. Like
Moxie Marlinspike – I’m so sorry I mention

560
00:38:57,640 --> 00:39:02,300
your name in my talk, but don’t worry,
your silence won’t protect you!

561
00:39:02,300 --> 00:39:05,160
I think it’s really important to know
Moxie is one of the very few people

562
00:39:05,160 --> 00:39:08,270
in the world who builds technologies that
is both free and open source, and

563
00:39:08,270 --> 00:39:12,940
as far as I can tell he refuses to do
anything awful. No backdoors or anything.

564
00:39:12,940 --> 00:39:18,170
And from what I can tell this proves
that we need things like that.

565
00:39:18,170 --> 00:39:22,000
This is absolutely necessary because they
replace the infrastructure we connect to.

566
00:39:22,000 --> 00:39:25,920
It’s like replacing the road that we would
walk on, and adding tons of spy gear.

567
00:39:25,920 --> 00:39:30,250
And they do that too,
we’ll get to that. Okay.

568
00:39:30,250 --> 00:39:33,601
So I’m gonna go a little quick through
these because I think it’s better that you

569
00:39:33,601 --> 00:39:36,600
go online and you adjust. And I wanna
have a little bit of time for questions.

570
00:39:36,600 --> 00:39:41,290
But basically here’s an example of how
even if you disable a thing the thing is

571
00:39:41,290 --> 00:39:45,480
not really disabled. So if you have a WiFi
card in your computer the SOMBERKNAVE

572
00:39:45,480 --> 00:39:51,080
program, which is another classified
document here, they basically repurpose

573
00:39:51,080 --> 00:39:55,060
your WiFi gear. They say: “You’re not
using that WiFi card? We’re gonna scan

574
00:39:55,060 --> 00:39:58,350
for WiFi nearby, we’re gonna exfiltrate
data by finding an open WiFi network

575
00:39:58,350 --> 00:40:01,310
and we’re gonna jump on it”. So
they’re actually using other people’s

576
00:40:01,310 --> 00:40:05,480
wireless networks in addition to having
this stuff in your computer. And this is

577
00:40:05,480 --> 00:40:11,030
one of the ways they beat a so-called
air-gapped target computer.

578
00:40:11,030 --> 00:40:14,400
Okay, so here’s some of the software
implants. Now we’re gonna name a bunch

579
00:40:14,400 --> 00:40:18,800
of companies because – fuck those guys
basically, for collaborating when they do,

580
00:40:18,800 --> 00:40:22,540
and fuck them for leaving us
vulnerable when they do.

581
00:40:22,540 --> 00:40:26,030
*applause*

582
00:40:26,030 --> 00:40:29,930
And I mean that in the most loving way
because some of them are victims, actually.

583
00:40:29,930 --> 00:40:33,400
It’s important to note that we don’t
yet understand which is which.

584
00:40:33,400 --> 00:40:36,930
So it’s important to name them, so that
they have to go on record, and so that

585
00:40:36,930 --> 00:40:40,310
they can say where they are, and so
that they can give us enough rope

586
00:40:40,310 --> 00:40:44,370
to hang themselves. I really want that to
happen because I think it’s important

587
00:40:44,370 --> 00:40:47,820
to find out who collaborated and who
didn’t collaborate. In order to have truth

588
00:40:47,820 --> 00:40:51,840
and reconciliation we need to start with
a little of truth. So STUCCOMONTANA

589
00:40:51,840 --> 00:40:55,660
is basically BadBIOS if you guys have
heard about that. I feel very bad

590
00:40:55,660 --> 00:40:59,070
for Dragos, he doesn’t really talk to me
right now. I think he might be kinda mad.

591
00:40:59,070 --> 00:41:04,880
But after I was detained – by the
US Army on US soil, I might add –

592
00:41:04,880 --> 00:41:08,490
they took a phone from me. Now it
shouldn’t matter but it did. They also

593
00:41:08,490 --> 00:41:11,420
I think went after all my phone records so
they didn’t need to take the phone. But

594
00:41:11,420 --> 00:41:14,170
for good measure, they just wanted
to try to intimidate me which is exactly

595
00:41:14,170 --> 00:41:19,710
the wrong thing to do to me. But as he
told the story after that happened

596
00:41:19,710 --> 00:41:23,180
all of his computers including his Xbox
were compromised. And he says

597
00:41:23,180 --> 00:41:27,870
even to this day that some of those things
persist. And he talks about the BIOS.

598
00:41:27,870 --> 00:41:32,990
Here’s a document that shows clearly
that they actually re-flash the BIOS

599
00:41:32,990 --> 00:41:37,410
and they also have other techniques
including System Management Mode

600
00:41:37,410 --> 00:41:42,260
related rootkits and that they have
persistence inside of the BIOS.

601
00:41:42,260 --> 00:41:46,380
It’s an incredibly important point. This
is evidence that the thing that Dragos

602
00:41:46,380 --> 00:41:50,150
talked about, maybe he doesn’t
have it, but it really does exist.

603
00:41:50,150 --> 00:41:54,990
Now the question is how would he find it?
We don’t have the forensics tools yet.

604
00:41:54,990 --> 00:41:58,420
We don’t really have the capabilities
widely deployed in the community

605
00:41:58,420 --> 00:42:02,230
to be able to know that, and to be
able to find it. Here’s another one.

606
00:42:02,230 --> 00:42:06,740
This one’s called SWAP. In this case it
replaces the Host Protected Area

607
00:42:06,740 --> 00:42:11,580
of the hard drive, and you can see a
little graph where there’s target systems,

608
00:42:11,580 --> 00:42:14,860
you see the internet, Interactive OPS, so
they’ve got like a guy who is hacking you

609
00:42:14,860 --> 00:42:19,350
in real time, the People’s
Liberation Army… uh, NSA! And…

610
00:42:19,350 --> 00:42:22,370
*laughter*
And you can see all of these different

611
00:42:22,370 --> 00:42:25,190
things about it. Each one of these things,
including SNEAKERNET, these are

612
00:42:25,190 --> 00:42:29,520
different programs, most of which we
revealed today in ‘Der Spiegel’.

613
00:42:29,520 --> 00:42:32,880
But you’ll notice that it’s Windows,
Linux, FreeBSD and Solaris.

614
00:42:32,880 --> 00:42:38,250
How many Al Qaeda people
use Solaris, do you suppose?

615
00:42:38,250 --> 00:42:42,390
This tells you a really important point.
They are interested in compromising

616
00:42:42,390 --> 00:42:46,960
the infrastructure of systems,
not just individual people.

617
00:42:46,960 --> 00:42:50,460
They want to take control and
literally colonize those systems

618
00:42:50,460 --> 00:42:55,490
with these implants. And that’s not part
of the discussion. People are not talking

619
00:42:55,490 --> 00:42:59,880
about that because they don’t know about
that yet. But they should. Because

620
00:42:59,880 --> 00:43:03,500
in addition to the fact that Sun is a U.S.
company which they are building

621
00:43:03,500 --> 00:43:07,710
capabilities against – that to me, really,
it really bothers me; I can’t tell you

622
00:43:07,710 --> 00:43:10,700
how much that bothers me – we also
see that they’re attacking Microsoft,

623
00:43:10,700 --> 00:43:13,670
another U.S. company, and Linux and
FreeBSD, where there are a lot of people

624
00:43:13,670 --> 00:43:15,900
that are building it from all around the
world. So they’re attacking not only

625
00:43:15,900 --> 00:43:19,260
collective efforts and corporate
efforts, but basically every option

626
00:43:19,260 --> 00:43:24,660
you possibly can, from end users
down to telecom core things.

627
00:43:24,660 --> 00:43:28,830
Here’s another one, DEITYBOUNCE.
This is for Dell,

628
00:43:28,830 --> 00:43:33,840
so Dell PowerEdge 1850,
2850, 1950, 2950…

629
00:43:33,840 --> 00:43:37,910
RAID servers using any of the
following BIOS versions. Right?

630
00:43:37,910 --> 00:43:41,950
So just in case you’re wondering, hey
Dell, why is that? Curious about that.

631
00:43:41,950 --> 00:43:45,810
Love to hear your statements about it.
So if you write YARA sigs [signatures]

632
00:43:45,810 --> 00:43:49,930
and you’re interested in looking
for NSA malware, look for things

633
00:43:49,930 --> 00:43:55,080
that use RC6, so look for the constants
that you might find in RC6.

634
00:43:55,080 --> 00:43:59,650
And when they run, if they emit UDP
traffic – we’ve actually seen a sample

635
00:43:59,650 --> 00:44:03,620
of this but we were not able
to capture it, sadly, but

636
00:44:03,620 --> 00:44:07,750
emitting UDP traffic that is encrypted.
You know, people that I’ve worked with

637
00:44:07,750 --> 00:44:10,830
on things related to this, they’ve even,
they’ve had their house black bagged.

638
00:44:10,830 --> 00:44:13,640
They’ve had pretty bad stuff happen
to them. That’s their story to tell.

639
00:44:13,640 --> 00:44:19,170
But one of the interesting details is
that after those events occurred,

640
00:44:19,170 --> 00:44:23,630
these types of things were seen. Ben
has a really bad idea for those guys,

641
00:44:23,630 --> 00:44:27,310
I might add, because I wouldn’t have put
this slide in if that had not occurred.

642
00:44:27,310 --> 00:44:29,880
But if you want to look for it, you’ll
find it. I know some people that have

643
00:44:29,880 --> 00:44:33,860
looked with YARA sigs and they have
in fact found things related to this,

644
00:44:33,860 --> 00:44:37,000
so I suspect a lot of malware researchers
in the near future are going to have

645
00:44:37,000 --> 00:44:40,970
a lot of stuff to say about this
particular slide. I’ll leave that to them.

646
00:44:40,970 --> 00:44:44,910
I think it’s very important to go looking
for these things, especially to find out

647
00:44:44,910 --> 00:44:49,850
who is victimized by them. Here’s an
iPhone back door.

648
00:44:49,850 --> 00:44:56,330
So DROPOUTJEEP, so
you can see it right there.

649
00:44:56,330 --> 00:45:01,420
So, SMS, contact list retrieval,
voicemail, hot microphone,

650
00:45:01,420 --> 00:45:06,850
camera capture, cell tower location. Cool.
Do you think Apple helped them with that?

651
00:45:06,850 --> 00:45:10,140
I don’t know. I hope Apple will clarify
that. I think it’s really important

652
00:45:10,140 --> 00:45:14,070
that Apple doesn’t. Here’s
a problem. I don’t really believe

653
00:45:14,070 --> 00:45:18,290
that Apple didn’t help them. I can’t
prove it yet, but they literally claim

654
00:45:18,290 --> 00:45:24,420
that any time they target an iOS device,
that it will succeed for implantation.

655
00:45:24,420 --> 00:45:28,620
Either they have a huge collection of
exploits that work against Apple products,

656
00:45:28,620 --> 00:45:31,730
meaning that they are hoarding
information about critical systems that

657
00:45:31,730 --> 00:45:35,430
American companies produce
and sabotaging them,

658
00:45:35,430 --> 00:45:40,080
or Apple sabotaged it themselves.
Not sure which one it is!

659
00:45:40,080 --> 00:45:43,180
I’d like to believe that since Apple
didn’t join the PRISM program until

660
00:45:43,180 --> 00:45:49,580
after Steve Jobs died that maybe it’s
just that they write shitty software.

661
00:45:49,580 --> 00:45:52,960
We know that’s true!
*laughter*

662
00:45:52,960 --> 00:45:58,040
*applause*

663
00:45:58,040 --> 00:46:02,320
Here’s a HVT, high-value target.
This is a high-value target

664
00:46:02,320 --> 00:46:05,770
being targeted with a back door for
Windows CE Thuraya phones.

665
00:46:05,770 --> 00:46:11,290
So if you have a Thuraya phone and you’re
wondering if it was secure – yeah maybe.

666
00:46:11,290 --> 00:46:15,220
Good luck! Here’s one where they
replaced the hard drive firmware.

667
00:46:15,220 --> 00:46:19,340
There was a talk at OHM this year
[OHM2013] where a guy talked about

668
00:46:19,340 --> 00:46:22,960
replacing hard drive firmware.
You were onto something.

669
00:46:22,960 --> 00:46:25,850
You were really onto something. Whoever
you are, you were onto something.

670
00:46:25,850 --> 00:46:29,540
Because the NSA has a program here,
IRATEMONK, and that’s exactly

671
00:46:29,540 --> 00:46:32,600
what they do. They replace the firmware
in the hard drive, so it doesn’t matter

672
00:46:32,600 --> 00:46:37,160
if you reformat the hard drive, you’re
done. The firmware itself can do

673
00:46:37,160 --> 00:46:42,320
a whole bunch of stuff. So. Here are
the names of the hard drive companies

674
00:46:42,320 --> 00:46:47,480
were it works: Western Digital, Seagate,
Maxtor and Samsung, and of course

675
00:46:47,480 --> 00:46:52,380
they support FAT, NTFS, EXT3 and UFS.
They probably now have support for

676
00:46:52,380 --> 00:46:56,490
additional file systems, but this is
what we can prove. Please note

677
00:46:56,490 --> 00:47:00,770
at the bottom left and the bottom right:
“Status: Released and Deployed.

678
00:47:00,770 --> 00:47:06,000
Ready for Immediate Delivery”.
And: “Unit Cost: $0”.

679
00:47:06,000 --> 00:47:11,550
It’s free! No, you can’t get it.
It’s not free as in free software.

680
00:47:11,550 --> 00:47:15,270
It’s free as in “You’re owned!”.
*laughter*

681
00:47:15,270 --> 00:47:19,580
*applause*

682
00:47:19,580 --> 00:47:22,930
I want to give a shoutout to Karsten Nohl
and Luca [Luca Melette] for their

683
00:47:22,930 --> 00:47:26,460
incredible talk where they showed this
exact attack without knowing that

684
00:47:26,460 --> 00:47:30,940
they had found it. Right?
They say – yeah, absolutely.

685
00:47:30,940 --> 00:47:35,230
*applause*

686
00:47:35,230 --> 00:47:39,300
Important point. The NSA says that when
they know about these things, that

687
00:47:39,300 --> 00:47:42,350
nobody will come to harm, no one will be
able to find them, they’ll never be able

688
00:47:42,350 --> 00:47:47,180
to be exploited by another third party.
Karsten found this exact vulnerability.

689
00:47:47,180 --> 00:47:51,930
They were able to install a Java applet on
the SIM card without user interaction,

690
00:47:51,930 --> 00:47:55,170
and it was based on the service provider’s
security configuration, which is exactly

691
00:47:55,170 --> 00:47:58,740
what the NSA says here, and they talk
about attacking the same toolkit

692
00:47:58,740 --> 00:48:02,760
inside of the phone; and Karsten
found the same vulnerability

693
00:48:02,760 --> 00:48:07,140
and attacked it in the wild. This
is perfect evidence, not only of

694
00:48:07,140 --> 00:48:10,960
how badass Karsten and Luca are
– they are, no question – but also about

695
00:48:10,960 --> 00:48:16,210
how wrong the NSA is with this balance.
Because for every Karsten and Luca, there

696
00:48:16,210 --> 00:48:21,420
are hundreds of people who are paid to do
this full-time and never tell us about it.

697
00:48:21,420 --> 00:48:29,000
*applause*

698
00:48:29,000 --> 00:48:32,760
Important detail. Do you see that
‘interdiction’ phrase right there?

699
00:48:32,760 --> 00:48:35,770
“Through remote access” – in other
words, we broke into your computer –

700
00:48:35,770 --> 00:48:40,420
“or interdiction” – in other words,
we stole your fucking mail. Now.

701
00:48:40,420 --> 00:48:43,471
This is a really important point. We
all have heard about these paranoid

702
00:48:43,471 --> 00:48:46,380
crazy people talking about people breaking
into their houses – that’s happened to me

703
00:48:46,380 --> 00:48:49,700
a number of times – motherfuckers,
getting you back – it’s really important

704
00:48:49,700 --> 00:48:53,460
to understand this process is
one that threatens all of us.

705
00:48:53,460 --> 00:48:59,170
The sanctity of the postal system
has been violated. I mean – whoa!

706
00:48:59,170 --> 00:49:02,340
God, it makes me so angry, you know?
You can’t even send a letter without

707
00:49:02,340 --> 00:49:05,940
being spied on, but even worse that they
tamper with it! It’s not enough that

708
00:49:05,940 --> 00:49:10,510
the U.S. Postal Service records all
of this information and keeps it

709
00:49:10,510 --> 00:49:13,640
– that’s not enough. They also have to
tamper with the packages! So every time

710
00:49:13,640 --> 00:49:18,050
you buy from Amazon, for example, every
time you buy anything on the internet,

711
00:49:18,050 --> 00:49:22,230
there is the possibility that they will
actually take your package and change it.

712
00:49:22,230 --> 00:49:25,340
One of the ways that I’ve heard that they
change it is that they will actually

713
00:49:25,340 --> 00:49:29,800
take the case of your computer and they
will injection mold a hardware back door

714
00:49:29,800 --> 00:49:33,680
into the case of the computer.
So that even if you were to look

715
00:49:33,680 --> 00:49:37,350
at the motherboard or have it serviced,
you would not see this. It merely

716
00:49:37,350 --> 00:49:42,120
just needs to be in the proximity
of the motherboard. So.

717
00:49:42,120 --> 00:49:46,920
Let’s talk about hardware implants
that they will put into your devices.

718
00:49:46,920 --> 00:49:52,160
Here’s one. This is called BULLDOZER.
It’s a PCI bus hardware implant.

719
00:49:52,160 --> 00:49:55,740
Pretty scary, doesn’t look so great,
but let’s go on a little bit. Okay?

720
00:49:55,740 --> 00:49:59,180
Here’s one where they actually exploit
the BIOS and System Management Mode.

721
00:49:59,180 --> 00:50:02,480
There’s a big graph that shows all of
these various different interconnections,

722
00:50:02,480 --> 00:50:06,360
which is important. Then they talk about
the long-range comms, INMARSAT, VSAT,

723
00:50:06,360 --> 00:50:10,430
NSA MEANS and Future Capabilities. I think
NSA MEANS exists. Future Capabilities

724
00:50:10,430 --> 00:50:14,860
seems self-explanatory. “This
hardware implant provides

725
00:50:14,860 --> 00:50:19,860
2-way RF communication.” Interesting.
So you disable all the wireless cards,

726
00:50:19,860 --> 00:50:23,420
whatever you need. There you go.
They just added a new one in there and

727
00:50:23,420 --> 00:50:27,910
you don’t even know. Your system has no
clue about it. Here’s a hardware back door

728
00:50:27,910 --> 00:50:31,800
which uses the I2C interface, because
no one in the history of time

729
00:50:31,800 --> 00:50:35,160
other than the NSA probably has ever
used it. That’s good to know that finally

730
00:50:35,160 --> 00:50:40,690
someone uses I2C for something
– okay, other than fan control. But,

731
00:50:40,690 --> 00:50:43,890
look at that! It’s another American
company that they are sabotaging.

732
00:50:43,890 --> 00:50:48,210
They understand that HP’s servers
are vulnerable, and they decided,

733
00:50:48,210 --> 00:50:52,960
instead of explaining that this is
a problem, they exploit it. And IRONCHEF,

734
00:50:52,960 --> 00:50:56,800
through interdiction, is one of
the ways that they will do that.

735
00:50:56,800 --> 00:51:01,810
So I wanna really harp on this. Now it’s
not that I think European companies

736
00:51:01,810 --> 00:51:06,950
are worth less. I suspect especially
after this talk that won’t be true,

737
00:51:06,950 --> 00:51:10,480
in the literal stock sense, but I don’t
know. I think it’s really important

738
00:51:10,480 --> 00:51:13,700
to understand that they are sabotaging
American companies because of the

739
00:51:13,700 --> 00:51:17,950
so-called home-field advantage. The
problem is that as an American who writes

740
00:51:17,950 --> 00:51:22,430
software, who wants to build hardware
devices, this really chills my expression

741
00:51:22,430 --> 00:51:25,490
and it also gives me a problem, which
is that people say: “Why would I use

742
00:51:25,490 --> 00:51:29,840
what you’re doing? You know,
what about the NSA?”

743
00:51:29,840 --> 00:51:35,000
Man, that really bothers me.
I don’t deserve the Huawei taint,

744
00:51:35,000 --> 00:51:39,260
and the NSA gives it. And President
Obama’s own advisory board

745
00:51:39,260 --> 00:51:43,550
that was convened to understand the scope
of these things has even agreed with me

746
00:51:43,550 --> 00:51:47,820
about this point, that this should not be
taking place, that hoarding of zero-day

747
00:51:47,820 --> 00:51:52,640
exploits cannot simply happen without
thought processes that are reasonable

748
00:51:52,640 --> 00:51:58,070
and rational and have an economic and
social valuing where we really think about

749
00:51:58,070 --> 00:52:03,010
the broad-scale impact. Now.
I’m gonna go on to a little bit more.

750
00:52:03,010 --> 00:52:07,230
Here’s where they attack SIM cards. This
is MONKEYCALENDAR. So it’s actually

751
00:52:07,230 --> 00:52:11,670
the flow chart of how this would work.
So in other words, they told you all of

752
00:52:11,670 --> 00:52:16,690
the ways in which you should be certainly,
you know, looking at this. So if you ever

753
00:52:16,690 --> 00:52:22,090
see your handset emitting encrypted SMS
that isn’t Textsecure, you now have

754
00:52:22,090 --> 00:52:27,350
a pretty good idea that it might be this.
Here’s another example. If you have

755
00:52:27,350 --> 00:52:33,830
a computer in front of you… I highly
encourage you to buy the Samsung SGH-X480C

756
00:52:33,830 --> 00:52:38,740
– that’s the preferred phone of the NSA
for attacking another person’s phone.

757
00:52:38,740 --> 00:52:43,000
I’m not exactly sure why, but an important
point is, they add the back door, then

758
00:52:43,000 --> 00:52:47,830
they send an SMS from a regular phone
– what does that tell you? What does that

759
00:52:47,830 --> 00:52:51,670
tell you about the exploitation process?
It tells you that it’s actually something

760
00:52:51,670 --> 00:52:55,060
which is pretty straightforward,
pretty easy to do, doesn’t require

761
00:52:55,060 --> 00:52:59,220
specialized access to the telecoms once
they’ve gotten your phone compromised.

762
00:52:59,220 --> 00:53:02,730
That to me suggests that other people
might find it, other people might use

763
00:53:02,730 --> 00:53:06,680
these techniques. Okay, here’s a USB
hardware implant called COTTONMOUTH.

764
00:53:06,680 --> 00:53:10,910
We released this in ‘Spiegel’ today as
well. See the little red parts. It will

765
00:53:10,910 --> 00:53:14,100
provide a wireless bridge onto the
target network with the ability to load

766
00:53:14,100 --> 00:53:18,640
exploit software. Here’s a little bit of
extra details about that. It actually

767
00:53:18,640 --> 00:53:23,240
shows the graph at the bottom, how they do
this, how they get around, how they beat

768
00:53:23,240 --> 00:53:27,370
the air gap with these things. And they
talk a bit about being GENIE compliant.

769
00:53:27,370 --> 00:53:31,790
So GENIE, and for the rest of these
programs, these are – like DROPOUTJEEP

770
00:53:31,790 --> 00:53:35,530
is part of the CHIMNEYPOOL programs,
and COTTONMOUTH is part of the rest of

771
00:53:35,530 --> 00:53:41,130
these programs over here. These are huge
programs where they’re trying to beat

772
00:53:41,130 --> 00:53:45,240
a whole bunch of different adversaries,
and different capabilities are required.

773
00:53:45,240 --> 00:53:48,820
And this is one of the probably I think
more interesting ones, but here’s

774
00:53:48,820 --> 00:53:53,460
the next revision of it where it’s in a
USB plug, not actually in the cable.

775
00:53:53,460 --> 00:53:58,120
And look, 50 units for US$ 200,000.
It’s really cheap.

776
00:53:58,120 --> 00:54:03,920
You like my editorializing there, I hope?
So, $200,000, okay.

777
00:54:03,920 --> 00:54:08,740
And here’s where you look for it. If you
happen to have an x-ray machine,

778
00:54:08,740 --> 00:54:14,450
look for an extra chip. And that’s
a HOWLERMONKEY radiofrequency transmitter.

779
00:54:14,450 --> 00:54:18,750
Well what’s a HOWLERMONKEY? We’ll
talk about that in a second, but basically

780
00:54:18,750 --> 00:54:23,730
this is for ethernet, here. This is the
FIREWALK. It can actually do injection

781
00:54:23,730 --> 00:54:27,370
bidirectionally on the ethernet controller
into the network that it’s sitting on.

782
00:54:27,370 --> 00:54:30,270
So it doesn’t even have to do things
directly to the computer. It can actually

783
00:54:30,270 --> 00:54:33,800
inject packets directly into the network,
according to the specification sheet,

784
00:54:33,800 --> 00:54:39,400
which we released today on
Der Spiegel’s website. As it says,

785
00:54:39,400 --> 00:54:43,510
‘active injection of ethernet packets onto
the target network’. Here’s another one

786
00:54:43,510 --> 00:54:50,020
from Dell with an actual FLUXBABBITT
hardware implant for the PowerEdge 2950.

787
00:54:50,020 --> 00:54:55,360
This uses the JTAG debugging interface
of the server. Why did Dell leave

788
00:54:55,360 --> 00:55:00,080
a JTAG debugging interface on these
servers? Interesting, right? Because,

789
00:55:00,080 --> 00:55:04,060
it’s like leaving a vulnerability in. Is
that a bug door or a back door or

790
00:55:04,060 --> 00:55:09,380
just a mistake? Well hopefully they will
change these things or at least make it so

791
00:55:09,380 --> 00:55:12,730
that if you were to see this you would
know that you had some problems.

792
00:55:12,730 --> 00:55:15,970
Hopefully Dell will release some
information about how to mitigate

793
00:55:15,970 --> 00:55:19,640
this advanced persistent threat. Right?
Everything that the U.S. Government

794
00:55:19,640 --> 00:55:25,190
accuse the Chinese of doing – which they
are also doing, I believe – we are learning

795
00:55:25,190 --> 00:55:30,580
that the U.S. Government has been doing to
American companies. That to me is really

796
00:55:30,580 --> 00:55:34,600
concerning, and we’ve had no public debate
about these issues, and in many cases

797
00:55:34,600 --> 00:55:38,530
all the technical details are obfuscated
away and they are just completely

798
00:55:38,530 --> 00:55:43,280
outside of the purview of discussions. In
this case we learn more about Dell, and

799
00:55:43,280 --> 00:55:47,330
which models. And here’s the HOWLERMONKEY.
These are actually photographs

800
00:55:47,330 --> 00:55:52,620
of the NSA implanted chips that they
have when they steal your mail.

801
00:55:52,620 --> 00:55:55,590
So after they steal your mail they put
a chip like this into your computer.

802
00:55:55,590 --> 00:56:00,190
So the one, the FIREWALK
one is the ethernet one, and

803
00:56:00,190 --> 00:56:05,170
that’s an important one. You probably will
notice that these look pretty simple,

804
00:56:05,170 --> 00:56:09,850
common off-the-shelf parts. So.

805
00:56:09,850 --> 00:56:15,650
Whew! All right. Who here
is surprised by any of this?

806
00:56:15,650 --> 00:56:20,881
*waits for audience reaction*
I’m really, really, really glad to see

807
00:56:20,881 --> 00:56:24,640
that you’re not all cynical fuckers and
that someone here would admit

808
00:56:24,640 --> 00:56:29,710
that they were surprised. Okay, who
here is not surprised? *waits*

809
00:56:29,710 --> 00:56:34,510
I’m going to blow your fucking mind!
*laughter*

810
00:56:34,510 --> 00:56:39,240
Okay. We all know about TEMPEST,
right? Where the NSA pulls data

811
00:56:39,240 --> 00:56:42,240
out of your computer, irradiate stuff
and then grab it, right? Everybody

812
00:56:42,240 --> 00:56:44,251
who raised their hand and said they’re
not surprised, you already knew

813
00:56:44,251 --> 00:56:49,370
about TEMPEST, right?
Right? Okay. Well.

814
00:56:49,370 --> 00:56:53,460
What if I told you that the NSA had
a specialized technology for beaming

815
00:56:53,460 --> 00:56:57,550
energy into you and to the computer
systems around you, would you believe

816
00:56:57,550 --> 00:57:01,000
that that was real or would that be
paranoid speculation of a crazy person?

817
00:57:01,000 --> 00:57:05,000
*laughter*
Anybody? You cynical guys

818
00:57:05,000 --> 00:57:08,090
holding up your hand saying that you’re
not surprised by anything, raise your hand

819
00:57:08,090 --> 00:57:12,100
if you would be unsurprised by that.
*laughter*

820
00:57:12,100 --> 00:57:16,770
Good. And it’s not the same number.
It’s significantly lower. It’s one person.

821
00:57:16,770 --> 00:57:23,710
Great. Here’s what they do with those
types of things. That exists, by the way.

822
00:57:23,710 --> 00:57:29,910
When I told Julian Assange about this, he
said: “Hmm. I bet the people who were

823
00:57:29,910 --> 00:57:33,890
around Hugo Chavez are going to wonder
what caused his cancer.” And I said:

824
00:57:33,890 --> 00:57:37,490
“You know, I hadn’t considered that. But,
you know, I haven’t found any data

825
00:57:37,490 --> 00:57:42,640
about human safety about these tools.
Has the NSA performed tests where they

826
00:57:42,640 --> 00:57:48,070
actually show that radiating people
with 1 kW of RF energy

827
00:57:48,070 --> 00:57:51,360
at short range is safe?”
*laughter*

828
00:57:51,360 --> 00:57:56,450
My God! No, you guys think I’m
joking, right? Well, yeah, here it is.

829
00:57:56,450 --> 00:58:00,720
This is a continuous wave generator,
a continuous wave radar unit.

830
00:58:00,720 --> 00:58:05,250
You can detect its use because it’s
used between 1 and 2 GHz and

831
00:58:05,250 --> 00:58:09,630
its bandwidth is up to 45 MHz,
user adjustable, 2 watts

832
00:58:09,630 --> 00:58:12,790
using an internal amplifier. External
amplifier makes it possible to go

833
00:58:12,790 --> 00:58:19,230
up to 1 kilowatt.

834
00:58:19,230 --> 00:58:25,210
I’m just gonna let you take that
in for a moment. *clears throat*

835
00:58:25,210 --> 00:58:31,840
Who’s crazy now?
*laughter*

836
00:58:31,840 --> 00:58:35,010
Now, I’m being told I only have one
minute, so I’m going to have to go

837
00:58:35,010 --> 00:58:39,480
a little bit quicker. I’m sorry. Here’s
why they do it. This is an implant

838
00:58:39,480 --> 00:58:43,950
called RAGEMASTER. It’s part of the
ANGRYNEIGHBOR family of tools,

839
00:58:43,950 --> 00:58:47,340
*laughter*
where they have a small device that they

840
00:58:47,340 --> 00:58:52,490
put in line with the cable in your monitor
and then they use this radar system

841
00:58:52,490 --> 00:58:57,070
to bounce a signal – this is not unlike
the Great Seal bug that [Leon] Theremin

842
00:58:57,070 --> 00:59:01,060
designed for the KGB. So it’s good to
know we’ve finally caught up with the KGB,

843
00:59:01,060 --> 00:59:06,540
but now with computers. They
send the microwave transmission,

844
00:59:06,540 --> 00:59:10,700
the continuous wave, it reflects off of
this chip and then they use this device

845
00:59:10,700 --> 00:59:15,320
to see your monitor.

846
00:59:15,320 --> 00:59:20,780
Yep. So there’s the full life cycle.
First they radiate you,

847
00:59:20,780 --> 00:59:24,500
then you die from cancer,
then you… win? Okay, so,

848
00:59:24,500 --> 00:59:30,080
here’s the same thing, but this time for
keyboards, USB and PS/2 keyboards.

849
00:59:30,080 --> 00:59:34,560
So the idea is that it’s a data
retro-reflector. Here’s another thing,

850
00:59:34,560 --> 00:59:38,200
but this one, the TAWDRYYARD program, is
a little bit different. It’s a beacon, so

851
00:59:38,200 --> 00:59:44,390
this is where probably then
they kill you with a drone.

852
00:59:44,390 --> 00:59:48,910
That’s pretty scary stuff. They also have
this for microphones to gather room bugs

853
00:59:48,910 --> 00:59:52,610
for room audio. Notice the bottom. It says
all components are common off the shelf

854
00:59:52,610 --> 00:59:57,140
and are so non-attributable to the NSA.
Unless you have this photograph

855
00:59:57,140 --> 01:00:01,700
and the product sheet. Happy hunting!

856
01:00:01,700 --> 01:00:07,950
*applause*

857
01:00:07,950 --> 01:00:12,380
And just to give you another idea, this is
a device they use to be able to actively

858
01:00:12,380 --> 01:00:15,990
hunt people down. This is a hunting
device, right? Handheld finishing tool

859
01:00:15,990 --> 01:00:22,910
used for geolocation targeting
handsets in the field. So!

860
01:00:22,910 --> 01:00:28,860
Who was not surprised by this? I’m so
glad to have finally reached the point

861
01:00:28,860 --> 01:00:33,240
where no one raised their hand except
that one guy who I think misheard me.

862
01:00:33,240 --> 01:00:38,300
*laughter*
Or you’re brilliant. And

863
01:00:38,300 --> 01:00:41,040
please stay in our community
and work on open research!

864
01:00:41,040 --> 01:00:42,750
*somebody off mike shouts:*
Audience: Maybe he can add something!

865
01:00:42,750 --> 01:00:47,310
Yeah! And if you work for the NSA,
I’d just like to encourage you

866
01:00:47,310 --> 01:00:51,690
to leak more documents!
*laughter*

867
01:00:51,690 --> 01:00:58,202
*applause, cheers*

868
01:00:58,202 --> 01:01:04,737
*applause*

869
01:01:04,737 --> 01:01:11,588
*applause*

870
01:01:11,588 --> 01:01:18,488
*applause, cheers, whistles*

871
01:01:18,488 --> 01:01:25,258
*applause, cheers, whistles, ovation*

872
01:01:25,258 --> 01:01:31,988
*applause, ovation*

873
01:01:31,988 --> 01:01:38,748
*applause, cheers, ovation*

874
01:01:38,748 --> 01:01:45,698
*applause, ovation*

875
01:01:45,698 --> 01:01:48,820
Herald: Thank you very much, Jake.

876
01:01:48,820 --> 01:01:52,760
Thank you. I’m afraid we ran
all out of time for the Q&A.

877
01:01:52,760 --> 01:01:55,570
I’m very sorry for anyone
who wanted to ask questions.

878
01:01:55,570 --> 01:01:58,400
Jacob: But we do have a press conference.
Well, if you guys… you know,

879
01:01:58,400 --> 01:02:01,310
I’d say: “occupy the room for another
5 minutes”, or… know that there’s

880
01:02:01,310 --> 01:02:04,220
a press conference room that will be
opened up, where we can all ask

881
01:02:04,220 --> 01:02:07,260
as many questions as we want,
in 30 minutes, if you’re interested.

882
01:02:07,260 --> 01:02:11,480
And I will basically be available until
I’m assassinated to answer questions.

883
01:02:11,480 --> 01:02:18,600
*laughter, applause*
So…

884
01:02:18,600 --> 01:02:22,250
in the immortal words of Julian Assange:
Remember, no matter what happens,

885
01:02:22,250 --> 01:02:26,409
even if there’s a videotape of it,
it was murder! Thank you!

886
01:02:26,409 --> 01:02:30,339
Herald: Thank you. Please give a warm
round of applause to Jake Appelbaum!

887
01:02:30,339 --> 01:02:33,339
*applause*

888
01:02:33,339 --> 01:02:37,796
*silent postroll*

889
01:02:37,796 --> 01:02:42,403
*Subtitles created by c3subtitles.de
in the year 2016. Join, and help us!*