Re: [Tails-dev] BIOS attack

Delete this message

Reply to this message
Autore: james.john.jones
Data:  
To: Tobias Frei
CC: The Tails public development discussion list
Oggetto: Re: [Tails-dev] BIOS attack
Thanks Tobias,
It is always good to know that contact has been made.
What a shame that it is not likely to be one of those scenarios that you outline :(

I do accept that it could be a bizarre coincidence, but.....

"While the scenario outlined below is very 'Grand Jeu' I will not be at all surprised to learn that you believe this to be a hack."
----------------------------------------

This must be taken seriously.
I haven't carefully crafted the email to waste peoples valuable time.
There is every reason to consider the event as a realistic scenario.

It may not be.
That would be great.

My problem is that, like most people, I never studied digital security. 
I'm having to catch up; but I can't - it's too complex.

I got Tails, and some secure mailboxes.
However, with hindsight; logically, this is merely a security layer to be overcome.

Anyway, my guess is: that is what happened.

For a variety of reasons, it would be useful to know.
Even if we can't run tests.

Can such a hack be implemented with a mobile phone?
Is the laptop in all likelihood lost?

Are there any devs that can answer these questions?

I'm one of the good guys.
I'd appreciate some help on this :)



--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com

2. Feb 2018 19:12 by tobias@???:


> Hey,
> Disclaimer: I am a regular user, not a security expert. I am not a developer in this project, I'm subscribed to the list because I ran a Tails mirror for some years.
>
> Three things that came to my naive mind when reading:
>
> - Cui bono?
> - Hanlon's Razor
> - Number of users vs. Coincidence
>
> Is there any reason for an attack? Does the specific worker have any theoretical reason to be malicious here?
>
> Also, when a product is used by a billion people, a bug with a probability of "only 1:1000000" will occur about 1000 times. Extremely unlikely scenarios can suddenly actually happen when many people are using the same software. It is almost guaranteed that somewhere in the world, an earthquake will occur in the moment someone starts their computer. The computer, however, did not cause the earthquake to happen.
>
> There is a wonderful book called "Spurious Correlations". It makes fun of exactly this problem.
>
> Best regards
> Tobias Frei
>
>
>
> On Fri, Feb 2, 2018, 19:40 <> james.john.jones@???> > wrote:
>
>>           >> Excuse me - I have joined this group to discuss what may have been a 'high end' BIOS attack.
>> I am presuming that this group contains the most knowledgeable people.
>> I need that.

>>
>> While the scenario outlined below is very 'Grand Jeu' I will not be at all surprised to learn that you believe this to be a hack.
>>
>> ---------------------------------------
>>
>> This is exactly what happened:
>>
>> Laptop circa 2011 (bios date)
>> AMD DCP C-50
>> Tails 3.5 loaded from a USB drive
>>
>> At a friends - laptop on the table in kitchen (pre-arranged over the phone).
>> Workmen are doing jobs.
>> (The IP box can give the WiFi connection at the press of a button)  ;)
>>
>> A Libre Office doc saved in the session - other docs saved on a mounted removable drive.
>>
>> One worker comes in the kitchen - he starts tapping away on his mobile (just 3 meters away).
>>
>> Note - he has no need to be in the kitchen to get a signal - the walls are thick, so outside would be better (if you don't have the wifi code).
>>
>> He makes a final tap, and walks... and my pc shuts down.
>> Some code appeared, but it shut down.
>>
>> Obviously it could be coincidental; but I'm sick of frigging coincidences.
>> The shutdown was simultaneous to his final tap on his mobile.
>>
>> ---------------------------------------------
>>
>> Post reboot - no apparent problems, other than it seemed to take slightly longer to log into accounts.
>> I carried out my communications.
>>
>> A day later, I posted an email to >> tails-support-private@???>> (on this question).
>> I received no reply.
>>
>> Researched  BIOS attacks, and checked my bios version.
>> https://www.schneier.com/blog/archives/2015/03/bios_hacking.html
>>
>> Talk of :
>> "Their exploit turns down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed.
>> The devious part of their exploit is that they've found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure operating systems such as Tails in the line of fire of the implant."
>>
>>
>>
>>
>> Also:
>>
>> "The method used to get at the BIOS then allows the likes of GCHQ et al to get at other modifiable ROM in the likes of HDs, Sound Chips, Network cards and other "below the OS" areas.
>> Having done this they can then put the main BIOS back the way it was, so that it's harder to find what they have been up to."
>>
>> ---------------------------------------------
>>
>>
>> Rebooted to Tails.
>> Tails warns: can't check for upgrades.
>>
>> Tutanota mailbox warns: Couldn't connect to server - it seems like you are offline.
>> But I was online, and could see my mailbox.
>> ---------------------------------------------
>>
>> First thing is:
>> Have you received this mail?
>> Could someone respond, to confirm this?
>>
>> Does it seem likely that I have been hacked?
>> Is there any way of knowing eg. running tests?
>> If it has been hacked - is the laptop now unusable?
>> If I was hacked - have they got everything that I've done since that point (and the data off my drives)?
>>
>> I'm cool either way.
>> What's done is done; but I'd rather know
>>
>> BTW, I tried to get a riseup email, but it kept demanding an invite code.
>> Anyway, I figured that I first need to check with you guys re my current status, before doing anything else.
>>
>>  Thanks :)
>>
>> --
>> Securely sent with Tutanota. Claim your encrypted mailbox today!
>> https://tutanota.com>> >> _______________________________________________
>> Tails-dev mailing list
>> Tails-dev@???
>> https://mailman.boum.org/listinfo/tails-dev
>> To unsubscribe from this list, send an empty email to >> Tails-dev-unsubscribe@???>> .