DIY Hardware Implant talk at DEF CON time is posted

My DEF CON 22 Talk, NSA Playset: DIY WAGONBED Hardware Implant over I2C, time is now posted on the DEF CON schedule. It’s Sunday at 11:00 am in Track 1. Be sure to stay for the NSA Playset: GSM Sniffing directly following!

The NSA Playset talks have been receiving some attention in the press. You don’t want to miss them!

Abstract:

In this talk we present an open source hardware version of the NSA’s hardware trojan codenamed WAGONBED. From the leaked NSA ANT catalog, WAGONBED is described as a malicious hardware device that is connected to a server’s I2C bus. Other exploits, like IRONCHEF, install a software exploit that exfiltrate data to the WAGONBED device. Once implanted, the WAGONBED device is connected to a GSM module to produce the NSA’s dubbed CROSSBEAM attack.

We present CHUCKWAGON, an open source hardware device that attaches to the I2C bus. With the CHUCKWAGON adapter, we show how to attach an embedded device, like a BeagleBone, to create your own hardware implant. We show how to add a GSM module to CHUCKWAGON to provide the hardware for the CROSSBEAM exploit. We improve the WAGONBED implant concept by using a Trusted Platform Module (TPM) to protect data collection from the target. The talk will demonstrate how these features can be used for good, and evil!

Thoughts on Bleeding Edge by Thomas Pynchon

Bleeding Edge is filled with 9/11 conspiracy theories, eccentric characters, and a wild alternative universe called the “Deep Web.”  It is very Pynchon; the only difference is that this universe is found through computers and not through hallucinogens like some of his other books.

This was the most comprehensible Pynchon book to me.  Probably because I was alive during 2001, I’ve lived in Manhattan, I am familiar with the techno-jargon, and I’ve at least heard of the exuberant tales of tech boom.  For those that are worrying that Pynchon is becoming more accessible, fear not as Jonathan Lethem writes in his review:

Thomas Pynchon is 76, and his refusal to develop a late style is practically infuriating.  The man’s wildly consistent: the only reason Bleeding Edge couldn’t have been published in 1973 is that the Internet, the Giuliani/Disney version of Times Square and the war on terror hadn’t come along yet.  This book, and Inherent Vice, make jubilant pendants on his mammoth enterprise, neon signposts to themes he took no trouble to hide in the first place.

But in the deep web of this book, lurks a darker message.  Bleeding Edge could not have been released at a more appropriate time.  At its core there is a struggle between those who want to get lost on the Internet and those who want to find them.

Continue reading “Thoughts on Bleeding Edge by Thomas Pynchon”

I do not consent

When I started at the Naval Academy in 1998, I never expected I’d be in a war.  Even after the attacks twelve years ago, I still never thought I would be a “boot on the ground.”  When I joined the submarine service and spent a long year studying the operations of nuclear reactors, I still never saw myself carrying a M4 in Afghanistan.  But in 2011, that is exactly where I found myself.

Continue reading “I do not consent”

Opportunity for public comment on NSA surveillance

The Office of the Director of National Intelligence (ODNI) is seeking public comment on:

how in light of advancements in communications technologies, the United States can employ its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust, and reducing the risk of unauthorized disclosure.

Thanks to the EFF for finding this opportunity.

This was my response:

Continue reading “Opportunity for public comment on NSA surveillance”

The NSA wiretapped the cow and got the milk for free

Today three major news agencies, the New York Times, the Guardian, and ProPublic released details of the most intrusive NSA activity to-date.  The NSA and the GCHQ, the British version of the NSA, have “been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Hotmail.”  Microsoft apparently handed over pre-encryption access to Outlook e-mail, Skype and SkyDrive.  Companies have also put back doors into hardware and software products at the request of the NSA.

The NSA and the companies who allowed the back doors have broken the public’s trust.  It’s time we take back the Internet.  As usual, the Electronic Frontier Foundation has an excellent summary on this issue and a list of actions you can take.  This is a two-pronged attack.  First, we should petition our elected officials, which is very easy to do from the EFF’s take action site.  Second, if the companies don’t stand up for their users, you can vote with your feet and leave their feudal system.  I don’t use Microsoft, Yahoo, or Facebook, but I do use Google and Apple.  While Google has claimed there are no back doors, Google is also asking permission from the Government to tell the public about what it does provide.  That sounds like a Kafka novel to me and I think I’m going looking for a new email provider.  Apple lost me when I had to ask permission to install applications.  In the writing of this post, I discovered something new about myself; I don’t like asking permission for things 🙂 .

But also we should step-up your defense. Bruce Schneier published a list of recommendations to maintain (some) control over privacy and security online.  Read the article for the details, but the short list is:

  • Hide in the network. (i.e. use Tor)
  • Encrypt your communications. (use HTTPS Everywhere)
  • Assume that while your computer can be compromised, it would take work and risk on the part of the NSA so it probably isn’t.
  • Be suspicious of commercial encryption software, especially from large vendors.
  • Try to use public-domain encryption that has to be compatible with other implementations.

For those looking for a more complete software list, check out PRISM Break.

Lastly, Bruce Schneier closed with this call-to-arms:

To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it.

A simple and inexpensive way to do accomplish this is to go buy a $45 Beaglebone Black and set it up as a Tor relay and help grow the Tor network.  You can follow my instructions to set this up and have a low-power, freedom protecting, Tor relay.

Of course, you can also join the EFF too or get the t-shirt that the NSA tried to censor, just for fun.

A Veteran’s Disappointment with the NSA Spying

A practitioner of Zen Buddhism was talking to me about delusions.  I asked him to clarify what he meant and he explained that delusional thinking was a way of convincing yourself of a false reality.  It’s like when you believe the Double Down is good for you because it doesn’t have any bread (this is my example, not his…).  Don Quixote is the epitome of a delusional thinker who believed windmills were giants and subsequently attacked them.  Thinking that the NSA isn’t unconstitutionally spying on Americans is also delusional.

The original NSA spying leak was shocking but since then there continues to more damning announcements.  The U.S. Drug Enforcement Agency is actively using the NSA database, but then lying about how it obtained evidence through the euphemism “parallel construction.”  The owner of the Edward Snowden’s email service decided to shut down his company rather than become “complicit in crimes against the American people,” warning:

without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.

And despite promises by officials to the contrary, the Guardian reported another leak that due to a Kafkaesque loophole, warrant-less spying on Americans is indeed allowed.

I am a proud veteran of the U.S. Navy.  I willingly took an oath to support and defend the U.S. Constitution.  While I’m no longer in the military, as a person who went to Afghanistan to fight for his country, I feel a civic responsibility to act when I see the Constitution being violated.  What the NSA and other agencies are doing is wrong and needs to stop.

Despite the attempts by his squire Sancho to convince him what was real, Don Quixote rushed into battle against false enemies and brought harm to those around him.  The War on Terror has become our windmill.  We’ve spent countless taxpayer’s dollars and disgraced ourselves chasing false giants.  Before his death, Don Quixote realized his delusional behavior and regretted his actions.  It’s time we have a similar revelation, “Now I see through [the] absurdities and deceptions, and it only grieves me that this destruction of my illusions has come so late that it leaves me no time to make some amends

I am not a “14-year-old in the basement clicking around the Internet,” but I do proudly wear my Happy Hacking t-shirt.  I’m a veteran who has had enough of the lying and it’s time to speak up.  If this matters to you too, please consider joining the Electronic Frontier Foundation and help them fight for our digital rights.