NSA Says It Foiled Plot To Destroy US Economy Through Malware 698
mrspoonsi writes "Business Insider Reports: The National Security Agency described for the first time a cataclysmic cyber threat it claims to have stopped On Sunday's '60 Minutes.' Called a BIOS attack, the exploit would have ruined, or 'bricked,' computers across the country, causing untold damage to the national and even global economy. Even more shocking, CBS goes as far as to point a finger directly at China for the plot — 'While the NSA would not name the country behind it, cyber security experts briefed on the operation told us it was China.' The NSA says it closed this vulnerability by working with computer manufacturers. Debora Plunkett, director of cyber defense for the NSA: One of our analysts actually saw that the nation state had the intention to develop and to deliver — to actually use this capability — to destroy computers."
NSA failed to halt subprime lending, though. (Score:5, Insightful)
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
... how stupid do they think we are?
You don't want to know just how stupid *they* think we are.. And the really sad part?? *They* are absolutely right on a large percentage of the American people.. The ones who drink the koolaide that comes from BOTH parties.. Its becoming apparent that none of the media, better known now as the defacto US Department of Propaganda, is telling the truth.. oh sure, they tell *their* "version" of the "truth", but not the TRUTH.. We are well and truly screwed...
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
The ones who drink the koolaide that comes from BOTH parties.. Its becoming apparent that none of the media, better known now as the defacto US Department of Propaganda, is telling the truth.. oh sure, they tell *their* "version" of the "truth", but not the TRUTH..
What qualifications do you have that allow you to reliably discern the TRUTH from the lies?
Are you 100% sure you aren't drinking someone else's brand of koolaid?
What makes your sources of information more reliable than other peoples'?
Often when someone is pushing a story about a vast conspiracy, the conspiracy is fictional, or at least highly exaggerated, and the people pushing the conspiracy narrative have their own political reasons for pushing it.
Re:NSA failed to halt subprime lending, though. (Score:4, Interesting)
Re: the media... yup - sad, but mostly true.
I find that I usually have to look up at least two different sources, plus at least one non-US source (my faves: RT, BBC, Deutsche Welle) and at least one alt-media source (*not* an ideologically-driven one) to get a semi-coherent picture of the truth behind a given story I find interesting.
There is one bit, though: I don't think the US media is doing it for a given propaganda track per se (though it is rapidly approaching that), but instead I think it's an organic result of the $media_corporation drive for eyeballs, thus advertising dollars. This is why a typical cable show's primetime slots are packed with crap that feeds off of the drama and controversy, instead of trying to get at the actual facts and heart of a given story. It's why you have the likes of, say, Nancy Grace on CNN making her paycheck off the corpses of dead kids, MSNBC sneering at anyone who dares to besmirch their idol in the White House, and FOX shouting full-throttle that that same White House occupant is a combination of Stalin and the Antichrist (albeit wearing a better suit). Each channel is shaping their chosen demographic, and stoking them up so they can jack up the rates for advertisers.
But then, I suspect it's part of the grand civilizational cycle - rise, peak, fall. We (the world, mind, since we're a lot more global than most folks realize) are somewhere near the peak IMHO, though I'll be damned if I can say for certain which side of that peak we're on.
Re:NSA failed to halt subprime lending, though. (Score:5, Interesting)
It is entirely possible that they did, indeed, halt a plot, just as they said they did. It is also possible they did not. It's very difficult to tell at this point, because the one thing of which I am sure of, and I speculate most Americans are as well, is that they lie and they do it without hesitation. My confidence in anything they say is near enough to zero that the difference can be written off as rounding error.
As a consequence, it really does not matter what they say.
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
It is entirely possible that they did, indeed, halt a plot, just as they said they did.
Not it fucking isn't.
The NSA says it closed this vulnerability by working with computer manufacturers.
Where are motherboards and BIOS shit is fucking manufactured / written? (Hint: China and Taiwan)
Do you really think it's possible that a BIOS update was created by those manufacturers that:
1: Applied to all the vulnerable systems, many of which are 10+ years old and manufactured by a now defunct-company
2: Worked
3: Got deployed
4: Had all of the above happen with no one knowing about it outside of the NSA, the manufacturers, and the one guy in the world who writes BIOS patch notes
?
Hell, I'll GIVE you the fucking BIOS patch notes.
BIOS Version 2.3.5
1 - Updated tables to half-support new Intel processors. Buy a new motherboard with new socket if you want it to actually work, though.
2 - Updated Intel Option ROM. Just kidding, we're not updating that anymore, this motherboard has been out for 2 months already.
3 - Various menu items have been slightly changed, and some of your settings will be wiped, we won't document which or why, though.
At least this shit is believable.
Re: (Score:3)
No, it's not possible. The idea that China would want to tank the U.S. economy is absurd. We buy all their stuff. And all the treasury debt they own would be worthless, where's the logic in that?
Re:NSA failed to halt subprime lending, though. (Score:5, Funny)
That's what you get for outsourcing your propaganda to the private sector.
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
I'll happily believe the NSA stopped the malware attack in question, and I'll happily give them credit for it.
However, it does not give them even a single tiny shred of excuse for all the unconstitutional totalitarian treason, for which I will continue to call for their prosecution.
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.
Let's not dilute the word by using it for other bad things.
Re:NSA failed to halt subprime lending, though. (Score:4, Insightful)
Re: (Score:3)
Prosecution will never happen, everybody is prohibited by law from testifying to whether the documents Snowden stole are authentic or not, i.e. the infamous "I can neither confirm nor deny", and Snowden is unlikely to respond to a sumons to testify.
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
More accurately, Iraq had a lot of chemical weapons in the 1980's, and we stood idly by while Saddam expended them. When I say "we", I mean that very literally, and very personally. I was there, along with my shipmates, to see it happening. We helped to document it. We stood idly by while Saddam expended huge quantities of chemical weapons.
By 2002, when we decided that Sadman was so very sad that we had to do something about him, he had very little to nothing left.
Our governments (US and UK) knew very well what Saddam had, and what Saddam was capable of. Our governments exaggerated everything by orders of magnitude, and bald faced LIED TO US. Those truckloads of stuff that went to Syria? Probably some bad stuff. Most of it was far more likely to have been plundered treasures, destined to ensure a life of security, if not ease, for certain select people dear to Sadman.
But, you go on believing the propaganda.
You will note, I hope, that I've said nothing in Saddam Hussein's defense. I have ONLY pointed out how dishonest our own governments are.
Re:NSA failed to halt subprime lending, though. (Score:5, Informative)
We stood idly by while Saddam expended huge quantities of chemical weapons.
Personally that may be true. On a bigger scale, we (the United States) provided [truth-out.org] helped them deploy the chemical weapons.
Our governments (US and UK) knew very well what Saddam had, and what Saddam was capable of.
We certainly should have known what Saddam had and was capable of. First, we helped [globalpolicy.org]put the Ba'ath party in to power. During the Iran / Iraq war, we helped them financially and with intelligence information [gwu.edu]. Then, we sold [counterpunch.org] the precursors of chemical weapons to them and provided reconnaissance intelligence [wikipedia.org] that was used in their deployment. Why else would Donald Rumsfeld [gwu.edu] be smiling as he shook Saddams hand in 1983?
You will note, I hope, that I've said nothing in Saddam Hussein's defense. I have ONLY pointed out how dishonest our own governments are.
And here is more evidence supporting that supposition.
Re:Only boots on the ground answer the WMD questio (Score:5, Insightful)
Our governments certainly lied but they did not know what Saddam had. Not until there were US/UK boots on the ground did we really know one way or the other.
Sorry, but no. Many other foreign countries had a look at the evidence and they voted "no WMD". Only US lapdogs went along (coalition of the willing), everyone else took a pass. So people were able to tell "one way or another".
Re: (Score:3)
Re: (Score:3)
Weapons of Mass Destruction != Nukes. WMD *includes* nukes, as well as chemical and biological weapons and probably other stuff I'm not aware of. The fact that people conflate the terms changes nothing.
Saddam pretended to have WMD to trick Iran (Score:4, Insightful)
Lies! Iraq had WMDs! Didn't you see the 3D renderings of the mobile port-potties that Saddam had?!?
How does the fact that the US government lied tell us whether Saddam had or did not have WMD? It doesn't. It merely shows that the US gov't did not know but wanted to sell the war to the public. The truth is Saddam worked to maintain the IMPRESSION that he had WMD, he was scared of Iran and thought the fear of WMD could keep them at bay. He was afraid to admit he no longer had any. He explained it all to his FBI interrogator. It was a proper humane interrogation where the interrogator builds confidence and trust and uses psychology to persuade. A documentary was made. Its often cited as an example that "enhanced" interrogations are not needed.
Re:Saddam pretended to have WMD to trick Iran (Score:4, Insightful)
How does the fact that the US government lied tell us whether Saddam had or did not have WMD?
Simple: various intelligence agencies warned that Chalabi was lying and the Bush Administration propagated the lie. That's how we know that the lies meant Saddam didn't have WMDs. Or did you not hear the memo that he fabricated his supposed evidence?
You need to seriously reexamine your logic. The fact that the US lied or was lied to does *not* indicate that Saddam was WMD free. There were people lying and guessing on both the pro and anti WMD sides, none of this lying or guesswork is evidence of anything. Only boots on the ground by outsiders could prove things one way or the other. Ideally that would have been UN weapons inspectors receiving full cooperation from the Iraqi government. Regrettably Saddam didn't like that plan.
"After several months, Saddam started to talk. There were no longer weapons of mass destruction in Iraq, he said, although the capability to build them remained. But Saddam said he kept up the ruse that those weapons still existed to preserve his power and protect Iraq against Iran, which Saddam viewed as his country’s biggest threat. Not even senior leaders within his government knew that there weren’t any weapons, Piro said."
http://www.phillyburbs.com/news/local/the_intelligencer_news/fbi-agent-saddam-interrogation-was-unique-historic-opportunity/article_6306f1c9-b9c0-5fc7-b4ff-398cf04ad103.html [phillyburbs.com]
Re: NSA failed to halt subprime lending, though. (Score:3)
Next up NSA saves companies from being "slashdotted"
Now I wonder what the NSA will save us from after that? If we are lucky maybe fake entertainment stories posted by fox and msnbc that pose as news
Comment removed (Score:5, Insightful)
Re:NSA failed to halt subprime lending, though. (Score:5, Funny)
The NSA probably commissioned some vendor to write a key-logger that would install in a computer's BIOS. They probably paid billions of dollars for development and research.
Then they tested it on a few computers and the NSA malware bricked them all.
So the NSA canceled the project, saving America from a malware threat that would have tanked the economy. See how diligently they work to save Americans from cyber threats?
Next week they'll stimulate the economy by breaking everyone's windows (pun intended).
Re:NSA failed to halt subprime lending, though. (Score:4, Insightful)
In all seriousness, I was thinking the exact same thing.
As others here have pointed out, the premise of a BIOS-flashing piece of malware seems tenuous, and even laughable to those familiar with the subject. So why would the NSA make such a claim? One strong possibility in my mind is that they really have produced such a piece of malware (keylogger, packet sniffer, whatever) and are afraid of the public backlash and/or damage claims (my motherboard failed! it must be the NSA!) that would arise when its existence is made clear by a Snowden release. As such, they are desperately trying to spin it off on China before said release can be made.
Re:NSA failed to halt subprime lending, though. (Score:5, Funny)
you don't understand - they secretly patched everyone's machines, so now we're all safe. It's all good!
stopping an attempt should not be the goal (Score:4, Insightful)
a better response than my previous...
If such a virus was found that affected a large portion of the computers out there. If that is so, stopping a single virus deployment attempt is worthless; the virus still exists, and more importantly the vulnerability still exists. If they are being truthful in any way, then they have done absolutely nothing useful. As you say, where's the CVE? Where's the details? Without details this is useless.
With a terrorist attack or something, "trust us, it happened!" can sortof work...I guess. For this though - it's useless without details. More, without details - we're forced to believe that the NSA is just making crap up. Did they think about getting a person with any sort of compsci background to help the marketing/PR at NSA person come up with a valid "threat" that was being stopped? In theory there should be one or two there....
Re:NSA failed to halt subprime lending, though. (Score:4, Interesting)
It's a fucking propaganda piece. It's quite easy to see right through the bullshit.
If a BIOS exploiting malware was a real threat where's the CVE for it? Where's the advisory?? A BIOS crippling virus released into the wild has no need for secrecy unless the NSA themselves released it. It's quite convenient they mention they thwarted a "major cyber attack" without releasing the name of the virus nor when this supposedly happened.
What a fucking joke that entire interview was....
One, there's no CVE for malware. The "V" in "CVE" stands for "Vulnerability."
But I think you're right otherwise, and this is total propaganda. So, let me get this straight, 60 Minutes: our largest trading partner, who manufactures more of our goods than any other country, and on razor-thin profit margins while your own economy wobbles, would for no particular reason go out and mess up the economy of their largest customer.
I CALL UNBELIEVABLE FUCKING ASS-FUCK SHENANIGANS.
It makes absolutely no sense. Not only does China have nothing to gain by disrupting our economy that way, they have a lot to lose. It would also be considered an act of war, and one that would be sure to align pretty much the whole planet against them.
So, maybe it was someone else...I can think of very few countries that have any reason to do something so much like poking a sleeping lion with a stick, but they are out there. As you said...why not provide more details?
I'd be willing to bet that what they actually stopped was a very small targeted attack like Shamoon, and that attribution is classified. Unless they're completely making it up entirely, which is less likely in my opinion.
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
This is exactly what the NSA _should_ be doing. It's too bad that they have spent so much focus on stuff _other_ than this.
Which begs the question, how come this was not among the first things touted as their reason for being? How come this was not mentioned before Congress? Or to the media? How come this whole thing sounds utterly made up?
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
Because there's a shit-ton of money in pervasive surveillance, and a lot less of it in doing what the NSA should be doing.
Re: (Score:3)
Assuming (and it's a big assumption) that it is true, there are several reasons it might not have come up until now:
(1) The judicial review of the constitutionality of the programs means they will have to disclose some serious stuff they've prevented or else they're out of a job.
(2) If the "report" is accurate, which seems unlikely (because it would be a really STUPID thing for China to do unless there is a war), you're talking about an act of war committed by one nuclear power on another. That's not somet
Re:NSA failed to halt subprime lending, though. (Score:5, Informative)
Recently? The intelligence agencies were doing all manner of inappropriate things throughout the 50s, 60s and in the 70s until the Church Committee was created to investigate. Their gross abuses of power during those decades was the entire point of why the FISA legislation was passed. And it was not to create the rubber-stamp court that we have now.
It's amazing how 9/11 has made so many people forget the rampant abuse of power in the NSA's and CIA's history.
Re: (Score:3)
I'm not saying the NSA never did anything wrong prior to 9/11, but their remit was a lot more restrained. This is not to say that they wouldn't have done more if they'd had the resources, but really Moore's law is what's turned them into the juggernaut they are today.
Re:NSA failed to halt subprime lending, though. (Score:5, Insightful)
The attack being described is nonsense, especially if China was supposed to be the perpetrator. Undermining the US economy is really the LAST thing the Chinese would want to do. It makes no sense from a business perspective.
North Korea would have made a much better scapegoat.
Re: (Score:3)
Oh, don't be silly. Don't you remember that other infamous virus that the NSA thwarted? The one which caused your hard drive to melt down, and your monitor to assplode? THAT one was North Korean!
Re: (Score:3)
People forget that the NSA has actually done a _lot_ over the past century that has been of extreme benefit
Pray tell, remind us of some of these many incredible accomplishments, please. Or all they all SECRET?
Re: (Score:3)
You want to know how? I'll tell you how. They overheard me talking with this genius I know, and they came to my house to ask me about his virus. I told them all I knew when they threatened me with a five dollar wrench. Their next stop was at my buddy's house, where they recruited him to work for the NSA. Me? All I got was the liberty to keep using my knees. Bastards didn't even buy me a beer. And, my buddy has forgotten my name. So, yeah, I guess it's good for all of you that the NSA monitors peopl
Re:NSA failed to halt subprime lending, though. (Score:4, Insightful)
Learn to READ before comment!
His point was that he never installed a BIOS update, because it isn't delivered through regular OS update channels.
As probably everyone here hasn't installed a BIOS update if your system is running without problems.
But he (and no one here) suffered from no mystery-chinese BIOS attack. So how could the NSA have done that mystery feat? Protecting a nation from BIOS attacks withiout making sure that BIOSes are updated?
Makes this whole story sound quite unbelievable. More like "Wag the dog"-like spin-doctoring.
We have all the evidence! (Score:4, Interesting)
But we cant show it to you, its a privet.
Re:We have all the evidence! (Score:5, Informative)
and this lame vague shit is the best they can do.
100% of the NSA budget needs to be given to NASA.
Re: (Score:3)
Is this why we have UEFI all of a sudden? (Score:3)
I don't know the history of this, and the linked article is vague on timelines, but it always did seem like UEFI came out of nowhere...
Re: (Score:3)
UEFI is the attack capable of not allowing you to boot anything they do not ordain as acceptable.
Expect these claims to be walked back (Score:5, Insightful)
Re:Expect these claims to be walked back (Score:5, Insightful)
Re:Expect these claims to be walked back (Score:5, Informative)
I suspect the those pesky real journalists probably don't enough about the tech side of things to ask the questions they really need to be asking in order to debunk this.
The 60 Minutes piece has already been trashed by multiple outlets:
http://nymag.com/daily/intelligencer/2013/12/60-minutes-hearts-the-nsa.html [nymag.com]
http://www.theguardian.com/world/2013/dec/16/nsa-surveillance-60-minutes-cbs-facts [theguardian.com]
http://www.thewire.com/national/2013/12/60-minutes-nsa-good-snowden-bad/356174/ [thewire.com]
http://www.theatlantic.com/politics/archive/2013/12/why-did-em-60-minutes-em-let-the-head-of-the-nsa-fool-its-audience/282377/ [theatlantic.com]
http://www.thenation.com/blog/177598/sad-decline-60-minutes-continues-weeks-nsa-whitewash [thenation.com]
Not buying this (Score:5, Insightful)
Re:Not buying this (Score:5, Informative)
China holds a huge amount of our debt.
Our debt is around 17 trillion dollars. Of that 17 trillion, China owns around 1.2 trillion. A large number for sure, but not something I'd say is a rather small percentage of the total debt. The debt owned by the public equates to 12 trillion which is something I'd call huge.
National debt of the United States [wikipedia.org]
Re:Not buying this (Score:5, Interesting)
Don't forget the other 3 or 4 trillion in US dollars they are holding as cash reserves. If China did something to bring down our economy their exposure would be far worse than the debt that they hold. It would impact their hard currency reserves and an unknown amount of additional US currency held by various Chinese companies and individuals.
If this was a governmental effort in China my guess is it would be more along the lines of something that would be held back in case there was a confrontation between the US and China. Rather than something that would just be randomly used. If it was some private individual or crime group who knows what their intentions would be. Unless they sell new computers how would they monetize this? Whole thing sounds kind of suspect to me.
Re:Not buying this (Score:5, Informative)
China holds a huge amount of our debt. They want us to buy their stuff and to borrow money from them. Why cripple our economy? Or, even worse, why do something like this that will point a finger back to them and stir up the pot against them? (and possibly lad to embargos, and so on)
Ya, it makes no sense. Like if I pulled up to the Starbucks drive-thru to order a venti double-skinny mocha latteachio with no foam and instead they went all Goldfinger on my car. You don't try to kill your best customer.
Likewise if this was some freelance/rogue/criminal/terrorist operation inside China, I'd think they (the Chinese) would be motivated to foil it themselves for the same reasons.
The NSA should have cooked up a more plausible bogus plot to foil, but instead they don't even respect us enough to make up a believable lie.
What a load of bollocks (Score:5, Insightful)
If these attackers the NSA supposedly thwarted (the Chinese it is speculated), managed to gain control over large numbers of computers with access enough to damage their firmware, it would make far better sense to keep those machines alive and working for them instead. You could cause far more damage to the US economy by keeping those machines alive and pwn3d than if you simply bricked them. A bricked machine will cost a few hundred dollars to fix. A pwn3d machine is a gift that keeps on giving!
house of cards? (Score:5, Interesting)
Does this strike anyone else as being utterly ridiculous? "Cataclysmic"?? I mean, if a bunch of bricked computers could bring down our economy (and possibly the global economy) then isn't the whole thing in need of some serious attention? Maybe we've built an unreasonable amount of dependence on something that is entirely too frail to warrant such trust? - both the computer systems and our current economic system.
Re:house of cards? (Score:5, Interesting)
If anything, bricking a few million old PC's might actually have a stimulating impact on the economy. When the users toss out their 5 year old system that is probably still running Windows XP, they will likely go out and buy a shiny new laptop from Dell or HP that comes with a copy of Windows 8.1 and Office 2012. It will probably come with a "free" trial subscription of McAfee or Symantec virus protection as well. Lots of profit to be had by all in the IT industry.
When you think about it that way, it makes you wonder who paid the Chinese programmers to write this malware.
Re: (Score:3)
Prove it (Score:5, Insightful)
Right, sure they did. A BIOS attack of the sort hinted at in this interview is difficult to believe.
If they worked with computer manufacturers to close some such massive security hole, then they can easily point to the historical vulnerability. The technical community can verify their claims. Failing that, no, I do not believe such an attack ever existed outside the overheated imagination of some technically illiterate NSA bureaucrat.
In other news, I have a bridge I'd like to sell you.
Re: (Score:3)
Re: (Score:3)
If they worked with computer manufacturers to close some such massive security hole, then they can easily point to the historical vulnerability.
Except, there is none. The BIOS is not connected to the internet; the computer's operating system is. Any vulnerability that would allow remote updating of the BIOS is a vulnerability in Windows/MacOS/Linux/etc., and not in the BIOS or hardware; so working with computer manufacturers is pointless.
Many BIOSes have a setting to allow/prevent the updating of the BIOS from the OS; if your machine has that, and it is set to block updates, then there IS no vulnerabilty at all. If your machine does not have that,
Re: (Score:3)
Re: (Score:3)
Building a dystopian panopticon surveillance apparatus is of limited use for preventing such an attack (best case, maybe the attackers will be dumb enough to chat about it over insecure channels months or years before it's finished);
It's obviously false. (Score:5, Funny)
Sorry, I'm not buying it. Despite the NSA's best efforts, Microsoft did release Vista.
BIOS Attacks (Score:5, Insightful)
Have been known for years. The problem is you have to gain admin access to the machine first, so basically you are bricking your own botnet.
LOL.
Re: (Score:3)
I guess it depends on what your goals are.
Arguably, organized crime could make money by just killing shopkeepers and taking the till. But at some point they realized they could make MORE money by threatening them with death or violence and getting regular payments for "protection". It's recurring money versus one-time money and has a lot less blowback than dead bodies.
Botnets and remote control of PCs are of more value for crime and intelligence gathering than bricking, so if your goal is long-term value
We've been there, done that; CIH virus (Score:5, Interesting)
http://en.wikipedia.org/wiki/CIH_(computer_virus) [wikipedia.org]
ps. It didn't destroy the US economy.
Which is really irrelevant to the debate (Score:5, Interesting)
The NSA says it closed this vulnerability by (Score:4, Funny)
Ah the Chinese are so helpful ... oh wait!
vulnerability is closed? (Score:3)
I'm sure, due to their hard work, all new computer have hardware jumpers to write protect the BIOS....
A bricked computer isn't the biggest threat (Score:5, Informative)
A more dangerous cyber threat would be malware that collects all the users personal information and stores it until the malware writer is ready to use it against the victim.
Oops!
Stated more accurately (Score:4, Insightful)
Yeah, right, NSA, we believe you soooo much (not) (Score:5, Insightful)
Please. I saw this on 60 Minutes and that entire pandering two-parter on Sunday night was a such a load of bullshit, I could smell it through the TV.
And this segment of it was the worst, because it made no sense. I mean, they dumbed the story down for Ma and Pa in Pigsknuckle Arkansas, but for anyone with even a hint of technical acumen, it came off as complete tripe.
Why *exactly* would China want to destroy the global economy? Such a move would hurt them more than us, because they are in a period of crazy growth, and their entire stability *depends* upon that growth or they'd have rioting.
Secondly, if a nation wanted to destroy us, why use "malware"? A better way would be to use lobbyists to force more deregulation and let us cut our own throats as we've already seen. Our own greedy bastards will happily destroy the global economy if it means 6 more dollars in *their* pockets.
The whole thing is fishy and smells of NSA desperation to look good to the average american, and paint the Chinese and Edward Snowden as bad guys we need to be afraid of so that the NSA can "protect" us, by of course, stripping us of all our rights.
Prove it (Score:4, Insightful)
This doesn't pass the sniff test. What would China gain by *destroying* our economy?
Sure, China planting surveillance software on every computer, I can believe that. But bricking all the computers in the US doesn't make sense as an espionage move, it doesn't make sense as an economic move (do you think anyone would trust Chinese-made computers when rebuilding?), it doesn't make sense as a propaganda move. It might make sense as a military move as a prelude to invasion, but a) China doesn't want that, b) China probably couldn't do it if they wanted to, and c) even if not fired, the risks of such a weapon being uncovered outweighs any benefit.
So it doesn't seem like something China would do. So who could it be? Even the NSA is explicitly calling it a nation-state, so it's not a terrorist group like al-Qaeda. If it's a nation-state, it has to be one that thinks (correctly or not) that they can beat the US when it is inevitably discovered (either before or after the attack). Russia's on that list, but I don't see how they would benefit except, again, as a pre-invasion attack, and our relations aren't that bad yet. North Korea might be dumb enough to think they can get away with it, but for the same reasons they probably don't have the capabilities of developing an attack like this. Iran is probably smart enough not to provoke the US with a direct attack, but maybe I'm wrong, or maybe they thought framing China would work.
Honestly, if someone in the Chinese government got on TV and said "yeah, we made that as a training exercise for defense drills, how the hell did you guys find it in the wild?", I'd believe them more than I'm believing CBS/NSA right now, because that at least makes sense with all the other information.
Especially since it's REAL FUCKING CONVENIENT for the NSA to suddenly have a major "victory" when they're being revealed as basically a bunch of puppy-kicking freedom-hating fascists.
Unlikey! China would lose as much as the USA (Score:3)
Further, with their biggest customer deep in the mire, who would they sell their goods to? The same goods they depend on for revenue to keep their own growth moving forward?
This has got to be the dumbest scare story, no: xenophobic, boogy-man, fiction to come out this year (and it has lots of competition). Although the american debt is a big drag on its economy, it's also so large that it's a problem for the debt holders, too. They are in just as much trouble if the value of that debt drops and therefore have an interest in making sure the USA does not crash and burn - despite what some scared, bigoted and ill-informed media commentators might think.
cf. "Vietnam" (Score:3)
"We had to destroy the village in order to save it."
You can't prove I didn't! (Score:5, Funny)
I routinely stop alien invasions. Their lazors are no match for my hands (and let's not mention my other weapon... in my pants).
Your move NSA - what have you done lately?
Bullshit! (Score:4, Informative)
This is just bullshit! If they stopped this attack by "closed this vulnerability by working with computer manufacturers", this would only fix the vulnerability on new computers built after the fix was created, but not on machines already produced and sold.
This sounds more like a PR campaign to garner positive support after all the negative impact of the releases of the documents Edward Snowden leaked.
I repeat (Score:3)
The NSA has become the Ministry of Truth.
Re: (Score:3)
The media has become the Ministry of Truth.
FTFY.
In other news, scientists discovered that two plus two actually equals five!
Foil this plot (Score:3)
We have had BIOS virus attacks before. (Score:4, Funny)
Somebody is playing stupid so hard... (Score:5, Insightful)
There's this moment when you're acting out when you cross from plausible belief to total, in-your-face disbelief. Does NSA seriously imply that such an attack would have lasting consequences? Do they really think that there wouldn't be many BIOS recovery solutions popping up left, right and center literally within hours? My bet is that within a week there'd be a thriving BIOS recovery business going on all around us, and the damage would be well contained in spite of whatever bullshit the clueless media would be spewing around.
Fear? (Score:3, Funny)
Hi, I'm with the NSA and... (Score:4, Funny)
"Hi [insert computer bios maker here], I'm with the NSA - we've detected a BIOS damaging malware and we would like to you implement these changes to prevent it - No, we totally aren't actually just making shit up to get you to install a backdoor for us, okthxbie"-
Are we entirely sure ... (Score:3)
And how would the virus spread? (Score:3)
Maybe it could use one of the backdoors or zero-day exploits that NSA keeps under its belt. They don't tell computer manufacturers about those threats because they want to use them themselves. Yeah, you guys are real heroes.
Act of War (Score:3)
BIOS attack? Beyond not likely on a scale where you would have to target such a multitude of vendors running at different patch levels. This was aimed at the technically less inclined (most people).
As a lot of people have already pointed out, our economies are intimately intertwined. Such an attack on us would equal the same level of damage on them. Further, if this would have thrown the entire world into economic chaos, it would have been a double whammy against China. Triple since we would attack. Again: the Chinese are not so short sighted or stupid.
Fact: The NSA lied to the government about what they are up to. Lying to the American people is a cake walk compared to that.
Two things here:
1. My sig becomes more relevant with every passing day.
2. Yes the NSA effectively did say it was China - through "cyber security experts" instructed to say so and that are likely NSA contractors if they could have known that in the first place. The NSA accusing China of nearly pulling of an attack of military escalation proportions is so extraordinary reckless it scares me that they would do it at all.
This is so fucked up. If you don't have a passport get one now and plan where you're going to escape to while there is still time.
see this for analysis of these claims (Score:4, Interesting)
I don't always agree with Techdirt, I think they exaggerate, omit and sometimes distort for effect. That being said, they do good stuff also. They have a pretty good take down of the whole 60 Minutes puff piece, including the interviewer (hint- when you've never seen that interviewer before, you might be interested to know more about him) and also claims about the whole BIOS attack thing.
http://www.techdirt.com/articles/20131216/12580425582/cbs-airs-nsa-propaganda-informercial-masquerading-as-hard-hitting-60-minutes-journalism-reporter-with-massive-conflict-interest.shtml [techdirt.com]
I am sure there's more out there that's even more damning. This is the problem with the people running this organization. They've somehow enabled themselves to lie lie lie and think they're doing everyone a favor so it's OK.
That's just not how a democracy is run. If you've given up on democracy, like say Peter Thiel apparently has
http://techcrunch.com/2013/11/22/geeks-for-monarchy/ [techcrunch.com]
then that's cool. But you don't need to be running the organs of that democracy in that case. Have a nice retirement. It's on us.
Snowden claims... (Score:4, Insightful)
Edward Snowden claims to have uncovered a plot to subvert our constitutional rights by a super secret organization. Both claims are far fetched... which do we have more proof of?
Wait...it all makes sense now... (Score:3)
Computers, manufactured in China. Had a defect that led large number of machines to crash and brick. These were sold to the NSA. Who pointed the flaw out to the manufacturer. And received an update, and a scathing email addressing the NSA sysadmin for having updated all the machines with the wrong BIOS firmware.
Me too! (Score:3)
NSA Says It Foiled Plot To Destroy US Economy Through Malware
What a coincidence. So did I!
Why are the feds still buying chinese-made goods? (Score:3)
How to watch the 60 Minutes NSA Segment (Score:3)
Arguably this goes for anything on TV; but I found myself keeping it particularly in mind while watching the NSA segment. You have to watch it thinking, "How much of this will later be revealed as a lie?".
I bet a lot of people took that approach. It's called "credibility" and the NSA has lost it. They can't get it back with one dog and pony show. At least... you shouldn't let them get it back that easily.
Re: (Score:3)
Did they work with a time machine to take care of machines built with this vulnerability? Includes those that are set not to automatically upgrade BIOS, of course.
Re:Guys seriously please dont hate us! (Score:5, Interesting)
Includes those that are set not to automatically upgrade BIOS, of course
Two words: BIOS backdoor!
More importantly, they need to show that the massive dragnet of surveillance of all Americans was essential to find out about this.
Another thing, ironic that the US worries about other people doing things that it has already done. For example, the US created Stuxnet and is worried someone else will follow our lead. The US dropped a nuclear bomb on civilians and we are worried someone else will follow our lead.
Re:Guys seriously please dont hate us! (Score:5, Informative)
I thought it was odd too untli I read the article and realised they were not talking about a real threat, they were talking about an analysts scenario. To quote:
"One of our analysts actually saw that the nation state had the intention to develop and to deliver — to actually use this capability — to destroy computers."
So basically this is a fear-mongering story since if the country in question had had the intention and capability to deploy such an attack, it would have been SUCCESSFUL. Only a small proportion on PCs would have been "fixed" if they had "worked with computer manufacturers".
They really do think everyone is stupid don't they?
Re: (Score:3, Informative)
Yes.they do. And they're mostly right. there's only a majority of 535 people they need to convince though.
Re: (Score:3)
That was my thought. The only countries who have attempted something on the scale of what the NSA is alleging are (allegedely) the United States and Isreal, who (allegedely) unleashed Stuxnet on the world.
And I agree with the poster above - why would China wish to cripple the economy of one of the largest customers of its goods.
This isn't passing the smell test.
Re:in other news (Score:5, Funny)
Re:Piss-poor reporting (Score:5, Insightful)
From your link:
Matt Blaze, a computer and information sciences professor at the University of Pennsylvania, said that BIOS could be overwritten by malware, bricking an unsuspecting computer. But the vagueness of the description of the “BIOS Plot” made him suspicious.
“It would take significant resources – and an extraordinary bit of co-ordination and luck – to actually deploy malware that could do this at scale,” Blaze said.
“And it's not clear how you'd ‘thwart’ such a scheme if you found out about it if you were NSA, since it's basically a combination of a large number of vulnerabilities spread among a zillion computers rather than one big problem that can be fixed with a single patch.”
The lack of specificity made cybersecurity expert Robert David Graham dubious that the plot NSA claimed to discover matched the one it described on TV. “All they are doing is repeating what Wikipedia says about BIOS,” Graham blogged, “acting as techie talk layered onto the discussion to make it believable, much like how Star Trek episodes talk about warp cores and Jeffries Tubes.”
Re: (Score:3)
Like all caught criminals....
Re:From the lab horse's mouth. (Score:4, Interesting)
There is a unwritiable "brain stem" part of the BIOS, which knows only one thing: if the main BIOS mass fails to boot, read first file from floppy disk and overwrite BIOS with it.
I'd like some thing tangible to back it up, since I think it's bullshit. There may have been some bioses like that, maybe even popular ones, but this is not the case anymore since at the minimum such a thing would need at least a minimal USB stack with it - it wouldn't be anywhere near "small" anymore.
Re: (Score:3)
If we really cared about viruses destroying the US economy, we wouldn't be still running windows in the business world.
FTFY