I have heard the US Government has installed back doors in all computers. Is there a way to find these back doors and close them? I have also become aware of intrusion devices. Is there any protection from these devices?
Wrap your house in aluminum foil. I understand that is the most popular protective action one can take.
Thank you mr. government employee /troll
Hey you’re good! But I’m actually retired now five years.
But, truthfully, add the foil. You’ll be glad you did.
more like retarded 5 years. buzz off
There will always be rumours and conspiracy theories such as these. Back door access to computers is a more complex question than simply “installed in all computers”. Given that most computers are not manufactured in the US, it becomes hard to work out how the just the US government could do this. There are possible weaknesses that could be introduced, but they are not trivially exploitable, and are most certainly not present in all computers.
Backdoors in various operating systems are a different question, but even here is isn’t easy to insert them or keep them there.
There are three main operating systems in the word, Windows in it variants, OSX, and Linux. Then there are the various sub-flavours of Unix bringing up the remainder. (Arguably there is a significant overlap between Linux, Unix, and OSX - but what matters for this question is control over the code - so they are separate entities).
So to compromise all computers, a government would need the active cooperation of Microsoft and Apple and Google. Why Google? - because Android is by far the most popular variant of Linux, and runs in more smart devices (phones and pads) than any other OS. This isn’t inconceivable, but difficult to manage.
It isn’t possible to prove a negative - very hard to prove there is no back door in all these operating systems, but the evidence suggests there isn’t. Why? Because there is already a very active industry both looking for and closing backdoors. Even without access to the source code, back hat and white hat hackers go over all these systems with a fine toothed comb looking for exploits. The exploits found are sometimes astonishing in their complexity, leveraging decades of knowledge on how to craft malware. Virus writers see a highly profitable business crafting exploits - one of the favourite of which is installation of backdoors. Virus protection agencies, and others, make a business of finding and fixing the backdoors and the exploitable bugs that let the malware in. So far, there is scant evidence anyone has ever found a government sponsored backdoor, and certainly not one that exists in every computer.
Not just has one not been found, but there is no evidence that anyone has ever seen activity that would point to one being used. That is perhaps more important. Security experts have a habit of doing things like watching the internet traffic from machines - they can and do account for every single packet. So far there has been no sight of a backdoor that would appear to be directed by the US government. Now a government sponsored backdoor might hide itself in amongst the traffic of other malware. But if your computer has no malware installed backdoor, there would be no reason to see any backdoor traffic. So suddenly seeing something odd on a known good system would raise alarms.
As to “intrusion devices” - it depends upon what you think these are. There is a simple rule with computers. If someone has physical access to your computer they can compromise the security on it. No ifs, no buts. Sometimes it takes some effort, but for the most part, most machines are trivially subvertable. There are cute tricks to compromise machines via the USB ports. Things like making a mouse that works, but actually includes a small computer itself, which can be used for all sorts of nefarious things. The USB interface devices are typically not designed for security, and many are exploitable, sometimes in very nasty ways. Interface ports like Firewire and Thunderbolt are wide open holes into the inside of a computer and can be trivially used to gain control of a computer. You will discover that any company that cares about security blocks up the USB ports on all their computers, simply to prevent some idiot plugging an unknown device into them.
Moderator Notes
I. Dunno, let’s not attack other posters in GQ.
deregulated accusing other poster of being trolls and insulting them is also not allowed.
No warnings issued, but let’s drop it.
Colibri
General Questions Moderator
Well, there’s Magic Lantern, a keylogger virus developed by the FBI and secretly whitelisted by many major A/V vendors.
But it seems unlikely that the NSA or other gov’t agencies would collude with O/S manufacturers directly, since the risk of discovery is so high. Instead, it’s more likely that they would exploit vulnerabilities which already exist – the Heartbleed Bug being a recent example.
They don’t have to collude with OS manufacturers, they just have to blackmail, bribe, bail out or otherwise ‘convince’ a douchebag coder to “insert this code here and our beef with you is over”. After the backdoor is in place, target computers can then be otherwise infected with other surreptitious software and when the OS’s backdoor is fixed it no longer matters because they have installed their own.
Well, I have tried to post links to where I got this information, the computer will not let me. My original question is about an issue that is common knowledge to most avid readers. To deny these things exist is a smoke screen. Please check out wiki-leaks Spy Files if you can find it. And my apologies if I stepped over the line in my previous reply.
Bring the issue out into the open. Wear a TShirt that tells all “I Don’t Like It In The Back Door”.
So post the links as text. Or add some spaces to break the link.
We can figure out the rest.
This is truest - but generally the government does not need to insert back doors because Microsoft and others do it all by themselves by accident.
The danger of back doors is that unless they are incredibly subtle, someone will find it. You’re pitting the best coders a government salary can buy against every clever geek who loves a challenge. Considering what they have found so far, I doubt a deliberate hole would escape the notice of a massive security industry for long. Then there’s the counter-argument, that leaving an opening for someone to get into a computer means that once it was discovered by others, then anyone in the world (i.e. foreign governments) would have equal access.
The same goes for things like secret keys that can break encryption - if a weakness is deliberately put into code, then sooner or later others will figure it out.
There have been so many (accidental, we hope) vulnerabilities discovered over the years - it’s unlikely someone could come up with a back door that is so radically different from what’s happened so far that it won’t be found with the in-depth checking performed by most security companies and hackers.
But** FV** has a point - a simple disk or USB bootable can give the average user access to change the Windows security database on a desktop, so as to recover access for example. I have several such tools that allow me to edit the security database on Windows and replace the administrator (or other) password if it’s been forgotten.
Similarly, I’ve seen discussion that the USB embedded code can be exploited to compromise a running machine. When you insert a USB device, by default it queries the device, runs some embedded code it finds there, which could be exploited just like any other virus delivery mechanism. I’m sure someone can or does make simple devices that can be an inline computer the size of a USB stick that a visitor could plug into an open network socket somewhere inside a building; it can then “phone home” and give the hacker inside-network access to any building where the premises are in any way not secure. Heck, with modern PoE phone equipment, the Ethernet socket can even supply power to run the device. With Wifi, even the network jack is optional.
Isn’t that like a Doors song or something?
How does the computer stop you from posting these links? What exactly happens after you type the link in?
Such a thing would be very difficult to do. Simply “inserting your code here” assumes that each bit of code is only under the control of one person. You can be sure that this isn’t the case. Code in any commercial quality operating system is going to be subject to review and testing by people other than the initial writers. Code is centrally managed, and audit trails of every change maintained. The builds of the system are centrally managed, and typically automated.
If an operating system is compromised, I would feel pretty sure that the approach would be at the highest levels of a company.
USB exploits don’t typically depend upon code on the USB device being run by the OS (this is the old autorun problem that Windows had, something that has been squashed for many years.) The issues can be vastly more nasty. You can craft an entire computer to fit inside even a small USB memory stick. Once you plug that into your PC that tiny computer is free to attack the PC, often by exploiting weaknesses in the USB interface chip in the PC. This can lead to very very hard to kill malware infections of the PC. Modern USB interface chips may themselves have their own small processor inside then, and actually run their own tiny operating system. Infect that, and you have an ability to control the PC in a manner that is very hard to detect, and will survive compete OS re-installation. Such things are mostly theoretical possibilities at the moment. But should a government agency desire to gain access to a target’s computer, these are the sorts of exploits I would feel would best suit their needs. This is short of simply breaking into a target’s house, and installing hardware inside the CP that allows access and control.
One thing about the IT world- It’s populated with millions of geeks who love nothing better than to search for such things (as well as it being a part of some of their jobs). It would be the absolute worst place for “the govt” (whatever that means) to try and commit any sort of privacy conspiracies.
You may be thinking about the encryption exporting regulations and the govt’s attempt to mandate them being able to maintain a ‘private’ key for such things. But that was like over ten years ago and nothing became of it (other than tons of tech press cover & outrage over the idea).
And if you ask a wildly vague question like this using only generalities like “US government” and “back doors” and “all computers” etc. you just sound like a paranoid anti-govt conspiracy theorists, and are going to get sarcastic, non-serious replies like the above!
In the wake of the Snowden whistle-blowing and public reactions thereto, Apple and Google have moved in the opposite direction, upgrading their mobile-device encryption so that it’s turned on by default and cannot be accessed by anyone (including Apple and Google themselves) other than the end user.
This has various politicians and bureaucrats publicly setting their hair on fire. Predictably, this has spawned a new conspiracy theory (that the flaming hair is just a Kabuki-theater cover for collusion between corporations and governments), but that adds a whole new layer of improbability to the notion of secret backdoors that have gone undiscovered for years.
The main “intrusion device” issue you’d have to be concerned about is a keylogger, which could be installed either in hardware or software. The catch is that this carries a high risk of detection either during installation or after the fact, so as a practical matter such measures are limited to a small number of targets, of which you are unlikely to be one unless you’ve been up to something I’d rather not know about.