Not even an air-gap will save you when they use thermal sensors to steal your data using heat...

;)

Hack proof is impossible. In order to do any work, a person needs to have access to that data. People can always be hacked. Therefore your data can always be stolen. QED.

"The proof-of-concept attack requires both systems to first be compromised with malware. And currently, the attack allows for just eight bits of data to be reliably transmitted over an hour"

So basically if somone already hacked your system that is air gaped (see how it's not really a new problem there since you already screwed up before) they can steal 8 bit worth of data per hour? Sure they can send commands and in the sample they give to control a missile i guess 8 bit of data per hour is plenty to send a position to your pre installed malware to control it, however the hard part seems to be yknow, preinstalling the malware into the computer that was probably never connected to anything except the missile system itself.

Proof of concept. Can always get better.

The point was simply that there are ways to get data off a system without even plugging it in. The idea of an air-gapped system is not only to prevent malware from getting in, but to prevent any malware from getting data out. If the malware can get in (via aforementioned meat-space hacking, which isn't really hard) then the data can get out. Even without wires.

But the system is already very insecure in this setup, what's the point of an air gaped system if you allow easy physical access to it? For the mentioned technique to work the computers have to be right_next_to_each_other. So i don't see how that would ever result in an exploit since if you're hacking someone you need this someone to have his computer physically right next to the one you want to connect to, and to which you must previously have installed software, i mean you can't make this any harder for yourself.

Oh look, a computer, i have physical access to it, what should i do, should i access it? Oh no i'll just install malware on it, wait for someone else on the company to connect to the net, hack into that, hope that person uses a model of computer who's heat dissipation is compatible with my preinstalled software, wait for him to be connected to the internet somehow in a room where air gaped computers are but where surely there is plenty of wifi and ethernet cables to the net "just in case", and use that to get the control i could've gotten instantly when i had physicall access now, at an 8bit/hour rate.

Yea that's totally going to be a game changer. This is never going to be used, ever, there won't ever be a scenario where it makes sense to use that, it's interesting, it may open up other thoughts, but as is it's useless, if you up the bandwidth by 100 000X, it's still just as useless, it only opens up the following previously closed target:

- Air gaped computers in rooms with internet where you previously had access to the computer and didn't need to access it right now and were sure your software wouldn't be discovered for a while and knew you could also access a computer connected system that was in the same room and nearly next to the critical air gaped system.

Seriously, i'm not even sure 1 computer in the whole world went from "protected" to "vulnerable" when you see those restrictions.

No cable can be compromised unless
1) You've got physical access to the cable or
2) It's not properly shielded

That was what I thought too before doing my service.

It was obviously not enough for the designers of the military information system though.

I have no idea if they had a real (and probably classified) exploit for it, but at least the information on those computers was important enough to not take the risk.

Well nothing against paranoid protection, specially in the military, but unless there's actually something making you think anything could leak in a usable form i don't think there's any reason to worry there, also if anything was doable there it would probably be technology that has very low quality to begin with (more on the scale of detecting when bandwidth is being used or not, but i really don't see how you could decode full 1gbps traffic from the tiny bit of interference leaking from a shielded cable). That and you'd have to isolate it from the other hundred of thouthands of similar cables in a datacenter.

Now NSA becomes the Hacking Agency

....Those consequences could take the form of actions within cyberspace itself, where the NSA's number two said that the US military's cyber-command was prepared to conduct offensive cyber operations in other peoples networks.

But the system is already very insecure in this setup, what's the point of an air gaped system if you allow easy physical access to it? For the mentioned technique to work the computers have to be right_next_to_each_other. So i don't see how that would ever result in an exploit since if you're hacking someone you need this someone to have his computer physically right next to the one you want to connect to, and to which you must previously have installed software, i mean you can't make this any harder for yourself.

Oh look, a computer, i have physical access to it, what should i do, should i access it? Oh no i'll just install malware on it, wait for someone else on the company to connect to the net, hack into that, hope that person uses a model of computer who's heat dissipation is compatible with my preinstalled software, wait for him to be connected to the internet somehow in a room where air gaped computers are but where surely there is plenty of wifi and ethernet cables to the net "just in case", and use that to get the control i could've gotten instantly when i had physicall access now, at an 8bit/hour rate.

Yea that's totally going to be a game changer. This is never going to be used, ever, there won't ever be a scenario where it makes sense to use that

Instead of assuming everyone else is an idiot, consider the possibility that you haven't considered everything... Not all hacks are external; many require an inside man. Where do you think wikileaks gets most of their secrets?

There's examples in the thread already of companies with two PC's on every desk - one normal one for personal use and Google/Wikipedia/StackOverflow, and one USB-less, air-gapped one for work. There's games companies that do this to mitigate against the development of cheats!

You want to steal some secret company data, but have no way to get it out. Your malware is small enough that you can manually type out the code over a week of lunch breaks and get it installed on an air-gapped machine.
You then leave your phone in the office overnight with it's FM receiver running, which is downloading data being emitted by imperceptible dither patterns on an air-gapped LCD. A week later you take your phone home containing a large cache of secrets.
That's a realistic scenario. The quoted POC does the same thing except replacing the FM/Phone with the "public" PC and a temp sensor.

No cable can be compromised unless

1) You've got physical access to the cable or

2) It's not properly shielded



If nothing gets emited from the cable (or Nothing allowing to deduce the signal within it) then you can't really do anything about it.

First it's really hard (and expensive) to have a properly shielded cable. The tricky part is the connectors. You need to have a 360 degrees contact between the cable shield and the connector shield, and then a 360 degrees contact between the female and the male connectors. It is even worse with network cables because the RJ45 connector has a very bad shield connection, when it does have one.

Then even with a perfect shielding, you need very good electronics on both sides. Electronics that weren't designed from the ground up to pass TEMPEST requirements will leak part of the signal on the shield itself, and then the cable shields will radiate that signal like an antenna. The leakage can also occur on the supply voltage line. The higher the frequency and the easier it is to pick up the signal. So today with USB, Ethernet, HDMI... you have lots of sources to choose from. That said in a typical data center you have so many signal sources it would be difficult in practise to isolate a single one. But on an isolated PC, with a good parabolic antenna to pinpoint a signal source it works well.

You'd best put your servers inside a faraday cage, too. With a little bit of low-end sensor and monitoring technology and a program to decode what you're receiving, you can wirelessly snoop on any keyboard (even a wired one!) remotely at a reasonable range. The more money youre able to throw into the problem (e.g. FBI or NSA level of budget) the longer range you can potentially sniff someones keypresses.

Not just the keypresses, your entire monitor might be remotely snooped by carefully measuring the E-M field in the air.

I did my military service as a communications engineer for field HQ, and was amazed by the computer hardware we used.

Heavy duty boxes with built in faraday cages, and only opto connections between the boxes.

Any cable where data is passed through can be compromised.

No cable can be compromised unless

1) You've got physical access to the cable or

2) It's not properly shielded

If nothing gets emited from the cable (or Nothing allowing to deduce the signal within it) then you can't really do anything about it.

This is you assuming you can know, or guess accurately what is proper shielding. With my limited knowledge of science I would say it is impossible to build a cable that emits nothing. Almost untracable emission, maybe. Still not nothing.

Going by that assumption of mine, how do you know just how little emission can no longer be picked up by whatever unknown technology is used by your enemy / the hacker?

If there are military secrets or whatever else important at stake, you don't assume something to be "properly shielded". You just go with the assumption that "there is no proper shielding" and add additional measures (as well as prepare for the event that even these measures are not enough). You assume your enemy has access to new technologies you don't know about because even if that might be implausible, there is a slim chance it is true. And then you are screwed if you are not prepared for it.

The germans assumed their Enigma was "unhackable" in the second world war. We all know today how well that worked for them.

And that leaves out your point one, physical access to the cable. Which proved a weakspot over and over again in history. Given enough resources, someone will get physical access, even if the cable is thousand of miles below solid rock. Again, there is no obstacle that is not climbable. It just slows the attacker down.

"The proof-of-concept attack requires both systems to first be compromised with malware. And currently, the attack allows for just eight bits of data to be reliably transmitted over an hour"

So basically if somone already hacked your system that is air gaped (see how it's not really a new problem there since you already screwed up before) they can steal 8 bit worth of data per hour? Sure they can send commands and in the sample they give to control a missile i guess 8 bit of data per hour is plenty to send a position to your pre installed malware to control it, however the hard part seems to be yknow, preinstalling the malware into the computer that was probably never connected to anything except the missile system itself.

There's existing methods caught in the wild used by the NSA that work better.

They pre-infect computers by capturing mail parcels being delivered, and pre-install rootkits on the harddrive firmware. This has been found in the wild and verified by security experts.

So even reformatting a drive doesn't get rid of it, it re-installs itself from the firmware. You have to destroy the drive, but you have to know that you have to destroy the drive. And by that time maybe it's already infected other pieces of firmware on your machine.

Sometimes they also deliver the original infection via infected USB or typical malware-in-email-links, which then infects the firmware afterward.

Anyway, once infected, the infected computers setup a wireless network connection between each-other without using WiFi or bluetooth. Instead, they use the computers' speakers to emit imperceptible-to-the-human-ear sounds that carry information for the built-in microphones in laptops and their speakers to pick up. Basically, they create their own malware LAN using inaudible sound-waves. This has also been found in the wild and verified by security experts.

This means computers not connected to the internet can still send and receive data to a command-and-control server every so often when they are able to hop across the air to a computer that can hop across to another computer that does have an internet connection.

With the NSA, they have a tens-of-dozens different ways to infect a device, and dozens of ways to communicate with those devices once connected.

Some of those ways rely on the moons aligning properly, but if they have a dozen different ways that don't care which moon aligns, and can fall back to other methods automatically, and the hacked devices don't mind waiting 24-48 hours for the next alignment to send all their info and receive their updates, then it can work well enough to do what the NSA want.

So basically you didn't understand what i said, and then stated it was all wrong. Everything i said is compatible with everything you said, i never said you could protect the CEO's PC from him plugging something into the port, i said that his PC getting hacked shouldn't give any access to THE REST OF THE NETWORK. I thought it was pretty damn clear in the part which you quoted in which i say well, exactly that, that he will get hacked if he gets a usb stick made for it, that you can't protect against that, but that you can protect against TRUSTING HIM

Nope, I understood you perfectly. EXACTLY THE SAME can be done with a LAN connection. There's the Ethernet layer, the IP layer, the TCP layer, and then the custom protocol itself (e.g. SAMBA file sharing protocol).
That's at least four possible points of failure. Not to mention if they're using WiFi, it gets a lot worse.
The CEO's machine gets infected, and even if he doesn't have access to 99% of the rest of the company data, the infected machine still will find its way to access that 99% by hacking the other nodes.

And like others have said, you don't need to target the CEO, you just need to target the guy with the highest clearance level. Be that the IT guy, the CEO, or the laundry guy.
Even if a guy has access to only 1% of the company's data, if that 1% just happens to be customer's credit card information and passwords, then that's enough.

Why is it that every discussion about computer security turns from ridiculous to absurd within shortest amounts of time? You know, I'm the kind of tinfoil-hat type, but seriously... seriously! Guys! Nobody is running a TEMPEST attack on you. Nobody is pre-installing malware on your harddrives. Get real. Most "hacks" (like the Swiss bank hacks) are just runaway employees who could legitimately access that data. It was their job to access the data. So, yeah, they made a copy and ran off with it, and sold it to the highest bidder. There's not an awful lot you can do against that. You can make it harder, but in the end, that is just what "data" is about. Once you can access it, you can copy it. And those who aren't employees who could access the data anyway are script kiddies who took advantage of the fact that the company they exploited had a non-existing security concept. Such as web server and database server with customer names on the same physical machine, three year old version of web server software and the like, directly connected to the internet. Or stuff like no access control provided that you provide a valid account number as HTTP/GET var (this is no joke, that was the base of at least two bank hacks). Unless you are attacking a nuclear powerplant or a military organization, there is no point in going Mission Impossible or James Bond. You fear that NSA does a thermal analysis on your keyboard to record your keystrokes? Well guess what, they can issue fake SSL certificates and just read any traffic you send off the wire, they don't need to get near your keyboard. And besides, they can literally grab the whole server (or pull out the harddisk) and run off with it. I wouldn't be surprised if they didn't even need a warrent for that.

Why is it that every discussion about computer security turns from ridiculous to absurd within shortest amounts of time?

You know, I'm the kind of tinfoil-hat type, but seriously... seriously! Guys! Nobody is running a TEMPEST attack on you. Nobody is pre-installing malware on your harddrives. Get real.

Most "hacks" (like the Swiss bank hacks) are just runaway employees who could legitimately access that data. It was their job to access the data. So, yeah, they made a copy and ran off with it, and sold it to the highest bidder. There's not an awful lot you can do against that. You can make it harder, but in the end, that is just what "data" is about. Once you can access it, you can copy it.

And those who aren't employees who could access the data anyway are script kiddies who took advantage of the fact that the company they exploited had a non-existing security concept. Such as web server and database server with customer names on the same physical machine, three year old version of web server software and the like, directly connected to the internet. Or stuff like no access control provided that you provide a valid account number as HTTP/GET var (this is no joke, that was the base of at least two bank hacks).

Unless you are attacking a nuclear powerplant or a military organization, there is no point in going Mission Impossible or James Bond.

You fear that NSA does a thermal analysis on your keyboard to record your keystrokes? Well guess what, they can issue fake SSL certificates and just read any traffic you send off the wire, they don't need to get near your keyboard. And besides, they can literally grab the whole server (or pull out the harddisk) and run off with it. I wouldn't be surprised if they didn't even need a warrent for that.

Problem is that everytime a question about "failproof XXX" comes up, somebody is either asking for 100% security/uptime/whatever, or tries to proof that this actually is possible.

Point of some of the more out there exploits mentioned in the thread was to shoot down this exact notion of 100% security. It isn't about how likely it is that a company gets targetted by NSA-Grade evildoers... it is about the fact that WHEN somebody pours enough resources and skill into the task, every security measure will fail, as the attacker always has the advantage.

That point aside, NSA-Grade evildoers actually ARE reading someones e-mail as we speak and running wild doing no good deeds... it might not affect you as a John Doe. It did affect many European officials who where unaware the US Secret Services where treating them the same way as Al Queda. It might affect you if you happen to turn up in one of their automated searsches as being a suspicios person.

Who can tell if NSA is not also doing some industry espionage sponsored by big US companies? All for the greater good of the country (and some hard cash exchanging pockets... wouldn't be the first time Secret Services would be affected by corruption)? Who can tell what they actually do all day with the kind of ridicolous resources they are still getting?

I am pretty sure, even if the NSA would need a warrant, they would do it anyway without in the hope nobody ever found out. Seems to be the NSA way to do things... fire from the hip, and blatantly lie when found out.