Why is it that every discussion about computer security turns from ridiculous to absurd within shortest amounts of time?

You know, I'm the kind of tinfoil-hat type, but seriously... seriously! Guys! Nobody is running a TEMPEST attack on you. Nobody is pre-installing malware on your harddrives. Get real.

We're computer nerds. I'm not saying these are likely occurrences. I just like discussing them because they are fascinating.

That being said, the NSA has specifically made alot of these methods usable at a click by employees without programming experience.

This is the same thing many hackers do. You get a few really clever ones (real hackers who actually 'hack' - i.e. do something clever working within the limitations of their environment and resources) to come up with elaborate software that can be ran at a click and then you sell or give it away to everyone who likes to pretend they are smart who just run the scripts (i.e. script kiddies).

Now that hackers know that it is possible because the NSA is doing it, some of it will be replicated and opensourced and passed around by criminals. Not all of it is easily replicatable without NSA support. Programming for a hundred different harddrive firmwares, all of which are corporate secrets protected by a dozen different corporations, can only be done by government entities. But others, like using laptop microphones and speakers, are conceptual ideas that could be easily replicated by you or me, and packaged up and opensourced.

The real hacker attacks come from the inside (like the Sony hack possibly was) or from social trickery. And those are fun to talk about also; but since we're here entertaining ourselves, why not talk about the really existing and really awesome technical methods as well?

Who can tell if NSA is not also doing some industry espionage sponsored by big US companies?

using laptop microphones and speakers, are conceptual ideas that could be easily replicated by you or me, and packaged up and opensourced

since we're here entertaining ourselves, why not talk about the really existing and really awesome technical methods as well?

Uh... yeah, they're about on par with building a laser CNC mill with old CD-ROM drive step motors and manufacturing a working gun with that. Or building a dirty bomb from smoke detectors

Except the speaker and mic thing could be created in a weekend, using Oldschool cassette tape protocols like those found on the c64 for storing programs on magnetic tape and a simple ip stack like lwip, plus a few bits of protocol to tie it together.

As a proof of concept it would be an interesting thing to do. It would probably be the noisiest and most insecure wireless network in existence

But the system is already very insecure in this setup, what's the point of an air gaped system if you allow easy physical access to it? For the mentioned technique to work the computers have to be right_next_to_each_other. So i don't see how that would ever result in an exploit since if you're hacking someone you need this someone to have his computer physically right next to the one you want to connect to, and to which you must previously have installed software, i mean you can't make this any harder for yourself.

Oh look, a computer, i have physical access to it, what should i do, should i access it? Oh no i'll just install malware on it, wait for someone else on the company to connect to the net, hack into that, hope that person uses a model of computer who's heat dissipation is compatible with my preinstalled software, wait for him to be connected to the internet somehow in a room where air gaped computers are but where surely there is plenty of wifi and ethernet cables to the net "just in case", and use that to get the control i could've gotten instantly when i had physicall access now, at an 8bit/hour rate.

Yea that's totally going to be a game changer. This is never going to be used, ever, there won't ever be a scenario where it makes sense to use that

Instead of assuming everyone else is an idiot, consider the possibility that you haven't considered everything... Not all hacks are external; many require an inside man. Where do you think wikileaks gets most of their secrets?

There's examples in the thread already of companies with two PC's on every desk - one normal one for personal use and Google/Wikipedia/StackOverflow, and one USB-less, air-gapped one for work. There's games companies that do this to mitigate against the development of cheats!

You want to steal some secret company data, but have no way to get it out. Your malware is small enough that you can manually type out the code over a week of lunch breaks and get it installed on an air-gapped machine.
You then leave your phone in the office overnight with it's FM receiver running, which is downloading data being emitted by imperceptible dither patterns on an air-gapped LCD. A week later you take your phone home containing a large cache of secrets.
That's a realistic scenario. The quoted POC does the same thing except replacing the FM/Phone with the "public" PC and a temp sensor.

I'm not "assuming everyone else is an idiot", that's just silly and assuming name calling from someone who isn't doing so is barely better than name calling itself.

We were on the topic of stealing sensitive data from a web server, if you change the subject to stealing from a random joe gamedev PC next to his internet machine it's not quite the same thing is it, besides i don't think gamedev companies are exactly putting the same effort as what was being discussed in the specific example i was answering to (missile launcher). Or do you think there's someone browsing the internet next to a missile launcher?

It's not a realistic scenario either, there's a difference between managing to see slow temperature changes between 2 computers sitting right next to each other, and being able to pick up temperature changes to / from a phone placed at a random point. It's interesting in theory but that's about it unless you can raise the temperature of your phone by such a huge amount that it would be pickable without false positives by the computer at a decent range (i don't see how). Regardless of if it is, would a phone be left near a missile launcher or in a server room for weeks?

You talk about the man on the Inside, but then it has nothing to do with the technical feat (it's insignificant, once you have a man with access Inside, you're doomed, but you must protect against that regardless of technical means and i mentioned that before). If someone is physically next to the data store you're interested in and doesn't mind risking their job, they can simply physically steal it by force.

You'd best put your servers inside a faraday cage, too. With a little bit of low-end sensor and monitoring technology and a program to decode what you're receiving, you can wirelessly snoop on any keyboard (even a wired one!) remotely at a reasonable range. The more money youre able to throw into the problem (e.g. FBI or NSA level of budget) the longer range you can potentially sniff someones keypresses.

Not just the keypresses, your entire monitor might be remotely snooped by carefully measuring the E-M field in the air.

I did my military service as a communications engineer for field HQ, and was amazed by the computer hardware we used.

Heavy duty boxes with built in faraday cages, and only opto connections between the boxes.

Any cable where data is passed through can be compromised.

No cable can be compromised unless

1) You've got physical access to the cable or

2) It's not properly shielded

If nothing gets emited from the cable (or Nothing allowing to deduce the signal within it) then you can't really do anything about it.

This is you assuming you can know, or guess accurately what is proper shielding. With my limited knowledge of science I would say it is impossible to build a cable that emits nothing. Almost untracable emission, maybe. Still not nothing.

Going by that assumption of mine, how do you know just how little emission can no longer be picked up by whatever unknown technology is used by your enemy / the hacker?

If there are military secrets or whatever else important at stake, you don't assume something to be "properly shielded". You just go with the assumption that "there is no proper shielding" and add additional measures (as well as prepare for the event that even these measures are not enough). You assume your enemy has access to new technologies you don't know about because even if that might be implausible, there is a slim chance it is true. And then you are screwed if you are not prepared for it.

The germans assumed their Enigma was "unhackable" in the second world war. We all know today how well that worked for them.

And that leaves out your point one, physical access to the cable. Which proved a weakspot over and over again in history. Given enough resources, someone will get physical access, even if the cable is thousand of miles below solid rock. Again, there is no obstacle that is not climbable. It just slows the attacker down.

I agree, then again a lot of this can be solved (once again in the case of a website), by not transmiting anything risky on the cable, for example if the whole service is self contained on the server (no multi-server communication or sensitive data), then nothing would go "out" on the cable outside of what is meant for the internet to begin with

So basically you didn't understand what i said, and then stated it was all wrong. Everything i said is compatible with everything you said, i never said you could protect the CEO's PC from him plugging something into the port, i said that his PC getting hacked shouldn't give any access to THE REST OF THE NETWORK. I thought it was pretty damn clear in the part which you quoted in which i say well, exactly that, that he will get hacked if he gets a usb stick made for it, that you can't protect against that, but that you can protect against TRUSTING HIM

Nope, I understood you perfectly. EXACTLY THE SAME can be done with a LAN connection. There's the Ethernet layer, the IP layer, the TCP layer, and then the custom protocol itself (e.g. SAMBA file sharing protocol).
That's at least four possible points of failure. Not to mention if they're using WiFi, it gets a lot worse.
The CEO's machine gets infected, and even if he doesn't have access to 99% of the rest of the company data, the infected machine still will find its way to access that 99% by hacking the other nodes.

And like others have said, you don't need to target the CEO, you just need to target the guy with the highest clearance level. Be that the IT guy, the CEO, or the laundry guy.
Even if a guy has access to only 1% of the company's data, if that 1% just happens to be customer's credit card information and passwords, then that's enough.

But no "guy" should have any clearance level on the account he normally uses that gives him important rights at the network level, that too is bad security.

Why is it that every discussion about computer security turns from ridiculous to absurd within shortest amounts of time?

You know, I'm the kind of tinfoil-hat type, but seriously... seriously! Guys! Nobody is running a TEMPEST attack on you. Nobody is pre-installing malware on your harddrives. Get real.

Most "hacks" (like the Swiss bank hacks) are just runaway employees who could legitimately access that data. It was their job to access the data. So, yeah, they made a copy and ran off with it, and sold it to the highest bidder. There's not an awful lot you can do against that. You can make it harder, but in the end, that is just what "data" is about. Once you can access it, you can copy it.

And those who aren't employees who could access the data anyway are script kiddies who took advantage of the fact that the company they exploited had a non-existing security concept. Such as web server and database server with customer names on the same physical machine, three year old version of web server software and the like, directly connected to the internet. Or stuff like no access control provided that you provide a valid account number as HTTP/GET var (this is no joke, that was the base of at least two bank hacks).

Unless you are attacking a nuclear powerplant or a military organization, there is no point in going Mission Impossible or James Bond.

You fear that NSA does a thermal analysis on your keyboard to record your keystrokes? Well guess what, they can issue fake SSL certificates and just read any traffic you send off the wire, they don't need to get near your keyboard. And besides, they can literally grab the whole server (or pull out the harddisk) and run off with it. I wouldn't be surprised if they didn't even need a warrent for that.

They can't do that if you aint hosting in the usa :)

They wont openly admit to doing that if you aint hosting in the usa

There, fixed it for you.

if your data passes through the US at any point then it can be intercepted by the US. This includes your DNS traffic if you pick the wrong top level domain for your site, as all the .COM etc DNS servers are in the US last I checked. With this weak point in the chain, your traffic could be redirected. Combine this with the fact that the ssl cert can be spoofed with the right access or by the right people (several hundred spoofed certificates are created every day and exist for hours before being revoked - check the revocation list of any large issuer) and your whole server can simply be bypassed or a man in the middle attack launched. Do not pass go and do not collect $100.

They wont openly admit to doing that if you aint hosting in the usa

There, fixed it for you.

if your data passes through the US at any point then it can be intercepted by the US. This includes your DNS traffic if you pick the wrong top level domain for your site, as all the .COM etc DNS servers are in the US last I checked. With this weak point in the chain, your traffic could be redirected. Combine this with the fact that the ssl cert can be spoofed with the right access or by the right people (several hundred spoofed certificates are created every day and exist for hours before being revoked - check the revocation list of any large issuer) and your whole server can simply be bypassed or a man in the middle attack launched. Do not pass go and do not collect $100.

Aye i was just refering to where he said they would physically steal it :)

Aye i was just refering to where he said they would physically steal it

I'm sure if it was a high enough profile target, it being in another country wouldn't stop anyone. Any real intelligence agency has spies in all countries and will just send someone to steal the drives or data, with complete plausible deniability.

Of course, for Joe bloggs and his website, totally not worth it...