A Fifth Column In Every Pot

One of the problems with the whole Snowden** story is that it tends to make the NSA into too much of a cynosure of paranoia when it comes to individuals, entities, and institutions ‘spying on us’ or ‘invading our privacy’ or whatnot.

The reality is that everybody is trying to spy on everybody else.  Countries and Corporations, Lovers and Lawyers and Law Enforcement, oh my, and so on.  If you’re worried about the NSA in particular you definitely aren’t worried enough.

And speaking of worries; Charlie Stross recently posted a slight conceptual extension on the relatively recent Chinese tactic of covertly placing wireless internet accessing devices inside ordinary electronic appliances.  These stories have been coming out for a while now, and the problem is only getting worse.

The ‘first generation’ version of this idea is simple.  Inside your electric chicken pot, tea kettle, desk lamp – whatever – is a little microprocessor always drawing a negligible amount of current and scanning for some unsecured wifi router.  If it finds one, it establishes a connection and surreptitiously ‘beacons’ to headquarters.  The little chip is now useful for various purposes.

Maybe it’s now a hop-point for proxying which impedes attempts at attribution.  Maybe it monitors your traffic.  Maybe it uses your electricity to mine Bitcoins.  Maybe it reprograms your router and puts a new password on it, or installs malware on it, or fries the circuit-board from overloading, or disables the thing by corrupting the firmware.  Maybe it’s just really good at pinging a particular website and acting as a bot in a DDoS attack.  Lots and lots of scary possibilities.

Of course, for this to be a major threat and cause of personal – as well as national – concern, it would have to involve the obviously impossible coincidence of a peer-competitor adversary nation with a vast and highly sophisticated cyber-espionage division, that also was ruthless and brazen and had little compunction about spying or concern about getting caught.  And this nation would also simultaneously have to be the same country with a huge trade surplus that exported billions of cheap, retail electronic devices to every country in the world, dozens of which are probably in your house.

Which as we know is such an unlikely concurrence so as to be totally imposs…  oh.  Scheiße!

Frightened of things besides just the evil NSA yet?  Good; you should be.  We don’t have a good name for this kind of (very reasonable) panic yet, so I’m going to dub it, ‘The Blue Scare‘.  That’s after the color of the lights on my own wifi router, which … just got a new password.  Can’t be too careful, you know?

Stross takes it a step further and imagines these implants being clandestinely embeddable not just in conventional plug-in appliances, but in all sorts of devices; really anything with a power source, even from batteries, and maybe even the batteries themselves.  This would be particularly useful, if done cleverly, in logging your keystrokes or tablet-pokes and intercepting your passwords and credentials to gain privileged access to all your accounts and information.

You have no idea how many people can blackmail you now.  You might as well just believe everything you do is being watched so you should fear the consequences and try to be on your best behavior at all times.  God’s not dead; we just replaced him with technology.  ‘Reincarnated’ even; if that’s not too blasphemous. ‘Don’t Be Evil’, indeed.

But fortunately there are some obvious countermeasures, and I’m sure the genuine tech people in the crowd know plenty more.  For one, secure your darn router with a password.  Second, it can’t be that hard to set up routers with little ‘unsecure honeypot sandbox hotspots’ (to mildly abuse all those terms), just waiting for some Chinese Chip to take the bait and reveal itself.  And then probably reporting everything it does to your favorite anti-virus company.  I knew some guys at University who shared an apartment and an internet connection and had something just like that on their router just for laughs that sent expectant free-riders to some very nasty websites.

Maybe you get a sniffer tool too and figure out where it is so you can return it to Walmart.  Is it really a breach of warranty if your lamp works perfectly, but just happens to have a little extra invisible spying parasite attached to it like a tick?  Be sure to add a microphone to the sniffer too to prevent acoustic attacks.

So, probably, we’ll quickly defeat most of the implants which have to ‘out’ themselves to perform their mischief, and the tactic will rapidly disappear.

But then what?  No more Blue Scare?  Quite the contrary, alas.

Putting on my inner-evil-monster, hope-the-enemy-doesn’t-read-this hat, I try to imagine what damage could be done with undetectable sleeper implants that can’t connect to the internet or any wireless network because they’d reveal themselves.

And what they could do is listen.  For two things.  First, they could scan for all the frequencies that are typically emitted in their area.  Second, for the encrypted signal order that instructs them to 1. Suck up all the power available and jam on all those detected frequencies, 2. Constantly repeat the encrypted jam order to all other jamming devices in range, and 3. Irreversibly enter into this mode so that, even if you disconnect the power, as soon as you plug it back it, it starts jamming and order-signal-repeating again.

This is a cascade of dominoes that sets off a pretty awful avalanche, especially in high density urban areas.  How awful?  Well, first, how much do we rely on wireless telecommunication devices these days – the ones that will all be immediately neutralized everywhere an RF-avalanche was triggered?  I think everybody is utterly dependent on them.  And second, how exactly do you turn this nightmare off without scrapping everything everyone has that uses electricity or some self-directed super Nuclear-EMP?  You probably can’t.

And no one has to fire a single shot to unleash this catastrophe. No one even has to put a single human being behind enemy lines, because all the fifth-column agents are electronic.

All they have to do is put the little devices in the cheap retail electronic items, flood your country with them (it’s not like it wouldn’t be hard to hide this capability from customs inspectors), and wait.  Oh, you want to intervene against that Taiwan invasion reincorporation-liberation?  Are you sure?  Are you sure you’re sure?  You might want to reconsider.

Are you Blue Scared enough yet?  Still like free trade?  Don’t even remember the NSA now, do you?  Except maybe you’re thinking, “Somebody’s got to do something about this!”  Well, who do you think that somebody is?

**What ever happened to Snowden’s girlfriend?  Does she still love him?  Has she visited him in Russia.  Does he have a new one?  Does the FSB provide for his needs?  Do they need to?  The guy is a top-tier global celebrity right at the end of – but still within! – his 15 minutes of fame.  He probably gets his pick of the litter of the Bolshoi Ballerinas.  That is, when groupies and/or ‘journalists’ aren’t flying in from all over the world to ‘intimately interface’ with the guy.  Sigh … no one covers this stuff.

This entry was posted in Uncategorized. Bookmark the permalink.

41 Responses to A Fifth Column In Every Pot

  1. SMERSH says:

    Sorry, the idea of being jailed for hate speech by my own government is still far more scary than the idea of being blackmailed by the Chinese or being a victim of cybercrime. There are powerful leftists in the United States right now trying to figure out how to jail me for hate speech. The first amendment won’t hold them off forever. Hate speech laws are coming and that makes NSA spying much scarier than anything the Chinese are going to do to me.

    The U.S. government is not “us” or “we” it is “them”, Just like the Chinese government is “them”. Only the Chinese government is a “them” that is far away, while the U.S. government is a “them” that is both close and omnipresent. And the Chinese government doesn’t care about me at all, while the U.S. government hates me. So I’ll sit this one out while they “they” fight each other, except for maybe donating to one of those groups filing lawsuits over this issue.

    I’m with you on opposing free trade, for whatever it’s worth. But it’s a little late.

    • Handle says:

      What’s the best color for the ‘arrested by my own government for thoughtcrime’ scare? I’m going to go with ‘The Gray Scare’.

      • VXXC says:

        Brown Scare as per the Prophet Moldbug.

        • Handle says:

          No, no.

          ‘The Brown Scare’ is the witch-hunt, pursued by the left, for non-existent genocidal fascist Nazis, or a certain belief in the inevitable emergence of them, within any group on the right.

          It’s just the flip-side of ‘The Red Scare’ looking for Stalinists.

    • Incidentally, the Chinese Government is a far greater friend of the American common man than the American one. Chinese bureaucrats and business magnates need us: alive, active, and with plenty of spending money in our pockets – to buy their nation’s exported gizmos. [*] Can the same be said of the robber-elites who own USG?

      [*] The notion (Luttwak’s?) that the cheap export gizmos are merely a plot to destroy the land of God, Country, and Apple Pie is reminiscent of Anatoliy Golitsyn (and his chum J. J. Angleton’s) belief that the USSR faked its own death, and lies hidden somewhere, getting ready to take the Capitalist Devils by surprise one fine day.

  2. spandrell says:

    There was some pretty big news this week in Japan. Baidu makes a Japanese input software. Which nobody would download as Baidu is little known in Japan, but they’ve included it in a lot of freeware soft as add-ons, and also comes pre-installed in Lenovo PCs.

    It’s a pretty good input editor; but it also doubles as a keylogger, and was sending heaps of data back to China for analysis. Quite a lot of government and corporate computers had it installed, and they only realized this 3 years after it went into the market.

    Still all China does looks quite amateurish compared to the NSA. I think you protest way too much.

    The day will come when those ideological persecutions you are fighting against, intersect with the NSA capability. Then all bets are off.

  3. Bar says:

    The ‘first generation’ version of this idea is simple. Inside your electric chicken pot, tea kettle, desk lamp – whatever – is a little microprocessor always drawing a negligible amount of current and scanning for some unsecured wifi router. If it finds one, it establishes a connection and surreptitiously ‘beacons’ to headquarters. The little chip is now useful for various purposes.

    If you’ve browsed through the comments over there, you’d have noticed a Russian chimed in saying the story was probably made up because there was no corroboration at all and source couldn’t be found.

    This kind of thing would be a huge story, security wise. If the story was real, something tangible would have turned out.

    • Handle says:

      The story is real, but there’s a reason it’s not ‘huge’. Think about it.

      • Bar says:

        Why do you think it’s real? Because it makes a nice story.

        Again, Russians think it’s bogus because it’s invented. The actual, bugged teapot would be very interesting. None have turned up.

        It’s a made up story. Or a true story but Russians actually freaked out about wifi-enabled kettles.

        Also, it’d be piss-poor return on investment. Raspberry PI is pretty expensive. 10$.

        Unsecured wifi networks are very, very rare outside of the US. Very few people leave them that way. I know because I keep checking when bored, and finding an open network is quite hard.

        Let’s assume that generously, every tenth kettle would find a host. So that’d be $100 per one zombie. IIRC, those trade for far less…

        Maybe it uses your electricity to mine Bitcoins.

        Also – not a possibility because bitcoin mining depends is CPU intensive and is not cost-effective on low-powered devices (which don’t have good power/cost ratio). In fact, even on custom built machines bitcoin mining is presently not that profitable.

        • Jefferson says:

          That assumes that unsecured wifi networks are the only ones useful.

          • Bar says:

            IIRc, breaking into a wifi involves capturing lot’s of traffic and doing some pretty serious computations on that data.

          • Handle says:

            It helps if you can outsource it via short use of another connection, like people who use cloud cracker to break routers at pricy password-of-the-day locations.

  4. Bar says:

    He probably gets his pick of the litter of the Bolshoi Ballerinas.

    Is he the kind of person who’d want something like that? He doesn’t seem like a person who is into instant gratification or sex with strangers.

  5. Bar says:

    This is a cascade of dominoes that sets off a pretty awful avalanche, especially in high density urban areas.

    It’s a skiffy scenario. Firstly, these things would only be a real problem in case they were everywhere, that is extremely common. You’d have to slip them into a lot of different stuff and then wait for a decade to get good penetration and pray no technician ever notices something odd..

    If they were sparsely distributed, they’d just be a nuisance and a serious PR and trade fiasco.

    Even if those were serious – people could just go around, turn off appliances till they’d find one that does the jamming.

    And also – all serious communication is done over optical fibers, microwave links and such.

    An event you mentioned would just cause perhaps a week-long disruption of most economic activity and severely piss everyone.

    It’d be, in no way, comparable to the massive damage caused by EMP.

    All they have to do is put the little devices in the cheap retail electronic items, flood your country with them (it’s not like it wouldn’t be hard to hide this capability from customs inspectors), and wait.

    You forget that electronic stuff also goes through safety testing. It’s possible that an embedded jammer would get noticed. It’d need an antenna.

  6. VXXC says:

    Yes but if the USG wanted to protect us it would. It does not. We are prey, at best inventory livestock. They had plenty of information before 9/11, plenty before Boston. If NSA declares open warfare against the many, many, many predatory agencies and potentates in USG on behalf of the American People then it’s a different matter. But of course it’s part of USG, which pays them. We are unprotected livestock preyed on by the occasional free range predator, this is true.

    The USG means Americans harm, and to profit from the Harm. That informs their “National Security” as it informs all their policies.

    Of course they could protect America. They don’t.

    This doesn’t mean Handle, myself when serving, and many valiant others don’t love our country. But we’ll never under the current system be allowed to properly protect her, if we were USG would be acting against it’s own survival. People don’t do that.

  7. anonymous says:

    The U.S. government is not “us” or “we” it is “them”, Just like the Chinese government is “them”. Only the Chinese government is a “them” that is far away, while the U.S. government is a “them” that is both close and omnipresent. And the Chinese government doesn’t care about me at all, while the U.S. government hates me.

    that should be one of nick land’s t-shirt slogans. it’s long and clunky. maybe just “the government hates you”

    • VXXC says:

      I’ve been saying non-elite Americans need to understand their politics is “God Hates You” for awhile.

  8. VXXC says:

    Umm…er…why yes the Chinese are putting backdoors on Dell Servers…


    But it’s a JTAG [USG] backdoor…


    • Author of the post behind the first link speaking.

      The media, as usual, is spewing garbage.

      The JTAG port is not a back-door as such! Actually it is a rare and very valuable feature. I’ve been trying to buy some standard PC motherboards with a (documented!) JTAG port for quite some time now.

      I am interested in the pin-out and protocol used in the port, for a small-scale industrial application. Intel won’t give me the time of day, to no one’s great surprise. But if the Government were to give me the wonderful gift described above, a few hours of sweat and a logic analyzer would produce the needed specs. Perhaps I should simply order a crate of Dell PowerEdge machines and hope to get lucky?

      There is no shortage of other, subtler ways to back-door PC hardware. (Direct diddling of the CPU/chipset/GPU/etc silicon during the design or fabrication stage, for example. This subject has been beaten to death elsewhere, for anyone who is interested.) And as I gather, boards with JTAG ports will become even harder to obtain now than ever before.

      Incidentally, this particular tidbit is the most plausible evidence, thus far, for the Snowden “leaks” being… carefully engineered disinformation. The Government arguably has a strong interest in wiping out JTAG (debug) ports on PC motherboards (they are already extremely rare.) Given as said port is the only reliable means of auditing firmware.

      FLUXBABBITT is almost certainly a real gadget – a laboratory prototype, to be specific. The leak may have been engineered to advance the objective mentioned previously, and/or to distract from newer, subtler mechanisms of subversion, one that do not involve extraneous gadgetry visible to the naked eye (Si. die-level skulduggery, subverted algorithms, genuine cryptoanalytical breaks, etc.)

      • Handle says:

        You’re going to have to offer a lot more than 4 Bitcoins to motivate .. someone … to go to R Directorate and pull one out of the box.

        • Damn, bugs are handed out like candy to unsuspecting chumps, but when one asks nicely…

          • Handle says:

            Hey, some friends of mine that likes to read blogs around these parts is getting married soon and says he’s willing to have his reception double as a nice meet-up opportunity. Should I tell them your family wants to come?

  9. The magic tea kettle story is loudly, abundantly bogus. The disinformation officer who concocted this yarn ought to be sacked!

    My own kettle is unplugged except immediately at tea-time. How about yours?

    A toaster oven, washing machine, or even a lamp, would be far more plausible.

    • Handle says:

      Yeah, the original story is ridiculous, but there have been a few wifi parasite stories. Though, like I said, those can’t last long because they’d be detected and countered. But it’s fun to take the theoretical tactic and imagine what else could be done with it.

      Come on man, help me practice some FUD. Didn’t ‘jampocalypse’ make you giggle even a little?

  10. It would be very interesting to learn whether Mr. S actually “interfaces” with strangers flying in from around the world. Because if he does – and remains alive! this would be almost certain proof that he is in fact an employee of USG in good standing. Namely, a disinformation agent.

  11. VXXC says:

    I’ve been rather musing that the entire affaire d’Snowden has a Russian flavor the entire time.
    I know nothing but it has that flavor.

  12. Edmund says:

    Wow, I just saw a low-budget movie called “Dragon Day” where this Chinese take over the US in exactly this way.

  13. Edmund says:

    True, not exactly. I guess I meant the takeover is done pretty much by technology, rather than military invasion. Also the movie gets progressively stupider as it goes along…. but the scenario it lays out in the beginning is pretty neat.

  14. Pingback: Lightning Round – 2014/01/08 | Free Northerner

  15. FirkinRidiculous says:

    Cynosure is one of those words which I have to look up every time I happen upon it.

Comment - You know you want to

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s