[Cryptography] GHCQ Penetration of Belgacom
Nico Williams
nico at cryptonector.com
Mon Dec 15 15:01:38 EST 2014
On Mon, Dec 15, 2014 at 12:28:25PM -0500, Jerry Leichter wrote:
> On Dec 13, 2014, at 9:21 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> > The damn Regin thing builds an entire encrypted virtual file system
> > inside the NTFS metadata.
>
> The idea of hiding stuff in NTFS extended attributes - not really
> metadata - is old. I remember doing it years ago. There are standard
> command line programs that come with Windows that can do it. People
> used to Unix file system semantics tend not to think of this stuff,
> but both Windows and MacOS have long had file systems that supported
> stuff beyond the "a file is just a stream of bytes" concept for years.
> It's never been widely used on Windows, and it's been getting less and
> less use in MacOS for a while now - but there's nothing new here.
Most Unix-ish OSes have something like it (for some it's just "xattrs"
with smallish payloads, either way, it's easy to overlook).
And who ever bothers looking in lost+found?
Hiding places are not in short supply.
> > "Each VFS has a structure that is very similar to a real disk file
> > system such as FAT. The VFS files start with a header that provides
> > basic information required to operate the file system. The header
> > is followed by the bitmap of used/ free sectors and then by the file
> > table."
>
> Again, not much really new here. In fact, SOP for many complex files
> in Windows: [...]
And elsewhere. Archive files, SQLite3 files, ... it's all roughly
equivalent to "a filesystem" comparable to that used here. Encrypting
it is easy too.
Nico
--
More information about the cryptography
mailing list