[Cryptography] GHCQ Penetration of Belgacom

Jerry Leichter leichter at lrw.com
Tue Dec 23 00:15:07 EST 2014

On Dec 22, 2014, at 9:54 AM, ianG <iang at iang.org> wrote:
>> The pattern up to now has been for that attackers to move to lower and lower levels of abstraction.  Hack user code; hack OS code; hack boot-time code; hack firmware; hack the logic-level description of the hardware; hack the individual transistors (changing dopant levels so that the circuitry doesn't do *quite* what the logic assumes).  Every step down this hierarchy is harder for the attackers, but *much* harder for the defenders - and also much harder for the subset of defenders who analyze the details of attacks.  The lower you go, the fewer access points there are for analysis and the more delicate and hard to detect are the modifications.
> Hmmm... you make it sound as though this stuff is going on all the time all around us.
> Open question.  To what extent should we treat this as a realistic threat?  How prevalent is this?  Is there any way we can draw boundaries around this?
In terms of attacks "in the wild", I'm not aware of any that get below the boot code level.  (That doesn't include physical attacks based on modifying the hardware.)  Oh, there are always rumors - but I don't know of anything confirmed.  The attacks at lower levels are described in academic publications.
How viable they actually are, we don't know.

Mounting attacks lower in the stack is difficult and expensive.  It should come as no surprise that those who are in it for the money or the power will go with the cheaper software attacks as long they remain successful - which, today, they are.  Should those become too difficult, someone will go find the academic papers and start building real exploits.

Of course, we can't know if lower-abstraction-level exploits are being mounted today - but are so well hidden that we never detect them.  But the existence of state-of-the-art attack mechanisms like Stuxnet and Darkhotel - none of which go deeper than the OS - argues that if lower-level attacks are being mounted, they are being mounted by the most sophisticated parties in extremely unusual and specialized circumstances.
                                                        -- Jerry

More information about the cryptography mailing list