Intel and AMD processors compromised by NSA?


From this article we can see this is one man's speculation...but it is interesting non the less. 

I do not know the implications of this so what would it mean? Could they create an idea of what the users computer is doing via the data sent through the cpu? Or perhaps total control like a remote desktop scenario.

Is this possible?

Tin foil diaper for your laptop.... (shakes head in disbelief)

The data still needs to get out. If you have a paranoid firewall that is managed to inspect outgoing connections, the connection will become visible & would be reported.


No, seriously.


I hate to say it but some people, like the guy that wrote that article, shouldn't be on the internet. If you are doing something so wrong that you are worried about the feds knocking on your door then you are up to no good.

This... Ugh...

So you subscribe to the idea that if you are doing nothing wrong, you have nothing to worry about? Didn't this false logic get debunked by numerous people - including Logan?

[facepalms and notices that it causes a cooling breeze so keeps facepalming due to the hot weather... yeah...]

One thing: the linux kernel is entirely open source, and no part of the hardware can do anything the kernel doesn't want it to do, and although the NSA is actually a valuable contributor to the linux kernel (not a joke, they have really contributed nice stuff!), I can assure you that there is nothing in the linux kernel that is not kosher.

The NSA has a direct interest in the processors since Intel and AMD began to include extensions in them that deploy specific application processing or floating point circuits that can specifically accelerate encryption or take care of data integrity checks, because the NSA is an organisation that depends on that kind of stuff. Not everything is always bad about such organisations, the politics that use and abuse these organisations may suck, but there are a lot of serious people in there that do a great job at contributing to computer and network security. Trust me, most users are dumb enough in the way they use their PC or in what software they use, so the NSA doesn't have to manipulate hardware designs to get all the information they might want to mine, and then some...

What I want to know is how many troll posts they read through and take seriously everyday. Teenagers across the nation are going to be picked up by the FBI in the dark of night pretty soon. We all are going to have to pitch in to fund Gitmo's expansion.

On a more serious note, the government better keep all that information on lock down. No need to have China steal everything and run up everybodies credit cards or some other crazy scheme. 

That article is going to make some people some money NSA proofing computers and a lot of people collectively more "Special". It's hard enough explaining to people that the little card inside thier laptops isn't a government tracking device... Usually...

If you're concerned about your own privacy alot; hence, tinfoil hatters, just go back using a typewriter or the 70s/80s hardware.

*starts reading article* (first paragraph)

god fucking damnit, i think i broke my hand, and my vision... i think i might have a concushion

I linked the article above simply because I am interested in the possibilities. I am a computing enthusiast with a lot to learn and wondered what other peoples takes on this were.

Im not paranoid, that wasnt made obvious at all in the opening post, tin foil hattery kept to a minimum :-)


That is the exact mentality the Nazi's tried to burn into everyone's mind in Germany. "If your doing nothing wrong you've got nothing to fear" It's bs. It's just another way to justify treating citizens like criminals. Privacy is a right, rights cannot be regulated or suppressed. Furthermore the FBI  released a statement that it lost count of how many laws are on the books these days (so they don't even know the law) and Americans commit 3 felonies on average a day without even knowing. Chances are even you're up to no good and don't even know it.

The only thing to come from this mentality and illusion of security is the oppression of innocent people.

And another thing to add, just go outside and play duck-duck-goose or if it's raining, play some Pictionary or Monopoly as some sort of video gaming replacement if you don't trust your hardware respecting your privacy.

(Subject to change based on your spying law in your country)

Seems I'm about 5 days late to this party.

Oh, well.  I'll throw in my two cents' worth:

Regarding the AFR piece: I'm not sure how much space is available to newly defined CISC instructions in the microcode space in the new generation of CPUs.  But, based on what virus writers have been able to do in the past, producing TINY viruses in raw x86 code, which do nothing but call well known Microsoft OS functions, well ... somebody with knowledge of the CPU and OS could probably do some damage there.  And I don't know how you'd remotely trigger a CPU to run your newly defined microcode routine.  You could deliver hand-crafted executable code that contained a non-standard (non-x86) instruction to run your microcode.  On any uninfected CPU, it would generate an "invalid instruction" exception and might or might not crash the current application or OS, depending on how well that was handled...

In the video, Wendell speculated about the possibility of a subtle compromise of the on-board random number generator being used to compromise key generation.  But...if your crypto software uses the RNG output to feed a pseudo-random algorithm, that kind of compromise won't have much traction.

If an agency had the coercive power to get a vendor to modify chip hardware to order, they'd probably go after Intel's new built-in AES instructions.  I haven't read through the documentation myself but, since the Intel hardware is using your AES key, it can do anything in the world with it.  You're trusting the hardware.

I can see microcode-modified AES instructions storing those keys somewhere or sending them to a collection server somewhere.  And I was all excited when the parts with built-in-AES came out, too...

After reading the AFR piece, and the piece about the long-unpatched security holes in "TXT", Intel's "crypto processor", I'm less excited about them now.

i can see false updates or real updates with a wrapper being used for targetted surveillance.. there is all sorts of ways to acquire info through tempest monitoring, accoustic emanation(high frequency noise) to see what cpu instructions are doing or what keys are being clacked, bluetooth eavesdropping(input operations) and etc..  dunno much about clipper chips but calea type backdoors are real and in all sorts of telecommunication hardware for voip/sip/etc...