NSA Interception In Action? Tor Developer's Computer Gets Mysteriously Re-Routed To Virginia

from the a-slight-detour dept

So this one is odd. A core Tor developer, Andrea Shepard, recently ordered a computer from Amazon.com to her home in Seattle. Yet, as she tweeted last night, something odd happened on the way to delivering that package to her house:
If you can't see the image, here's a larger version:
Also, some more details from PrivacySOS. As you can see, rather than go from the Amazon warehouse in Santa Ana, California up the coast to Seattle, instead the package went across the country to Dulles, Virginia to Alexandria (right outside of DC) and was "delivered" there. Upon seeing this, my initial reaction was that it might not be a big deal. With shipping logistics these days, it's not uncommon to see a sort of hub system, where packages travel across the country from one warehouse to a shipping hub, only to be shipped back across the country for actual delivery.

But that does not appear to be what happened here at all. As Kade from PrivacySOS pointed out, the final Alexandria address is the final delivery location, rather than the sign of something in process. Also, the fact that it bounced around and then went "out for delivery" to that address shows that it wasn't just popping in and out of a hub for delivery to Seattle.

There are some possible other explanations, including just a general screw-up on the part of Amazon. But given the revelations of how the NSA's TAO group does very targeted spying, that often involves getting access to computers being shipped to targets, combined with the fact that the NSA has made it clear that breaking Tor is a priority that has mostly stymied them, this certainly should raise multiple eyebrows.


Reader Comments (rss)

(Flattened / Threaded)

  1. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Jan 24th, 2014 @ 11:54am

    PFFFT! That's nothing! Check out THIS oddity:

    "Large chunk of Chinese internet traffic redirected to small Wyoming building"

    http://www.smh.com.au/it-pro/security-it/large-chunk-of-chinese-internet-traffic-redirected -to-small-wyoming-building-20140123-hv9jg.html

    Reality versus Mike: Technorati ranks Techdirt below 5000.
    http://technorati.com/blogs/www.techdirt.com
    So why does Mike claim "a consistent Technorati Technology Top 100 rating"?
    http://www.techdirt.com/about.php

    Just look at the sites Techdirt actually ranks with! What a hoot! :

    5433. Free Samples and Coupons by Free …
    free-stuff-finder.com
    Recent: Free Dove Men Body Wash at Rite Aid …

    07:52:07[i-705-7]

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Clouser, Jan 24th, 2014 @ 12:00pm

    Creepy Spooky Dark

    Creepy
    SPOOKY

    Dark

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 12:00pm

    Re: PFFFT! That's nothing! Check out THIS oddity:

    "Large chunk of Chinese internet traffic redirected to small Wyoming building"

    Debunked: http://www.theatlantic.com/technology/archive/2014/01/this-little-house-in-wyoming-didnt-just-get-fl ooded-with-web-traffic-from-china/283249/

    Oh look, for all his talk about calling every story out here, it's OOTB who falls for bullshit stories.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Chronno S. Trigger (profile), Jan 24th, 2014 @ 12:02pm

    Didn't the NSA swear up and down that they didn't do this domestically?

    I don't know about you, but if I saw that kind of thing, I'd start getting someone else to order my stuff for me.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 12:06pm

    Solution: Burn the computer and get another from a safe vendor

    The solution to this seems obvious, Amazon can't be trusted. If she ever gets her hand on the computer, she should basically burn it and buy it from a more trustworthy vendor. There's no telling what hidden software the NSA might sneak onto the computer to make it less secure if it ever gets back to her.

    Obviously you can't trust Amazon not to cooperate with unconstitutional searches and seizures.

    I'm very glad now that my new computer I got for Christmas is from NewEgg instead of Amazon.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Applesauce, Jan 24th, 2014 @ 12:09pm

    Buy in person, pay in cash

    Walk into a computer store, not in your hometown, pick out a computer at random, pay in cash. Preferably, buy the individual parts that way and assemble them yourself.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    quawonk, Jan 24th, 2014 @ 12:13pm

    Hacked firmware.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 12:15pm

    Re: Solution: Burn the computer and get another from a safe vendor

    I guarantee that NewEgg would do exactly the same thing if presented with the right paperwork.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Jessie (profile), Jan 24th, 2014 @ 12:17pm

    Re: Solution: Burn the computer and get another from a safe vendor

    Is it amazon that is the problem, or was it diverted by USPS after leaving Amazon. Amazon may not have had anything to do with it. Perhaps packages being sent to her are being inspected waiting on a computer to be ordered and a chance for this to happen. The last time I ordered a computer by mail it came in a box that indicated that it was from a computer company (basically the box the computer was packed in with a shipping label on it). It wouldn't be hard to notice those and divert the shipment.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Arthur Moore (profile), Jan 24th, 2014 @ 12:19pm

    Re:

    It's actually worse than that.

    The NSA can replace the network jack on your computer with one that looks identical, but has an extra chip in it that talks to their servers.

    It's impossible to find without careful X-Raying or destructive testing, and I doubt that this is the only component they can do that to.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 12:19pm

    Re: Solution: Burn the computer and get another from a safe vendor

    Burn it? No way.

    Don't even open it. Give it to security researchers. Somebody get a hold of Bruce Schneier. If he won't take a look, surely he knows who will.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    dwind (profile), Jan 24th, 2014 @ 12:31pm

    Keyboard?

    The shipping record says the package contains a think pad keyboard.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Drawoc Suomynona (profile), Jan 24th, 2014 @ 12:31pm

    Don't detroy it. There are countless security experts out there that would LOVE to get a look at that machine.

    However, now that this has gone public it will be interesting to see if it even gets delivered. If it's still in NSA HQ then you can bet they will undo whatever they have done before it gets sent.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 12:33pm

    Re: Solution: Burn the computer and get another from a safe vendor

    who is this mythical trustworthy vendor you speak of?

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    allengarvin (profile), Jan 24th, 2014 @ 12:35pm

    Re: Solution: Burn the computer and get another from a safe vendor

    "The solution to this seems obvious, Amazon can't be trusted."

    And you trust that employees of Newegg will risk charges of criminal contempt under 18 USC 402 by disobeying such orders? That they'll go to jail rather than compromise your privacy?

    You do know private citizens don't get to decide what's constitutional or not, right?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 12:35pm

    Has malware reached the point where it can be installed on a keyboard? Perhaps electronic sensors have been developed that are attached on the circuit portion of a keyboard and able to register and store each keystroke?

    Note that order was not for a laptop, but apparently for a replacement Lenovo keyboard.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    ChurchHatesTucker (profile), Jan 24th, 2014 @ 12:35pm

    Re: Re: PFFFT! That's nothing! Check out THIS oddity:

    I blame Google.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Geno0wl (profile), Jan 24th, 2014 @ 12:35pm

    Re:

    The NSA has practically reached the Tyson zone.
    No matter what ridiculous story you hear about their spying efforts, you are by default inclined to believe it instead of asking for proof anymore.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Me, Jan 24th, 2014 @ 12:40pm

    NSA Liars

    IF this was an interception, the NSA heads, Holder, Verrili and Obama should be charged with crimes and perjury for claiming this didn't happen domestically.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 12:42pm

    Re: Buy in person, pay in cash

    If anything the primary vectors for NSA has always been the software. Computer vendors like you and the other guy is just pushing sales through fear, while it in reality is insignificant for security and protection against spying...

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 12:43pm

    Re:

    easy, USB keyboard and put in a small hub with spyhardware. Could be a USB storage item with a trojan and autorun for example. Then once the trojan gets installed, hide the anomalous hub and storage. Depends on autorun being enabled, but, you know, people are generally stupid.

    I wouldn't be surprised if there is more elaborate stuff that uses undocumented features and backdoors though.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 12:45pm

    Re:

    You mean a keylogger?

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 12:47pm

    If this is true then it's troubling on several levels. One is they are actively and in real time monitoring people here, they can hack, re-route or intercept packages and/or Amazon is willingly complying with the NSA to re-route packages.

    If any of this is remotely true it'll make me hesitant to buy anything electronic online, like my next computer. Back to buying parts and building my own after inspecting the components for odd looking bits hot glued to them.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    cybik, Jan 24th, 2014 @ 12:56pm

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    Canadians.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Eponymous Coward, Jan 24th, 2014 @ 12:57pm

    A Contrarian View...

    I actually think for this group this is a very good thing, not that they are targeted in this way by the NSA mind you (if that is what's going on), but that they are seeing the process unfold first hand. If I were a hacker heavily interested in the NSA's tactics and tech I would look upon this as a late X-mas gift! An above reply said they would burn this computer which I think is idiotic for I would tear this computer apart to find what they altered and assess its capabilities. Meanwhile I would document this whole ordeal to use for a future expose, or lecture at a havking convention. I almost wonder if this could be honeypot situation where they were ordering from Amazon in the hopes that this would happen. You'd think that since they are aware of such issues as NSA interdiction a person connected to the organization would be apprehensive to order online for this very reason, but that's a lot of conjecture on my part. In the end though I think they'll have some fun with this and we'll be hearing more about it later.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Moe, Jan 24th, 2014 @ 12:58pm

    Zip+4 Address

    I'm not sure why Mrs. Shepard blacked out her address and left her Zip+4 there. 98122-2990 narrows it down to 1819 23rd Ave., Seattle.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 1:01pm

    I don't buy any of my electronics online anymore. It's just too risky getting a BIOS trojan these days. Brick and mortar stores are the future.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Oceania, Jan 24th, 2014 @ 1:02pm

    Remove the bios from the mother board - and replace with a freshly burnt PROM.
    Check some of your other SMDs onboard for flux from replacement, and look for other issues around network hardware.

    Use another hard drive and ... problem solved.

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 1:02pm

    Re: Re: Buy in person, pay in cash

    How do you know he's a vendor? His advice isn't so bad if you're worried about the NSA's known diversion program where they add spy hardware to the machine.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Ruben, Jan 24th, 2014 @ 1:03pm

    Re: Re: Re: Solution: Burn the computer and get another from a safe vendor

    You're cute.

    You must have never heard of FVEY.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Moe, Jan 24th, 2014 @ 1:03pm

    Blame US Postal Service, not Amazon

    This is most likely the work of the shipping carrier, the US Government owned USPS (aka the Post Office) who delivered this package. It was done by USPS without Amazon's authorization most likely.

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 1:04pm

    Re: Re:

    It's impossible to find without careful X-Raying or destructive testing


    You don't have to go that far. Use a second computer running wireshark to analyze the traffic to/from the suspect one.

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 1:05pm

    Re:

    Has malware reached the point where it can be installed on a keyboard?


    it's been at that point for years. Also, printers.

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 1:11pm

    Re: Solution: Burn the computer and get another from a safe vendor

    Don't bother unpacking it, just put it up on Ebay in an as delivered condition, stating the delivery routing. A biding war between spy agencies could be interesting.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    WobblesALot, Jan 24th, 2014 @ 1:12pm

    It was probably sent by a carrier such as UPS, Fedex and then handed off for final delivery to USPS. She needs to produce the USPS tracking information to see when the package entered the USPS network. So why not just do that as well as the Amazon tracking detail?

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    Chronno S. Trigger (profile), Jan 24th, 2014 @ 1:17pm

    Re:

    It says the carrier is USPS. UPS or FedEx probably weren't involved at all. I've gotten several packages delivered from Amazon directly threw USPS.

    Though, I wouldn't trust UPS ether. They've taken to using USPS themselves for the last leg of the trip.

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    toyotabedzrock (profile), Jan 24th, 2014 @ 1:18pm

    Wow they screwed up. I hope we get to see the type of hardware they use and the software.

    Even better lets see what frequencies they use!

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    Chronno S. Trigger (profile), Jan 24th, 2014 @ 1:21pm

    Re: Re: Buy in person, pay in cash

    I was thinking the same exact thing as Applesauce was. If you really want to make sure that they can't do this, you have to buy from a brick and mortar store. Some place that the NSA wouldn't expect, or at least won't have the budget to cover. Too bad you can't get a replacement laptop keyboard from Best Buy.

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 1:21pm

    Re:

    zzz malware on old mac keyboard in kylogger years ago.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    ST, Jan 24th, 2014 @ 1:24pm

    Wow!

    Wow! This gal (and a lot of people commenting) need to get out and check the real world every once in a while. It is a very straightforward delivery screw-up. I'm not sure how you reconcile the "NSA-know-it-all-nefarious-out-to-get-you-very-powerful-very-sneaky" type you all talk about with what would clearly be the dumbest way of intercepting a package. Have you guys heard of Occam's Razor? How about a package being sent to the wrong destination by a not-very-competent service?

    I've had a coffee machine that was supposed to be delivered from the west coast to the east one, reach Newark, cross the Atlantic and hit Paris and then piruet, go to Memphis and then merrily reach the East Coast. I thought it was a simple routing mistake and I still do. However, I would like to know how many of you think the French DGSE put some chip on it to check on my coffee-drinking habits.

     

    reply to this | link to this | view in thread ]

  41.  
    icon
    OldMugwump (profile), Jan 24th, 2014 @ 1:27pm

    Let's all calm down a little

    All we have is a misrouted ThinkPad keyboard.

    Yes, it was misrouted to Alexandria, and a keyboard is an ideal place for a keylogger/keysniffer.

    But there are plenty of legitimate (I mean non-government-connected) businesses and people there.

    Most likely, this is nothing but a shipping mistake.

    We shouldn't jump to conclusions on such thin evidence.

    That said - it's worth further investigation. By all means, talk to Amazon and USPS and see what they say. And examine the keyboard carefully - looking for mechanical, electrical and RF anomalies. (Best to get an identical keyboard from another source for comparison.)

    Probably you'll find nothing. If and only if you find evidence of tampering, THEN you have a smoking gun.

     

    reply to this | link to this | view in thread ]

  42.  
    icon
    Chronno S. Trigger (profile), Jan 24th, 2014 @ 1:28pm

    Re: Re:

    Windows will not run autorun from a USB drive since Windows XP (and I think one of the XP updates disabled that).

    If it's anything, it's probably a small chip that sits between the keyboard itself and the USB output. It then installs itself like a keyboard and uses some glitch (or possibly a back door) in the keyboard driver.

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 1:31pm

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    brick and mortar stores? they can't divert it at the cash register.

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    julius, Jan 24th, 2014 @ 1:32pm

    Re: Re:

    Yeah, seems pretty logical to "wire" in that crazy way you say into a keyboard being sent to one of the devs behind TOR. my grandma would notice an intervention like the one you speak of Lol... oh boy...

     

    reply to this | link to this | view in thread ]

  45.  
    icon
    Chronno S. Trigger (profile), Jan 24th, 2014 @ 1:35pm

    Re: Wow!

    Everything posted here is just hypothesis. The idea that it was a shipping mix-up has already been postulated in the article and by Andrea herself. That is, as you say, the simplest possibility and has already been hashed out as far as possible. The other possibilities are just more interesting.

    No one here is saying with 100% certainty that the US government is behind it. We're just it's vary possible and this is how they might have done it.

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 1:35pm

    Thanks, NSA.
    The new "Thanks, Obama."

     

    reply to this | link to this | view in thread ]

  47.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 1:40pm

    Re: Wow!

    Actually, Occam's razor doesn't help much in this case. It's not just that the package was diverted. It's that it was diverted to Dulles, VA. That's very suspicious. Also, the person involved works with software the spies hate. Two points in favor.

    On the other hand, you'd think that they wouldn't be so careless that the diversion would show up in the package tracking.

    So, looking at it from an Occam point of view, it's pretty 50-50.

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 1:40pm

    It was foolish to bring attention to it. If this really was an interception, it could have been software only and could be made to remove itself remotely and leave no trace.

     

    reply to this | link to this | view in thread ]

  49.  
    icon
    ArkieGuy (profile), Jan 24th, 2014 @ 1:42pm

    Hanlon's Razor

    Never attribute to malice that which is adequately explained by stupidity.


    Keep in mind folks, this is the USPS (you know, the guys that go "postal" all the time) - chances are someone simply screwed up and delivered to the wrong address.

    With that said, anyone interested in 40 acres of ocean front property I have in Arkansas?

     

    reply to this | link to this | view in thread ]

  50.  
    icon
    afn29129 (profile), Jan 24th, 2014 @ 1:43pm

    Zip-plus 4

    Actually if you're gonna black-out your address you should also black-out the last 4 digits of the ZIP-plus-4.
    Now we know which apt building you live in.

     

    reply to this | link to this | view in thread ]

  51.  
    identicon
    John Nemesh, Jan 24th, 2014 @ 1:52pm

    Re: PFFFT! That's nothing! Check out THIS oddity:

    Why don't you just stop posting here? You have ZERO credibility after all of the crap you spout. At the very least, get a new user name. That may fool people into taking your posts seriously for maybe one or two days.

     

    reply to this | link to this | view in thread ]

  52.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 1:52pm

    I've actually met Andrea in person (she graciously agreed to sign my PGP key), and there's a couple things that seem to make an NSA interdiction more probable, in my mind.

    First, unsurprisingly, Andrea uses Linux. But that's not the point I want to make, in of itself. She's also a developer, familiar with tweaking source code, recompiling it, and using it in her daily activities.

    Further, she also uses a metal attache case to transport her laptop, specifically because it acts as an excellent Faraday cage. (I don't know if she was just joking when she gave that as her reason for using the case, but she sounded quite serious!)

    It wouldn't surprise me if somebody decided that it was too risky to try a software penetration (she alerted to the fact that my anti-virus falsely triggered on one of her emails, until I was able to demonstrate that it was normal activity), and somewhat difficult to remotely compromise one of her machines. They wouldn't even be sure that whatever bugs or backdoors they're using still exist, because she modifies and recompiles her own software on a regular basis. Conversely, a new hardware order would provide an excellent way to get access.

    Is it possible that it's just a shipping shenanigan? Yes, of course. But it would not surprise me if somebody felt they had to go hardware to try and compromise Andrea's systems, that's all I'm saying.

     

    reply to this | link to this | view in thread ]

  53.  
    identicon
    John Nemesh, Jan 24th, 2014 @ 1:54pm

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    You, sir, win the Internets for best idea!

     

    reply to this | link to this | view in thread ]

  54.  
    icon
    pixelpusher220 (profile), Jan 24th, 2014 @ 1:59pm

    Re: Re: Re: Solution: Burn the computer and get another from a safe vendor

    Definitely. Especially the ones in Alexandria, VA!

     

    reply to this | link to this | view in thread ]

  55. This comment has been flagged by the community. Click here to show it
     
    identicon
    czxc, Jan 24th, 2014 @ 2:07pm

    Re: Re: Re:

    trigger you seem like a logical person. you are kidding right? have you read any of Snowdens´ statements? They got no techies or superhackers at the NSA, they just pulled out a suitcase full of dollars and all info was being handed to them no questions asked. Ppl go easy on the paranoia and get well informed, plus someone mentioned the ockham razor well this is the case ITS A FUCKING KEYBOARD. Apart from all the "yeah they put malware in the keyboard" -shows no indepth reading of snowdens´ statements, that there was no hardcore intel or epic hacker work there but LOADS OF MONEY TO PAY COMPANIES TO RELEASE THE DATA. Keep watching 24 and thinking the CIA is made of super spies, or watch Argo yeah the NSA and the CIA are top-notch secret service agents -they are indeed in spreading disinfo and messing foreign policies but no epic "spies" there... again, all the stupid nonsense stuff coments directly disregard most of snowdens´s statements, its crazy, all experts on snowden and intelligence lol but you all seem to have read NONE of what he stated... :P and yes again, get some logic... in the imaginary world were the NSA is super hi tech and has super spies like the one on comics and shit ... they would "bug" a KEYBOARD LMAO being sent to that particular person? LMAO... google social engineering cause that was mostly the "hacking" being done by the NSA, not to be rude but the ignorance is high on some ppl here

     

    reply to this | link to this | view in thread ]

  56.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 2:10pm

    Re: Re: Re:

    This assumes cards per se aren't compromised, behaving normally until they receive custom packets.

     

    reply to this | link to this | view in thread ]

  57.  
    icon
    krolork (profile), Jan 24th, 2014 @ 2:12pm

    We need a revolution.

     

    reply to this | link to this | view in thread ]

  58.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 2:15pm

    Re: Re: Re: Re:

    Then you'll detect it when the custom packets come in. I wasn't talking about hooking up an analyzer for a few minutes and calling it good -- that's worthless for this sort of thing. I was talking about constant monitoring.

     

    reply to this | link to this | view in thread ]

  59. This comment has been flagged by the community. Click here to show it
     
    identicon
    John ur an idiot, Jan 24th, 2014 @ 2:17pm

    Re: Re:

    Not even remotely the point. The subject matter is the NSA and their workings right? Or have I missed the subject? Please do an effort to think clearly, read some Snowden as it was CASH that did the work and no, they didn´t bugged this womans´ keyboard, sorry, she rushed to tweet sadly. As a) as some other person says, it´s AMAZON, expect screw ups her relation to TOR does not make her immune to human idiocy. b) no even REMOTELY basic analysis of her keyboard was made... a check for nothing unless proven wrong -which she didn´t at the time- but hey let just jump into conclusions real quick!!! it makes good articles! PARANOIA SELLS!!! ... not even a photo the keyboard even ripped apart. If she did it as some sort of decoy as to check if the NSA was checking her online transactions, then again, where is the FUCKING KEYBOARD SNAPSHOT?! Could waited two days or half a day at least and get anyone to crack open the keyboard... she prolly didn´t meant all the fuss but this kinda shit SELLS and thats media be it tech dirt or whatever, note is a joke but a hook that gets 800 comments based on a snapshot and a tweet...great journalism

     

    reply to this | link to this | view in thread ]

  60.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 2:18pm

    Re: Re: Re: Re:

    in the imaginary world were the NSA is super hi tech and has super spies like the one on comics and shit ... they would "bug" a KEYBOARD LMAO being sent to that particular person?


    You haven't been keeping up. It has been recently confirmed that the NSA does precisely this, by the NSA itself. They do say they don't do this domestically, but at this point, who would be foolish enough to take them at their word?

     

    reply to this | link to this | view in thread ]

  61.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 2:22pm

    Re: Re: Re:

    Settle down, Beavis.

    I was answering a specific question about malware vectors. I was not talking about what may or may not have been done in this particular case. I am certainly not jumping to any conclusions.

    The rest of your comment is hysterical, in both senses of the word. Snapshot of the keyboard? Why? It would reveal absolutely nothing, even if it had been compromised.

     

    reply to this | link to this | view in thread ]

  62. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 2:22pm

    Re: NSA Liars

    it´s not. it´s the media cashing out on a person´s tweet about her being a bit restless about the delivery of the keyboard. It SELLS. Period. TechDirt is mainstream media too or so it seems as this is a REAL joke of an article and again, she probably didn´t tweeted for attention, the media including this one is making this idiot story about super "malware"-"viruses" (its virii actually but hey go ahead) or some of the crazy stuff being written. yeah yeah the CIA and the NSA has been known not only for sticking "malware" on keyboards, printers and even mouses but here comes the worst part: EVEN YOUR MICROWAVE OVEN CAN BE WIRED! FACT! And beware of your toaster its tracking your bread eating habits

     

    reply to this | link to this | view in thread ]

  63.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 2:23pm

    Re: Re:

    UPS and FEDEX have partnered up with USPS under a program called "SmartPost" where the package is handed off to the USPS for final delivery. The premise here is that it saves customers and the aforementioned carriers a few cents. The reality is it briefly puts a package in the hands of the feds that otherwise would be much harder to inspect and/or compromise in the hands of a 3rd party private courier.

     

    reply to this | link to this | view in thread ]

  64.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 2:23pm

    Re:

    Not if she never connects it to the net, it can't.

     

    reply to this | link to this | view in thread ]

  65.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 2:25pm

    Re: Hanlon's Razor

    Sure, misdeliveries happen -- but they're very, very rare, even by the USPS. I get, on average, about 5 USPS-delivered parcels a week. Not once has any of them been misrouted.

     

    reply to this | link to this | view in thread ]

  66.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 2:39pm

    Re: Re: Wow!

    "On the other hand, you'd think that they wouldn't be so careless that the diversion would show up in the package tracking."

    Exactly Johnny. That is unless they want this knowledge publicized - again - promoting fear and paranoia about the very technology they once thought they dominated, but instead has been the primary source of their proverbial undoing when utilized by the common man.

     

    reply to this | link to this | view in thread ]

  67. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 2:40pm

    Re: Solution: Burn the computer and get another from a safe vendor

    __it was a keyboard__. usually reading entire articles helps one thinks clearly and not like an idiot. "There´s no telling what hidden software the NSA might sneak onto the COMPUTER" lol... please before you go into paranoid tin-foil hat mode and go on about the "there´s no telling" oohhh :O the NSA!!!! And this and that. Again, many of the commenters are either crazy or, like you sir with respect, ("burn the computer" LOLZ!!!!) not the public you would expect from techdirt which is known for this shitty idiot "news". The woman, again, shows no x-ray or whatever the fuck "may be" on his keyboard and again what sense would it make for the NSA to intercept a keyboard being sent from AMAZON? LMAO. PLUS= IDIOTS PLEASE PLEASE, PLEASE _READ_ SNOWDEN DONT just put a thumbs up on facebook dimwits, the whole case was that there was not a lot of "sneaking" but a lot of SPENDING BIG BUCKS paying providers to release info. Missing the point, and again, lol please, "burn your computer" lmao... well shes a dev maybe she can fin another way to "clean it" from the ultrasupersecret-area51stuff the NSA uses. In most ppl dreams as I see and it saddens me such a high lvl of ignorance, come on try to use some commom sense. It helps. It´s a keyboard. One out of the many rational questions one may ask is why would the NSA "intercept" a keyboard. For surveillance? LMAO. Of what? To "bug" it? LMAO... yeah yeah they put a nanorobot they got from martians that hides on the "tab" key and sends info directly via infrawaves to secret nsa cells located in the stratosphere

     

    reply to this | link to this | view in thread ]

  68.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 2:45pm

    Re: Re: Re: Re: Re:

    "Ok" Johnny.

     

    reply to this | link to this | view in thread ]

  69.  
    identicon
    Matthew A. Sawtell, Jan 24th, 2014 @ 2:48pm

    To paraphrase a quote the movie, "The Guard"

    You know, I can't tell if you're really m--herf--kin' dumb, or really m--herf--kin' smart.

     

    reply to this | link to this | view in thread ]

  70. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 2:49pm

    Re: Re:

    "it´s actually worse than that". Not only what your stating is quite idiotic, shows no careful examination of many of Snowdens´ statements but LMAO... YEAH I WOULD TAKE ADVICE FROM ARTHUR MOORE A PERSON WHO READS AN ARTICLE ABOUT A _KEYBOARD_ AND READS "COMPUTER", THEN SPEAKS OF "X-RAYING OR DESTRUCTIVE TESTING" - as some more informed say LMAO yeah there are other methods as the one stated - come on man takes your meds please, it´s for the best of everyone. Tin Foil hats are good so you should keep yours on, no doubt about it, it´s actually worst than anything you can imagine, they can replace your nipples with a nanochip that speaks to your tv that then sends your personal info -the NSA is very interested on Arthur Moore´s doings- to a central HQ where 3 million ppl work with aliens to examine your thoughts and how to manipulate them. Oh boy grats tech dirt: well played...make a shit article, then cash out 800.000 hits out of crazy comments lol.. the level of paranoia is amazing, and PLEASE.... lol... again reading before commenting is a good thing... "hacked firmware" lmao...ppl please you know shit about what you are talking about with all due respect get informed, information is power so you don´t go into crazy mode as this gentleman and 800.000 more, spreading disinfo... hacked firmware lmao... yeah :P sent to a dev related to TOR ... FOR REAL?! ROTFL ppl wikipedia TOR lmao yeah yeah "hack this chick keyboard she won´t notice" said the NSA super spies lmao...

     

    reply to this | link to this | view in thread ]

  71.  
    icon
    Christopher Best (profile), Jan 24th, 2014 @ 2:53pm

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    Actually, yes. They have bugs for USB cables, RJ-45 ports, keyboards, etc. They didn't get them from martians, they buy them from contractors. For someone saying "read snowden" you don't seem to have actually bothered keeping up with what's been published.

     

    reply to this | link to this | view in thread ]

  72.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 2:55pm

    Re: Re: NSA Liars

    How long have you been working for the NSA? Just curious...

     

    reply to this | link to this | view in thread ]

  73.  
    icon
    mudlock (profile), Jan 24th, 2014 @ 2:56pm

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    Good point! No one would ever hide a keylogger in a keyboard!

    And clearly this isn't real: http://www.eweek.com/security/nsa-can-hack-you-even-if-you-arent-connected-to-the-internet.html

    "The target machines first are compromised by way of a USB stick or tiny circuit board that broadcasts the information. ... The geniuses at the NSA with the remote radio access technology have extended the range to a staggering 8 miles."

    So I'm sure it's perfectly safe.

     

    reply to this | link to this | view in thread ]

  74.  
    icon
    mudlock (profile), Jan 24th, 2014 @ 2:59pm

    Re: Re: Re:

    Ohhhh, you're just replying in giant blob-o-paragraph form interspersed with DEROGATORY ALL CAPS to *every* thread in the comments.

    Man, the NSA is really scrapping the bottom of the barrel for astroturf.

     

    reply to this | link to this | view in thread ]

  75.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 3:00pm

    Re: Re:

    assume for a moment, that what ever bug is in there has a cell modem. the few mw power would be hardly noticeable and you could not prevent it from connecting.

     

    reply to this | link to this | view in thread ]

  76.  
    icon
    mudlock (profile), Jan 24th, 2014 @ 3:02pm

    Re: Re: NSA Liars

    Three.

     

    reply to this | link to this | view in thread ]

  77.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 3:04pm

    Re: Re: Re: Solution: Burn the computer and get another from a safe vendor

    This one I don't get. Any serious air-gapper is going to be doing it in an electromagnetically-shielded environment, thus no radiation of anything anywhere.

     

    reply to this | link to this | view in thread ]

  78.  
    icon
    AricTheRed (profile), Jan 24th, 2014 @ 3:17pm

    Re: czxc Re: Re: Re: Re:

    I am not PARANOID! "They" Really are out to get me!

     

    reply to this | link to this | view in thread ]

  79.  
    identicon
    Anonymous, Jan 24th, 2014 @ 3:18pm

    "...breaking Tor is a priority that has mostly stymied them...". The government can't break something they helped design? Uh-huh. Yeah, and who's this Dread Pirate Roberts guy anyway?

     

    reply to this | link to this | view in thread ]

  80.  
    icon
    mudlock (profile), Jan 24th, 2014 @ 3:19pm

    Re: Re: Re: Re: Solution: Burn the computer and get another from a safe vendor

    TOR developers kinda use the internet.

     

    reply to this | link to this | view in thread ]

  81.  
    identicon
    Anonymous, Jan 24th, 2014 @ 3:21pm

    Re:

    Don't you know that you can count me IN!

     

    reply to this | link to this | view in thread ]

  82.  
    icon
    mudlock (profile), Jan 24th, 2014 @ 3:23pm

    Re:

    NSA can't break something NRL didn't back-door for them.

     

    reply to this | link to this | view in thread ]

  83.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 3:29pm

    As great an opportunity as finding a tracking device to tear apart.

    This is a great opportunity to tear it down in both hardware and software and report some type of definition that the rest of us could look for in our search for this stuff on our own equipment.

    Congrats on winning the lottery, I look forward to my own "special software" on my next purchase.

     

    reply to this | link to this | view in thread ]

  84.  
    identicon
    quawonk, Jan 24th, 2014 @ 3:40pm

    Re: Re: Re: Buy in person, pay in cash

    Who's to say they don't do it to all the hardware shipped to stores?

     

    reply to this | link to this | view in thread ]

  85.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 3:41pm

    Re: Solution: Burn the computer and get another from a safe vendor

    No, send it to someone like Bruce Schneier and ask them to analyze it. Then if they find anything publish what the find.

     

    reply to this | link to this | view in thread ]

  86.  
    identicon
    Dan, Jan 24th, 2014 @ 3:43pm

    Re: Wow!

    You are a nobody to the NSA and their associates, a developer for the Tor project however is a lot different.

     

    reply to this | link to this | view in thread ]

  87.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 3:46pm

    Re: Re:

    From what we've learned about the NSA's ANT catalog, that's a rather naive argument to take.

     

    reply to this | link to this | view in thread ]

  88.  
    icon
    nasch (profile), Jan 24th, 2014 @ 3:49pm

    Re: Re: Re:

    Besides the writing style, we can tell that julius and czxc (and an Anonymous Coward) are the same person by the gravatar. Thought you should know.

     

    reply to this | link to this | view in thread ]

  89.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 4:13pm

    Re:

    Umm...yes it can. Take an hour and watch this.
    https://www.youtube.com/watch?v=vILAlhwUgIU

     

    reply to this | link to this | view in thread ]

  90.  
    identicon
    Dan, Jan 24th, 2014 @ 4:16pm

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    Your comment was hard to read but it's clear you have no idea of the bounds of technology in use. Read up on Stuxnet as a predictable example, that was made possible in part due to a compromised print spool driver - where from? The US Government. Oh yeah and just because she is a software developer, does not automatically mean she can rip apart and recognize a foreign object in a keyboard. It would probably be rewritten firmware anyway.

    Your post shows how much knowledge you have on the subject, which is next to none so why not just stop trying to bitch at people and move on.

     

    reply to this | link to this | view in thread ]

  91.  
    identicon
    Phill, Jan 24th, 2014 @ 4:53pm

    Re: Solution: Burn the computer and get another from a safe vendor

    She should NOT burn it, this computer may be valuable intelligence for everyone else.
    She should disassemble the computer and take photos, post them online with the specs and ask people to do a once over on it.

    If anyone finds any additional components it should then be offered up to a reputable security researcher so they can investigate exactly how it works.
    Heck I'd offer it up to a researcher regardless so they could do a once over anyway in case any firmware is compromised.

     

    reply to this | link to this | view in thread ]

  92.  
    identicon
    Jerrymiah, Jan 24th, 2014 @ 5:02pm

    Re: Re:

    NSA does have that possibility. They've screwed up the cryptographic standard so bad that they can access any computers whenever they want.

     

    reply to this | link to this | view in thread ]

  93.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 5:17pm

    Re: Not Domestic

    Didn't the NSA swear up and down that they didn't do this domestically?


    This wasn't domestic. Several parts in the computer came from overseas. She had also recently called Canada so she was only one hop from a foreign potential terrorist.

     

    reply to this | link to this | view in thread ]

  94.  
    identicon
    MrWilson, Jan 24th, 2014 @ 5:25pm

    Re: Re: PFFFT! That's nothing! Check out THIS oddity:

    To be fair, OOTB probably didn't actually fall for that bullshit story because, as we already know, he doesn't actually read articles on the internet, just the headlines, and then goes straight to his random comment generating script.

     

    reply to this | link to this | view in thread ]

  95.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 5:57pm

    Re: Re: Re: Re: Re: Solution: Burn the computer and get another from a safe vendor

    The very technology you pointed to consists of compromising, with radio waves, computers that aren't connected to the internet. The solution to that is electromagnetic shielding, but...

    "TOR developers kinda use the internet."

    Yeah, let me know when you're tired of riding a waffle.

     

    reply to this | link to this | view in thread ]

  96.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 6:02pm

    Re: Re: Re: NSA Liars

    Let's hope, otherwise you've just misrepresented the law in a manner the aforementioned agency can trace back to you.

     

    reply to this | link to this | view in thread ]

  97.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 6:33pm

    Re: Re:

    hahaha...I thought you were going to say something witty about an earlobe.

     

    reply to this | link to this | view in thread ]

  98.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 6:51pm

    Check the DNS

    My internet got reaaaaaal slow after I posted here on Techdirt. Pages would often timeout.

    It's a pattern I've seen before, commented on NSA articles here on Techdirt, DSL got real slow. ISP couldn't fix it, next doors DSL was fine, changed the router, DSL back to normal speed. Comment again on Techdirt, DSL suddenly real slow again.

    A tracert doesn't show any extra hops, but there is a huge gap in the routing delay, its very easy to hide extra hops so you cannot rely on tracert.

    Switched to fibre, real fast, comment on techdirt, real slow again.

    This time I tried messing with the DNS, switching to Google DNS and Open DNS etc. makes it real quick again.

    IMHO, maybe the attacks are done via the DNS, returning new IP addresses for existing sites, then man in the middle that traffic.

    How would it work with https traffic? I don't yet know, but https traffic suffered exactly the same.

     

    reply to this | link to this | view in thread ]

  99.  
    icon
    WulfTheSaxon (profile), Jan 24th, 2014 @ 7:02pm

    Re: Re: Re:

    Not sure about FedEx, but you can use UPS MyChoice to selectively or automatically upgrade packages before they’re handed off to the USPS.

     

    reply to this | link to this | view in thread ]

  100.  
    identicon
    jordan, Jan 24th, 2014 @ 7:12pm

    Re: Zip+4 Address

    I'm not sure why Mrs. Shepard blacked out her address and left her Zip+4 there. 98122-2990 narrows it down to 1819 23rd Ave., Seattle.

    Say what? TOR developer who orders from Amazon? Wait! Even can't black out her zip+4?

    Something not right here.

     

    reply to this | link to this | view in thread ]

  101.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 7:16pm

    Re: Wow!

    Nope they just peed in it before sending back.

     

    reply to this | link to this | view in thread ]

  102.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 8:40pm

    Re:

    what if they know who your friends are?

     

    reply to this | link to this | view in thread ]

  103.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 9:21pm

    Re: Check the DNS

    Slowed to a crawl here too. Also, the avatars of each and every "insider" were substituted by a generic silhouette. Seems to be fine now.

     

    reply to this | link to this | view in thread ]

  104.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 9:28pm

    Re: Re: Re: Re:

    Don't get me wrong, SmartPost is generally a user selected option. However, I can foresee a day when it's the standard. When all else fails, the PTB usually attempt to rule by degrees (incrementalism).

     

    reply to this | link to this | view in thread ]

  105.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 9:35pm

    Re: Re: Check the DNS

    I do believe it means someone hit a rather sensitive nail on the head though.

     

    reply to this | link to this | view in thread ]

  106.  
    identicon
    Just Sayin', Jan 24th, 2014 @ 10:44pm

    looks more like

    It looks more like a bit of a setup. It could also be a transposition error on the zip code (dyslexia does exist), or for that matter that a large shipment was going there, and her package got "wrapped" onto a pallet.

    My guess is more along the lines of someone trying to stoke the fire against NSA by setting things up. I suspect that the full order from Amazon includes a gift address that isn't showing.

     

    reply to this | link to this | view in thread ]

  107.  
    identicon
    Anonymous Coward, Jan 25th, 2014 @ 2:50am

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    My ONLY source of computers is my work shop. I build my own, from known, clean, tested components. I have never, and never will, purchase a computer-as-appliance. Don't trust manufacturers, don't trust distributors, don't trust delivery services. If I need a laptop for some unforeseen reason, I have an old one (2008) that I have rebuilt many times and know what's in it.

     

    reply to this | link to this | view in thread ]

  108.  
    identicon
    Anonymous Coward, Jan 25th, 2014 @ 2:52am

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    YES!!!

     

    reply to this | link to this | view in thread ]

  109.  
    identicon
    Yeah Right, Jan 25th, 2014 @ 3:39am

    Even if the keyboard wasn't tampered with, a fed rerout - if genuine - is sending the intended message: 'We are all powerful and we've got our eye on you.'

    We've entered Third Reich territory. We're all living under a virtual occupation. Time to get the Resistance organised.

     

    reply to this | link to this | view in thread ]

  110.  
    icon
    techflaws (profile), Jan 25th, 2014 @ 4:20am

    Re: Re: Re:

    Says the idiot too stupid to understand the concept of Gravatars. Impressive!

     

    reply to this | link to this | view in thread ]

  111.  
    identicon
    Matthew A. Sawtell, Jan 25th, 2014 @ 6:23am

    Re: To paraphrase a quote the movie, "The Guard"

    Think about it, Bezos and Crew have been slapped with probably another set of orders that they cannot directly divulge - but attempted at least one 'slight warning'. Question is, can this be done again, or with the folks in the Beltway cover this 'loophole' on the next set of orders.

     

    reply to this | link to this | view in thread ]

  112.  
    icon
    nasch (profile), Jan 25th, 2014 @ 6:36am

    Re:

    We've entered Third Reich territory.

    Either that, or a shipping company screwed up.

     

    reply to this | link to this | view in thread ]

  113.  
    icon
    OldMugwump (profile), Jan 25th, 2014 @ 8:50am

    Re: We need a revolution.

    We may need one, but at this point the revolution would LOSE.

    This is still more-or-less a democracy - people elect the criminals who authorize and defend this stuff.

    As long as that continues to be the case, any revolution will fail. And if/when the electorate wakes up or finds their moral compass, then a revolution won't be necessary.

    Revolutions tend to be bloody, killing a lot of innocents. Let's try to avoid it if we can. Especially so if the result is going to strengthen the state rather than weaken it.

     

    reply to this | link to this | view in thread ]

  114.  
    identicon
    Jim, Jan 25th, 2014 @ 9:50am

    Similar Experience

    I bought a Google Chromecast device through Amazon. The order was placed on 12/26/2013. The estimated delivery date was 1/3/2014. THe device was finally delivered to my home in Phoenix on 1/14/2014. The Fedex Tracking had the package start in Reno, NV. From there it went to (in order):
    Sacramento, CA
    Los Angeles, CA
    Atlanta, GA
    Dallas, TX
    Phoenix, AZ

    You can call this crazy Fedex distribution routing, but I have NEVER seen anything remotely like this. I kept the product and will be having it analyzed.

     

    reply to this | link to this | view in thread ]

  115.  
    identicon
    diane, Jan 25th, 2014 @ 1:34pm

    And why is Andrea an Amazon supporter/customer?

    It’s hard to have any sympathy whatsoever for someone who orders through Amazon. What? She doesn’t know about Amazon’s horrid warehouses? Amazon’s cloud servicing the CIA? Bezos’ disdain and contempt for the average human? I suppose she also has a gmail account and a facebook page?

    She’s clearly one of the many who have made Amazon, et al, relevant and dragged the rest of us, who’ve watched in horror for at least a decade now, into a world where Amazon, Google, Apple, PayPal, eBay, Facebook, Twitter, et al, violate, hand in hand with the Fascist (for lack of a more horrific and current adjective) U$ Government, with impunity.

    It’s also truly sickening to see so many of those Blawwgers!!! - who fervently aided in making Sly Con Valley the monster that it is – finally, way too late, talking against it with no apology, or recognition, that they trashed others as Luddites, Trolls even, for at least a decade, whenever those Luddites expressed concerns re Amazon, Google, Apple, PayPal, eBay, Facebook, Twitter, et al, and the swift trajectory where someone like the sociopath Kurzweil (who has been connected with the Defense Industry for decades, to my understanding) is rapidly approaching his, Go Daddy!, 100% Mechanized World run and imagined by Thought Leader ! ... Papas [only!], wet dream.

    Post Script: And about kade? kade is well past the time in which he should explain why the ACLU has a Face Fiend page.

     

    reply to this | link to this | view in thread ]

  116.  
    icon
    Mike Gale (profile), Jan 25th, 2014 @ 1:42pm

    Mistrust of the Government

    The thing that strikes me here is the mistrust and paranoia (justified) that I see.

    A few people (in the law, elected reps, management of the securocracy) have started the rot that is progressively destroying faith in government and business.

    A slogan of the US, is mutating into something like:

    Government of the sheople, by the devil, for the psychopaths.

    Sad. I believe that the majority in the occupations that are starting to stink are decent people. The organisations that made this happen, are, in their present states, not fit for purpose in the current age.

     

    reply to this | link to this | view in thread ]

  117.  
    identicon
    Anonymous Coward, Jan 25th, 2014 @ 1:56pm

    Re: Re: Re: Buy in person, pay in cash

    First of all I presume physical plants like these require warrents and even though their oversight is for craps, I doubt they want to use their snoopers to hit random targets (price is a factor).

    Second of all, how do you know they do not do the exact same crap on store bought computers? If they were randomly adding spying hardware, you wouldn't be any safer when you buy from stores.

     

    reply to this | link to this | view in thread ]

  118.  
    identicon
    bone breaker, Jan 25th, 2014 @ 4:27pm

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    Neither does the NSA. Only congress can decide the wording of law and only the judicial branch can interpret those laws. Therefore with NSA lying in congressional hearings, they are breaking the law. We need to keep these discussions going until congress performs it's mandated job. Create laws that have teeth. Don't accept the contempt and treason being committed. Pass laws that allow the incarceration and even capital punishment for treasonous acts. Hold agency executives accountable. Don't let them resign or shuffle the personal to avoid accountability.

     

    reply to this | link to this | view in thread ]

  119.  
    icon
    btrussell (profile), Jan 25th, 2014 @ 4:59pm

    Re: Re: Re: Re:

    Gravatars
    http://en.gravatar.com/

    I think you meant avatar.

     

    reply to this | link to this | view in thread ]

  120.  
    icon
    nasch (profile), Jan 25th, 2014 @ 6:42pm

    Re: Re: Re: Re: Re:

    I think you meant avatar.

    My understanding is the images generated for non-signed in users on Techdirt are from Gravatar.

     

    reply to this | link to this | view in thread ]

  121.  
    icon
    G Thompson (profile), Jan 25th, 2014 @ 9:53pm

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    Paragraphs are your friend.

    Use them.

    otherwise it's going to be read as just a load of blargha flargha... wait on second reading of your dribble it is just a load of Blargha flargha derpness.

     

    reply to this | link to this | view in thread ]

  122.  
    identicon
    Robert, Jan 26th, 2014 @ 5:55am

    Re: Solution: Burn the computer and get another from a safe vendor

    More realistically, her internet connection can not be trusted. Any and all online orders can be intercepted and the typically illegal security letter issued and the purchase intercepted.
    The track record is likely a simple mix of indifferent arrogance, laziness and cheapness. Obviously the risk of a key logger is pretty high, with a trigger dump, either by direct physical contact or via remote contact on the already compromised internet connection.
    However a background investigation must still be in action, it would be interesting to see what they are accusing her of to enable the false investigation.
    Likely emigration will be the only escape as they work up to aiding terrorism charges so they can force compliance.

     

    reply to this | link to this | view in thread ]

  123.  
    icon
    The Groove Tiger (profile), Jan 26th, 2014 @ 10:17am

    Re: Re: Re: PFFFT! That's nothing! Check out THIS oddity:

    It's got to the point that his "signature" footer saying random negative one-liners about the site has grown to be 3 times larger than his actual post!

     

    reply to this | link to this | view in thread ]

  124.  
    identicon
    bon, Jan 26th, 2014 @ 10:28am

    Re: Solution: Burn the computer and get another from a safe vendor

    They don't intercept to put software on your computer, they intercept to swap out hardware.

     

    reply to this | link to this | view in thread ]

  125.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 3:53am

    Re: Solution: Burn the computer and get another from a safe vendor

    Dont burn it, store it, away from any sensitive systems, wait to see if more news of the methods and technology comes to light, so that one can open and positively identify the parts.......bam, substantial evidence........makes me wonder why these organisations put these things out there.......is it so well hidden, or do they retrieve it?

     

    reply to this | link to this | view in thread ]

  126.  
    identicon
    Anonymous Coward, Jan 27th, 2014 @ 8:04am

    Re: Re: PFFFT! That's nothing! Check out THIS oddity:

    he keeps posting because people keep responding to him

     

    reply to this | link to this | view in thread ]

  127.  
    icon
    John Fenderson (profile), Jan 27th, 2014 @ 8:20am

    Re: Re: Re: Re: Buy in person, pay in cash

    First of all I presume physical plants like these require warrents


    What physical plants? The hardware is diverted after it leaves the plant. It arrives at a spy shop where the modification is made, then sent out again.

    The only point where a legal requirement comes into play is in the diversion -- and I'm not sure a warrant is needed there.

    how do you know they do not do the exact same crap on store bought computers?


    because these are, by their very nature, targeted operations. This sort of thing isn't done to every piece of hardware (that would have to be done at the manufacturing plant). This is done against particular people. They would have to know precisely which piece of hardware you'd be getting, in advance, to alter the sight one on the store shelf. Except maybe in very special circumstances, this isn't possible.

     

    reply to this | link to this | view in thread ]

  128.  
    identicon
    Peter Gerdes, Jan 27th, 2014 @ 11:07am

    This is totally ridiculous.

    First, the NSA would only want to intercept a keyboard to do data interception. But there is no reason for them to intercept the data of a tor developer, THE SOURCE CODE IS PUBLIC ALREADY. Unless they think the developer is themselves a terrorist they could care less what they type.

    A keyboard would be useless for planting bugs in software. Even if they had the whole computer it would be extremely difficult to leverage that control to force the insertion of backdoors into the code (it would be much easier to hack into github or wherever the `canonical' version of the tor source is held and insert bugs there...even if there is no defacto canonical repository it would be extremely difficult to hide the introduced bugs from the developer while not disrupting the normal diff/compile/run development process).

    If the NSA was sophisticated enough to implement this kind of extensive system compromise (all the tools used by the developer must appear to work normally EXCEPT the hash of any commit needs to include the modified source AND any commit needs to include the modifications BUT somehow when the developer turns the commit into a patch and examines it in ANY text editor it must not appear) they surely wouldn't screw up at the step where they divert the package.

     

    reply to this | link to this | view in thread ]

  129.  
    identicon
    atum, Jan 27th, 2014 @ 12:52pm

    change a chip or chips simple. source intercept destination easy. all computer are on the network can be seen. company developed software cambridge, mass. in the early 90's

     

    reply to this | link to this | view in thread ]

  130.  
    identicon
    diane, Jan 27th, 2014 @ 1:23pm

    Re: Peter Gerdes/This is totally ridiculous.

    Unless they [the NSA] think the developer is themselves a terrorist they could care less what they type.


    What rarified world, and/or lies, are you living in ...and/or promoting? so very late after the sun set and the gathering left ....until the piece is revisited?

     

    reply to this | link to this | view in thread ]

  131.  
    identicon
    Worried, Jan 27th, 2014 @ 10:16pm

    Amazon repeatdly rebilled my credit card. Wrogly. 5 times before I finally got them to stop.

     

    reply to this | link to this | view in thread ]

  132.  
    icon
    TiagoTiago (profile), Jan 28th, 2014 @ 4:56pm

    Re: Re: Re:

    That assumes they are sending their spied data in-band...

     

    reply to this | link to this | view in thread ]

  133.  
    icon
    TiagoTiago (profile), Jan 28th, 2014 @ 4:58pm

    Re:

    They could just intercept the data being sent thru the wires and then send it out via a GSM modem hidden in the circuit boards

     

    reply to this | link to this | view in thread ]

  134.  
    icon
    TiagoTiago (profile), Jan 28th, 2014 @ 5:01pm

    Re:

    Unless "they" got to the factory. We know they don't refrain from mass surveillance....

     

    reply to this | link to this | view in thread ]

  135.  
    icon
    TiagoTiago (profile), Jan 28th, 2014 @ 5:04pm

    Re: Re: Re: Wow!

    For psych wars they don't even need to do any actual modifications. And actually, that might even be more effective, spreading rumors they are so good you can't detect what they did even with physical access.

     

    reply to this | link to this | view in thread ]

  136.  
    icon
    Fushta (profile), Jan 29th, 2014 @ 12:05pm

    Re: Solution: Burn the computer and get another from a safe vendor

    1) Tell Amazon you didn't get the package (proof is in the tracking info).
    2) They send you a new one.
    3) Repeat as often as they will comply.
    4) Profit

     

    reply to this | link to this | view in thread ]

  137.  
    icon
    Fushta (profile), Jan 29th, 2014 @ 12:11pm

    Re: Re: czxc Re: Re: Re: Re:

    Speaking of paranoid; if you live in Alexandria, VA, and order a computer (or computer component), how do you know if it was diverted or not?

     

    reply to this | link to this | view in thread ]

  138.  
    identicon
    tbg, Feb 6th, 2014 @ 12:29pm

    They will go after anyone

    It happened to my computer as well
    Don't let them get by with the line "

    We only go after legitimate targets

    I am a teacher and they went after me

    I helped a friend write a complaint to a Judicial Ethics Commission pointing out
    blatant fraud, and unethical conduct by a Judge and Amicus Attorney.

    Approximately 4 days before the complaint was to be filed, I had 3 windows based computers on my home network rendered to Digit zeros with with evidence documents and other exhibits for the complaint destroyed.

    At the time, I didn't really know what happened and just assumed it was a virus that hit my network and all I needed to do was to do were reinstalls of the computer operating systems and all would be well. I was wrong. Even to this day, I continue to have network and computer problems.

    After the network attack, the windows computers were rendered as junk. I ordered a new Macbook Pro thinking that a new computer would solve the network problems. The network problems continued. Shortly after the new Macbook Pro was delivered to my home from the Apple online store, I discovered that the EFI Firmware Password had been set before it was delivered. Somebody had tampered with this computer before it arrived at my home. Apple stated that they did not know how this would have happened and they agreed to replace the computer with the one that I
    am now using.

    I continued to have problems.The recent NSA leaks confirmed my suspicions that I was targeted, but I still have a hard time believing that the government would do such a thing.

    After the Snowden revelations, I was determined that I was going to find out for sure and press the issue with Apple. I could never get Apple to do any followup calls to address my issues. Before this
    ordeal, I knew very little about computers, but I have educated myself to an extent and Apple cannot or will not answer my questions. When no Sr. Apple Technician in the United States will return my calls, it seems that all my calls to Applecare are routed to Applecare in Canada.

    Recently a Sr. Level Apple Advisor in Canada stated to me that when Apple initially replaced the computer which had the firmware tampered with, they replaced it with a computer that did not have the standard operating system that it should have had. The replacement computer had a modified operating system installed.

    Why would Apple do this? This is the question that I asked the Sr. Level Apple Advisor and he said he did not know why this was done nor did he know why or how the firmware was tampered with.
    This has to stop

     

    reply to this | link to this | view in thread ]

  139.  
    icon
    nasch (profile), Feb 6th, 2014 @ 5:40pm

    Re: They will go after anyone

    I am a teacher and they went after me

    What a bizarre story. What sort of teacher are you? That's a lot of effort to go to if it really was someone behind the scenes (either NSA or someone else, would be impossible to tell) targeting you.

    I helped a friend write a complaint to a Judicial Ethics Commission pointing out
    blatant fraud, and unethical conduct by a Judge and Amicus Attorney.

    Approximately 4 days before the complaint was to be filed, I had 3 windows based computers on my home network rendered to Digit zeros with with evidence documents and other exhibits for the complaint destroyed.


    Sounds much more likely to be someone involved with the court system, I don't see why the NSA would get involved with a case like that. Then again, we still don't know nearly everything about how they operate.

     

    reply to this | link to this | view in thread ]

  140.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 4:28am

    Woah! That is odd.

    I've never heard of a female developer. Are you sure she wasn't a graphics artist just adding some cute icons or design elements?

     

    reply to this | link to this | view in thread ]

  141.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 4:40am

    Re: Re: Not Domestic

    PARALLEL CONSTRUCTION = DOMESTIC SPYING

    http://www.forbes.com/sites/jennifergranick/2013/08/14/nsa-dea-irs-lie-about-fact-that-america ns-are-routinely-spied-on-by-our-government-time-for-a-special-prosecutor-2/

    http://www.huffingtonpos t.com/2013/08/05/dea-surveillance-cover-up_n_3706207.html

    If these two articles don't prove to whatever dumb ass is still left posting to skeptic blogs about how 'smart people believe weird conspiracies' then that person is either a fucking retard or intentionally and solidly in denial.


    ....and these don't even mention what probably has been going on for years. The NSA's OWN "internal investigations" unit, which is designed as a Lysol Air Freshener to cover up the smell of bullshit. Anyway, in their own report was one incident where on their first day an NSA staffer looked up his ex girlfriend and proceeded to stalk her.

     

    reply to this | link to this | view in thread ]

  142.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 4:43am

    Re: Re: Re: Not Domestic

    Point is, if they were smart, and many are, they would wait a couple days, and then start building a network of buyers who would pay for information, like private investigators, etc... they would make a killing. And probably have...

     

    reply to this | link to this | view in thread ]

  143.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 4:46am

    Re: Re:

    Look, here's the thing. When google spies, it's so that they can show gay guys shirtless underwear ads and straight people whatever cheap tack stuff they buy.

    When the NSA does it, it's so that they can destroy you. Did you not read about the people who were stalked and harassed by BP for posting negative comments about the oil spill?

    Who do you think provided that private investigator the private info? Parallel Construction baby, it's a bitch!

     

    reply to this | link to this | view in thread ]

  144.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 4:47am

    Re: Solution: Burn the computer and get another from a safe vendor

    I'd rather just burn people like you. It's cheaper, and would be a net savings in carbon credits.

     

    reply to this | link to this | view in thread ]

  145.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 4:49am

    Re: Buy in person, pay in cash

    There are only two chip makers AMD and Intel. Are you going to get a microscope too and map out the chip?

     

    reply to this | link to this | view in thread ]

  146.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 4:50am

    Re: Re: Solution: Burn the computer and get another from a safe vendor

    woops! THAT'S WHAT I GET FOR KNEE JERK POSTING. I just read title.

     

    reply to this | link to this | view in thread ]

  147.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 4:50am

    Re: Re: Re: Solution: Burn the computer and get another from a safe vendor

    ...actually, not even the title, just the first few words...

     

    reply to this | link to this | view in thread ]

  148.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 5:00am

    Re: Woah! That is odd.

    Honestly though, after thinking about comment, that is seriously suspicious, and would actually be a legitimate target for investigation.

    Core developer? Are you sure?

     

    reply to this | link to this | view in thread ]

  149.  
    icon
    vancedecker (profile), Mar 18th, 2014 @ 5:02am

    Re: Re: Re: Re: Solution: Burn the computer and get another from a safe vendor

    What I love about Canada is how Justin Bieber just doesn't care and sticks to man by wearing his pants down around his knees. Like I've never anyone do that before. He is more street than south central ever was.

     

    reply to this | link to this | view in thread ]

  150.  
    identicon
    Thomas, Mar 25th, 2014 @ 9:58am

    Everybody knows..

    Seriously, this would never normally show in tracking if it was being diverted by the government. Normally, packages diverted by the government for intervention will show departing the orginating center then simply disappear from network/tracking for 1 Week (often times exactly one week). The next update will be at the local processing center by destination city. The one week timeframe is estimated by them that an individual will accept that their package has been delayed somewhere and look past it without suspicion. Yes, the government uses this domestically all the time. They intercept, inspect, record and of course load malware onto anything and everything you can imagine...

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This