Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] proof of tampering

coderman coderman at
Tue Sep 16 14:26:50 PDT 2014

On 9/16/14, Jonathan Wilkes <jancsika at> wrote:
> ... over a year after the initial Snowden-leak stories-- I'm curious if
> anyone has references to articles or papers that have researched and
> reproduced any of these exploits to show how they are used in practice to
> steal data, surveil, etc.

it is very difficult finding detailed, public research into this
particular type of offensive reversing. public knowledge is
constrained by:

- lack of access. see list history regarding ability to even
detect/observe the most advanced attacks.  this is changing, however.
c.f.: exposure of corporate level, middle school type contract kit: and the work of Morgan Marquis-Boire.
The Stuxnet/Flame/Guass/Duqu/Skywiper/Mahdi analysis are still the
only views of TAO/NSAlike campaigns. corrections welcome ;)

- lack of skills+/-experience spanning domains required to dissect the
attack across its many pivoting boundaries of enabling and transiting
through hardware, devices, networks, and systems under attack. [a
redditor could do a shiny graph showing how nearly every technologist
with the expertise for world class malware analysis ends up under
secret contract, private contract, or does something else outside of
university, to varying proportions of each.]

- lack of interest or time; the small subset left in consideration is
only human, and a thorough reverse analysis of complex stealthy code
eats your life in quarter or full years chunks. a passion for the
subject only carriers so far...

finally, to underscore the point as is so conveniently at fingertip,
your mail immediately went to the spam trap, having violated who knows
what in googbrain to indicate forgery or malicious intent.

why aggressively stamp down a narrative when you can slowly bleed it
into silent not-existing instead?

good luck, and best regards,

More information about the liberationtech mailing list