Security experts agree that Intel computing processors, among others, have likely been compromised by the NSA, giving them the power to key log your pass phrases, and generally access your computer's RAM and memory beyond the control of your operating system. So far, the experts say, the Bitcoin community has not been targeted specifically, but can we protect ourselves against possible hardware hacking?
Problem from Hell
In an interview with IamSatoshi, Vinay Gupta a cryptographic application designer and Ethereum release coordinator, argued that “in the long run, Bitcoin is forcing us to confront the fact that in all probability, Intel processors have been compromised by the NSA.” He referenced information leaked by Edward Snowden that continues to come out “eating away our faith in our hardware.” The interview quickly rose to the top of Bitcoin Reddit.
Gupta is not alone. Michael Perklin, president of Bitcoinsultants, Inc., told Cointelegraph:
“We know for certain that the NSA has already breached disk controllers and BIOS chips. I do not believe it’s a stretch to speculate that they have already compromised processors, despite there being no evidence of it at this time.”
Even the military is concerned about this vulnerability, which is a worst-case scenario. Popular Science reported that “during a cybersecurity panel at the Aspen Institute in 2011, Michael Hayden, a retired Air Force four-star general who headed both the CIA and NSA, was asked about hardware hacking, and his response was simple: “It's the problem from hell.”’
The risk of hardware attacks is so dangerous to the American military that they have launched Trusted Foundry, a government program similar to how Tor begun, in an attempt to gather control over the international supply chain of micro processors and other computer hardware they use, hoping to prevent back doors from reaching their helicopters or other electronic weapons.
It is unknown whether technology rising from these government efforts to protect against foreign hardware will be made available to the general public. Given the outstanding amount of financial resources the NSA has invested into spying on its own citizens and the world at large, it is unlikely we will see trusted computing any time soon.
Control over Customers
Not paranoid enough? Well it gets worse. This kind of access to your computer is not hypothetical. Intel, the American-based computer manufacturer, has been adding to their chipsets independent processors, known as Active Management Technology (AMT), since at least 2008. This technology is sometimes explained as a means to facilitate technical support or enforce copyright through digital rights management, among other things, which given the deep-root control it gives to Intel over customer's computers, it can do very well.
The good news is that AMT is not completely hardware based and does rely on some firmware, a low-level software that can be modified, though it is designed to be outside the reach of your operating system. This foundation is what McAfee, the famously difficult to uninstall anti-virus, used as its home turf.
[Warning: The following video is rated NSFW.]
Of course, the problem is that privileged access to a vast amount of Intel's user base through AMT is a honeypot of galactic proportions, practically designed to be taken over by attackers, state funded or otherwise.
When asked about the risks of hardware hacks, Perklin warned:
“The risk here is being able to read any and all information processed by that computer. This includes logging keystrokes, reading or copying files from hard drives and transmitting them to command and control centres, and yes — stealing private keys for both encryption and cryptocurrencies, if those are available to the machine (or to the cellphone!).”
According to the Free Software Foundation (FSF), AMT can be activated remotely using Intel network adapters, and can function while the computer is off, as long as it is plugged in. According to FSF, here's some of what it can do:
- BIOS configuration and upgrade
- power control
- disk wipe
- system re-installation
- console access (virtual network computing, or VNC)
In fact, some of Intel's chipsets — most noticeably the Q35 — that are infused with AMT technology have been demonstrated to be vulnerable multiple times by IT security researchers at Invisible Things Lab (ITL). This has lead to a cat-and-mouse game with Intel that has been going on since 2008, casting doubts on how secure AMT can really be.
In 2013, the same Q35 chipset was hacked by Patrick Stewin and Iurii Bystrov of Security in Telecommunications (SecT), who showed how it could be used to capture RAM and memory and log keyboard inputs. In other words, everything you do on your computer.
At this point, it is important to clarify the concern is not only valid for Intel hardware. Popular Science has reported that similar vulnerabilities have been found on processors built in Hong Kong and other production lines over seas. Similarly, the NSA is not the only state-funded spy agency with an incentive to compromise hardware. The same goes for its European counterpart, Government Communications Headquarters (GHCQ), and other well-resourced players.
Last but not least, an executive order released earlier this month by U.S. President Barack Obama appears to legalize the confiscation of cryptocurrencies without prior notice to their owners, who have “materially contributed to a significant threat to the national security, foreign policy, economic health or financial stability of the United States.”
Risk for Bitcoin
As one redditor asked, “Have we been 'owned'?” Not yet.
One thing the Bitcoin community does have going for it as a relatively small movement is security through obscurity. During an interview with Cointelegraph, Gupta (who is not speaking on behalf of Ethereum) expressed skepticism about Bitcoin users being at high risk, saying:
“In almost all probability this kind of technology would be used only for the most serious national security concerns: I'd speculate nuclear weapons[,] supportive industries and direct superpower-on-superpower conflict. ...
“I can't imagine U.S. intelligence blowing their capabilities to do that kind of work by getting caught using compromised microprocessors against J. Random Hacker and his cryptocurrency hoard. It's just not that important.”
Perklin agrees, saying:
“If [NSA-compromised microprocessors do] exist, it will be so highly-classified that they dare not risk exposing the program unless their gains outweigh the losses in secrecy by having the program exposed. This means there is very little likelihood that this covert technology will be used to target individuals like your readers just to get their private keys.”
Though, as Gupta suggested during his interview with IamSatoshi, “All of this wealth is sitting in a system which is [...] controlled — if they want to act — by the American secret services.”
Can We Protect Ourselves?
When asked how Bitcoin users could protect their wealth against such attacks, Perklin explained:
“The solutions I provide to my clients have taken the risk of NSA’s compromise of the CPU into account for the last two years.
“Our CSDs (Cold Storage Devices) are chosen randomly off the shelf of local retailers to minimize the risk of the hardware being modified in transit to me; they can’t predict which store I enter, or which laptop I choose.
“Once purchased, we remove a number of components and physically disable others to minimize the communications capabilities of the machine while maximizing security.
“Finally, a set of policies and procedures are drafted that are followed by our clients to ensure them that even if the NSA would be watching, there is very little — if any at all — chance that their keys would become compromised.
“Achieving complete security requires training and experience to ensure that many different pieces come together in harmony, just like a chain requires every single link to be equally strong. If there are weak policies or procedures, it doesn’t matter how strong the hardware or software is — the chain will break just the same.”
There is also a small and growing movement to create open-source hardware. One notable mention is USB armory by the IT research company Inverse Path.
CT also asked Gupta whether blockchains could bring any protection. His response was to suggest a kind of cloud computing:
“Yes, absolutely. This is a little technical, but the bottom line is that the processor which Ethereum runs on, the Ethereum Virtual Machine [EVM] has a level of security that a physical processor doesn't: it's being run thousands of times, and the results compared and published before a conclusion is reached.
“Now, of course, if all of those simulations / instances of the EVM are compromised in exactly the same way, perhaps this doesn't buy us anything at all. But if we had a very diverse range of machines running the EVM, including (say) some very old hardware indeed that might pre-date this kind of pervasive NSA push, perhaps we could build a genuinely trusted computing resource for some tasks. This [however] is highly speculative.”
Note that these are just some possible solutions to this risk. Before we can reach a level of security at the heights we have been discussing, we must first recognize the dangers we face.
As we continue to build a new society on top of information systems and cryptography, we need to come to terms with the fact that government programs that seek to know everything that flows through the Internet will by definition control our society, if they succeed. Knowledge is power, and as the information age continues to grow into ubiquity, we must continue to defend our privacy, because privacy is security.
Finally, Gupta makes it clear that “it's up to hardware manufacturers to convince us that they have not been subverted in the same way the NSA has been subverting Apple and Google. That's where the burden of proof lies: please tell us how you evaded NSA intrusion when your peers in the software game were unable to!”
Here are the full interviews with Viney Gupta and Michael Perklin.
Did you enjoy this article? You may also be interested in reading these ones: