Report: The spies are actually in your modem

[Jack of Hearts 2]

Hi all:

 

This report is a long read (50 pages) and may not be news to some, but I wanted to share it here and see what some of our more tech-saavy members might think.

 

It shares very specific research concluding that all commercial modems are running a secret and separate IP address with hidden firewall rules that reroutes all internet activity, unencrypted, to government servers. The writers call it "The Hack."

 

I hope our tech people will read it and share their thoughts.

 

http://www.politaia.org/wp-content/uploads/2013/12/Full-Disclosure-NSA-GCHQ-Hacks.pdf

 

 

An excerpt (sorry about the formatting):

 

When the DSL connection is established a covert DHCP request

is sent to a secret military network owned by the U.S. Government D.O.D.

You are then part of that U.S. D.O.D. military network, this happens even before you have been

assigned your public IP address from your actual ISP.

 

This spy network is hidden from the LAN/switch using firewall rules and traffic is hidden using

VLANs in the case of BT et al, it uses VLAN 301, but other vendors modems may well use different

VLANs. The original slide has a strange number 242 with grey background, we think this represents

the VLAN number/Vendor number so BT would be 301.

 

This hidden network is not visible from your "Modem's Web Interface" and not subject to your

firewall rules, also not subject to any limitations as far as the switch portion of your modem is

concerned and the hidden network also has all ports open for the attacker.

 

 

[Gynko 0]

http://www.sadtrombone.com/?play=true

 

omg, when you think you are smart and fool them all by using a vpn, you are still a step behind?

Really hope to have some infos about all this from the tech people...

[Staff 9751]

http://www.sadtrombone.com/?play=true

 

omg, when you think you are smart and fool them all by using a vpn, you are still a step behind?

Really hope to have some infos about all this from the tech people...

 

Hello,

 

what's the problem...?

 

Kind regards

[OpenSourcerer 1359]

This is not a scientific document. There's nothing to believe in it. I suggest everyone to read his or her way through the concept of internet traffic routing (the Asynchronous Systems network, the Border Gateway Protocol) and understand why traceroute is a useful tool in this and why it's nearly impossible to hide traffic from you.

 

To proof my doubts this could be a document designed for panicking:
Claim: In page 22 it says "Your router acts as a server, it listens on ports such as 22 (SSH) and 23 (TELNET)..."
Problem: For example, a Fritz!Box stock linux system doesn't own a ssh server and telnet is deactivated by default. You can only activate telnetd with calling a special number from a registered phone connected to the physical phone port or by activating it through FTP port 21. Believe me. I know my Fritz!Box linux system since I experimented with it. 
Problem 2: FTP is deactivated by default as well. Problem 3: They need my password to authenticate with FTP and telnet and SSH. Problem 4: I once ran a nmap portscan to see which ports I could use for attacking it. But that was years ago, and I didn't know the massive advantages of vulnerability scanners. I used Metasploit to exploit the router, googled port numbers to know which (hopefully vulnerable) services are listening but I didn't get in. Maybe lack of experience/knowledge, maybe lack of updated exploits. Maybe there was really no way in.
 

I doubt this document wants you to know what's really going on.

[senshi 0]

I can only shake the head when seeing people's naivety who simply cannot imagine that government could do this.

 

@ gigan3rd

 

If you have read that document carefully (which I'd suggest anyone to do this) you would have seen that it refers to ISP modems/routers primarily, in their example equipment from British Telecom. I've always wondered why for e.g. Telefonica/O2 forces you to use their mandatory equipment, at least in Germoney. Now I know why. And this will be the case in many if not most other countries as well. The spy is literally there where nobody or least would suspect! It is totally naive and absurd to believe that "they" haven't taken good care of hiding this feature as best as possible. They hire the best IT guys and hackers on this planet.

 

Furthermore that document refers to the closed source firmware used in dsl modems. If it's not open source or if you cannot replace it with open source fw (as suggested) you shouldn't trust it.

 

"This is not a scientific document." That's one of those lame arguments which intel and govt. guys use frequently to bash something. This is so obvious. And it's widely known that a huge amount of govt. trolls post in all kinds of forums regulalry to ridicule, downplay and bash truth whenever and wherever possible.

 

Again, I really suggest anyone to read that document which explains very well and detailed how it works, where the 2nd connection is hidden (it runs completely separate and independent from the 1st line, that's why NO network analysis software or firewall will see anything! As those software as well as the OS - no matter whether Win/Linux/iOS - just connect to and will only ever see the 1st line) and how you can verify or check if your ISP modem has this secret channel embedded into its firmware. It also goes to lengths on how to disable those features and which other security measures to take.

 

I'm really surprised of the lack of resonance here to this highly critical information. I suggest everyone not to listen to any naysayers and those technically skilled amongst you to devote some time and conduct serious checks on any modems/routers you use as per the guidelines of the document, whether they come from your ISP or any other commercial equipment you might have. The more information we can gather the more we can spread it wide and far so people can take extra protection measures. It's like Gynko said above. No encryption and no proxy or vpn in the world is any good if there is such a serious leak in your system! It might shield you from the ISP itself and maybe local "low level" authorities (1st line) but all data and everything you do on your computer would still be "phoned" to an intel agency. Not only that. Via this 2nd channel they can manipulate and delete any data on your pc (just bypassing your 1st line firewall) or perform a nationwide "kill switch" of the internet within minutes, at least to everyone using an ISP modem which is the majority.

[pj 72]

No encryption and no proxy or vpn in the world is any good if there is such a serious leak in your system! It might shield you from the ISP itself and maybe local "low level" authorities (1st line) but all data and everything you do on your computer would still be "phoned" to an intel agency. Not only that. Via this 2nd channel they can manipulate and delete any data on your pc (just bypassing your 1st line firewall) or perform a nationwide "kill switch" of the internet within minutes, at least to everyone using an ISP modem which is the majority.

 

Hello,

 

well, that's totally wrong. First, when you connect to our VPN data are encrypted and decrypted inside the computer, not on the router you're talking about. When data pass through the router, hidden lines or not, they are still/already encrypted.

 

Second, the story about hidden channels capable to control a computer (unless you have the explicit cooperation of the OS of that computer - but if you run Windows an attacker probably doesn't need hidden lines anyway) is put in a fantastic way: it seems that the article has been written by someone who's profoundly ignorant (under a technical point of view).

 

Sometimes it's surprising to see that when mythological, undocumented menaces are created they attract blind believers, while public, critical and well documented vulnerabilities in the very same systems of those believers are ignored for years.

 

Please move to Off-Topic.

 

Kind regards

[senshi 0]

No idea why this is so hard to grasp...

 

1. You have a LAN cable which goes to your modem (which in most cases has a router embedded just like with those ISP issued equipment, it's only one box)

 

2. Since your pc is connected to the modem, the hidden line can gain access to your pc via the 2nd stealth channel which neither your OS or any firewall will see or detect. This is completely invisible to you or your OS, no matter which OS you use. You don't need any "permission" from your OS since your OS only sees and refers to the official 1st line you "officially" connect to your ISP.

 

3. As stated in the document (have you read it? Apparently not) when gaing access to your pc the adversary can steal all your encryption or vpn keys and decrypt everything in real/near time.

 

 

 

 

No encryption and no proxy or vpn in the world is any good if there is such a serious leak in your system! It might shield you from the ISP itself and maybe local "low level" authorities (1st line) but all data and everything you do on your computer would still be "phoned" to an intel agency. Not only that. Via this 2nd channel they can manipulate and delete any data on your pc (just bypassing your 1st line firewall) or perform a nationwide "kill switch" of the internet within minutes, at least to everyone using an ISP modem which is the majority.

 

Hello,

 

well, that's totally wrong. First, when you connect to our VPN data are encrypted and decrypted inside the computer, not on the router you're talking about. When data pass through the router, hidden lines or not, they are still/already encrypted.

 

Second, the story about hidden channels capable to control a computer (unless you have the explicit cooperation of the OS of that computer - but if you run Windows an attacker probably doesn't need hidden lines anyway) is put in a fantastic way: it seems that the article has been written by someone who's profoundly ignorant (under a technical point of view).

 

Sometimes it's surprising to see that when mythological, undocumented menaces are created they attract blind believers, while public, critical and well documented vulnerabilities in the very same systems of those believers are ignored for years.

 

Please move to Off-Topic.

 

Kind regards

[OpenSourcerer 1359]

We can argue until one of us will block the other. Let's just wait until Snowden's document pool can tell us what's going on, I'm sure it can. I will remain silent and highly doubtful about this. One more thing, please try to get me right.

 

You know, there is absolutely no evidence proving that something is going on, I just read "Hey! We have discovered something strange, you better believe us or you automatically are a NSA agent trying to bash the truth!" (example is on page 16, where it's said: "When the DSL connection is established a covert DHCP request is sent to a secret military network owned by the U.S. Government D.O.D."... and besides that, no logs, no code and no files are provided. No proof. So how the heck did they discover it, I thought I can't figure it out, but they can? What are they, omniscient gods?)

It's comparable to a sect. They too urge you to believe their story and to deny any person of a different opinion.

 

And one last thing. I'm a fighter against this kind of shit, too, it was one of my reasons to subscribe to AirVPN. Not the main one, though. I'm too concerned about it and I too want them to stop this ridiculous thing. I don't deny the described things in the document completely, the idea of those modifications is indeed very interesting and it might be good to do some research.. I just deny how things are presented in the document.

[pj 72]

No idea why this is so hard to grasp...

 

1. You have a LAN cable which goes to your modem (which in most cases has a router embedded just like with those ISP issued equipment, it's only one box)

 

2. Since your pc is connected to the modem, the hidden line can gain access to your pc via the 2nd stealth channel which neither your OS or any firewall will see or detect. This is completely invisible to you or your OS, no matter which OS you use. You don't need any "permission" from your OS since your OS only sees and refers to the official 1st line you "officially" connect to your ISP.

 

 

Hello,

 

this is a logical flaw (from the article, not from you): if this "channel" is completely invisible, then the OS can't receive any input from it nor send any output to it. If the OS receives an input or send an output from/to the "channel", then the channel is not invisible.

 

If the channel is invisible AND can receive input and output, then the whole article information can never be proved in scientific terms, and the whole article content is equivalent to the claim that "God exists", or for example to my claim that this channel can not work anyway on my system because my totally undetectable mind powers block it.

 

So it's not hard to grasp: quite the contrary, actually. As long as a TECHNICAL explanation is provided and a REPRODUCIBLE method is described, it is easy to grasp that this is a bunch of arbitrary, fantastic claims and FUD probably written to a target of gullible people.

 

 

 

3. As stated in the document (have you read it? Apparently not) when gaing access to your pc the adversary can steal all your encryption or vpn keys and decrypt everything in real/near time.

 

 

An adversary getting the user.key can NOT decrypt your flow of data, because the OpenVPN Data and Control Channel keys are re-negotiated with DHE at each connection and every 60 minutes. But why would they need to steal your VPN key given that the "hidden channel" gives them total access to your computer data, even better than being sit on front of the monitor?

 

Kind regards