Author: morphine drip Language: text
Description: #BADBIOS - You Were Warned About This For Years! Timestamp: 2013-11-01 07:33:08 +0000
View raw paste Child paste by: Clive Robinson Reply
#BADBIOS - You Were Warned About This For Years!

===============================================

RE: Airgap-Jumping Malware May Use Ultrasonic Networking To Communicate
- http://it.slashdot.org/story/13/11/01/0120220/airgap-jumping-malware-may-use-ultrasonic-networking-to-communicate

You were all warned about this malware for years, but people just beat their chest and ridiculed the people posting, locking and shuffling threads or in some cases on commercial antivirus forums, deleting threads and moving them to hidden sections or trashed them altogether.

I believe this is a huge conspiracy which has been going on for years. People in malware forums have been shouting from the rooftops about this but no one wanted to listen.

What you overlooked and should have read:

1. Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware
http://anonymous.livelyblog.com/2012/10/05/nobody-seems-to-notice-and-nobody-seems-to-care-government-stealth-malware/

2. Spy agency ASIO are hacking into personal computers
http://anonymous.livelyblog.com/2013/01/13/spy-agency-asio-are-hacking-into-personal-computers/

3. Will security firms detect police spyware?
http://anonymous.livelyblog.com/2013/09/17/will-security-firms-detect-police-spyware/

And several PDF files on blackhat pages, forums, and conferences.

These attacks against non-networked computers runs deep - some changes are so subtle and appear to blend into normal black box Windows activities people overlook them. Read article #1 which includes the sad state of malware detection on *nix.

When you Google enough for firmware, PCI, AGP, BIOS, sound card malware, SDR, FRS, and why some distros autoload the ax25, rose, and netrom modules by default (including TAILS, check it for yourself with lsmod), it is quite unusual. Why would a distribution like TAILS need hamradio modules? They're in there, too, in addition to the ax25, rose, netrom modules. Batman mesh networking is included in TAILS too.

People repeat the same mantra: the only safe computer is a non-networked computer. This is a lie. The truth is, an entirely shielded TEMPEST room with no network connections and shielding down to every piece of the computer is the best test environment, but who is going to take such precautions? Is the shielded computer in the shielded room bound for other locations outside of this safe room?

Wikileaks have released Spy Files, listing many companies developing malware to root your box beyond detection often aimed at Governments and Military sources. These secret communications are no secret, and some have been detected via FRS, but that's only one source out of many.

####

#BadBIOS links:

http://boingboing.net/2013/10/31/badbios-airgap-jumping-malwar.html
https://twitter.com/dragosr
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
http://www.securityartwork.es/2013/10/30/badbios-2/?lang=en
https://plus.google.com/103470457057356043365/posts/9fyh5R9v2Ga
https://plus.google.com/103470457057356043365/posts
https://plus.google.com/s/%23badBIOS
http://www.wilderssecurity.com/showthread.php?t=354463

"Jeff Moss—the founder of the Defcon and Blackhat security conferences who in 2009 began advising Department of Homeland Security Secretary Janet Napolitano on matters of computer security—retweeted the statement and added: "No joke it's really serious." Plenty of others agree.
...
At next month's PacSec conference, Ruiu said he plans to get access to expensive USB analysis hardware that he hopes will provide new clues behind the infection mechanism.
He said he suspects badBIOS is only the initial module of a multi-staged payload that has the ability to infect the Windows, Mac OS X, BSD, and Linux operating systems"

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2998&p=21195&hilit=BIOS+malware#p21195
https://www.security.nl/posting/366329/Onderzoeker+ontdekt+mysterieuze+BIOS-malware
https://kabelmast.wordpress.com/2013/10/23/badbios-and-lotsa-paranoia-plus-fireworks/
http://blog.erratasec.com/2013/10/badbios-features-explained.html
http://it.slashdot.org/comments.pl?sid=4401155&cid=45297755

The following may repeat certain links from above but includes additional sources for info:

http://slexy.org/view/s283Y0acPO

#BadBIOS - BIOS Malware

#####

- Copernicus: Question Your Assumptions about BIOS Security

http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about

- "Seems to have a BIOS hypervisor, SDR functionality that bridges air gaps, wifi card removed."

https://twitter.com/dragosr/status/388512915742937089

===

- #BadBIOS

https://twitter.com/search?q=%23BadBIOS

===

- "More on my ongoing chase of #badBIOS malware."

https://plus.google.com/103470457057356043365/posts/9fyh5R9v2Ga
https://plus.google.com/103470457057356043365

===

- Nobody Seems To Notice and Nobody Seems To Care: Government & Stealth Malware

http://slexy.org/view/s2otvoDuKW

This paste is large and only partially shown.
View full paste

View raw paste Child paste by: Clive Robinson Reply