New Revelations From the Snowden Archive Surface

An anonymous reader quotes a report from Computer Weekly: A doctoral thesis by American investigative journalist and post-doctoral researcher Jacob Appelbaum has now revealed unpublished information from the Snowden archive. These revelations go back a decade, but remain of indisputable public interest:

- The NSA listed Cavium, an American semiconductor company marketing Central Processing Units (CPUs) – the main processor in a computer which runs the operating system and applications -- as a successful example of a "SIGINT-enabled" CPU supplier. Cavium, now owned by Marvell, said it does not implement back doors for any government.
- The NSA compromised lawful Russian interception infrastructure, SORM. The NSA archive contains slides showing two Russian officers wearing jackets with a slogan written in Cyrillic: "You talk, we listen." The NSA and/or GCHQ has also compromised Key European LI [lawful interception] systems.
- Among example targets of its mass surveillance program, PRISM, the NSA listed the Tibetan government in exile.

These revelations have surfaced for the first time thanks to a doctoral thesis authored by Appelbaum towards earning a degree in applied cryptography from the Eindhoven University of Technology in the Netherlands. Communication in a world of pervasive surveillance is a public document and has been downloaded over 18,000 times since March 2022 when it was first published. [...] We asked Jacob Appelbaum, currently a post-doctoral researcher at the Eindhoven University of Technology, why he chose to publish those revelations in a technically written thesis rather than a mass-circulation newspaper. He replied: "As an academic, I see that the details included are in the public interest, and highly relevant for the topic covered in my thesis, as it covers the topic of large-scale adversaries engaging in targeted and mass surveillance." According to The Register, "Marvell (the owner of Cavium since 2018) denies the allegations that it or Cavium placed backdoors in products at the behest of the U.S. government.

Appelbaum's thesis wasn't given much attention until it was mentioned in Electrospaces.net's security blog last week.

Snowden is a hero

[bradley13]

Shame on the NSA, and the US government. The government should have immediately acted to end the overreach of the 3-letter agencies. Sniwdn should also be pardoned.

I know, I know...

Re:

[AmiMoJo]

I wonder if governments will be asking telcos to rip out anything with a Marvell chip in it now.

Re:Snowden is a hero

[khchung]

I wonder if governments will be asking telcos to rip out anything with a Marvell chip in it now.

Every government should ask telcos to rip out everything made by Americans if they don't want their communications to be spied on US 3-letter agencies, since every American company is just one NSL away from having to spy for their government.

What they are going to replace them with, is not so easily answered.

Re:

[ceoyoyo]

I suspect the reason much of the western world replaced all their Huawei gear is that the US offered to share at least some of the data they gather. The initial responses to American claims that Huawei were spying were pretty skeptical, then several countries were won over in secret meetings. There might be rules about spying on your own people, but if the Americans do it "without your knowledge" and tell you about anything interesting they happen to discover, then that's fine, right?

Re:Snowden is a hero

[Midnight_Falcon]

Unfortunately, the writer Jacob Appelbaum is not a hero. He's a creep who got kicked out of the Tor project for sexual misconduct.

Re:

[Cowardly Lurker]

Funny how these people seem to have some sexually deviant behavior revealed right when an attack on their credibility would be most useful. Weird.

Re: Snowden is a hero

[Midnight_Falcon]

I met the guy a few times and went to his hackerspace many times years back. Unfortunately, the allegations are definitely true.

Re:

[bill_mcgonigle]

Weird how the article goes to lengths to characterize him.

Re:

[djinn6]

It's sad when you realize upstanding people don't have the conviction to do what he does.

Good thing truths don't suddenly become false because the messenger groped too many women.

Re:

[Midnight_Falcon]

In this case, it seems his primary motivation for him to do what he does is to be put in situations where he can grope women. In which case, you have to doubt the authenticity of what he's doing.

Re:

[yusing]

Also, good thing that all of these sex-abuse accusations aren't auto-discovered by AI's and register-shifted into a special look-up file where some non-cooperative party people can be quickly found by the Right persons.

"Oh ja! Ve haff our vays."

Re:

[strikethree]

Unfortunately, the writer Jacob Appelbaum is not a hero. He's a creep who got kicked out of the Tor project for sexual misconduct.

Give credit where credit is due. Don't be an asshole or you will never get good behavior from anyone.

Re:

[Midnight_Falcon]

I give him credit for finding a way to be around a lot of young women and establish himself as some kind of figure to look up to. It became clear to me at Noisebridge the guy was in it for the chicks.

Re:

[blackomegax]

The person who made those allegations retracted them. It felt like character assassination at the time.

Re:

[Midnight_Falcon]

That's absolutely not true. In fact, the allegations kept coming -- and new ones surfaced as part of his Ph.D program! https://geekfeminism.fandom.co... [fandom.com]

Re:

[tlhIngan]

Shame on the NSA, and the US government. The government should have immediately acted to end the overreach of the 3-letter agencies. Sniwdn should also be pardoned.

I know, I know...

Except well, everyone does it. I'm' absolutely certain the EU countries have taps in the US, China has taps everywhere in the US, EU and UK.

The truth is - EVERYONE is spying on everyone else. That is the nature of the game, and for everyone involved, it literally is everyone is disavowing they do it.

Snowden basically revealed tha

Re:

[Can'tNot]

A spy agency was spying. You could make the argument that backdoors are always bad, but you haven't made that argument. This negative response just seems like a reflex, and I don't know that it's constructive. Should spy agencies not spy? Should they not exist at all?

The three letter agencies ARE the government.

[Larsen E Whipsnade]

The watchmen do not police themselves, not even secretly.

Re:

[shocking]

He handed over millions of TS documents to a hostile intelligence service - the released stuff was just a smokescreen to make him look like a hero.

Re: Snowden is a hero

[iAmWaySmarterThanYou]

Just the ones who had to flee persecution for acting in accordance with the constitution.

Are all your heroes TLA spying on American citizens? That doesn't sound Stasi or KGB (irony) to you?

Re:

[ToasterMonkey]

Just the ones who had to flee persecution for acting in accordance with the constitution.

Are all your heroes TLA spying on American citizens? That doesn't sound Stasi or KGB (irony) to you?

Bull. Shit.

He didn't flee persecution, he fled prosecution. You don't get to flee to Russia to evade prosecution and complain about the constitution. He didn't reveal some big constitutional crisis. He revealed TLA doing TLA stuff. Grow up.

United States federal law enforcement, nor its intelligence activities are the Stasi or KGB. Please let us fucking know when you get arrested for the anti-patriotic crime of holding a blank index card on a sidewalk to protest the "special military operation"

Re: Snowden is a hero

[drinkypoo]

He wasn't fleeing to Russia. He was fleeing THROUGH Russia when we terminated his passport and trapped him there. Your argument is invalid as it ignores this crucial fact.

Re:

[myowntrueself]

He wasn't fleeing to Russia. He was fleeing THROUGH Russia when we terminated his passport and trapped him there. Your argument is invalid as it ignores this crucial fact.

I don't think they are making an argument. They are just blindly exercising their patriotic duty of holding their country unaccountable for their heinous acts.
Facts don't matter to them.
They just believe in rubbish like the 'constitution', which is just a tool used to fool them into thinking they have rights.

Re:

[drinkypoo]

They are just blindly exercising their patriotic duty of holding their country unaccountable for their heinous acts.
Facts don't matter to them.
They just believe in rubbish like the 'constitution', which is just a tool used to fool them into thinking they have rights.

Agreed in general, except for your conclusion.

The country's acts aren't even illegal unless you believe in the constitution; what Snowden was telling us about was violations of the constitution!

Re:

[myowntrueself]

They are just blindly exercising their patriotic duty of holding their country unaccountable for their heinous acts.
Facts don't matter to them.
They just believe in rubbish like the 'constitution', which is just a tool used to fool them into thinking they have rights.

Agreed in general, except for your conclusion.

The country's acts aren't even illegal unless you believe in the constitution; what Snowden was telling us about was violations of the constitution!

I just think your constitution is cynically used against you

Re: Snowden is a hero

[iAmWaySmarterThanYou]

If the government is breaking the law, the base of which is the constitution, we all have an obligation and duty to stand up and call it out.

"The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it."

--- Albert Einstein

Re: Snowden is a hero

[iAmWaySmarterThanYou]

No, he published it for the whole world to see.

What do you suggest he should have done to call it out in an effective way? File an internal memo to his manager?

It is easy to sit on your thumb and say what someone else did is wrong in a snarky way. It is harder to be an adult and say what effective thing they should have done instead.

Go for it, I'll wait.

Re: Snowden is a hero

[iAmWaySmarterThanYou]

I said effective methods. You provided a list of ways that bad shit gets buried. It was a good effort though.

Has he not fled the country where would be today? In a situation similar to Julian Assange? How'd that work out for Julian? Should he have written a letter to his congressional representative?

You're either naive on intellectually dishonest. Any of your ways he would have been buried in a deep dark cell or have an accident or suicide.

Re:

[Pf0tzenpfritz]

Which country, exactly, did Assange "flee", in your opinion or imagination?

Re: Snowden is a hero

[tragedy]

Assange did flee the country, so that's a pretty horrible comparison.

Ok, to be clear here, which country did Assange flee? Do you mean Sweden? For the rape charges? The ones that inexplicably put him on the Interpol most wanted list and justified millions and millions of dollars in expenses surveilling him, etc.? I mean, I've got to say that I have my doubts about his total innocence of sex crimes but it sure is looking like everyone who said that it was all jut a pretext to go after him for Wikileaks have pretty much been vindicated considering what's happened since. The whole thing stinks to high heaven.

Re:

[Martin Blank]

Sweden. As soon as police started looking into the sexual assault/rape claims, he left for the UK. He then tried to flee the UK for Ecuador, only getting as far as the embassy, which reportedly wanted to figure out a way to use diplomatic immunity to get him out of the country either by giving him credentials (wouldn't work, as the receiving country has to approve them) or getting him out through a diplomatic bag (which doesn't have to be a bag, but moving a human through the system is against the spirit of

Re:

[lrichardson]

1) Before leaving Sweden, he checked with the authorities to make sure there was nothing preventing him leaving. He received an 'All clear! Go ahead!'

2) Once a second prosecutor - the first having decided there was insufficient evidence/cause for a warrant - filed a warrant for questioning, Assange offered to give his testimony at the Swedish embassy in England ... a procedure that had been done many times before. In this specific instance, in an unprecedented step, the prosecutor demanded he return to S

Re:

[Martin Blank]

I don't think it's clear at all that he had permission. The prosecutor was still trying to arrange an interview with him when he left, as admitted by his Swedish attorney [theguardian.com]. Assange may have thought that he had permission to leave based on what he was told by his attorney (and there may or may not have been misunderstandings--these things happen), but the fact that an arrest warrant was put out the day he left suggests that the prosecutor did not intend for him to leave.

But let's say that he did have explicit

Re: Snowden is a hero

[Mahalalel]

Unfortunately the DOJ typically charges whistleblowers like this under the 1917 Espionage Act, which means the case is sealed even to the judge and they handle it internally. The defendant isn't even allowed to bring up evidence in their defense. There is no "fair trial", there is no jury. From wikipedia:

Pentagon Papers whistleblower Daniel Ellsberg said, "the current state of whistleblowing prosecutions under the Espionage Act makes a truly fair trial wholly unavailable to an American who has exposed classified wrongdoing," and that "legal scholars have strongly argued that the US Supreme Court – which has never yet addressed the constitutionality of applying the Espionage Act to leaks to the American public – should find the use of it overbroad and unconstitutional in the absence of a public interest defense." Professor at American University Washington College of Law and national security law expert Stephen Vladeck has said that the law “lacks the hallmarks of a carefully and precisely defined statutory restriction on speech.” Trevor Timm, executive director of the Freedom of the Press Foundation, said, "basically any information the whistleblower or source would want to bring up at trial to show that they are not guilty of violating the Espionage Act the jury would never hear. It's almost a certainty that because the law is so broadly written that they would be convicted no matter what." Attorney and former whistleblower Jesselyn Radack notes that the law was enacted "35 years before the word 'classification' entered the government's lexicon" and believes that "under the Espionage Act, no prosecution of a non-spy can be fair or just." She added that mounting a legal defense to the Espionage Act is estimated to "cost $1 million to $3 million." In May 2019, the Pittsburgh Post-Gazette editorial board published an opinion piece making the case for an amendment to allow a public-interest defense, as "the act has since become a tool of suppression, used to punish whistleblowers who expose governmental wrongdoing and criminality".

Regardless of what you think of what Snowden did, there is no evidence that he turned anything over to hostile governments: he handed it over to journalists from the Guardian because he explicitly said that he had his own biases but didn't want to be the one who made the decision what to release to the public. He also warned the journalists the information there could harm the US and some of its agents and they should only release what was absolutely necessary. Perhaps that was the wrong call, perhaps not. But given that head of the NSA (Tapper) had just lied to congress about what the NSA was doing, I'm not sure he saw he had much of a choice.

He did not flee to Russia, the US grounded him there by revoking his passport while he was trying to travel to Ecuador. He lived in the terminal for a month before Russia granted him asylum. Not quite in line with the propaganda trying to turn him into a Russian spy.

Re:

[WolfgangVL]

He didn't decide to defect to Russia.

Re: Snowden is a hero

[AleRunner]

Right, right, so when the government breaks the law, the only possible way to "call it out" is by stealing classified information and taking it to a hostile country.

There have been a number of whistleblowers who have demonstrated that a) using official channels is ineffective and gets retribution and b) trying to publish whilst remaining inside the US ends up with prosecution attempts.

" is by stealing classified information and taking it to a hostile country

The understanding is that he destroyed his access to the data before it got into the hands of any hostile power. He gave full copies only to media organizations that he trusted. This may, of course, be a lie, however I haven't seen any evidence of that.

Re:

[bradley13]

Right, right, so when the government breaks the law, the only possible way to "call it out" is by stealing classified information and taking it to a hostile country.

There have been a number of whistleblowers who have demonstrated that a) using official channels is ineffective and gets retribution and b) trying to publish whilst remaining inside the US ends up with prosecution attempts.

Just to add: classifying evidence of your own illegal activity? Seriously? That's sort of like the Catholic Church hiding all the child-abuse carried out by priests.

Lots of people should be in jail right now. Snowden isn't one of them.

Re:

[Surak_Prime]

"This may, of course, be a lie, however I haven't seen any evidence of that." I think we have practical evidence that you're correct: the fact that the Russians haven't pulled any rabbits out of any hats during the current situation in Ukraine. Either he made certain they don't have access, or, there just wasn't anything there that would be useful to Putin.

And really, does he even need that source, when for all we know he has copies of all the stuff that was in Trump's bathroom? Or that was in Hillary's ema

Re:

[thegarbz]

The understanding is that he destroyed his access to the data before it got into the hands of any hostile power.

Maybe he didn't have access to it, but this very report here is about the NSA intercepting a foreign power that only came out because of Snowden's leak so it's hard to argue in this case that his actions didn't play into the hands of "the enemy"... to embellish the issue a little.

Re:

[Zontar_Thing_From_Ve]

The understanding is that he destroyed his access to the data before it got into the hands of any hostile power. He gave full copies only to media organizations that he trusted. This may, of course, be a lie, however I haven't seen any evidence of that.

It's cute that you actually believe that. There are lots of convicted criminals who swore they are totally innocent too. First of all, no way would Russia let him stay, basically forever, without some "cooperation" from Snowden. Once Putin dies if a friendly government ever takes over, don't be surprised when they release FSB files that show that Snowden willingly cooperated with the Russians. It's possible that he technically didn't decrypt the data for them, but let's say he encoded it with a 6 le

Re: Snowden is a hero

[incredibale]

Why are you posting under two separate accounts? Or is the other gunner a different guy from the same troll farm as you?

Re: Snowden is a hero

[higuita]

you are so blind that you invent events

he published the info about illegal actions of the government to the internet and only after he had to flee to several countries, until Russia gave him refugee status
He publish it in the internet because he knew that the legal system in the USA was being controlled and this would be simply silenced... like it was. Discussion about snowden leaks happen all over the world, except mostly in the USA, were the media and state made him look like a spy and few discussion and actions happen about the illegal actions

Re: Snowden is a hero

[Striek]

-1, Factually Incorrect.

Snowden published nothing. He gave it to journalists [vanityfair.com] whom he trusted to release it responsibly.

Re: Snowden is a hero

[drinkypoo]

The US terminated his passport while he was trying to connect to another flight, out of Russia. It's literally our fault he couldn't leave there. You want to blame him when your tax money did that. It's more your fault than his.

Re: Snowden is a hero

[ToasterMonkey]

Where the hell was he on the way to, that took him through China and Russia??

Re:

[drinkypoo]

https://www.google.com/search?... [google.com]

learn to internet pls kthx bye

Re:

[drinkypoo]

Russia is a sovereign nation, as is any other nation that Snowden could have fled to. A passport is merely a piece of paper and can be ignored, just like the Constitution can be ignored by the authorities in charge of enforcing the Constitution.

Yeah, that's not how anything works. Snowden is in the airport trying to catch a flight and the authorities at the airport determine that his passport is invalid and won't let him board. They're just doing their job. Now what? You think Russia lets him leave once they notice he's there?

Now, you might say that they didn't know where or even if he'd gone when they cancelled his passport, but that doesn't make it not their fault. Taking actions when you don't know what you're doing is dangerous. In that case t

Re:

[strikethree]

I am not saying Snowden had any capability. I am saying that the governments involved had capability. Snowden was entirely at the mercy of the other sovereign nations as soon as the US pulled his passport. They had no mercy; however, he is not in a US prison, sooo... all is good?

Re: Snowden is a hero

[drinkypoo]

I don't know about good, but better for him than if he were to be imprisoned for informing us of illegal acts perpetrated against us by our government.

Re:

[tragedy]

Right, right, so when the government breaks the law, the only possible way to "call it out" is by stealing classified information and taking it to a hostile country.

That appears to be a mischaracterization of what happened. He did not take classified information to a hostile country. He released the information publicly and then sought asylum in a hostile country. I despise Putin and what Russia has become under his rule, but I have not seen anything that suggests that Snowden was actually their agent. It appears that Russia's asylum for Snowden is more about simply thumbing their nose at the US security services, which makes sense when you consider the general level o

Re:

[LazarusQLong]

I think you are forgetting a whole lot about this... my understanding of the situation back then was that another whistleblower was being persecuted/prosecuted for following the law, therefore, Snowden decided to go to the NYT with his info. Of course, this was illegal and not protected under the law, but that was (as I recall) the argument Snowden made for not going through channels as he should have. I do not condone breaking the law, nor do I condone putting lives at risk (as Snowden did, I believe that

Re: Snowden is a hero

[hey!]

The *only* way? No. The best way? Possibly.

It's worth remembering that the framers were to a man *revolutionaries*, which made them criminals literally of the worst sort according the laws of the state they were born into. So they understood the idea of principled civil disobedience to legal authority -- even a legal authority whose legitimacy they previously recognized and had sworn allegience to.

There are many forms of civil disobedience, but Snowden chose the path of open and notorious defiance. This isn't like speeding when you think there's no cops around. Nor was this arranging clandestine meetings [wikipedia.org] with repoters he trusted to keep his identity secret. He deliberately took was what a pretty good life and sacrificed it on the altar of personal conviction. He may have been misguided to do so -- we all are to some degree when we make dramatic gestures. But he took the path you take when you no longer believe in the system, but believe in the system's professed ideals. He went over the heads of the politicians and put his case to the public.

Re: Snowden is a hero

[drinkypoo]

"Snowden did not make the world a less dangerous place, he didn't even set out to, and you fucking know it!"

No, you believe that. Many of us believe something else. If you have a smoking memo that proves your conjecture then provide it.

Re:

[iAmWaySmarterThanYou]

So, let's see, imagine you're a contractor working for TLA and in the course of your assigned work you discover your government is doing some grossly evil shit in total violation of both the law and what the country is supposed to stand for.

You decide to do what with this knowledge? You go to the Supreme Court? How exactly does that work? Do you tweet to @ussc?

He is not throwing shit at _me_. There is no _us_ as you mean it. He continues to call out and remind the real us of how shitty some elements of

Re:

[swillden]

You just skipped the federal courts, and the Supreme Court

The courts cannot help Snowden. The Espionage Act does not make any exceptions for disclosures in the public interest.

state governments

Huh? How could state governments play any role at all in this?

and Congress

Yes, Congress could help. They should pass a law adding a public interest disclosure exception to the Espionage Act. Snowden has said repeatedly that he'd return and go to trial if that were to happen. He'd be happy to prove in court that what he did was good for the country, if that were an option. But it's not and Congress hasn'

Re:

[taustin]

A normal person would have been put into solitary confinement in an isolated and ultra-secure military facility after having done what Trump is known to have done, let alone the other stuff he's probably done but that we don't know the details of yet.

Yeah, they really made an example out of Hillary Clinton and her secret mail server conclusively known to have been used to illegally send out information classified at the highest level (" "Top Secret" shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security."), and conclusively known to have been accessed by foreign governments, didn't they? Bitch will never see daylight again!

Re:

[DarkOx]

LOL - seriously.

Probably every former US president has mishandled classified docs. We KNOW our recent former Sec States on both sides of the political spectrum have.. Remember Libby, commuted sentence and finally pardoned (even if the latter was by Trump). Biden his people self reported...but were then given a couple weeks to 'clean' up before the scenes were actually secured.

The track record for holding anyone in any real authority accountable for the document handling is pretty poor. The high profile c

Re:

[tragedy]

The coverup is generally worse than the crime. That's exactly what's going on with Trump. High government officials who mishandle classified information often do just get a slap on the wrist - as long as they cooperate in fixing the problem. It's when they don't cooperate and actively try to hide that they're retaining classified info that they get in trouble.

Re: Snowden is a hero

[drinkypoo]

He's not part of the political establishment, but the Republicans are desperate for relevance and he provides it to them because some people still believe he cares about them (because they are spectacular idiots.) Statistically nobody believes that about the Republican party.

Re:

[myowntrueself]

Russia sends their tourists and then the defectors mysteriously fall out of windows or drink poison tea or expose themselves to nerve agents.

Totally the same.

The USA doesn't do blackops, or offensive cyber campaigns or have CIA wet boys. They don't exist.

Re:

[myowntrueself]

A quick way to make your otherwise valid argument sound like Kremlin propaganda is to make the country that caused the most ethnic cleansing and murder and rape and suffering of civilians and even children in Europe since the Nazis, and also like the Nazis putting the critics in their own country into jail, look not worse than the USA.

Keep your Putin cock sucking to yourself and you'd have my support.

I don't give a shit about your countries, Russia, China, USA or whatever. You are all as bad as each other.
Also. You ARE a fascist state.

Re: Snowden is a hero

[drinkypoo]

The warrantless citizen spying programs Snowden reported to us are unconstitutional. That means they are illegal. HTH HAND

Re:

[myowntrueself]

Shame on the NSA, and the US government. The government should have immediately acted to end the overreach of the 3-letter agencies. Sniwdn should also be pardoned.

I know, I know...

None of these are examples of overreach. Snowden is a criminal, and you're a troll.

Snowdon committed crimes, and two wrongs don't make a right.
But there ARE wrongs being done by the US government, both against US and non-US interests.
If you insist that the USA can do no wrong, then... you are just a patriotic troll. But a troll none the less.
Your patriotism might make you feel better, and it might allow you to signal your virtue with your US flag outside your home and your pledge of allegiance, and your national anthem before ever. little. sporting event. But you're still wrong.

Re:

[myowntrueself]

Why? We're at war. With whom? None of your business. Snowden and his cohorts have learned the hard way that the US has judicial reach over the whole world. The world that matter, that is. Russia is dying. China is next. The EU can only open its collective mouth wide open while we shit into it. That's what being a superpower means. The US orders, everybody jumps. That's the way it is. That's the way it will be. Forever. Accept it or... Accept it. :)

You will always be at war with Eastasia.

Its SIGINT-enabled

[RobinH]

When they say SIGINT-enabled it could just mean that the processors have some feature which makes them easy to backdoor. There are stories of how the NSA was able to intercept networking equipment manufactured in the US that was destined for foreign countries and install backdoors before it left the country. You need a piece of hardware in there that you can compromise. That story I read had to do with network switches. Are Cavium CPUs typically used in network switches?

Seriously, there are surprising ways to hide backdoors in devices that are almost impossible to detect. Hard drives are an example where the firmware in the drive itself can be compromised in a way that hides its presence, and resists attempts to re-flash the firmware.

Re:

[AmiMoJo]

It could just be a zero day flaw in the CPU. Maybe they found a hidden debug mode.

There was a project a few years back that tried simply sending every possible op-code to an x86 CPU, and found lots of undocumented features. Really any code like that which is needed for manufacturing or testing should be disabled as the last step during production.

Re:

[Ed Tice]

I am in the software security business not hardware. But I was asked during a panel discussion once if I thought there were security vulnerabilities in actual CPUs. My answer was a firm yes, I believe they exist, and the only reason we haven't seen them exploited is because more pedestrian attacks still exist. We would be fools to think there *aren't* such defects in CPUs and other devices. Are they being actively exploited? Probably in only the most extreme situations. It's a weapon that might not be

Re:

[PuddleBoy]

According to Wikipedia - https://en.wikipedia.org/wiki/... [wikipedia.org] - they make chips for "routers, switches, appliances, storage and servers"

Re:Its SIGINT-enabled

[eth1]

Are Cavium CPUs typically used in network switches?

Worse, actually... I know the brand of firewalls we have at least used to use Cavium chips for data-plane processing. That includes SSL inbound and forward proxy decrypt and re-encrypt, as well as VPNs, etc. They also store certificates AND the associated keys, in some cases. Perfect place for a snoop, especially since in general, the more secure you make your network, the more you separate stuff with a firewall, and the more of the traffic is then visible to the firewall.

Re:

[MeNeXT]

That's why we encrypt the content.

The content can also include routing so even the destination can be hidden.

Re:

[Ed Tice]

You can encrypt your data on top of the transport layer which prevents inspection by the firewall. But it also means that application-level defects are now easier to exploit and harder to detect. It's a trade-off.

Re:

[laughingskeptic]

What it means is the ARM based core was easy to integrate with Vertex DSPs that are key to building high performance Software Defined Radios. Why does everyone assume this means backdoor? The NSA is full of engineers that need to collect a wide variety of signals and they need excellent software defined radios.

but...

[DarkOx]

Isn't this actually the job of the NSA doing signint against possible foreign adversaries.

I don't really have an issue with NSA hacking to Russian surveillance infrastructure. That sounds like the sort of thing they actually SHOULD be doing.

Re:

[Zak3056]

Yeah, this is a weird story, especially the breathless suggestion that this is something that should be in e.g. the NY Times rather than an academic paper. The 'revelations' here amount to "In addition to their unlawful, unconstitutional, spying on American Citizens in the US, the NSA was also doing the lawful, constitutional, job it was created to do."

Re:

[iAmWaySmarterThanYou]

It is not the job of the NSA to bulk spy on Americans, slurping up every bit of data from every device we touch and save it forever in their huge data center to be analyzed for thought crimes.

You realize we all have a "file" now?

Re:

[radaos]

How exactly is the Tibetan government in exile, an organisation publicly supported by the US, an 'adversary' of the US?

Re:

[higuita]

spy everyone, you never know when it will be useful to do some blackmail

Re:

[bradley13]

Well, perhaps. However, they listed an American manufacturer as "sigint enabled". The manufacturer denies this. Sadly, given the NSA's proven capabilities, it is entirely possible that they have some sort of backdoor that the manufacturer itself is unaware of.

More to the point: After the Snowden revelations, no one with two brain cells believes that the NSA won't use this to spy on domestic targets. They will just deny it and classify the reports.

Re:

[Pf0tzenpfritz]

But I have an issue with the NSA hacking into European LI infrastructure. And, honestly, I don't give a fuck about what you think about that.

Bizarro world...

[Fuzi719]

OH NO! The NSA is working to thwart foreign intelligence gathering! How dare they invade the privacy of those working to destroy the privacy of our government! They must be stopped! /s

Re:

[neubsi]

You do know that PRISM is/was used to survail American citizens, right? And I agree, some sort of survailance of foreign enemies is a good thing.

Re:

[iAmWaySmarterThanYou]

How does PRISM make us safe from evil people like the Tibetan government in exile? The lowest privacy fear on my list is the Dalai Lama grabbing my texts and emails.

Re:

[iAmWaySmarterThanYou]

Hey Fed, post in English if you want anyone to understand. I didn't take the foreign language courses you got in your FBI classes.

Something is askew here

[Ol Olsoc]

Calling a CPU sigint enabled - then people speaking of backdoors - those two are not the same thing.

Now I'm not saying there isn't a backdoor, but basing it on signals intelligence is not even wrong.

So I kinda call bullshit here.

Re:

[airport76]

True, but you may have also explained how are they different.

A backdoor allows someone to take control of a computer. On the other hand Signal Intelligence is the recollection and analysis of data, usually communications. So, quite different.

Re:

[Ol Olsoc]

True, but you may have also explained how are they different.

A backdoor allows someone to take control of a computer. On the other hand Signal Intelligence is the recollection and analysis of data, usually communications. So, quite different.

Sure, But a lot of Snowden fanbois will reject anything at all.

If we look at say Comsec, you can use that as a possible definition. But that's a really broad field like any communications in any form.

Sigint is generally collection of signals emanating from a transmitter. Or maybe Elint.

There's a lot of overlap, so it is hard to pin down things precisely. But no, a computer backdoor is not sigint. It's a backdoor.It's a way to get into a computer via the network usually. It might be useful for interes

Re:

[gweihir]

Have you noted that two of the advisers were D.J. Bernstein and Tanja Lange? It does not get much more high-powered in the cryptography field. If these names are on the thesis, it is up to _you_ to disprove the claims in there.

Re:

[Ol Olsoc]

Have you noted that two of the advisers were D.J. Bernstein and Tanja Lange? It does not get much more high-powered in the cryptography field. If these names are on the thesis, it is up to _you_ to disprove the claims in there.

Or I could just not believe them.

Re:

[gweihir]

Sure, everybody has the right to be a disconnected idiot. Just do not expect to get respect for that.

Re:

[Ol Olsoc]

Sure, everybody has the right to be a disconnected idiot. Just do not expect to get respect for that.

If you are calling me a disconnected idiot, that's your opinion. But So tell this idiot how SIGINT is the same thing as a CPU backdoor.

Hey Gweihir - I do something to you to drop to calling me an idiot? And friend, I'm definitely not disconnected.

You definitely do not know everything you think you know. Educate us.

"lawful interception"

[Urd.Yggdrasil]

> The NSA compromised lawful Russian interception infrastructure, SORM. The NSA archive contains slides showing two Russian officers wearing jackets with a slogan written in Cyrillic: "You talk, we listen." The NSA and/or GCHQ has also compromised Key European LI [lawful interception] systems.

Are these the same sort of 'lawful interception' systems that western governments are constantly trying to ram through "for the children"? The ones that they constantly assure the public are 'secure' and will only be used for 'lawful purposes'?

Re:

[strikethree]

Are these the same sort of 'lawful interception' systems that western governments are constantly trying to ram through "for the children"? The ones that they constantly assure the public are 'secure' and will only be used for 'lawful purposes'?

ROFLMAO

You noticed that too? The blindness and hypocrisy is ... I am at a loss for words. There are no words that convey the stupidity.

How do you know when corporations lie?

[Miles_O'Toole]

"Marvell (the owner of Cavium since 2018) denies the allegations that it or Cavium placed backdoors in products at the behest of the U.S. government."

When their spokesdrone's lips are moving.

Funny how it doesn't matter more

[Bill, Shooter of Bul]

Despite all of this capability, they couldn't see 2016 election interference coming or did they and just lack the basic understanding of the human psyche? Or do we give too much credit to the backer and not the method? Like so what if Russia was doing it, A billion otherwise legit political actors were doing the same thing? These are the things that keep me up at night. With so much capability, why hasn't our intelligence services done a better job? The fact that Snowden was able to do what he did is als

Re:

[gweihir]

Wrong. He is an academic and he has a PhD with two of the biggest names in cryptography as advisers (D.J. Bernstein and T. Lange). That thesis is sound. Whether _you_ are equipped to understand that is another question.

Incidentally, whether he is a "creep" or not has absolutely no impact on the quality of this research or his status as an academic. Also incidentally, AFAIK there was never any prosecution against him. Reminds me of some other cases where accusations of sexual misconduct were made publicly bu

Re:

[gweihir]

Bullshit. You are projecting how you want reality to be. Unless you were there, there is no way for you to know what actually happened. If there had been a criminal investigation, things would be different. But there was not. The Tor project investigation does not fulfill the standards for a dependable independent investigation. That he resigned does also mean absolutely nothing. The Tor project strongly communicated to him "you are not wanted here" and anybody sane would resign at that point. Now, if they

Re:

[Midnight_Falcon]

After his initial scandal, another scandal came up as part of his PhD program, where he was shielded by these professors: https://geekfeminism.fandom.co... [fandom.com]

March 2017, Henry de Valence, a former Ph.D student working with Tanja Lange and Dan Bernstein (both faculty at TU Eindhoven and friends of Appelbaum) wrote about his experiences with Appelbaum and leaving graduate school as a result due to Lange and Bernstein's defense of Appelbaum's behavior: On August 31, 2015, I started a Ph.D. in cryptography at T

Re:

[gweihir]

It really does not matter. This is about the thesis, not the person. So are you claiming the thesis is defective or not?

Incidentally, the number of false accusations in sexual misconduct is wayyyy higher. A high-placed German investigator once said >50% in an interview, but that the German police tries to discourage those that are too obviously lying (because that would land them in legal hot water) which lowers the statistics. There have also been convictions for false claims of rape, where the woman in

Re: Of *course* he published it in an academic ven

[Midnight_Falcon]

If you notice, in the above post the original quoted author actually voted the rate of false accusations -- 2 to 8 percent. You cite an anecdotal interview with a random German policeman. I'll cite a literature review by an Ivy League: https://www.brown.edu/campus-l... [brown.edu]

in Jacobs case it's multiple accusers over a long time period. This makes the likelihood of all these being false reports under one percent based on raw false reports statistics.

I don't have a problem with the content of the thesis. H

Re:

[Midnight_Falcon]

The fact the summary doesn't state he's a "disgraced Tor developer" and-or "well known crypto pervert" is crazy. Simply google his name and "sexual" to see pages of results about his misdeeds.