[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.38,0:00:05.67,Default,,0000,0000,0000,,Herald: Good morning to this last minute\Nedition to our “Fahrplan” today.
Dialogue: 0,0:00:05.67,0:00:09.54,Default,,0000,0000,0000,,There will probably be time for a few\Nminutes of Q&A in the end, so you can
Dialogue: 0,0:00:09.54,0:00:15.16,Default,,0000,0000,0000,,ask questions here or on IRC\Nand Twitter via our Signal Angels.
Dialogue: 0,0:00:15.16,0:00:19.56,Default,,0000,0000,0000,,Please welcome Jake Appelbaum,\Nindependent journalist,
Dialogue: 0,0:00:19.56,0:00:23.51,Default,,0000,0000,0000,,for his talk\N“To Protect And Infect Part 2”.
Dialogue: 0,0:00:23.51,0:00:29.69,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:00:29.69,0:00:35.84,Default,,0000,0000,0000,,Jacob: Okay. Alright. Thanks so much\Nfor coming so early in the morning.
Dialogue: 0,0:00:35.84,0:00:38.55,Default,,0000,0000,0000,,Or maybe not so early in the morning\Nfor most of you apparently since
Dialogue: 0,0:00:38.55,0:00:44.15,Default,,0000,0000,0000,,you’ve all been up for more than an hour.\NBut I’m gonna talk today a little bit
Dialogue: 0,0:00:44.15,0:00:48.67,Default,,0000,0000,0000,,about some things that we’ve heard about\Nat the conference and I’m gonna talk a bit
Dialogue: 0,0:00:48.67,0:00:52.74,Default,,0000,0000,0000,,about some things that you have not\Nprobably ever heard about in your life and
Dialogue: 0,0:00:52.74,0:00:55.68,Default,,0000,0000,0000,,are even worse than your worst nightmares.
Dialogue: 0,0:00:55.68,0:01:00.20,Default,,0000,0000,0000,,So recently we heard a little bit about\Nsome of the low-end corporate spying
Dialogue: 0,0:01:00.20,0:01:04.90,Default,,0000,0000,0000,,that’s often billed as being sort of like\Nthe hottest, most important stuff, so the
Dialogue: 0,0:01:04.90,0:01:09.34,Default,,0000,0000,0000,,FinFisher, the HackingTeam, the VUPEN.\NAnd sort of in that order it becomes
Dialogue: 0,0:01:09.34,0:01:14.49,Default,,0000,0000,0000,,more sophisticated and more and more\Ntied in with the National Security Agency.
Dialogue: 0,0:01:14.49,0:01:17.66,Default,,0000,0000,0000,,There are some Freedom of Information Act\Nrequests that have gone out that actually
Dialogue: 0,0:01:17.66,0:01:23.67,Default,,0000,0000,0000,,show VUPEN being an NSA contractor writing\Nexploits, that there are some ties there.
Dialogue: 0,0:01:23.67,0:01:28.01,Default,,0000,0000,0000,,This sort of covers the… sort of…\Nthe whole gamut, I believe,
Dialogue: 0,0:01:28.01,0:01:31.65,Default,,0000,0000,0000,,which is that, you know you can buy these\Nlike little pieces of forensics hardware.
Dialogue: 0,0:01:31.65,0:01:35.24,Default,,0000,0000,0000,,And just as a sort of fun thing I bought\Nsome of those and then I looked at
Dialogue: 0,0:01:35.24,0:01:38.67,Default,,0000,0000,0000,,how they worked and I noticed that this\N‘Mouse Jiggler’, you plug it in and
Dialogue: 0,0:01:38.67,0:01:42.86,Default,,0000,0000,0000,,the idea is that it like keeps your screen\Nawake. So have any of you seen that
Dialogue: 0,0:01:42.86,0:01:46.91,Default,,0000,0000,0000,,at all? It’s a piece of forensics hardware\Nso your screensaver doesn’t activate.
Dialogue: 0,0:01:46.91,0:01:51.29,Default,,0000,0000,0000,,So I showed it to one of the systemd\Ndevelopers, and now when you plug those
Dialogue: 0,0:01:51.29,0:01:55.90,Default,,0000,0000,0000,,into a Linux box that runs systemd,\Nthey automatically lock the screen
Dialogue: 0,0:01:55.90,0:02:02.08,Default,,0000,0000,0000,,when it sees the USB ID.\N{\i1}applause{\i0}
Dialogue: 0,0:02:02.08,0:02:05.47,Default,,0000,0000,0000,,So when people talk about Free Software,\N‘free as in freedom’, that’s part of
Dialogue: 0,0:02:05.47,0:02:09.26,Default,,0000,0000,0000,,what they’re talking about. So there are\Nsome other things which I’m not going
Dialogue: 0,0:02:09.26,0:02:11.66,Default,,0000,0000,0000,,to really talk a lot about it because\Nbasically this is all bullshit that
Dialogue: 0,0:02:11.66,0:02:15.42,Default,,0000,0000,0000,,doesn’t really matter and we can defeat\Nall of that. This is individualized things
Dialogue: 0,0:02:15.42,0:02:20.06,Default,,0000,0000,0000,,we can defend against. But I want\Nto talk a little bit about how it’s
Dialogue: 0,0:02:20.06,0:02:23.96,Default,,0000,0000,0000,,not necessarily the case that because\Nthey’re not the most fantastic, they’re
Dialogue: 0,0:02:23.96,0:02:27.72,Default,,0000,0000,0000,,not the most sophisticated, that\Ntherefore we shouldn’t worry about it.
Dialogue: 0,0:02:27.72,0:02:31.32,Default,,0000,0000,0000,,This is Rafael. I met him when\NI was in Oslo in Norway
Dialogue: 0,0:02:31.32,0:02:36.45,Default,,0000,0000,0000,,for the Oslo Freedom Forum, and basically\Nhe asked me to look at his computer
Dialogue: 0,0:02:36.45,0:02:40.40,Default,,0000,0000,0000,,because he said, “You know, something\Nseems to be wrong with it. I think that
Dialogue: 0,0:02:40.40,0:02:43.75,Default,,0000,0000,0000,,there’s something, you know,\Nslowing it down.” And I said:
Dialogue: 0,0:02:43.75,0:02:46.26,Default,,0000,0000,0000,,“Well, I’m not going to find anything.\NI don’t have any tools. We are just
Dialogue: 0,0:02:46.26,0:02:49.58,Default,,0000,0000,0000,,going to like sit at the computer…”\NAnd I looked at it, and it has to be
Dialogue: 0,0:02:49.58,0:02:53.20,Default,,0000,0000,0000,,the lamest back door I’ve ever found. It\Nwas basically a very small program that
Dialogue: 0,0:02:53.20,0:02:56.98,Default,,0000,0000,0000,,would just run in a loop and take\Nscreenshots. And it failed to upload
Dialogue: 0,0:02:56.98,0:03:01.16,Default,,0000,0000,0000,,some of the screenshots, and so there were\N8 GB of screenshots in his home directory.
Dialogue: 0,0:03:01.16,0:03:04.57,Default,,0000,0000,0000,,{\i1}laughter and applause{\i0}\NAnd I said, “I’m sorry to break it to you
Dialogue: 0,0:03:04.57,0:03:09.44,Default,,0000,0000,0000,,but I think that you’ve been owned.\NAnd… by a complete idiot.”
Dialogue: 0,0:03:09.44,0:03:14.43,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NAnd he, he, yeah, he was,
Dialogue: 0,0:03:14.43,0:03:17.83,Default,,0000,0000,0000,,he was really… actually, he felt really\Nviolated and then he told me what he does,
Dialogue: 0,0:03:17.83,0:03:21.08,Default,,0000,0000,0000,,which is he’s an investigative journalist\Nwho works with top secret documents
Dialogue: 0,0:03:21.08,0:03:25.68,Default,,0000,0000,0000,,all the time, with extreme, extreme\Noperational security to protect
Dialogue: 0,0:03:25.68,0:03:30.82,Default,,0000,0000,0000,,his sources. But when it came to computing\NJ[ournalism] school failed him.
Dialogue: 0,0:03:30.82,0:03:35.53,Default,,0000,0000,0000,,And as a result, he was compromised\Npretty badly. He was not using
Dialogue: 0,0:03:35.53,0:03:38.13,Default,,0000,0000,0000,,a specialized operating system like\NTails, which if you’re a journalist
Dialogue: 0,0:03:38.13,0:03:40.91,Default,,0000,0000,0000,,and you’re not using Tails you should\Nprobably be using Tails unless
Dialogue: 0,0:03:40.91,0:03:44.41,Default,,0000,0000,0000,,you really know what you’re doing.\NApple did a pretty good job at
Dialogue: 0,0:03:44.41,0:03:48.84,Default,,0000,0000,0000,,revoking this application, and it was, you\Nknow, in theory it stopped, but there are
Dialogue: 0,0:03:48.84,0:03:52.95,Default,,0000,0000,0000,,lots of samples from the same group\Nand this group that did this is tied to
Dialogue: 0,0:03:52.95,0:03:57.67,Default,,0000,0000,0000,,a whole bunch of other attacks across\Nthe world, actually, which is why
Dialogue: 0,0:03:57.67,0:04:03.32,Default,,0000,0000,0000,,it’s connected up there with Operation\NHangover. The scary thing, though, is that
Dialogue: 0,0:04:03.32,0:04:06.69,Default,,0000,0000,0000,,this summer, after we’d met, he was\Nactually arrested relating to some
Dialogue: 0,0:04:06.69,0:04:11.24,Default,,0000,0000,0000,,of these things. And now, as\NI understand it, he’s out, but,
Dialogue: 0,0:04:11.24,0:04:14.69,Default,,0000,0000,0000,,you know, when you mess with a military\Ndictatorship it messes with you back.
Dialogue: 0,0:04:14.69,0:04:18.90,Default,,0000,0000,0000,,So even though that’s one of the lamest\Nbackdoors, his life is under threat.
Dialogue: 0,0:04:18.90,0:04:23.52,Default,,0000,0000,0000,,So just simple things can cause serious,\Nserious harm to regular people that are
Dialogue: 0,0:04:23.52,0:04:27.99,Default,,0000,0000,0000,,working for some kind of truth telling.\NAnd that to me is really a big part
Dialogue: 0,0:04:27.99,0:04:31.87,Default,,0000,0000,0000,,of my motivation for coming here to talk\Nabout what I’m going to talk about next,
Dialogue: 0,0:04:31.87,0:04:35.07,Default,,0000,0000,0000,,which is that for every person that we\Nlearn about like Rafael, I think there are
Dialogue: 0,0:04:35.07,0:04:39.53,Default,,0000,0000,0000,,lots of people we will never learn about,\Nand that’s, to me that’s very scary,
Dialogue: 0,0:04:39.53,0:04:43.32,Default,,0000,0000,0000,,and I think we need to bring some\Ntransparency, and that’s what we’re
Dialogue: 0,0:04:43.32,0:04:47.13,Default,,0000,0000,0000,,going to talk about now. And I really want\Nto emphasize this point. Even though
Dialogue: 0,0:04:47.13,0:04:50.84,Default,,0000,0000,0000,,they’re not technically impressive, they\Nare actually still harmful, and that,
Dialogue: 0,0:04:50.84,0:04:55.41,Default,,0000,0000,0000,,that is really a key point to drive home.\NI mean, some of the back doors that
Dialogue: 0,0:04:55.41,0:04:59.85,Default,,0000,0000,0000,,I’ve seen are really not sophisticated,\Nthey’re not really that interesting, and
Dialogue: 0,0:04:59.85,0:05:03.64,Default,,0000,0000,0000,,in some cases they’re common off-the-shelf\Npurchases between businesses,
Dialogue: 0,0:05:03.64,0:05:08.65,Default,,0000,0000,0000,,so it’s like business-to-business\Nexploitation software development.
Dialogue: 0,0:05:08.65,0:05:13.49,Default,,0000,0000,0000,,I feel like that’s really kind of sad,\Nand I also think we can change this.
Dialogue: 0,0:05:13.49,0:05:19.19,Default,,0000,0000,0000,,We can turn this around by exposing it.\NSo, what’s it all about, though?
Dialogue: 0,0:05:19.19,0:05:24.22,Default,,0000,0000,0000,,Fundamentally it’s about control, baby,\Nand that is what we’re going to get into.
Dialogue: 0,0:05:24.22,0:05:27.68,Default,,0000,0000,0000,,It’s not just about control of machines.\NWhat happened with Rafael is about
Dialogue: 0,0:05:27.68,0:05:31.52,Default,,0000,0000,0000,,control of people. And fundamentally\Nwhen we talk about things like internet
Dialogue: 0,0:05:31.52,0:05:35.67,Default,,0000,0000,0000,,freedom and we talk about tactical\Nsurveillance and strategic surveillance,
Dialogue: 0,0:05:35.67,0:05:39.53,Default,,0000,0000,0000,,we’re talking about control of people\Nthrough the machinery that they use.
Dialogue: 0,0:05:39.53,0:05:43.53,Default,,0000,0000,0000,,And this is a really, I think a really\Nkind of – you know I’m trying
Dialogue: 0,0:05:43.53,0:05:46.98,Default,,0000,0000,0000,,to make you laugh a little bit because\Nwhat I’m going to show you today
Dialogue: 0,0:05:46.98,0:05:53.22,Default,,0000,0000,0000,,is wrist-slitting depressing.\NSo. Part 2, or Act 2 of Part 2.
Dialogue: 0,0:05:53.22,0:05:57.76,Default,,0000,0000,0000,,Basically the NSA, they want\Nto be able to spy on you, and
Dialogue: 0,0:05:57.76,0:06:00.58,Default,,0000,0000,0000,,if they have 10 different options for\Nspying on you that you know about,
Dialogue: 0,0:06:00.58,0:06:06.12,Default,,0000,0000,0000,,they have 13 ways of doing it and they\Ndo all 13. So that’s a pretty scary thing,
Dialogue: 0,0:06:06.12,0:06:11.33,Default,,0000,0000,0000,,and basically their goal is to have\Ntotal surveillance of everything that
Dialogue: 0,0:06:11.33,0:06:15.34,Default,,0000,0000,0000,,they’re interested in. So there really\Nis no boundary to what they want to do.
Dialogue: 0,0:06:15.34,0:06:19.02,Default,,0000,0000,0000,,There is only sometimes a boundary of\Nwhat they are funded to be able to do and
Dialogue: 0,0:06:19.02,0:06:23.82,Default,,0000,0000,0000,,the amount of things they’re able to do at\Nscale. They seem to just do those things
Dialogue: 0,0:06:23.82,0:06:27.20,Default,,0000,0000,0000,,without thinking too much about it. And\Nthere are specific tactical things
Dialogue: 0,0:06:27.20,0:06:30.69,Default,,0000,0000,0000,,where they have to target a group or an\Nindividual, and those things seem limited
Dialogue: 0,0:06:30.69,0:06:35.65,Default,,0000,0000,0000,,either by budgets or simply by their time.\NAnd as we have released today
Dialogue: 0,0:06:35.65,0:06:39.98,Default,,0000,0000,0000,,on Der Spiegel’s website, which it should\Nbe live – I just checked, it should be live
Dialogue: 0,0:06:39.98,0:06:44.35,Default,,0000,0000,0000,,for everyone here – we actually\Nshow a whole bunch of details
Dialogue: 0,0:06:44.35,0:06:49.78,Default,,0000,0000,0000,,about their budgets as well as the\Nindividuals involved with the NSA
Dialogue: 0,0:06:49.78,0:06:53.48,Default,,0000,0000,0000,,and the Tailored Access Operations group\Nin terms of numbers. So it should give you
Dialogue: 0,0:06:53.48,0:06:58.89,Default,,0000,0000,0000,,a rough idea showing that there was a\Nsmall period of time in which the internet
Dialogue: 0,0:06:58.89,0:07:02.59,Default,,0000,0000,0000,,was really free and we did not have people\Nfrom the U.S. military that were watching
Dialogue: 0,0:07:02.59,0:07:07.03,Default,,0000,0000,0000,,over it and exploiting everyone on\Nit, and now we see every year
Dialogue: 0,0:07:07.03,0:07:11.78,Default,,0000,0000,0000,,that the number of people who are hired to\Nbreak into people’s computers as part of
Dialogue: 0,0:07:11.78,0:07:16.70,Default,,0000,0000,0000,,grand operations, those people are growing\Nday by day, actually. In every year
Dialogue: 0,0:07:16.70,0:07:21.82,Default,,0000,0000,0000,,there are more and more people that are\Nallocated, and we see this growth. So
Dialogue: 0,0:07:21.82,0:07:26.25,Default,,0000,0000,0000,,that’s the goal: non-attribution, and total\Nsurveillance, and they want to do it
Dialogue: 0,0:07:26.25,0:07:30.69,Default,,0000,0000,0000,,completely in the dark. The good\Nnews is that they can’t. So,
Dialogue: 0,0:07:30.69,0:07:34.85,Default,,0000,0000,0000,,now I’m going to show you a bit about it.\NBut first, before I show you any pictures,
Dialogue: 0,0:07:34.85,0:07:38.99,Default,,0000,0000,0000,,I want to sort of give you the big picture\Nfrom the top down. So there is
Dialogue: 0,0:07:38.99,0:07:43.25,Default,,0000,0000,0000,,a planetary strategic surveillance system,\Nand there – well, there are many of them
Dialogue: 0,0:07:43.25,0:07:48.41,Default,,0000,0000,0000,,actually. Everything from I think\Noff-planetary surveillance gear, which is
Dialogue: 0,0:07:48.41,0:07:51.75,Default,,0000,0000,0000,,probably the National Reconnaissance\NOffice and their satellite systems
Dialogue: 0,0:07:51.75,0:07:54.67,Default,,0000,0000,0000,,for surveillance like the Keyhole\Nsatellites – these are all things most,
Dialogue: 0,0:07:54.67,0:07:58.39,Default,,0000,0000,0000,,for the most part we actually know about\Nthese things. They’re on Wikipedia.
Dialogue: 0,0:07:58.39,0:08:01.11,Default,,0000,0000,0000,,But I want to talk a little bit more about\Nthe internet side of things because
Dialogue: 0,0:08:01.11,0:08:04.64,Default,,0000,0000,0000,,I think that’s really fascinating. So\Npart of what we are releasing today
Dialogue: 0,0:08:04.64,0:08:07.76,Default,,0000,0000,0000,,with ‘Der Spiegel’, or what has actually\Nbeen released – just to be clear
Dialogue: 0,0:08:07.76,0:08:11.71,Default,,0000,0000,0000,,on the timeline, I’m not disclosing it\Nfirst, I’m working as an independent
Dialogue: 0,0:08:11.71,0:08:15.34,Default,,0000,0000,0000,,journalist summarizing the work that we\Nhave already released onto the internet
Dialogue: 0,0:08:15.34,0:08:19.43,Default,,0000,0000,0000,,as part of a publication house that went\Nthrough a very large editorial process
Dialogue: 0,0:08:19.43,0:08:23.71,Default,,0000,0000,0000,,in which we redacted all the names of\Nagents and information about those names,
Dialogue: 0,0:08:23.71,0:08:26.16,Default,,0000,0000,0000,,including their phone numbers\Nand e-mail addresses.
Dialogue: 0,0:08:26.16,0:08:29.02,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:08:29.02,0:08:32.89,Default,,0000,0000,0000,,And I should say that I actually think\Nthat the laws here are wrong,
Dialogue: 0,0:08:32.89,0:08:36.81,Default,,0000,0000,0000,,because they are in favor of\Nan oppressor who is criminal.
Dialogue: 0,0:08:36.81,0:08:41.16,Default,,0000,0000,0000,,So when we redact the names of people who\Nare engaged in criminal activity including
Dialogue: 0,0:08:41.16,0:08:45.42,Default,,0000,0000,0000,,drone murder, we are actually not doing\Nthe right thing, but I believe that
Dialogue: 0,0:08:45.42,0:08:49.20,Default,,0000,0000,0000,,we should comply with the law in order\Nto continue to publish, and I think
Dialogue: 0,0:08:49.20,0:08:55.74,Default,,0000,0000,0000,,that’s very important.\N{\i1}applause{\i0}
Dialogue: 0,0:08:55.74,0:09:00.03,Default,,0000,0000,0000,,We also redacted the names of\Nvictims of NSA surveillance,
Dialogue: 0,0:09:00.03,0:09:04.89,Default,,0000,0000,0000,,because we think that there’s a balance.\NUnfortunately there is a serious problem
Dialogue: 0,0:09:04.89,0:09:08.63,Default,,0000,0000,0000,,which is that the U.S. government asserts\Nthat you don’t have standing to prove
Dialogue: 0,0:09:08.63,0:09:12.27,Default,,0000,0000,0000,,that you’ve been surveilled unless\Nwe release that kind of information,
Dialogue: 0,0:09:12.27,0:09:15.04,Default,,0000,0000,0000,,but we don’t want to release that kind\Nof information in case it could be
Dialogue: 0,0:09:15.04,0:09:18.68,Default,,0000,0000,0000,,a legitimate target, and we – I’m really\Nuncomfortable with that term, but let’s
Dialogue: 0,0:09:18.68,0:09:22.28,Default,,0000,0000,0000,,say that there is a legitimate target, the\Nmost legitimate target, and we didn’t want
Dialogue: 0,0:09:22.28,0:09:25.90,Default,,0000,0000,0000,,to make that decision. But we\Ndid also want to make sure
Dialogue: 0,0:09:25.90,0:09:29.23,Default,,0000,0000,0000,,that we didn’t harm someone, but we\Nalso wanted to show concrete examples.
Dialogue: 0,0:09:29.23,0:09:32.47,Default,,0000,0000,0000,,So if you look at the ‘Spiegel’ stuff online,\Nwe redacted the names even of those
Dialogue: 0,0:09:32.47,0:09:36.49,Default,,0000,0000,0000,,who were victimized by the NSA’s\Noppressive tactics, which I think
Dialogue: 0,0:09:36.49,0:09:39.60,Default,,0000,0000,0000,,actually goes further than is necessary,\Nbut I believe that it strikes
Dialogue: 0,0:09:39.60,0:09:43.15,Default,,0000,0000,0000,,the right balance to ensure continued\Npublication and also to make sure
Dialogue: 0,0:09:43.15,0:09:46.70,Default,,0000,0000,0000,,that people are not harmed and that\Nlegitimate good things, however rare
Dialogue: 0,0:09:46.70,0:09:52.09,Default,,0000,0000,0000,,they may be, they are also not harmed.\NSo if you’ve been targeted by the NSA
Dialogue: 0,0:09:52.09,0:09:54.49,Default,,0000,0000,0000,,and you would have found out today\Nif we had taken a different decision,
Dialogue: 0,0:09:54.49,0:09:59.19,Default,,0000,0000,0000,,I’m really sorry, but this is the thing\NI think that keeps us alive,
Dialogue: 0,0:09:59.19,0:10:02.20,Default,,0000,0000,0000,,so this is the choice that I think is the\Nright choice, and I think it’s also
Dialogue: 0,0:10:02.20,0:10:06.31,Default,,0000,0000,0000,,the safest choice for everyone.\NSo that said, basically the NSA has
Dialogue: 0,0:10:06.31,0:10:10.63,Default,,0000,0000,0000,,a giant dragnet surveillance system that\Nthey call TURMOIL. TURMOIL is a passive
Dialogue: 0,0:10:10.63,0:10:14.52,Default,,0000,0000,0000,,interception system. That passive\Ninterception system essentially spans
Dialogue: 0,0:10:14.52,0:10:17.98,Default,,0000,0000,0000,,the whole planet. Who here has heard\Nabout the Merkel phone incident?
Dialogue: 0,0:10:17.98,0:10:21.74,Default,,0000,0000,0000,,Some of you heard about Chancellor Merkel?\NSo we revealed that in ‘Der Spiegel’, and
Dialogue: 0,0:10:21.74,0:10:25.77,Default,,0000,0000,0000,,what we found was that they tasked her\Nfor surveillance. And I’ll talk a little bit
Dialogue: 0,0:10:25.77,0:10:29.03,Default,,0000,0000,0000,,about that later. But basically the way\Nthat this works is that they have this
Dialogue: 0,0:10:29.03,0:10:34.02,Default,,0000,0000,0000,,huge passive set of sensors; and any data\Nthat flows past it, they actually look at it.
Dialogue: 0,0:10:34.02,0:10:37.88,Default,,0000,0000,0000,,So there was a time in the past where\Nsurveillance meant looking at anything
Dialogue: 0,0:10:37.88,0:10:43.01,Default,,0000,0000,0000,,at all. And now the NSA tries\Nto basically twist the words
Dialogue: 0,0:10:43.01,0:10:46.78,Default,,0000,0000,0000,,of every person who speaks whatever\Nlanguage they’re speaking in, and they
Dialogue: 0,0:10:46.78,0:10:50.56,Default,,0000,0000,0000,,try to say that it’s only surveillance\Nif after they collect it and record it
Dialogue: 0,0:10:50.56,0:10:55.50,Default,,0000,0000,0000,,to a database, and analyze it with\Nmachines, only if – I think – an NSA agent
Dialogue: 0,0:10:55.50,0:10:59.69,Default,,0000,0000,0000,,basically looks at it\Npersonally and then clicks
Dialogue: 0,0:10:59.69,0:11:03.75,Default,,0000,0000,0000,,“I have looked at this” do\Nthey call it surveillance.
Dialogue: 0,0:11:03.75,0:11:07.41,Default,,0000,0000,0000,,Fundamentally I really object to that\Nbecause if I ran a TURMOIL collection
Dialogue: 0,0:11:07.41,0:11:10.22,Default,,0000,0000,0000,,system – that is passive signals\Nintelligence systems collecting data
Dialogue: 0,0:11:10.22,0:11:14.12,Default,,0000,0000,0000,,from the whole planet, everywhere they\Npossibly can – I would go to prison
Dialogue: 0,0:11:14.12,0:11:17.99,Default,,0000,0000,0000,,for the rest of my life.\NThat’s the balance, right?
Dialogue: 0,0:11:17.99,0:11:21.52,Default,,0000,0000,0000,,Jefferson talks about this. He says, you\Nknow, “That which the government\N
Dialogue: 0,0:11:21.52,0:11:25.16,Default,,0000,0000,0000,,is allowed to do but you are not, this is\Na tyranny.” There are some exceptions
Dialogue: 0,0:11:25.16,0:11:29.82,Default,,0000,0000,0000,,to that, but the CFAA in the United\NStates, the Computer Fraud and Abuse Act,
Dialogue: 0,0:11:29.82,0:11:33.72,Default,,0000,0000,0000,,you know, it’s so draconian\Nfor regular people,
Dialogue: 0,0:11:33.72,0:11:38.26,Default,,0000,0000,0000,,and the NSA gets to do something like\Nintercepting 7 billion people all day long
Dialogue: 0,0:11:38.26,0:11:42.82,Default,,0000,0000,0000,,with no problems, and the rest of us\Nare not even allowed to experiment
Dialogue: 0,0:11:42.82,0:11:47.44,Default,,0000,0000,0000,,for improving the security of our own\Nlives without being put in prison
Dialogue: 0,0:11:47.44,0:11:51.70,Default,,0000,0000,0000,,or under threat of serious indictment, and\Nthat I think is a really important point.
Dialogue: 0,0:11:51.70,0:11:55.73,Default,,0000,0000,0000,,So the TURMOIL system is a surveillance\Nsystem, and it is a dragnet surveillance
Dialogue: 0,0:11:55.73,0:12:00.15,Default,,0000,0000,0000,,system that is a general warrant dragnet\Nsurveillance if there ever was one.
Dialogue: 0,0:12:00.15,0:12:04.03,Default,,0000,0000,0000,,And now we shot the British over this when\Nwe started our revolution. We called them
Dialogue: 0,0:12:04.03,0:12:06.97,Default,,0000,0000,0000,,“general writs of assistance.” These\Nwere generalized warrants which
Dialogue: 0,0:12:06.97,0:12:10.73,Default,,0000,0000,0000,,we considered to be a tyranny. And\NTURMOIL is the digital version of a
Dialogue: 0,0:12:10.73,0:12:15.41,Default,,0000,0000,0000,,general writ of assistance system. And\Nthe general writ of assistance itself,
Dialogue: 0,0:12:15.41,0:12:18.53,Default,,0000,0000,0000,,it’s not clear if it even exists, because\Nit’s not clear to me that a judge
Dialogue: 0,0:12:18.53,0:12:21.91,Default,,0000,0000,0000,,would understand\Nanything that I just said.
Dialogue: 0,0:12:21.91,0:12:27.31,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:12:27.31,0:12:31.92,Default,,0000,0000,0000,,Okay, so now we’re gonna get scary.\NSo that’s just the passive stuff.
Dialogue: 0,0:12:31.92,0:12:36.12,Default,,0000,0000,0000,,There exists another system that’s called\NTURBINE, and we revealed about this system
Dialogue: 0,0:12:36.12,0:12:41.04,Default,,0000,0000,0000,,in the ‘Spiegel’ publications\Ntoday as well. So if TURMOIL
Dialogue: 0,0:12:41.04,0:12:47.21,Default,,0000,0000,0000,,is deep packet inspection, then\NTURBINE is deep packet injection.
Dialogue: 0,0:12:47.21,0:12:52.13,Default,,0000,0000,0000,,And it is the system that combined\Ntogether with a thing…
Dialogue: 0,0:12:52.13,0:12:55.82,Default,,0000,0000,0000,,– with TURMOIL and TURBINE you can create\Na platform which they have consolidated
Dialogue: 0,0:12:55.82,0:13:01.90,Default,,0000,0000,0000,,which they call QFIRE. QFIRE is\Nessentially a way to programmatically
Dialogue: 0,0:13:01.90,0:13:05.79,Default,,0000,0000,0000,,look at things that flow across the\Ninternet that they see with TURMOIL
Dialogue: 0,0:13:05.79,0:13:09.77,Default,,0000,0000,0000,,and then using TURBINE they’re able to\Nactually inject packets to try to do attacks,
Dialogue: 0,0:13:09.77,0:13:13.72,Default,,0000,0000,0000,,and I’ll describe some of those attacks\Nin detail in a moment. But essentially
Dialogue: 0,0:13:13.72,0:13:17.43,Default,,0000,0000,0000,,the interesting thing about QFIRE also\Nis that they have a thing that’s called
Dialogue: 0,0:13:17.43,0:13:22.30,Default,,0000,0000,0000,,a diode. So if you have for\Nexample a large number
Dialogue: 0,0:13:22.30,0:13:24.67,Default,,0000,0000,0000,,of systems where you control them, you\Nmight say: “Hey, what are you doing
Dialogue: 0,0:13:24.67,0:13:27.59,Default,,0000,0000,0000,,on that backbone?”, “Hey, what’s going on\Nwith these systems?” And they could say,
Dialogue: 0,0:13:27.59,0:13:30.93,Default,,0000,0000,0000,,well, you know, we paid for access, we’re\Ndoing this, it’s all legal, etcetera.
Dialogue: 0,0:13:30.93,0:13:33.83,Default,,0000,0000,0000,,QFIRE has this really neat little detail\Nwhich is that they compromise
Dialogue: 0,0:13:33.83,0:13:36.77,Default,,0000,0000,0000,,other people’s routers and then redirect\Nthrough them so that they can beat
Dialogue: 0,0:13:36.77,0:13:40.16,Default,,0000,0000,0000,,the speed of light. And how\Nthey do that is that they have
Dialogue: 0,0:13:40.16,0:13:43.48,Default,,0000,0000,0000,,a passive sensor that’s nearby,\Na thing that they can inject from.
Dialogue: 0,0:13:43.48,0:13:47.65,Default,,0000,0000,0000,,And when they see that that thing sees\Na selector that is interesting to them
Dialogue: 0,0:13:47.65,0:13:51.69,Default,,0000,0000,0000,,or is doing a thing that they would like\Nto tamper with in some way, then they
Dialogue: 0,0:13:51.69,0:13:55.35,Default,,0000,0000,0000,,take a packet, they encapsulate the\Npacket, they send it to the diode,
Dialogue: 0,0:13:55.35,0:14:00.21,Default,,0000,0000,0000,,which might be your home router\Npotentially, and then that home router
Dialogue: 0,0:14:00.21,0:14:05.41,Default,,0000,0000,0000,,decapsulates that packet and sends it out.\NAnd because that is very close to you,
Dialogue: 0,0:14:05.41,0:14:10.17,Default,,0000,0000,0000,,and let’s say you’re visiting Yahoo, then\Nthe Yahoo packet will not beat you.
Dialogue: 0,0:14:10.17,0:14:14.74,Default,,0000,0000,0000,,That is, they will not beat the NSA\Nor GCHQ. So it’s a race condition.
Dialogue: 0,0:14:14.74,0:14:17.94,Default,,0000,0000,0000,,And so they basically are able to\Ncontrol this whole system and then
Dialogue: 0,0:14:17.94,0:14:23.25,Default,,0000,0000,0000,,to localize attacks in that\Nprocess. So that’s a pretty –
Dialogue: 0,0:14:23.25,0:14:27.53,Default,,0000,0000,0000,,pretty scary stuff, actually. And while it\Nis a digital thing, I think it’s important
Dialogue: 0,0:14:27.53,0:14:30.79,Default,,0000,0000,0000,,to understand that this is what Jefferson\Ntalked about when he talked about tyranny.
Dialogue: 0,0:14:30.79,0:14:34.30,Default,,0000,0000,0000,,This is turnkey tyranny, and it’s not that\Nit’s coming, it’s actually here. It’s just
Dialogue: 0,0:14:34.30,0:14:38.21,Default,,0000,0000,0000,,merely the question about whether or not\Nthey’ll use it in a way that we think is
Dialogue: 0,0:14:38.21,0:14:42.48,Default,,0000,0000,0000,,a good way or not a good way. One\Nof the scariest parts about this is that
Dialogue: 0,0:14:42.48,0:14:47.81,Default,,0000,0000,0000,,for this system or these sets of systems\Nto exist, we have been kept vulnerable.
Dialogue: 0,0:14:47.81,0:14:51.50,Default,,0000,0000,0000,,So it is the case that if the Chinese,\Nif the Russians, if people here
Dialogue: 0,0:14:51.50,0:14:55.98,Default,,0000,0000,0000,,wish to build this system, there’s nothing\Nthat stops them. And in fact the NSA has
Dialogue: 0,0:14:55.98,0:15:00.21,Default,,0000,0000,0000,,in a literal sense retarded the process\Nby which we would secure the internet
Dialogue: 0,0:15:00.21,0:15:04.74,Default,,0000,0000,0000,,because it establishes a hegemony\Nof power, their power in secret,
Dialogue: 0,0:15:04.74,0:15:08.76,Default,,0000,0000,0000,,to do these things. And in fact I’ve seen\Nevidence that shows that there are so many
Dialogue: 0,0:15:08.76,0:15:12.32,Default,,0000,0000,0000,,compromises taking place between the\Ndifferent Five Eyes signals intelligence
Dialogue: 0,0:15:12.32,0:15:16.20,Default,,0000,0000,0000,,groups that they actually have lists that\Nexplain, “If you see this back door
Dialogue: 0,0:15:16.20,0:15:20.61,Default,,0000,0000,0000,,on the system, contact a friendly agency.\NYou’ve just recompromised the machine
Dialogue: 0,0:15:20.61,0:15:24.76,Default,,0000,0000,0000,,of another person.” So\Nwhen we talk about this,
Dialogue: 0,0:15:24.76,0:15:29.02,Default,,0000,0000,0000,,we have to consider that this is\Ndesigned for at-scale exploitation.
Dialogue: 0,0:15:29.02,0:15:33.10,Default,,0000,0000,0000,,And as far as I can tell it’s being\Nused for at-scale exploitation.
Dialogue: 0,0:15:33.10,0:15:38.54,Default,,0000,0000,0000,,Which is not really in my mind a\Ntargeted particularized type of thing,
Dialogue: 0,0:15:38.54,0:15:42.27,Default,,0000,0000,0000,,but rather it’s fishing operations.\NIt’s fishing expeditions. It’s
Dialogue: 0,0:15:42.27,0:15:47.20,Default,,0000,0000,0000,,more like fishing crusades, if you will.\NAnd in some cases, looking at the evidence
Dialogue: 0,0:15:47.20,0:15:51.38,Default,,0000,0000,0000,,that seems to be what it is. Targeting\NMuslims, I might add. Because that’s
Dialogue: 0,0:15:51.38,0:15:54.80,Default,,0000,0000,0000,,what they’re interested in doing.\NSo that said, that’s the internet,
Dialogue: 0,0:15:54.80,0:15:58.27,Default,,0000,0000,0000,,and we get all the way down to the bottom\Nand we get to the Close Access Operations
Dialogue: 0,0:15:58.27,0:16:02.94,Default,,0000,0000,0000,,and Off-Net. Off-Net and Close Access\NOperations are pretty scary things,
Dialogue: 0,0:16:02.94,0:16:06.25,Default,,0000,0000,0000,,but basically this is what we would call a\Nblack bag job. That’s where these guys,
Dialogue: 0,0:16:06.25,0:16:10.26,Default,,0000,0000,0000,,they break into your house, they put\Nsomething in your computer and
Dialogue: 0,0:16:10.26,0:16:13.35,Default,,0000,0000,0000,,they take other things out of your\Ncomputer. Here’s an example.
Dialogue: 0,0:16:13.35,0:16:16.24,Default,,0000,0000,0000,,First top secret document\Nof the talk so far.
Dialogue: 0,0:16:16.24,0:16:18.48,Default,,0000,0000,0000,,This is a Close Access Operations box.
Dialogue: 0,0:16:18.48,0:16:22.47,Default,,0000,0000,0000,,It is basically car\Nmetasploit for the NSA,
Dialogue: 0,0:16:22.47,0:16:25.19,Default,,0000,0000,0000,,which is an interesting thing. But\Nbasically they say that the attack is
Dialogue: 0,0:16:25.19,0:16:30.14,Default,,0000,0000,0000,,undetectable, and it’s sadly\Na laptop running free software.
Dialogue: 0,0:16:30.14,0:16:34.89,Default,,0000,0000,0000,,It is injecting packets. And they say that\Nthey can do this from as far away as
Dialogue: 0,0:16:34.89,0:16:40.46,Default,,0000,0000,0000,,8 miles to inject packets, so presumably\Nusing this they’re able to exploit
Dialogue: 0,0:16:40.46,0:16:45.59,Default,,0000,0000,0000,,a kernel vulnerability of some kind,\Nparsing the wireless frames, and, yeah.
Dialogue: 0,0:16:45.59,0:16:50.00,Default,,0000,0000,0000,,I’ve heard that they actually put this\Nhardware, from sources inside of the NSA
Dialogue: 0,0:16:50.00,0:16:54.42,Default,,0000,0000,0000,,and inside of other\Nintelligence agencies, that
Dialogue: 0,0:16:54.42,0:16:58.16,Default,,0000,0000,0000,,they actually put this type of hardware on\Ndrones so that they fly them over areas
Dialogue: 0,0:16:58.16,0:17:02.22,Default,,0000,0000,0000,,that they’re interested in and they\Ndo mass exploitation of people.
Dialogue: 0,0:17:02.22,0:17:05.58,Default,,0000,0000,0000,,Now, we don’t have a document\Nthat substantiates that part, but
Dialogue: 0,0:17:05.58,0:17:08.24,Default,,0000,0000,0000,,we do have this document that actually\Nclaims that they’ve done it from up to
Dialogue: 0,0:17:08.24,0:17:12.88,Default,,0000,0000,0000,,8 miles away. So that’s a really\Ninteresting thing because it tells us
Dialogue: 0,0:17:12.88,0:17:17.49,Default,,0000,0000,0000,,that they understand that common wireless\Ncards, probably running Microsoft Windows,
Dialogue: 0,0:17:17.49,0:17:21.26,Default,,0000,0000,0000,,which is an American company, that they\Nknow about vulnerabilities and they
Dialogue: 0,0:17:21.26,0:17:25.37,Default,,0000,0000,0000,,keep them a secret to use them. This is\Npart of a constant theme of sabotaging
Dialogue: 0,0:17:25.37,0:17:29.99,Default,,0000,0000,0000,,and undermining American companies and\NAmerican ingenuity. As an American,
Dialogue: 0,0:17:29.99,0:17:33.42,Default,,0000,0000,0000,,while generally not a nationalist, I find\Nthis disgusting, especially as someone
Dialogue: 0,0:17:33.42,0:17:38.00,Default,,0000,0000,0000,,who writes free software and would\Nlike my tax dollars to be spent
Dialogue: 0,0:17:38.00,0:17:40.65,Default,,0000,0000,0000,,on improving these things. And when they\Nknow about them I don’t want them
Dialogue: 0,0:17:40.65,0:17:43.89,Default,,0000,0000,0000,,to keep them a secret because\Nall of us are vulnerable.
Dialogue: 0,0:17:43.89,0:17:45.95,Default,,0000,0000,0000,,It’s a really scary thing.
Dialogue: 0,0:17:45.95,0:17:52.27,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:17:52.27,0:17:55.83,Default,,0000,0000,0000,,And it just so happens that at my house,\Nmyself and many of my friends,
Dialogue: 0,0:17:55.83,0:17:58.86,Default,,0000,0000,0000,,when we use wireless devices\N– Andy knows what I’m talking about,
Dialogue: 0,0:17:58.86,0:18:03.30,Default,,0000,0000,0000,,a few other people here –\Nall the time we have errors
Dialogue: 0,0:18:03.30,0:18:07.95,Default,,0000,0000,0000,,in certain machines which are set up at\Nthe house, in some cases as a honey pot
Dialogue: 0,0:18:07.95,0:18:11.92,Default,,0000,0000,0000,,– thanks, guys – where kernel\Npanic after kernel panic,
Dialogue: 0,0:18:11.92,0:18:15.66,Default,,0000,0000,0000,,exactly in the receive handler of the\NLinux kernel where you would expect
Dialogue: 0,0:18:15.66,0:18:19.62,Default,,0000,0000,0000,,this specific type of thing to take place.\NSo I think that if we talk about
Dialogue: 0,0:18:19.62,0:18:23.37,Default,,0000,0000,0000,,the war coming home, we probably will\Nfind that this is not just used in places
Dialogue: 0,0:18:23.37,0:18:27.30,Default,,0000,0000,0000,,where there’s a literal war on but where\Nthey decide that it would be useful,
Dialogue: 0,0:18:27.30,0:18:31.73,Default,,0000,0000,0000,,including just parking outside your house.\NNow I only have an hour today,
Dialogue: 0,0:18:31.73,0:18:35.66,Default,,0000,0000,0000,,so I’m gonna have to go through some\Nother stuff pretty quickly. I want to make
Dialogue: 0,0:18:35.66,0:18:40.68,Default,,0000,0000,0000,,a couple of points clear. This wasn’t\Nclear, even though it was written
Dialogue: 0,0:18:40.68,0:18:46.28,Default,,0000,0000,0000,,in the New York Times by my dear friend\NLaura Poitras, who is totally fantastic
Dialogue: 0,0:18:46.28,0:18:51.52,Default,,0000,0000,0000,,by the way, and… you are great.\NBut 15 years of data retention –
Dialogue: 0,0:18:51.52,0:18:55.77,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:18:55.77,0:18:59.97,Default,,0000,0000,0000,,So the NSA has 15 years\Nof data retention.
Dialogue: 0,0:18:59.97,0:19:03.65,Default,,0000,0000,0000,,It’s a really important point to\Ndrive home. I joked with Laura
Dialogue: 0,0:19:03.65,0:19:06.47,Default,,0000,0000,0000,,when she wrote the New York Times article\Nwith James Risen, she should do the math
Dialogue: 0,0:19:06.47,0:19:10.66,Default,,0000,0000,0000,,for other people and say “15 years”. She\Nsaid: “They can do the math on their own,
Dialogue: 0,0:19:10.66,0:19:15.73,Default,,0000,0000,0000,,I believe in them”. I just wanna do the\Nmath for you. 15 years, that’s scary!
Dialogue: 0,0:19:15.73,0:19:19.56,Default,,0000,0000,0000,,I don’t ever remember voting on that,\NI don’t ever remember even having
Dialogue: 0,0:19:19.56,0:19:24.17,Default,,0000,0000,0000,,a public debate about it. And that\Nincludes content as well as metadata.
Dialogue: 0,0:19:24.17,0:19:30.09,Default,,0000,0000,0000,,So they use this metadata. They search\Nthrough this metadata retroactively.
Dialogue: 0,0:19:30.09,0:19:33.60,Default,,0000,0000,0000,,They do what’s called ‘tasking’, that is,\Nthey find a set of selectors – so that’s
Dialogue: 0,0:19:33.60,0:19:38.09,Default,,0000,0000,0000,,a set of unique identifiers, e-mail\Naddresses, cookies, MAC addresses, IMEIs…
Dialogue: 0,0:19:38.09,0:19:42.01,Default,,0000,0000,0000,,whatever is useful. Voice prints\Npotentially, depending on the system.
Dialogue: 0,0:19:42.01,0:19:46.57,Default,,0000,0000,0000,,And then they basically\Ntask those selectors
Dialogue: 0,0:19:46.57,0:19:51.50,Default,,0000,0000,0000,,for specific activities. So that ties\Ntogether with some of the attacks
Dialogue: 0,0:19:51.50,0:19:55.50,Default,,0000,0000,0000,,which I’ll talk about, but essentially\NQUANTUMINSERTION and things that are
Dialogue: 0,0:19:55.50,0:20:01.35,Default,,0000,0000,0000,,like QUANTUMINSERTION, they’re triggered\Nas part of the TURMOIL and TURBINE system
Dialogue: 0,0:20:01.35,0:20:05.84,Default,,0000,0000,0000,,and the QFIRE system, and they’re all put\Ntogether so that they can automate
Dialogue: 0,0:20:05.84,0:20:09.39,Default,,0000,0000,0000,,attacking people based on the plain\Ntext traffic that transits the internet
Dialogue: 0,0:20:09.39,0:20:13.30,Default,,0000,0000,0000,,or based on the source or\Ndestination IP addresses.
Dialogue: 0,0:20:13.30,0:20:16.27,Default,,0000,0000,0000,,This is a second top secret document.
Dialogue: 0,0:20:16.27,0:20:21.31,Default,,0000,0000,0000,,This is an actual NSA lolcat
Dialogue: 0,0:20:21.31,0:20:25.73,Default,,0000,0000,0000,,for the QUANTUMTHEORY program.
Dialogue: 0,0:20:25.73,0:20:29.29,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:20:29.29,0:20:33.15,Default,,0000,0000,0000,,You’ll notice it’s a black cat, hiding. Okay.
Dialogue: 0,0:20:33.15,0:20:36.90,Default,,0000,0000,0000,,So there are a few people in the audience\Nthat are still not terrified enough, and
Dialogue: 0,0:20:36.90,0:20:40.27,Default,,0000,0000,0000,,there are a few people that as part\Nof their process for coping with
Dialogue: 0,0:20:40.27,0:20:44.59,Default,,0000,0000,0000,,this horrible world that we have found\Nourselves in, they will say the following:
Dialogue: 0,0:20:44.59,0:20:48.26,Default,,0000,0000,0000,,“There’s no way they’ll ever find me. I’m\Nnot interesting.” So I just want to dispel
Dialogue: 0,0:20:48.26,0:20:52.88,Default,,0000,0000,0000,,that notion and show you a little bit\Nabout how they do that. So we mentioned
Dialogue: 0,0:20:52.88,0:20:56.90,Default,,0000,0000,0000,,TURMOIL, which is the dragnet surveillance,\Nand TURBINE, which is deep packet injection,
Dialogue: 0,0:20:56.90,0:21:00.84,Default,,0000,0000,0000,,and QFIRE, where we tie it all together,\Nand this is an example of something which
Dialogue: 0,0:21:00.84,0:21:03.84,Default,,0000,0000,0000,,I think actually demonstrates a crime but\NI’m not sure, I’m not a lawyer, I’m
Dialogue: 0,0:21:03.84,0:21:07.73,Default,,0000,0000,0000,,definitely not your lawyer, and I’m\Ncertainly not the NSA’s lawyer.
Dialogue: 0,0:21:07.73,0:21:11.51,Default,,0000,0000,0000,,But this is the MARINA system. This is\Nmerely one of many systems where they
Dialogue: 0,0:21:11.51,0:21:15.35,Default,,0000,0000,0000,,actually have full content as well as\Nmetadata. Taken together, they do
Dialogue: 0,0:21:15.35,0:21:19.16,Default,,0000,0000,0000,,contact chaining, where they find out you\Nguys are all in the same room with me
Dialogue: 0,0:21:19.16,0:21:24.99,Default,,0000,0000,0000,,– which reminds me, let’s\Nsee, I’ve got this phone…
Dialogue: 0,0:21:24.99,0:21:31.04,Default,,0000,0000,0000,,Okay. That’s good. Let’s\Nturn that on. So now…
Dialogue: 0,0:21:31.04,0:21:34.48,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NYou’re welcome.
Dialogue: 0,0:21:34.48,0:21:37.64,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NYou have no idea!
Dialogue: 0,0:21:37.64,0:21:40.38,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NBut I just wanted to make sure that
Dialogue: 0,0:21:40.38,0:21:44.07,Default,,0000,0000,0000,,if there was any question about whether\Nor not you are exempt from needing to do
Dialogue: 0,0:21:44.07,0:21:47.69,Default,,0000,0000,0000,,something about this,\Nthat that is dispelled.
Dialogue: 0,0:21:47.69,0:21:53.49,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:21:53.49,0:21:58.95,Default,,0000,0000,0000,,Okay? Cell phone’s on.\NGreat. So. Hey, guys!
Dialogue: 0,0:21:58.95,0:22:02.76,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NSo, the MARINA system is a
Dialogue: 0,0:22:02.76,0:22:07.69,Default,,0000,0000,0000,,contact chaining system as well as a\Nsystem that has data, and in this case
Dialogue: 0,0:22:07.69,0:22:12.85,Default,,0000,0000,0000,,what we see is in fact reverse contact\Nand forward contact graphing. So,
Dialogue: 0,0:22:12.85,0:22:17.13,Default,,0000,0000,0000,,any lawyers in the audience? If there\Nare American citizens in this database,
Dialogue: 0,0:22:17.13,0:22:21.14,Default,,0000,0000,0000,,is reverse targeting like this illegal?\NGenerally? Is it possible that that
Dialogue: 0,0:22:21.14,0:22:26.42,Default,,0000,0000,0000,,could be considered illegal?\N{\i1}Someone from audience mumbling{\i0}
Dialogue: 0,0:22:26.42,0:22:29.33,Default,,0000,0000,0000,,Yeah, so, interesting. If it’s called\Nreverse contacts instead of
Dialogue: 0,0:22:29.33,0:22:34.55,Default,,0000,0000,0000,,reverse targeting – yeah, exactly.\NSo, you’ll also notice the,
Dialogue: 0,0:22:34.55,0:22:40.00,Default,,0000,0000,0000,,on the right-hand side, webcam photos.
Dialogue: 0,0:22:40.00,0:22:43.78,Default,,0000,0000,0000,,So, just in case you’re wondering,\Nin this case this particular target,
Dialogue: 0,0:22:43.78,0:22:47.48,Default,,0000,0000,0000,,I suppose that he did not or\Nshe did not have a webcam.
Dialogue: 0,0:22:47.48,0:22:50.40,Default,,0000,0000,0000,,Good for them. If not, you should follow\Nthe EFF’s advice and you should put
Dialogue: 0,0:22:50.40,0:22:54.46,Default,,0000,0000,0000,,a little sticker over your webcam. But\Nyou’ll also note that they try to find
Dialogue: 0,0:22:54.46,0:22:57.65,Default,,0000,0000,0000,,equivalent identifiers. So every time\Nthere’s a linkable identifier that you
Dialogue: 0,0:22:57.65,0:23:03.19,Default,,0000,0000,0000,,have on the internet, they try to put that\Nand tie it together and contact chain it,
Dialogue: 0,0:23:03.19,0:23:08.09,Default,,0000,0000,0000,,and they try to show who you are among all\Nof these different potential identifiers –
Dialogue: 0,0:23:08.09,0:23:11.19,Default,,0000,0000,0000,,if you have 5 e-mail addresses, they would\Nlink them together – and then they try
Dialogue: 0,0:23:11.19,0:23:14.30,Default,,0000,0000,0000,,to find out who all your friends are.\NYou’ll also note at the bottom here,
Dialogue: 0,0:23:14.30,0:23:18.97,Default,,0000,0000,0000,,logins and passwords. So they’re\Nalso doing dragnet surveillance
Dialogue: 0,0:23:18.97,0:23:22.88,Default,,0000,0000,0000,,in which they extract – the feature set\Nextraction where they know semantically
Dialogue: 0,0:23:22.88,0:23:26.46,Default,,0000,0000,0000,,what a login and a password is in a\Nparticular protocol. And in this case
Dialogue: 0,0:23:26.46,0:23:30.78,Default,,0000,0000,0000,,this guy is lucky, I suppose, and they\Nwere not able to get passwords or webcam,
Dialogue: 0,0:23:30.78,0:23:34.16,Default,,0000,0000,0000,,but you’ll note that they were able to get\Nhis contacts and they were able to see
Dialogue: 0,0:23:34.16,0:23:38.43,Default,,0000,0000,0000,,in fact 29, give or take,\Nreceived messages as well,
Dialogue: 0,0:23:38.43,0:23:41.83,Default,,0000,0000,0000,,of which there are these things. Now in\Nthis case we have redacted the e-mail
Dialogue: 0,0:23:41.83,0:23:45.98,Default,,0000,0000,0000,,and instant messenger information,\Nbut this is an example of how
Dialogue: 0,0:23:45.98,0:23:49.72,Default,,0000,0000,0000,,{\i1}laughs{\i0}\Nyou can’t hide from these things, and
Dialogue: 0,0:23:49.72,0:23:54.40,Default,,0000,0000,0000,,thinking that they won’t find you\Nis a fallacy. So this is basically
Dialogue: 0,0:23:54.40,0:23:59.22,Default,,0000,0000,0000,,the difference between taking one wire and\Nclipping onto it in a particularized
Dialogue: 0,0:23:59.22,0:24:02.35,Default,,0000,0000,0000,,suspicious way where they’re really\Ninterested, they have a particularized
Dialogue: 0,0:24:02.35,0:24:05.61,Default,,0000,0000,0000,,suspicion, they think that someone is a\Ncriminal, they think someone has taken
Dialogue: 0,0:24:05.61,0:24:10.04,Default,,0000,0000,0000,,some serious steps that are illegal, and\Ninstead what they do is they put all of us
Dialogue: 0,0:24:10.04,0:24:14.22,Default,,0000,0000,0000,,under surveillance, record all of this\Ndata that they possibly can, and then
Dialogue: 0,0:24:14.22,0:24:17.83,Default,,0000,0000,0000,,they go looking through it. Now\Nin the case of Chancellor Merkel,
Dialogue: 0,0:24:17.83,0:24:22.51,Default,,0000,0000,0000,,when we revealed NSRL 2002-388,\Nwhat we showed was that
Dialogue: 0,0:24:22.51,0:24:26.37,Default,,0000,0000,0000,,they were spying on Merkel. And by their\Nown admission 3 hops away, that’s everyone
Dialogue: 0,0:24:26.37,0:24:30.36,Default,,0000,0000,0000,,in the German Parliament\Nand everyone here.
Dialogue: 0,0:24:30.36,0:24:35.93,Default,,0000,0000,0000,,So that’s pretty serious stuff. It also\Nhappens that if you should be visiting
Dialogue: 0,0:24:35.93,0:24:41.94,Default,,0000,0000,0000,,certain websites, especially if you’re\Na Muslim, it is the case that you can be
Dialogue: 0,0:24:41.94,0:24:47.06,Default,,0000,0000,0000,,attacked automatically by this system.\NRight? So that would mean that
Dialogue: 0,0:24:47.06,0:24:50.38,Default,,0000,0000,0000,,they would automatically start to break\Ninto systems. That’s what they would call
Dialogue: 0,0:24:50.38,0:24:55.43,Default,,0000,0000,0000,,‘untasked targeting’. Interesting idea\Nthat they call that targeted surveillance.
Dialogue: 0,0:24:55.43,0:24:58.67,Default,,0000,0000,0000,,To me that doesn’t really sound too\Nmuch like targeted surveillance unless
Dialogue: 0,0:24:58.67,0:25:02.66,Default,,0000,0000,0000,,what you mean by carpet bombing, it – you\Nknow, I mean it just – you know, like… it
Dialogue: 0,0:25:02.66,0:25:07.78,Default,,0000,0000,0000,,just doesn’t… it doesn’t strike me right.\NIt’s not my real definition of ‘targeted’.
Dialogue: 0,0:25:07.78,0:25:11.13,Default,,0000,0000,0000,,It’s not well defined. It’s not that a\Njudge has said, “Yes, this person is
Dialogue: 0,0:25:11.13,0:25:14.58,Default,,0000,0000,0000,,clearly someone we should target.” Quite\Nthe opposite. This is something where
Dialogue: 0,0:25:14.58,0:25:19.46,Default,,0000,0000,0000,,some guy who has a system has decided to\Ndeploy it and they do it however they like
Dialogue: 0,0:25:19.46,0:25:22.54,Default,,0000,0000,0000,,whenever they would like. And while there\Nare some restrictions, it’s clear that
Dialogue: 0,0:25:22.54,0:25:27.03,Default,,0000,0000,0000,,the details about these programs do not\Ntrickle up. And even if they do, they
Dialogue: 0,0:25:27.03,0:25:31.29,Default,,0000,0000,0000,,do not trickle up in a useful way. So\Nthis is important, because members
Dialogue: 0,0:25:31.29,0:25:36.05,Default,,0000,0000,0000,,of the U.S. Congress, they have no clue\Nabout these things. Literally, in the case
Dialogue: 0,0:25:36.05,0:25:42.60,Default,,0000,0000,0000,,of the technology. Ask a Congressman\Nabout TCP/IP. Forget it.
Dialogue: 0,0:25:42.60,0:25:46.56,Default,,0000,0000,0000,,You can’t even get a meeting with them.\NI’ve tried. Doesn’t matter. Even if you
Dialogue: 0,0:25:46.56,0:25:49.91,Default,,0000,0000,0000,,know the secret interpretation of Section\N215 of the Patriot Act and you go
Dialogue: 0,0:25:49.91,0:25:52.62,Default,,0000,0000,0000,,to Washington, D.C. and you meet with\Ntheir aides, they still won’t talk to you
Dialogue: 0,0:25:52.62,0:25:56.00,Default,,0000,0000,0000,,about it. Part of that is because they\Ndon’t have a clue, and another part of it
Dialogue: 0,0:25:56.00,0:26:00.10,Default,,0000,0000,0000,,is because they can’t talk about it,\Nbecause they don’t have a political solution.
Dialogue: 0,0:26:00.10,0:26:02.93,Default,,0000,0000,0000,,Absent a political solution, it’s very\Ndifficult to get someone to admit that
Dialogue: 0,0:26:02.93,0:26:06.37,Default,,0000,0000,0000,,there is a problem. Well, there is a\Nproblem, so we’re going to create
Dialogue: 0,0:26:06.37,0:26:09.65,Default,,0000,0000,0000,,a political problem and also talk\Nabout some of the solutions.
Dialogue: 0,0:26:09.65,0:26:12.59,Default,,0000,0000,0000,,The Cypherpunks generally have\Ncome up with some of the solutions
Dialogue: 0,0:26:12.59,0:26:16.61,Default,,0000,0000,0000,,when we talk about encrypting the entire\Ninternet. That would end dragnet mass
Dialogue: 0,0:26:16.61,0:26:20.72,Default,,0000,0000,0000,,surveillance in a sense, but it will\Ncome back in a different sense
Dialogue: 0,0:26:20.72,0:26:25.57,Default,,0000,0000,0000,,even with encryption. We need both\Na marriage of a technical solution
Dialogue: 0,0:26:25.57,0:26:30.58,Default,,0000,0000,0000,,and we need a political solution\Nto go with it, and if we don’t have
Dialogue: 0,0:26:30.58,0:26:35.48,Default,,0000,0000,0000,,those 2 things, we will unfortunately be\Nstuck here. But at the moment the NSA,
Dialogue: 0,0:26:35.48,0:26:40.49,Default,,0000,0000,0000,,basically, I feel, has more power than\Nanyone in the entire world – any one
Dialogue: 0,0:26:40.49,0:26:44.80,Default,,0000,0000,0000,,agency or any one person. So Emperor\NAlexander, the head of the NSA, really has
Dialogue: 0,0:26:44.80,0:26:50.15,Default,,0000,0000,0000,,a lot of power. If they want to right now,\Nthey’ll know that the IMEI of this phone
Dialogue: 0,0:26:50.15,0:26:55.23,Default,,0000,0000,0000,,is interesting. It’s very warm, which is\Nanother funny thing, and they would be
Dialogue: 0,0:26:55.23,0:26:59.13,Default,,0000,0000,0000,,able to break into this phone almost\Ncertainly and then turn on the microphone,
Dialogue: 0,0:26:59.13,0:27:03.27,Default,,0000,0000,0000,,and all without a court.\NSo that to me is really scary.
Dialogue: 0,0:27:03.27,0:27:06.89,Default,,0000,0000,0000,,And I especially dislike the fact that\Nif you were to be building these
Dialogue: 0,0:27:06.89,0:27:10.55,Default,,0000,0000,0000,,types of things, they treat you as an\Nopponent, if you wish to be able to
Dialogue: 0,0:27:10.55,0:27:14.00,Default,,0000,0000,0000,,fulfill the promises that you make to your\Ncustomers. And as someone who writes
Dialogue: 0,0:27:14.00,0:27:18.16,Default,,0000,0000,0000,,security software\NI think that’s bullshit.
Dialogue: 0,0:27:18.16,0:27:22.18,Default,,0000,0000,0000,,So. Here’s how they do a bit of it.\NSo there are different programs.
Dialogue: 0,0:27:22.18,0:27:25.86,Default,,0000,0000,0000,,So QUANTUMTHEORY, QUANTUMNATION,\NQUANTUMBOT, QUANTUMCOPPER
Dialogue: 0,0:27:25.86,0:27:29.39,Default,,0000,0000,0000,,and QUANTUMINSERT. You’ve heard of a few\Nof them. I’ll just go through them real quick.
Dialogue: 0,0:27:29.39,0:27:33.45,Default,,0000,0000,0000,,QUANTUMTHEORY essentially has\Na whole arsenal of zero-day exploits.
Dialogue: 0,0:27:33.45,0:27:38.49,Default,,0000,0000,0000,,Then the system deploys what’s called\Na SMOTH, or a seasoned moth.
Dialogue: 0,0:27:38.49,0:27:43.54,Default,,0000,0000,0000,,And a seasoned moth is an\Nimplant which dies after 30 days.
Dialogue: 0,0:27:43.54,0:27:48.55,Default,,0000,0000,0000,,So I think that these guys either took a\Nlot of acid or read a lot of Philip K. Dick,
Dialogue: 0,0:27:48.55,0:27:51.76,Default,,0000,0000,0000,,potentially both!\N{\i1}applause{\i0}
Dialogue: 0,0:27:51.76,0:27:55.38,Default,,0000,0000,0000,,And they thought Philip K. Dick\Nwasn’t dystopian enough.
Dialogue: 0,0:27:55.38,0:27:59.87,Default,,0000,0000,0000,,“Let’s get better at this”.\NAnd after reading VALIS, I guess,
Dialogue: 0,0:27:59.87,0:28:04.76,Default,,0000,0000,0000,,they went on, and they also have\Nas part of QUANTUMNATION
Dialogue: 0,0:28:04.76,0:28:08.85,Default,,0000,0000,0000,,what’s called VALIDATOR or COMMONDEER.\NNow these are first-stage payloads
Dialogue: 0,0:28:08.85,0:28:13.94,Default,,0000,0000,0000,,that are done entirely in memory.\NThese exploits essentially are where they
Dialogue: 0,0:28:13.94,0:28:18.28,Default,,0000,0000,0000,,look around to see if you have what are\Ncalled PSPs, and this is to see, like,
Dialogue: 0,0:28:18.28,0:28:21.73,Default,,0000,0000,0000,,you know, if you have Tripwire, if you\Nhave Aid, if you have some sort of
Dialogue: 0,0:28:21.73,0:28:25.55,Default,,0000,0000,0000,,system tool that will detect if an\Nattacker is tampering with files or
Dialogue: 0,0:28:25.55,0:28:28.66,Default,,0000,0000,0000,,something like this, like\Na host intrusion detection system.
Dialogue: 0,0:28:28.66,0:28:33.69,Default,,0000,0000,0000,,So VALIDATOR and COMMONDEER, which,\NI mean, clearly the point of COMMONDEER,
Dialogue: 0,0:28:33.69,0:28:36.66,Default,,0000,0000,0000,,while it’s misspelled here – it’s not\Nactually… I mean that’s the name
Dialogue: 0,0:28:36.66,0:28:40.65,Default,,0000,0000,0000,,of the program… but the point is to make\Na pun on commandeering your machine. So,
Dialogue: 0,0:28:40.65,0:28:44.55,Default,,0000,0000,0000,,you know, when I think about the U.S.\NConstitution in particular, we talk about
Dialogue: 0,0:28:44.55,0:28:49.30,Default,,0000,0000,0000,,not allowing the quartering of\Nsoldiers – and, gosh, you know?
Dialogue: 0,0:28:49.30,0:28:53.63,Default,,0000,0000,0000,,Commandeering my computer sounds\Na lot like a digital version of that, and
Dialogue: 0,0:28:53.63,0:28:57.38,Default,,0000,0000,0000,,I find that’s a little bit confusing, and\Nmostly in that I don’t understand
Dialogue: 0,0:28:57.38,0:29:01.22,Default,,0000,0000,0000,,how they get away with it. But part of it\Nis because until right now we didn’t know
Dialogue: 0,0:29:01.22,0:29:05.68,Default,,0000,0000,0000,,about it, in public, which is why we’re\Nreleasing this in the public interest,
Dialogue: 0,0:29:05.68,0:29:09.40,Default,,0000,0000,0000,,so that we can have a better debate\Nabout whether or not that counts, in fact,
Dialogue: 0,0:29:09.40,0:29:14.19,Default,,0000,0000,0000,,as a part of this type of what I would\Nconsider to be tyranny, or perhaps
Dialogue: 0,0:29:14.19,0:29:18.72,Default,,0000,0000,0000,,you think it is a measured and reasonable\Nthing. I somehow doubt that. But
Dialogue: 0,0:29:18.72,0:29:23.07,Default,,0000,0000,0000,,in any case, QUANTUMBOT is where\Nthey hijack IRC bots, because why not?
Dialogue: 0,0:29:23.07,0:29:26.49,Default,,0000,0000,0000,,They thought they would like to do\Nthat, and an interesting point is that
Dialogue: 0,0:29:26.49,0:29:31.32,Default,,0000,0000,0000,,they could in theory stop a lot\Nof these botnet attacks and
Dialogue: 0,0:29:31.32,0:29:35.20,Default,,0000,0000,0000,,they have decided to maintain that\Ncapability, but they’re not yet doing it
Dialogue: 0,0:29:35.20,0:29:38.75,Default,,0000,0000,0000,,except when they feel like doing it for\Nexperiments or when they do it to
Dialogue: 0,0:29:38.75,0:29:42.70,Default,,0000,0000,0000,,potentially use them. It’s not clear\Nexactly how they use them. But
Dialogue: 0,0:29:42.70,0:29:46.35,Default,,0000,0000,0000,,the mere fact of the matter is that that\Nsuggests they’re even in fact able to do
Dialogue: 0,0:29:46.35,0:29:49.85,Default,,0000,0000,0000,,these types of attacks, they’ve tested\Nthese types of attacks against botnets.
Dialogue: 0,0:29:49.85,0:29:53.88,Default,,0000,0000,0000,,And that’s the program you should FOIA\Nfor. We’ve released a little bit of detail
Dialogue: 0,0:29:53.88,0:29:57.89,Default,,0000,0000,0000,,about that today as well. And\NQUANTUMCOPPER to me is really scary.
Dialogue: 0,0:29:57.89,0:30:01.72,Default,,0000,0000,0000,,It’s essentially a thing that can\Ninterfere with TCP/IP and it can do things
Dialogue: 0,0:30:01.72,0:30:06.80,Default,,0000,0000,0000,,like corrupt file downloads. So if you\Nimagine the Great Firewall of China,
Dialogue: 0,0:30:06.80,0:30:10.29,Default,,0000,0000,0000,,so-called – that’s for the whole planet.
Dialogue: 0,0:30:10.29,0:30:14.32,Default,,0000,0000,0000,,So if the NSA wanted to tomorrow, they\Ncould kill every anonymity system
Dialogue: 0,0:30:14.32,0:30:20.26,Default,,0000,0000,0000,,that exists by just forcing everyone who\Nconnects to an anonymity system to reset
Dialogue: 0,0:30:20.26,0:30:24.75,Default,,0000,0000,0000,,just the same way that the Chinese do\Nright now in China with the Great Firewall
Dialogue: 0,0:30:24.75,0:30:28.59,Default,,0000,0000,0000,,of China. So that’s like the NSA builds\Nthe equivalent of the Great Firewall
Dialogue: 0,0:30:28.59,0:30:33.100,Default,,0000,0000,0000,,of Earth. That’s, to me that’s\Na really scary, heavy-handed thing,
Dialogue: 0,0:30:33.100,0:30:39.08,Default,,0000,0000,0000,,and I’m sure they only use it for good.\N{\i1}clears throat{\i0}
Dialogue: 0,0:30:39.08,0:30:44.52,Default,,0000,0000,0000,,But, yeah. Back here in reality that to\Nme is a really scary thing, especially
Dialogue: 0,0:30:44.52,0:30:48.61,Default,,0000,0000,0000,,because one of the ways that they are able\Nto have this capability, as I mentioned,
Dialogue: 0,0:30:48.61,0:30:52.98,Default,,0000,0000,0000,,is these diodes. So what that suggests\Nis that they actually repurpose
Dialogue: 0,0:30:52.98,0:30:56.26,Default,,0000,0000,0000,,other people’s machines in order to\Nreposition and to gain a capability
Dialogue: 0,0:30:56.26,0:31:01.35,Default,,0000,0000,0000,,inside of an area where they actually\Nhave no legitimacy inside of that area.
Dialogue: 0,0:31:01.35,0:31:07.05,Default,,0000,0000,0000,,That to me suggests it is not only\Nheavy-handed, that they have probably some
Dialogue: 0,0:31:07.05,0:31:12.29,Default,,0000,0000,0000,,tools to do that. You see where I’m going\Nwith this. Well, QUANTUMINSERTION,
Dialogue: 0,0:31:12.29,0:31:16.12,Default,,0000,0000,0000,,this is also an important point, because\Nthis is what was used against Belgacom,
Dialogue: 0,0:31:16.12,0:31:22.06,Default,,0000,0000,0000,,this is what’s used by a whole number of\Nunfortunately players in the game where
Dialogue: 0,0:31:22.06,0:31:26.41,Default,,0000,0000,0000,,basically what they do is they inject\Na packet. So you have a TCP connection,
Dialogue: 0,0:31:26.41,0:31:30.17,Default,,0000,0000,0000,,Alice wants to talk to Bob, and for some\Nreason Alice and Bob have not heard
Dialogue: 0,0:31:30.17,0:31:34.88,Default,,0000,0000,0000,,about TLS. Alice sends an HTTP\Nrequest to Bob. Bob is Yahoo.
Dialogue: 0,0:31:34.88,0:31:40.80,Default,,0000,0000,0000,,NSA loves Yahoo. And basically they\Ninject a packet which will get to Alice
Dialogue: 0,0:31:40.80,0:31:44.43,Default,,0000,0000,0000,,before Yahoo is able to respond, right?\NAnd the thing is that if that was a
Dialogue: 0,0:31:44.43,0:31:48.96,Default,,0000,0000,0000,,TLS connection, the man-on-the-side\Nattack would not succeed.
Dialogue: 0,0:31:48.96,0:31:53.18,Default,,0000,0000,0000,,That’s really key. If they were using TLS,\Nthe man-on-the-side attack could at best,
Dialogue: 0,0:31:53.18,0:31:56.33,Default,,0000,0000,0000,,as far as we understand it at the moment,\Nthey could tear down the TLS session but
Dialogue: 0,0:31:56.33,0:31:59.66,Default,,0000,0000,0000,,they couldn’t actually actively inject.\NSo that’s a man-on-the-side attack.
Dialogue: 0,0:31:59.66,0:32:05.35,Default,,0000,0000,0000,,We can end that attack with TLS.\NWhen we deploy TLS everywhere
Dialogue: 0,0:32:05.35,0:32:09.56,Default,,0000,0000,0000,,then we will end that kind of attack. So\Nthere was a joke, you know, when you
Dialogue: 0,0:32:09.56,0:32:12.82,Default,,0000,0000,0000,,download .mp3s, you ride with communism\N– from the ’90s, some of you may
Dialogue: 0,0:32:12.82,0:32:19.06,Default,,0000,0000,0000,,remember this. When you bareback with\Nthe internet, you ride with the NSA.
Dialogue: 0,0:32:19.06,0:32:24.45,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:32:24.45,0:32:28.97,Default,,0000,0000,0000,,Or you’re getting a ride, going for\Na ride. So the TAO infrastructure,
Dialogue: 0,0:32:28.97,0:32:33.45,Default,,0000,0000,0000,,Tailored Access and Operations. Some\Nof the FOXACID URLs are public.
Dialogue: 0,0:32:33.45,0:32:38.31,Default,,0000,0000,0000,,FOXACID is essentially like a watering\Nhole type of attack where you go to,
Dialogue: 0,0:32:38.31,0:32:43.76,Default,,0000,0000,0000,,you go to a URL. QUANTUMINSERT\Nputs like an iframe or puts some code
Dialogue: 0,0:32:43.76,0:32:46.73,Default,,0000,0000,0000,,in your web browser, which you then\Nexecute, which then causes you to
Dialogue: 0,0:32:46.73,0:32:50.57,Default,,0000,0000,0000,,load resources. One of the resources that\Nyou load while you’re loading CNN.com,
Dialogue: 0,0:32:50.57,0:32:55.18,Default,,0000,0000,0000,,for example, which is one of their\Nexamples, they – you like that, by the way?
Dialogue: 0,0:32:55.18,0:32:59.05,Default,,0000,0000,0000,,So, you know, that’s an extremist site. So\N{\i1}coughs{\i0}
Dialogue: 0,0:32:59.05,0:33:03.02,Default,,0000,0000,0000,,you might have heard about that. A lot of\NRepublicans in the United States read it.
Dialogue: 0,0:33:03.02,0:33:08.13,Default,,0000,0000,0000,,So – right before they wage\Nillegal imperialist wars. So,
Dialogue: 0,0:33:08.13,0:33:12.62,Default,,0000,0000,0000,,the point is that you go to a FOXACID\Nserver and it basically does a survey
Dialogue: 0,0:33:12.62,0:33:17.90,Default,,0000,0000,0000,,of your box and decides if it can break\Ninto it or not, and then it does.
Dialogue: 0,0:33:17.90,0:33:22.41,Default,,0000,0000,0000,,Yep, that’s basically it. And the FOXACID\NURLs, a few of them are public.
Dialogue: 0,0:33:22.41,0:33:27.14,Default,,0000,0000,0000,,Some of the details about that have been\Nmade public, about how the structure
Dialogue: 0,0:33:27.14,0:33:31.06,Default,,0000,0000,0000,,of the URLs are laid out and so on.\NAn important detail is that they pretend
Dialogue: 0,0:33:31.06,0:33:34.34,Default,,0000,0000,0000,,that they’re Apache, but they actually\Ndo a really bad job. So they’re
Dialogue: 0,0:33:34.34,0:33:38.23,Default,,0000,0000,0000,,like Hacking Team, maybe it’s the same\Nguys, I doubt it though, the NSA wouldn’t
Dialogue: 0,0:33:38.23,0:33:43.79,Default,,0000,0000,0000,,slum with scumbags like that, but…\NBasically you can tell, you can find them,
Dialogue: 0,0:33:43.79,0:33:47.61,Default,,0000,0000,0000,,because they aren’t really Apache servers.\NThey pretend to be, something else.
Dialogue: 0,0:33:47.61,0:33:51.02,Default,,0000,0000,0000,,The other thing is that none of their\Ninfrastructure is in the United States.
Dialogue: 0,0:33:51.02,0:33:56.48,Default,,0000,0000,0000,,So, real quick anonymity question. You\Nhave a set of things and you know that
Dialogue: 0,0:33:56.48,0:34:01.92,Default,,0000,0000,0000,,a particular attacker never comes from one\Nplace. Every country on the planet
Dialogue: 0,0:34:01.92,0:34:06.44,Default,,0000,0000,0000,,potentially, but never one place. The\None place where most of the internet is.
Dialogue: 0,0:34:06.44,0:34:10.05,Default,,0000,0000,0000,,What does that tell you in terms of\Nanonymity? It tells you usually that
Dialogue: 0,0:34:10.05,0:34:14.96,Default,,0000,0000,0000,,they’re hiding something about that one\Nplace. Maybe there’s a legal requirement
Dialogue: 0,0:34:14.96,0:34:19.02,Default,,0000,0000,0000,,for this. It’s not clear to me. But what\Nis totally clear to me is that if you see
Dialogue: 0,0:34:19.02,0:34:22.72,Default,,0000,0000,0000,,this type of infrastructure and it is not\Nin the United States, there is a chance,
Dialogue: 0,0:34:22.72,0:34:28.29,Default,,0000,0000,0000,,especially today, that it’s the NSA’s\NTailored Access and Operations division.
Dialogue: 0,0:34:28.29,0:34:34.49,Default,,0000,0000,0000,,And here’s an important point. When the\NNSA can’t do it, they bring in GCHQ.
Dialogue: 0,0:34:34.49,0:34:38.82,Default,,0000,0000,0000,,So, for example, for targeting certain\NGmail selectors, they can’t do it.
Dialogue: 0,0:34:38.82,0:34:42.74,Default,,0000,0000,0000,,And in the documents we released today,\Nwe show that they say: “If you have
Dialogue: 0,0:34:42.74,0:34:46.80,Default,,0000,0000,0000,,a partner agreement form and you need to\Ntarget, there are some additional selectors
Dialogue: 0,0:34:46.80,0:34:51.33,Default,,0000,0000,0000,,that become available should you\Nneed them”. So when we have a limit
Dialogue: 0,0:34:51.33,0:34:54.64,Default,,0000,0000,0000,,of an intelligence agency in the United\NStates, or here in Germany or
Dialogue: 0,0:34:54.64,0:34:58.69,Default,,0000,0000,0000,,something like this, we have to recognize\Nthat information is a currency
Dialogue: 0,0:34:58.69,0:35:03.38,Default,,0000,0000,0000,,in an unregulated market. And these\Nguys, they trade that information, and
Dialogue: 0,0:35:03.38,0:35:08.26,Default,,0000,0000,0000,,one of the ways they trade that is like\Nthis. And they love Yahoo.
Dialogue: 0,0:35:08.26,0:35:15.47,Default,,0000,0000,0000,,So, little breather?
Dialogue: 0,0:35:15.47,0:35:18.63,Default,,0000,0000,0000,,It’s always good to make fun of\Nthe GCHQ with Austin Powers!
Dialogue: 0,0:35:18.63,0:35:22.20,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NOkay. Another classified document here.
Dialogue: 0,0:35:22.20,0:35:27.31,Default,,0000,0000,0000,,That’s actual NSA OpenOffice or Powerpoint\Nclip art of their horrible headquarters
Dialogue: 0,0:35:27.31,0:35:31.44,Default,,0000,0000,0000,,that you see in every news story, I can’t\Nwait to see a different photo of the NSA
Dialogue: 0,0:35:31.44,0:35:38.47,Default,,0000,0000,0000,,someday. But you’ll notice right here they\Nexplain how QUANTUM works. Now SSO is
Dialogue: 0,0:35:38.47,0:35:43.20,Default,,0000,0000,0000,,a Special Source Operations site. So\Nyou’ve seen U.S. embassies? Usually
Dialogue: 0,0:35:43.20,0:35:46.43,Default,,0000,0000,0000,,the U.S. embassy has dielectric panels on\Nthe roof, that’s what we showed in Berlin,
Dialogue: 0,0:35:46.43,0:35:51.87,Default,,0000,0000,0000,,it was called “DAS NEST” on the cover\Nof ‘Der Spiegel’. That’s an SSO site.
Dialogue: 0,0:35:51.87,0:35:55.90,Default,,0000,0000,0000,,So they see that this type of stuff is\Ntaking place, they do an injection and
Dialogue: 0,0:35:55.90,0:36:01.65,Default,,0000,0000,0000,,they try to beat the Yahoo packet back.\NNow another interesting point is
Dialogue: 0,0:36:01.65,0:36:07.82,Default,,0000,0000,0000,,that for the Yahoo packet to be beaten,\Nthe NSA must impersonate Yahoo.
Dialogue: 0,0:36:07.82,0:36:11.23,Default,,0000,0000,0000,,This is a really important detail because\Nwhat it tells us is that they are
Dialogue: 0,0:36:11.23,0:36:16.30,Default,,0000,0000,0000,,essentially conscripting Yahoo and saying\Nthat they are Yahoo. So they are
Dialogue: 0,0:36:16.30,0:36:20.96,Default,,0000,0000,0000,,impersonating a U.S. company\Nto a U.S. company user
Dialogue: 0,0:36:20.96,0:36:24.53,Default,,0000,0000,0000,,and they are not actually supposed\Nto be in this conversation at all.
Dialogue: 0,0:36:24.53,0:36:29.14,Default,,0000,0000,0000,,And when they do it, then they of course\N– basically if you’re using Yahoo,
Dialogue: 0,0:36:29.14,0:36:32.62,Default,,0000,0000,0000,,you’re definitely going to get owned. So\N– and I don’t just mean that in that
Dialogue: 0,0:36:32.62,0:36:37.27,Default,,0000,0000,0000,,Yahoo is vulnerable, they are, but\NI mean people that use Yahoo tend to
Dialogue: 0,0:36:37.27,0:36:40.38,Default,,0000,0000,0000,,– maybe it’s a bad generalization,\Nbut, you know – they’re not the most
Dialogue: 0,0:36:40.38,0:36:43.15,Default,,0000,0000,0000,,security-conscious people on the planet,\Nthey don’t keep their computers up to date,
Dialogue: 0,0:36:43.15,0:36:47.22,Default,,0000,0000,0000,,I’m guessing, and that’s probably why\Nthey love Yahoo so much. They also love
Dialogue: 0,0:36:47.22,0:36:51.34,Default,,0000,0000,0000,,CNN.com, which is some other… I don’t know\Nwhat that says, it’s like a sociological
Dialogue: 0,0:36:51.34,0:36:56.90,Default,,0000,0000,0000,,study of compromise. But that’s an\Nimportant detail. So the SSO site sniffs
Dialogue: 0,0:36:56.90,0:36:59.82,Default,,0000,0000,0000,,and then they do some injection, they\Nredirect you to FOXACID. That’s for
Dialogue: 0,0:36:59.82,0:37:04.26,Default,,0000,0000,0000,,web browser exploitation. They obviously\Nhave other exploitation techniques.
Dialogue: 0,0:37:04.26,0:37:08.93,Default,,0000,0000,0000,,Okay. So now. We all know\Nthat cellphones are vulnerable.
Dialogue: 0,0:37:08.93,0:37:13.53,Default,,0000,0000,0000,,Here’s an example. This is a base station
Dialogue: 0,0:37:13.53,0:37:17.79,Default,,0000,0000,0000,,that the NSA has that, I think it’s the\Nfirst time ever anyone’s ever revealed
Dialogue: 0,0:37:17.79,0:37:22.34,Default,,0000,0000,0000,,an NSA IMSI catcher. So, here it is.\NWell, actually the second time, because
Dialogue: 0,0:37:22.34,0:37:25.32,Default,,0000,0000,0000,,‘Der Spiegel’ did it this morning.\NBut you know what I mean.
Dialogue: 0,0:37:25.32,0:37:30.30,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:37:30.30,0:37:35.06,Default,,0000,0000,0000,,So they call it ‘Find, Fix and\NFinish targeted handset users’.
Dialogue: 0,0:37:35.06,0:37:38.94,Default,,0000,0000,0000,,Now it’s really important to understand\Nwhen they say “targeting” you would think
Dialogue: 0,0:37:38.94,0:37:43.37,Default,,0000,0000,0000,,‘massive collection’, right? Because what\Nare they doing? They’re pretending to be
Dialogue: 0,0:37:43.37,0:37:48.54,Default,,0000,0000,0000,,a base station. They want to overpower.\NThey want to basically be the phone
Dialogue: 0,0:37:48.54,0:37:51.63,Default,,0000,0000,0000,,that you connect to… or the phone system\Nthat you connect to. And that means
Dialogue: 0,0:37:51.63,0:37:54.74,Default,,0000,0000,0000,,lots of people are going to connect\Npotentially. So it’s not just one
Dialogue: 0,0:37:54.74,0:37:59.43,Default,,0000,0000,0000,,targeted user. So hopefully they have it\Nset up so that if you need to dial 911,
Dialogue: 0,0:37:59.43,0:38:02.99,Default,,0000,0000,0000,,or here in Europe 112 – you know,\Nby the way, if you ever want to find
Dialogue: 0,0:38:02.99,0:38:05.74,Default,,0000,0000,0000,,one of these things try to call different\Nemergency numbers and note which ones
Dialogue: 0,0:38:05.74,0:38:09.96,Default,,0000,0000,0000,,route where. Just as a little detail.\NAlso note that sometimes if you go
Dialogue: 0,0:38:09.96,0:38:14.42,Default,,0000,0000,0000,,to the Ecuadorian embassy you will receive\Na welcome message from Uganda Telecom.
Dialogue: 0,0:38:14.42,0:38:18.67,Default,,0000,0000,0000,,Because the British when they deployed\Nthe IMSI catcher against Julian Assange
Dialogue: 0,0:38:18.67,0:38:23.15,Default,,0000,0000,0000,,at the Ecuadorian embassy made the mistake\Nof not reconfiguring the spy gear they [had]
Dialogue: 0,0:38:23.15,0:38:27.39,Default,,0000,0000,0000,,deployed in Uganda [before]\Nwhen they deployed in London.\N
Dialogue: 0,0:38:27.39,0:38:33.33,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:38:33.33,0:38:38.42,Default,,0000,0000,0000,,And this can be yours\Nfor only US$ 175.800.
Dialogue: 0,0:38:38.42,0:38:43.12,Default,,0000,0000,0000,,And this covers GSM and PCS and\NDCS and a bunch of other stuff.
Dialogue: 0,0:38:43.12,0:38:46.87,Default,,0000,0000,0000,,So basically if you use a cell phone\N– forget it. It doesn’t matter
Dialogue: 0,0:38:46.87,0:38:50.52,Default,,0000,0000,0000,,what you’re doing. The exception may\Nbe Cryptophone and Redphone. In fact
Dialogue: 0,0:38:50.52,0:38:54.66,Default,,0000,0000,0000,,I’d like to just give a shoutout to the\Npeople who work on free software, and
Dialogue: 0,0:38:54.66,0:38:57.64,Default,,0000,0000,0000,,software which is actually secure. Like\NMoxie Marlinspike – I’m so sorry I mention
Dialogue: 0,0:38:57.64,0:39:02.30,Default,,0000,0000,0000,,your name in my talk, but don’t worry,\Nyour silence won’t protect you!
Dialogue: 0,0:39:02.30,0:39:05.16,Default,,0000,0000,0000,,I think it’s really important to know\NMoxie is one of the very few people
Dialogue: 0,0:39:05.16,0:39:08.27,Default,,0000,0000,0000,,in the world who builds technologies that\Nis both free and open source, and
Dialogue: 0,0:39:08.27,0:39:12.94,Default,,0000,0000,0000,,as far as I can tell he refuses to do\Nanything awful. No backdoors or anything.
Dialogue: 0,0:39:12.94,0:39:18.17,Default,,0000,0000,0000,,And from what I can tell this proves\Nthat we need things like that.
Dialogue: 0,0:39:18.17,0:39:22.00,Default,,0000,0000,0000,,This is absolutely necessary because they\Nreplace the infrastructure we connect to.
Dialogue: 0,0:39:22.00,0:39:25.92,Default,,0000,0000,0000,,It’s like replacing the road that we would\Nwalk on, and adding tons of spy gear.
Dialogue: 0,0:39:25.92,0:39:30.25,Default,,0000,0000,0000,,And they do that too,\Nwe’ll get to that. Okay.
Dialogue: 0,0:39:30.25,0:39:33.60,Default,,0000,0000,0000,,So I’m gonna go a little quick through\Nthese because I think it’s better that you
Dialogue: 0,0:39:33.60,0:39:36.60,Default,,0000,0000,0000,,go online and you adjust. And I wanna\Nhave a little bit of time for questions.
Dialogue: 0,0:39:36.60,0:39:41.29,Default,,0000,0000,0000,,But basically here’s an example of how\Neven if you disable a thing the thing is
Dialogue: 0,0:39:41.29,0:39:45.48,Default,,0000,0000,0000,,not really disabled. So if you have a WiFi\Ncard in your computer the SOMBERKNAVE
Dialogue: 0,0:39:45.48,0:39:51.08,Default,,0000,0000,0000,,program, which is another classified\Ndocument here, they basically repurpose
Dialogue: 0,0:39:51.08,0:39:55.06,Default,,0000,0000,0000,,your WiFi gear. They say: “You’re not\Nusing that WiFi card? We’re gonna scan
Dialogue: 0,0:39:55.06,0:39:58.35,Default,,0000,0000,0000,,for WiFi nearby, we’re gonna exfiltrate\Ndata by finding an open WiFi network
Dialogue: 0,0:39:58.35,0:40:01.31,Default,,0000,0000,0000,,and we’re gonna jump on it”. So\Nthey’re actually using other people’s
Dialogue: 0,0:40:01.31,0:40:05.48,Default,,0000,0000,0000,,wireless networks in addition to having\Nthis stuff in your computer. And this is
Dialogue: 0,0:40:05.48,0:40:11.03,Default,,0000,0000,0000,,one of the ways they beat a so-called\Nair-gapped target computer.
Dialogue: 0,0:40:11.03,0:40:14.40,Default,,0000,0000,0000,,Okay, so here’s some of the software\Nimplants. Now we’re gonna name a bunch
Dialogue: 0,0:40:14.40,0:40:18.80,Default,,0000,0000,0000,,of companies because – fuck those guys\Nbasically, for collaborating when they do,
Dialogue: 0,0:40:18.80,0:40:22.54,Default,,0000,0000,0000,,and fuck them for leaving us\Nvulnerable when they do.
Dialogue: 0,0:40:22.54,0:40:26.03,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:40:26.03,0:40:29.93,Default,,0000,0000,0000,,And I mean that in the most loving way\Nbecause some of them are victims, actually.
Dialogue: 0,0:40:29.93,0:40:33.40,Default,,0000,0000,0000,,It’s important to note that we don’t\Nyet understand which is which.
Dialogue: 0,0:40:33.40,0:40:36.93,Default,,0000,0000,0000,,So it’s important to name them, so that\Nthey have to go on record, and so that
Dialogue: 0,0:40:36.93,0:40:40.31,Default,,0000,0000,0000,,they can say where they are, and so\Nthat they can give us enough rope
Dialogue: 0,0:40:40.31,0:40:44.37,Default,,0000,0000,0000,,to hang themselves. I really want that to\Nhappen because I think it’s important
Dialogue: 0,0:40:44.37,0:40:47.82,Default,,0000,0000,0000,,to find out who collaborated and who\Ndidn’t collaborate. In order to have truth
Dialogue: 0,0:40:47.82,0:40:51.84,Default,,0000,0000,0000,,and reconciliation we need to start with\Na little of truth. So STUCCOMONTANA
Dialogue: 0,0:40:51.84,0:40:55.66,Default,,0000,0000,0000,,is basically BadBIOS if you guys have\Nheard about that. I feel very bad
Dialogue: 0,0:40:55.66,0:40:59.07,Default,,0000,0000,0000,,for Dragos, he doesn’t really talk to me\Nright now. I think he might be kinda mad.
Dialogue: 0,0:40:59.07,0:41:04.88,Default,,0000,0000,0000,,But after I was detained – by the\NUS Army on US soil, I might add –
Dialogue: 0,0:41:04.88,0:41:08.49,Default,,0000,0000,0000,,they took a phone from me. Now it\Nshouldn’t matter but it did. They also
Dialogue: 0,0:41:08.49,0:41:11.42,Default,,0000,0000,0000,,I think went after all my phone records so\Nthey didn’t need to take the phone. But
Dialogue: 0,0:41:11.42,0:41:14.17,Default,,0000,0000,0000,,for good measure, they just wanted\Nto try to intimidate me which is exactly
Dialogue: 0,0:41:14.17,0:41:19.71,Default,,0000,0000,0000,,the wrong thing to do to me. But as he\Ntold the story after that happened
Dialogue: 0,0:41:19.71,0:41:23.18,Default,,0000,0000,0000,,all of his computers including his Xbox\Nwere compromised. And he says
Dialogue: 0,0:41:23.18,0:41:27.87,Default,,0000,0000,0000,,even to this day that some of those things\Npersist. And he talks about the BIOS.
Dialogue: 0,0:41:27.87,0:41:32.99,Default,,0000,0000,0000,,Here’s a document that shows clearly\Nthat they actually re-flash the BIOS
Dialogue: 0,0:41:32.99,0:41:37.41,Default,,0000,0000,0000,,and they also have other techniques\Nincluding System Management Mode
Dialogue: 0,0:41:37.41,0:41:42.26,Default,,0000,0000,0000,,related rootkits and that they have\Npersistence inside of the BIOS.
Dialogue: 0,0:41:42.26,0:41:46.38,Default,,0000,0000,0000,,It’s an incredibly important point. This\Nis evidence that the thing that Dragos
Dialogue: 0,0:41:46.38,0:41:50.15,Default,,0000,0000,0000,,talked about, maybe he doesn’t\Nhave it, but it really does exist.
Dialogue: 0,0:41:50.15,0:41:54.99,Default,,0000,0000,0000,,Now the question is how would he find it?\NWe don’t have the forensics tools yet.
Dialogue: 0,0:41:54.99,0:41:58.42,Default,,0000,0000,0000,,We don’t really have the capabilities\Nwidely deployed in the community
Dialogue: 0,0:41:58.42,0:42:02.23,Default,,0000,0000,0000,,to be able to know that, and to be\Nable to find it. Here’s another one.
Dialogue: 0,0:42:02.23,0:42:06.74,Default,,0000,0000,0000,,This one’s called SWAP. In this case it\Nreplaces the Host Protected Area
Dialogue: 0,0:42:06.74,0:42:11.58,Default,,0000,0000,0000,,of the hard drive, and you can see a\Nlittle graph where there’s target systems,
Dialogue: 0,0:42:11.58,0:42:14.86,Default,,0000,0000,0000,,you see the internet, Interactive OPS, so\Nthey’ve got like a guy who is hacking you
Dialogue: 0,0:42:14.86,0:42:19.35,Default,,0000,0000,0000,,in real time, the People’s\NLiberation Army… uh, NSA! And…
Dialogue: 0,0:42:19.35,0:42:22.37,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NAnd you can see all of these different
Dialogue: 0,0:42:22.37,0:42:25.19,Default,,0000,0000,0000,,things about it. Each one of these things,\Nincluding SNEAKERNET, these are
Dialogue: 0,0:42:25.19,0:42:29.52,Default,,0000,0000,0000,,different programs, most of which we\Nrevealed today in ‘Der Spiegel’.
Dialogue: 0,0:42:29.52,0:42:32.88,Default,,0000,0000,0000,,But you’ll notice that it’s Windows,\NLinux, FreeBSD and Solaris.
Dialogue: 0,0:42:32.88,0:42:38.25,Default,,0000,0000,0000,,How many Al Qaeda people\Nuse Solaris, do you suppose?
Dialogue: 0,0:42:38.25,0:42:42.39,Default,,0000,0000,0000,,This tells you a really important point.\NThey are interested in compromising
Dialogue: 0,0:42:42.39,0:42:46.96,Default,,0000,0000,0000,,the infrastructure of systems,\Nnot just individual people.
Dialogue: 0,0:42:46.96,0:42:50.46,Default,,0000,0000,0000,,They want to take control and\Nliterally colonize those systems
Dialogue: 0,0:42:50.46,0:42:55.49,Default,,0000,0000,0000,,with these implants. And that’s not part\Nof the discussion. People are not talking
Dialogue: 0,0:42:55.49,0:42:59.88,Default,,0000,0000,0000,,about that because they don’t know about\Nthat yet. But they should. Because
Dialogue: 0,0:42:59.88,0:43:03.50,Default,,0000,0000,0000,,in addition to the fact that Sun is a U.S.\Ncompany which they are building
Dialogue: 0,0:43:03.50,0:43:07.71,Default,,0000,0000,0000,,capabilities against – that to me, really,\Nit really bothers me; I can’t tell you
Dialogue: 0,0:43:07.71,0:43:10.70,Default,,0000,0000,0000,,how much that bothers me – we also\Nsee that they’re attacking Microsoft,
Dialogue: 0,0:43:10.70,0:43:13.67,Default,,0000,0000,0000,,another U.S. company, and Linux and\NFreeBSD, where there are a lot of people
Dialogue: 0,0:43:13.67,0:43:15.90,Default,,0000,0000,0000,,that are building it from all around the\Nworld. So they’re attacking not only
Dialogue: 0,0:43:15.90,0:43:19.26,Default,,0000,0000,0000,,collective efforts and corporate\Nefforts, but basically every option
Dialogue: 0,0:43:19.26,0:43:24.66,Default,,0000,0000,0000,,you possibly can, from end users\Ndown to telecom core things.
Dialogue: 0,0:43:24.66,0:43:28.83,Default,,0000,0000,0000,,Here’s another one, DEITYBOUNCE.\NThis is for Dell,
Dialogue: 0,0:43:28.83,0:43:33.84,Default,,0000,0000,0000,,so Dell PowerEdge 1850,\N2850, 1950, 2950…
Dialogue: 0,0:43:33.84,0:43:37.91,Default,,0000,0000,0000,,RAID servers using any of the\Nfollowing BIOS versions. Right?
Dialogue: 0,0:43:37.91,0:43:41.95,Default,,0000,0000,0000,,So just in case you’re wondering, hey\NDell, why is that? Curious about that.
Dialogue: 0,0:43:41.95,0:43:45.81,Default,,0000,0000,0000,,Love to hear your statements about it.\NSo if you write YARA sigs [signatures]
Dialogue: 0,0:43:45.81,0:43:49.93,Default,,0000,0000,0000,,and you’re interested in looking\Nfor NSA malware, look for things
Dialogue: 0,0:43:49.93,0:43:55.08,Default,,0000,0000,0000,,that use RC6, so look for the constants\Nthat you might find in RC6.
Dialogue: 0,0:43:55.08,0:43:59.65,Default,,0000,0000,0000,,And when they run, if they emit UDP\Ntraffic – we’ve actually seen a sample
Dialogue: 0,0:43:59.65,0:44:03.62,Default,,0000,0000,0000,,of this but we were not able\Nto capture it, sadly, but
Dialogue: 0,0:44:03.62,0:44:07.75,Default,,0000,0000,0000,,emitting UDP traffic that is encrypted.\NYou know, people that I’ve worked with
Dialogue: 0,0:44:07.75,0:44:10.83,Default,,0000,0000,0000,,on things related to this, they’ve even,\Nthey’ve had their house black bagged.
Dialogue: 0,0:44:10.83,0:44:13.64,Default,,0000,0000,0000,,They’ve had pretty bad stuff happen\Nto them. That’s their story to tell.
Dialogue: 0,0:44:13.64,0:44:19.17,Default,,0000,0000,0000,,But one of the interesting details is\Nthat after those events occurred,
Dialogue: 0,0:44:19.17,0:44:23.63,Default,,0000,0000,0000,,these types of things were seen. Ben\Nhas a really bad idea for those guys,
Dialogue: 0,0:44:23.63,0:44:27.31,Default,,0000,0000,0000,,I might add, because I wouldn’t have put\Nthis slide in if that had not occurred.
Dialogue: 0,0:44:27.31,0:44:29.88,Default,,0000,0000,0000,,But if you want to look for it, you’ll\Nfind it. I know some people that have
Dialogue: 0,0:44:29.88,0:44:33.86,Default,,0000,0000,0000,,looked with YARA sigs and they have\Nin fact found things related to this,
Dialogue: 0,0:44:33.86,0:44:37.00,Default,,0000,0000,0000,,so I suspect a lot of malware researchers\Nin the near future are going to have
Dialogue: 0,0:44:37.00,0:44:40.97,Default,,0000,0000,0000,,a lot of stuff to say about this\Nparticular slide. I’ll leave that to them.
Dialogue: 0,0:44:40.97,0:44:44.91,Default,,0000,0000,0000,,I think it’s very important to go looking\Nfor these things, especially to find out
Dialogue: 0,0:44:44.91,0:44:49.85,Default,,0000,0000,0000,,who is victimized by them. Here’s an\NiPhone back door.
Dialogue: 0,0:44:49.85,0:44:56.33,Default,,0000,0000,0000,,So DROPOUTJEEP, so\Nyou can see it right there.
Dialogue: 0,0:44:56.33,0:45:01.42,Default,,0000,0000,0000,,So, SMS, contact list retrieval,\Nvoicemail, hot microphone,
Dialogue: 0,0:45:01.42,0:45:06.85,Default,,0000,0000,0000,,camera capture, cell tower location. Cool.\NDo you think Apple helped them with that?
Dialogue: 0,0:45:06.85,0:45:10.14,Default,,0000,0000,0000,,I don’t know. I hope Apple will clarify\Nthat. I think it’s really important
Dialogue: 0,0:45:10.14,0:45:14.07,Default,,0000,0000,0000,,that Apple doesn’t. Here’s\Na problem. I don’t really believe
Dialogue: 0,0:45:14.07,0:45:18.29,Default,,0000,0000,0000,,that Apple didn’t help them. I can’t\Nprove it yet, but they literally claim
Dialogue: 0,0:45:18.29,0:45:24.42,Default,,0000,0000,0000,,that any time they target an iOS device,\Nthat it will succeed for implantation.
Dialogue: 0,0:45:24.42,0:45:28.62,Default,,0000,0000,0000,,Either they have a huge collection of\Nexploits that work against Apple products,
Dialogue: 0,0:45:28.62,0:45:31.73,Default,,0000,0000,0000,,meaning that they are hoarding\Ninformation about critical systems that
Dialogue: 0,0:45:31.73,0:45:35.43,Default,,0000,0000,0000,,American companies produce\Nand sabotaging them,
Dialogue: 0,0:45:35.43,0:45:40.08,Default,,0000,0000,0000,,or Apple sabotaged it themselves.\NNot sure which one it is!
Dialogue: 0,0:45:40.08,0:45:43.18,Default,,0000,0000,0000,,I’d like to believe that since Apple\Ndidn’t join the PRISM program until
Dialogue: 0,0:45:43.18,0:45:49.58,Default,,0000,0000,0000,,after Steve Jobs died that maybe it’s\Njust that they write shitty software.
Dialogue: 0,0:45:49.58,0:45:52.96,Default,,0000,0000,0000,,We know that’s true!\N{\i1}laughter{\i0}
Dialogue: 0,0:45:52.96,0:45:58.04,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:45:58.04,0:46:02.32,Default,,0000,0000,0000,,Here’s a HVT, high-value target.\NThis is a high-value target
Dialogue: 0,0:46:02.32,0:46:05.77,Default,,0000,0000,0000,,being targeted with a back door for\NWindows CE Thuraya phones.
Dialogue: 0,0:46:05.77,0:46:11.29,Default,,0000,0000,0000,,So if you have a Thuraya phone and you’re\Nwondering if it was secure – yeah maybe.
Dialogue: 0,0:46:11.29,0:46:15.22,Default,,0000,0000,0000,,Good luck! Here’s one where they\Nreplaced the hard drive firmware.
Dialogue: 0,0:46:15.22,0:46:19.34,Default,,0000,0000,0000,,There was a talk at OHM this year\N[OHM2013] where a guy talked about
Dialogue: 0,0:46:19.34,0:46:22.96,Default,,0000,0000,0000,,replacing hard drive firmware.\NYou were onto something.
Dialogue: 0,0:46:22.96,0:46:25.85,Default,,0000,0000,0000,,You were really onto something. Whoever\Nyou are, you were onto something.
Dialogue: 0,0:46:25.85,0:46:29.54,Default,,0000,0000,0000,,Because the NSA has a program here,\NIRATEMONK, and that’s exactly
Dialogue: 0,0:46:29.54,0:46:32.60,Default,,0000,0000,0000,,what they do. They replace the firmware\Nin the hard drive, so it doesn’t matter
Dialogue: 0,0:46:32.60,0:46:37.16,Default,,0000,0000,0000,,if you reformat the hard drive, you’re\Ndone. The firmware itself can do
Dialogue: 0,0:46:37.16,0:46:42.32,Default,,0000,0000,0000,,a whole bunch of stuff. So. Here are\Nthe names of the hard drive companies
Dialogue: 0,0:46:42.32,0:46:47.48,Default,,0000,0000,0000,,were it works: Western Digital, Seagate,\NMaxtor and Samsung, and of course
Dialogue: 0,0:46:47.48,0:46:52.38,Default,,0000,0000,0000,,they support FAT, NTFS, EXT3 and UFS.\NThey probably now have support for
Dialogue: 0,0:46:52.38,0:46:56.49,Default,,0000,0000,0000,,additional file systems, but this is\Nwhat we can prove. Please note
Dialogue: 0,0:46:56.49,0:47:00.77,Default,,0000,0000,0000,,at the bottom left and the bottom right:\N“Status: Released and Deployed.
Dialogue: 0,0:47:00.77,0:47:06.00,Default,,0000,0000,0000,,Ready for Immediate Delivery”.\NAnd: “Unit Cost: $0”.
Dialogue: 0,0:47:06.00,0:47:11.55,Default,,0000,0000,0000,,It’s free! No, you can’t get it.\NIt’s not free as in free software.
Dialogue: 0,0:47:11.55,0:47:15.27,Default,,0000,0000,0000,,It’s free as in “You’re owned!”.\N{\i1}laughter{\i0}
Dialogue: 0,0:47:15.27,0:47:19.58,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:47:19.58,0:47:22.93,Default,,0000,0000,0000,,I want to give a shoutout to Karsten Nohl\Nand Luca [Luca Melette] for their
Dialogue: 0,0:47:22.93,0:47:26.46,Default,,0000,0000,0000,,incredible talk where they showed this\Nexact attack without knowing that
Dialogue: 0,0:47:26.46,0:47:30.94,Default,,0000,0000,0000,,they had found it. Right?\NThey say – yeah, absolutely.
Dialogue: 0,0:47:30.94,0:47:35.23,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:47:35.23,0:47:39.30,Default,,0000,0000,0000,,Important point. The NSA says that when\Nthey know about these things, that
Dialogue: 0,0:47:39.30,0:47:42.35,Default,,0000,0000,0000,,nobody will come to harm, no one will be\Nable to find them, they’ll never be able
Dialogue: 0,0:47:42.35,0:47:47.18,Default,,0000,0000,0000,,to be exploited by another third party.\NKarsten found this exact vulnerability.
Dialogue: 0,0:47:47.18,0:47:51.93,Default,,0000,0000,0000,,They were able to install a Java applet on\Nthe SIM card without user interaction,
Dialogue: 0,0:47:51.93,0:47:55.17,Default,,0000,0000,0000,,and it was based on the service provider’s\Nsecurity configuration, which is exactly
Dialogue: 0,0:47:55.17,0:47:58.74,Default,,0000,0000,0000,,what the NSA says here, and they talk\Nabout attacking the same toolkit
Dialogue: 0,0:47:58.74,0:48:02.76,Default,,0000,0000,0000,,inside of the phone; and Karsten\Nfound the same vulnerability
Dialogue: 0,0:48:02.76,0:48:07.14,Default,,0000,0000,0000,,and attacked it in the wild. This\Nis perfect evidence, not only of
Dialogue: 0,0:48:07.14,0:48:10.96,Default,,0000,0000,0000,,how badass Karsten and Luca are\N– they are, no question – but also about
Dialogue: 0,0:48:10.96,0:48:16.21,Default,,0000,0000,0000,,how wrong the NSA is with this balance.\NBecause for every Karsten and Luca, there
Dialogue: 0,0:48:16.21,0:48:21.42,Default,,0000,0000,0000,,are hundreds of people who are paid to do\Nthis full-time and never tell us about it.
Dialogue: 0,0:48:21.42,0:48:29.00,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:48:29.00,0:48:32.76,Default,,0000,0000,0000,,Important detail. Do you see that\N‘interdiction’ phrase right there?
Dialogue: 0,0:48:32.76,0:48:35.77,Default,,0000,0000,0000,,“Through remote access” – in other\Nwords, we broke into your computer –
Dialogue: 0,0:48:35.77,0:48:40.42,Default,,0000,0000,0000,,“or interdiction” – in other words,\Nwe stole your fucking mail. Now.
Dialogue: 0,0:48:40.42,0:48:43.47,Default,,0000,0000,0000,,This is a really important point. We\Nall have heard about these paranoid
Dialogue: 0,0:48:43.47,0:48:46.38,Default,,0000,0000,0000,,crazy people talking about people breaking\Ninto their houses – that’s happened to me
Dialogue: 0,0:48:46.38,0:48:49.70,Default,,0000,0000,0000,,a number of times – motherfuckers,\Ngetting you back – it’s really important
Dialogue: 0,0:48:49.70,0:48:53.46,Default,,0000,0000,0000,,to understand this process is\None that threatens all of us.
Dialogue: 0,0:48:53.46,0:48:59.17,Default,,0000,0000,0000,,The sanctity of the postal system\Nhas been violated. I mean – whoa!
Dialogue: 0,0:48:59.17,0:49:02.34,Default,,0000,0000,0000,,God, it makes me so angry, you know?\NYou can’t even send a letter without
Dialogue: 0,0:49:02.34,0:49:05.94,Default,,0000,0000,0000,,being spied on, but even worse that they\Ntamper with it! It’s not enough that
Dialogue: 0,0:49:05.94,0:49:10.51,Default,,0000,0000,0000,,the U.S. Postal Service records all\Nof this information and keeps it
Dialogue: 0,0:49:10.51,0:49:13.64,Default,,0000,0000,0000,,– that’s not enough. They also have to\Ntamper with the packages! So every time
Dialogue: 0,0:49:13.64,0:49:18.05,Default,,0000,0000,0000,,you buy from Amazon, for example, every\Ntime you buy anything on the internet,
Dialogue: 0,0:49:18.05,0:49:22.23,Default,,0000,0000,0000,,there is the possibility that they will\Nactually take your package and change it.
Dialogue: 0,0:49:22.23,0:49:25.34,Default,,0000,0000,0000,,One of the ways that I’ve heard that they\Nchange it is that they will actually
Dialogue: 0,0:49:25.34,0:49:29.80,Default,,0000,0000,0000,,take the case of your computer and they\Nwill injection mold a hardware back door
Dialogue: 0,0:49:29.80,0:49:33.68,Default,,0000,0000,0000,,into the case of the computer.\NSo that even if you were to look
Dialogue: 0,0:49:33.68,0:49:37.35,Default,,0000,0000,0000,,at the motherboard or have it serviced,\Nyou would not see this. It merely
Dialogue: 0,0:49:37.35,0:49:42.12,Default,,0000,0000,0000,,just needs to be in the proximity\Nof the motherboard. So.
Dialogue: 0,0:49:42.12,0:49:46.92,Default,,0000,0000,0000,,Let’s talk about hardware implants\Nthat they will put into your devices.
Dialogue: 0,0:49:46.92,0:49:52.16,Default,,0000,0000,0000,,Here’s one. This is called BULLDOZER.\NIt’s a PCI bus hardware implant.
Dialogue: 0,0:49:52.16,0:49:55.74,Default,,0000,0000,0000,,Pretty scary, doesn’t look so great,\Nbut let’s go on a little bit. Okay?
Dialogue: 0,0:49:55.74,0:49:59.18,Default,,0000,0000,0000,,Here’s one where they actually exploit\Nthe BIOS and System Management Mode.
Dialogue: 0,0:49:59.18,0:50:02.48,Default,,0000,0000,0000,,There’s a big graph that shows all of\Nthese various different interconnections,
Dialogue: 0,0:50:02.48,0:50:06.36,Default,,0000,0000,0000,,which is important. Then they talk about\Nthe long-range comms, INMARSAT, VSAT,
Dialogue: 0,0:50:06.36,0:50:10.43,Default,,0000,0000,0000,,NSA MEANS and Future Capabilities. I think\NNSA MEANS exists. Future Capabilities
Dialogue: 0,0:50:10.43,0:50:14.86,Default,,0000,0000,0000,,seems self-explanatory. “This\Nhardware implant provides
Dialogue: 0,0:50:14.86,0:50:19.86,Default,,0000,0000,0000,,2-way RF communication.” Interesting.\NSo you disable all the wireless cards,
Dialogue: 0,0:50:19.86,0:50:23.42,Default,,0000,0000,0000,,whatever you need. There you go.\NThey just added a new one in there and
Dialogue: 0,0:50:23.42,0:50:27.91,Default,,0000,0000,0000,,you don’t even know. Your system has no\Nclue about it. Here’s a hardware back door
Dialogue: 0,0:50:27.91,0:50:31.80,Default,,0000,0000,0000,,which uses the I2C interface, because\Nno one in the history of time
Dialogue: 0,0:50:31.80,0:50:35.16,Default,,0000,0000,0000,,other than the NSA probably has ever\Nused it. That’s good to know that finally
Dialogue: 0,0:50:35.16,0:50:40.69,Default,,0000,0000,0000,,someone uses I2C for something\N– okay, other than fan control. But,
Dialogue: 0,0:50:40.69,0:50:43.89,Default,,0000,0000,0000,,look at that! It’s another American\Ncompany that they are sabotaging.
Dialogue: 0,0:50:43.89,0:50:48.21,Default,,0000,0000,0000,,They understand that HP’s servers\Nare vulnerable, and they decided,
Dialogue: 0,0:50:48.21,0:50:52.96,Default,,0000,0000,0000,,instead of explaining that this is\Na problem, they exploit it. And IRONCHEF,
Dialogue: 0,0:50:52.96,0:50:56.80,Default,,0000,0000,0000,,through interdiction, is one of\Nthe ways that they will do that.
Dialogue: 0,0:50:56.80,0:51:01.81,Default,,0000,0000,0000,,So I wanna really harp on this. Now it’s\Nnot that I think European companies
Dialogue: 0,0:51:01.81,0:51:06.95,Default,,0000,0000,0000,,are worth less. I suspect especially\Nafter this talk that won’t be true,
Dialogue: 0,0:51:06.95,0:51:10.48,Default,,0000,0000,0000,,in the literal stock sense, but I don’t\Nknow. I think it’s really important
Dialogue: 0,0:51:10.48,0:51:13.70,Default,,0000,0000,0000,,to understand that they are sabotaging\NAmerican companies because of the
Dialogue: 0,0:51:13.70,0:51:17.95,Default,,0000,0000,0000,,so-called home-field advantage. The\Nproblem is that as an American who writes
Dialogue: 0,0:51:17.95,0:51:22.43,Default,,0000,0000,0000,,software, who wants to build hardware\Ndevices, this really chills my expression
Dialogue: 0,0:51:22.43,0:51:25.49,Default,,0000,0000,0000,,and it also gives me a problem, which\Nis that people say: “Why would I use
Dialogue: 0,0:51:25.49,0:51:29.84,Default,,0000,0000,0000,,what you’re doing? You know,\Nwhat about the NSA?”
Dialogue: 0,0:51:29.84,0:51:35.00,Default,,0000,0000,0000,,Man, that really bothers me.\NI don’t deserve the Huawei taint,
Dialogue: 0,0:51:35.00,0:51:39.26,Default,,0000,0000,0000,,and the NSA gives it. And President\NObama’s own advisory board
Dialogue: 0,0:51:39.26,0:51:43.55,Default,,0000,0000,0000,,that was convened to understand the scope\Nof these things has even agreed with me
Dialogue: 0,0:51:43.55,0:51:47.82,Default,,0000,0000,0000,,about this point, that this should not be\Ntaking place, that hoarding of zero-day
Dialogue: 0,0:51:47.82,0:51:52.64,Default,,0000,0000,0000,,exploits cannot simply happen without\Nthought processes that are reasonable
Dialogue: 0,0:51:52.64,0:51:58.07,Default,,0000,0000,0000,,and rational and have an economic and\Nsocial valuing where we really think about
Dialogue: 0,0:51:58.07,0:52:03.01,Default,,0000,0000,0000,,the broad-scale impact. Now.\NI’m gonna go on to a little bit more.
Dialogue: 0,0:52:03.01,0:52:07.23,Default,,0000,0000,0000,,Here’s where they attack SIM cards. This\Nis MONKEYCALENDAR. So it’s actually
Dialogue: 0,0:52:07.23,0:52:11.67,Default,,0000,0000,0000,,the flow chart of how this would work.\NSo in other words, they told you all of
Dialogue: 0,0:52:11.67,0:52:16.69,Default,,0000,0000,0000,,the ways in which you should be certainly,\Nyou know, looking at this. So if you ever
Dialogue: 0,0:52:16.69,0:52:22.09,Default,,0000,0000,0000,,see your handset emitting encrypted SMS\Nthat isn’t Textsecure, you now have
Dialogue: 0,0:52:22.09,0:52:27.35,Default,,0000,0000,0000,,a pretty good idea that it might be this.\NHere’s another example. If you have
Dialogue: 0,0:52:27.35,0:52:33.83,Default,,0000,0000,0000,,a computer in front of you… I highly\Nencourage you to buy the Samsung SGH-X480C
Dialogue: 0,0:52:33.83,0:52:38.74,Default,,0000,0000,0000,,– that’s the preferred phone of the NSA\Nfor attacking another person’s phone.
Dialogue: 0,0:52:38.74,0:52:43.00,Default,,0000,0000,0000,,I’m not exactly sure why, but an important\Npoint is, they add the back door, then
Dialogue: 0,0:52:43.00,0:52:47.83,Default,,0000,0000,0000,,they send an SMS from a regular phone\N– what does that tell you? What does that
Dialogue: 0,0:52:47.83,0:52:51.67,Default,,0000,0000,0000,,tell you about the exploitation process?\NIt tells you that it’s actually something
Dialogue: 0,0:52:51.67,0:52:55.06,Default,,0000,0000,0000,,which is pretty straightforward,\Npretty easy to do, doesn’t require
Dialogue: 0,0:52:55.06,0:52:59.22,Default,,0000,0000,0000,,specialized access to the telecoms once\Nthey’ve gotten your phone compromised.
Dialogue: 0,0:52:59.22,0:53:02.73,Default,,0000,0000,0000,,That to me suggests that other people\Nmight find it, other people might use
Dialogue: 0,0:53:02.73,0:53:06.68,Default,,0000,0000,0000,,these techniques. Okay, here’s a USB\Nhardware implant called COTTONMOUTH.
Dialogue: 0,0:53:06.68,0:53:10.91,Default,,0000,0000,0000,,We released this in ‘Spiegel’ today as\Nwell. See the little red parts. It will
Dialogue: 0,0:53:10.91,0:53:14.10,Default,,0000,0000,0000,,provide a wireless bridge onto the\Ntarget network with the ability to load
Dialogue: 0,0:53:14.10,0:53:18.64,Default,,0000,0000,0000,,exploit software. Here’s a little bit of\Nextra details about that. It actually
Dialogue: 0,0:53:18.64,0:53:23.24,Default,,0000,0000,0000,,shows the graph at the bottom, how they do\Nthis, how they get around, how they beat
Dialogue: 0,0:53:23.24,0:53:27.37,Default,,0000,0000,0000,,the air gap with these things. And they\Ntalk a bit about being GENIE compliant.
Dialogue: 0,0:53:27.37,0:53:31.79,Default,,0000,0000,0000,,So GENIE, and for the rest of these\Nprograms, these are – like DROPOUTJEEP
Dialogue: 0,0:53:31.79,0:53:35.53,Default,,0000,0000,0000,,is part of the CHIMNEYPOOL programs,\Nand COTTONMOUTH is part of the rest of
Dialogue: 0,0:53:35.53,0:53:41.13,Default,,0000,0000,0000,,these programs over here. These are huge\Nprograms where they’re trying to beat
Dialogue: 0,0:53:41.13,0:53:45.24,Default,,0000,0000,0000,,a whole bunch of different adversaries,\Nand different capabilities are required.
Dialogue: 0,0:53:45.24,0:53:48.82,Default,,0000,0000,0000,,And this is one of the probably I think\Nmore interesting ones, but here’s
Dialogue: 0,0:53:48.82,0:53:53.46,Default,,0000,0000,0000,,the next revision of it where it’s in a\NUSB plug, not actually in the cable.
Dialogue: 0,0:53:53.46,0:53:58.12,Default,,0000,0000,0000,,And look, 50 units for US$ 200,000.\NIt’s really cheap.
Dialogue: 0,0:53:58.12,0:54:03.92,Default,,0000,0000,0000,,You like my editorializing there, I hope?\NSo, $200,000, okay.
Dialogue: 0,0:54:03.92,0:54:08.74,Default,,0000,0000,0000,,And here’s where you look for it. If you\Nhappen to have an x-ray machine,
Dialogue: 0,0:54:08.74,0:54:14.45,Default,,0000,0000,0000,,look for an extra chip. And that’s\Na HOWLERMONKEY radiofrequency transmitter.
Dialogue: 0,0:54:14.45,0:54:18.75,Default,,0000,0000,0000,,Well what’s a HOWLERMONKEY? We’ll\Ntalk about that in a second, but basically
Dialogue: 0,0:54:18.75,0:54:23.73,Default,,0000,0000,0000,,this is for ethernet, here. This is the\NFIREWALK. It can actually do injection
Dialogue: 0,0:54:23.73,0:54:27.37,Default,,0000,0000,0000,,bidirectionally on the ethernet controller\Ninto the network that it’s sitting on.
Dialogue: 0,0:54:27.37,0:54:30.27,Default,,0000,0000,0000,,So it doesn’t even have to do things\Ndirectly to the computer. It can actually
Dialogue: 0,0:54:30.27,0:54:33.80,Default,,0000,0000,0000,,inject packets directly into the network,\Naccording to the specification sheet,
Dialogue: 0,0:54:33.80,0:54:39.40,Default,,0000,0000,0000,,which we released today on\NDer Spiegel’s website. As it says,
Dialogue: 0,0:54:39.40,0:54:43.51,Default,,0000,0000,0000,,‘active injection of ethernet packets onto\Nthe target network’. Here’s another one
Dialogue: 0,0:54:43.51,0:54:50.02,Default,,0000,0000,0000,,from Dell with an actual FLUXBABBITT\Nhardware implant for the PowerEdge 2950.
Dialogue: 0,0:54:50.02,0:54:55.36,Default,,0000,0000,0000,,This uses the JTAG debugging interface\Nof the server. Why did Dell leave
Dialogue: 0,0:54:55.36,0:55:00.08,Default,,0000,0000,0000,,a JTAG debugging interface on these\Nservers? Interesting, right? Because,
Dialogue: 0,0:55:00.08,0:55:04.06,Default,,0000,0000,0000,,it’s like leaving a vulnerability in. Is\Nthat a bug door or a back door or
Dialogue: 0,0:55:04.06,0:55:09.38,Default,,0000,0000,0000,,just a mistake? Well hopefully they will\Nchange these things or at least make it so
Dialogue: 0,0:55:09.38,0:55:12.73,Default,,0000,0000,0000,,that if you were to see this you would\Nknow that you had some problems.
Dialogue: 0,0:55:12.73,0:55:15.97,Default,,0000,0000,0000,,Hopefully Dell will release some\Ninformation about how to mitigate
Dialogue: 0,0:55:15.97,0:55:19.64,Default,,0000,0000,0000,,this advanced persistent threat. Right?\NEverything that the U.S. Government
Dialogue: 0,0:55:19.64,0:55:25.19,Default,,0000,0000,0000,,accuse the Chinese of doing – which they\Nare also doing, I believe – we are learning
Dialogue: 0,0:55:25.19,0:55:30.58,Default,,0000,0000,0000,,that the U.S. Government has been doing to\NAmerican companies. That to me is really
Dialogue: 0,0:55:30.58,0:55:34.60,Default,,0000,0000,0000,,concerning, and we’ve had no public debate\Nabout these issues, and in many cases
Dialogue: 0,0:55:34.60,0:55:38.53,Default,,0000,0000,0000,,all the technical details are obfuscated\Naway and they are just completely
Dialogue: 0,0:55:38.53,0:55:43.28,Default,,0000,0000,0000,,outside of the purview of discussions. In\Nthis case we learn more about Dell, and
Dialogue: 0,0:55:43.28,0:55:47.33,Default,,0000,0000,0000,,which models. And here’s the HOWLERMONKEY.\NThese are actually photographs
Dialogue: 0,0:55:47.33,0:55:52.62,Default,,0000,0000,0000,,of the NSA implanted chips that they\Nhave when they steal your mail.
Dialogue: 0,0:55:52.62,0:55:55.59,Default,,0000,0000,0000,,So after they steal your mail they put\Na chip like this into your computer.
Dialogue: 0,0:55:55.59,0:56:00.19,Default,,0000,0000,0000,,So the one, the FIREWALK\None is the ethernet one, and
Dialogue: 0,0:56:00.19,0:56:05.17,Default,,0000,0000,0000,,that’s an important one. You probably will\Nnotice that these look pretty simple,
Dialogue: 0,0:56:05.17,0:56:09.85,Default,,0000,0000,0000,,common off-the-shelf parts. So.
Dialogue: 0,0:56:09.85,0:56:15.65,Default,,0000,0000,0000,,Whew! All right. Who here\Nis surprised by any of this?
Dialogue: 0,0:56:15.65,0:56:20.88,Default,,0000,0000,0000,,{\i1}waits for audience reaction{\i0}\NI’m really, really, really glad to see
Dialogue: 0,0:56:20.88,0:56:24.64,Default,,0000,0000,0000,,that you’re not all cynical fuckers and\Nthat someone here would admit
Dialogue: 0,0:56:24.64,0:56:29.71,Default,,0000,0000,0000,,that they were surprised. Okay, who\Nhere is not surprised? {\i1}waits{\i0}
Dialogue: 0,0:56:29.71,0:56:34.51,Default,,0000,0000,0000,,I’m going to blow your fucking mind!\N{\i1}laughter{\i0}
Dialogue: 0,0:56:34.51,0:56:39.24,Default,,0000,0000,0000,,Okay. We all know about TEMPEST,\Nright? Where the NSA pulls data
Dialogue: 0,0:56:39.24,0:56:42.24,Default,,0000,0000,0000,,out of your computer, irradiate stuff\Nand then grab it, right? Everybody
Dialogue: 0,0:56:42.24,0:56:44.25,Default,,0000,0000,0000,,who raised their hand and said they’re\Nnot surprised, you already knew
Dialogue: 0,0:56:44.25,0:56:49.37,Default,,0000,0000,0000,,about TEMPEST, right?\NRight? Okay. Well.
Dialogue: 0,0:56:49.37,0:56:53.46,Default,,0000,0000,0000,,What if I told you that the NSA had\Na specialized technology for beaming
Dialogue: 0,0:56:53.46,0:56:57.55,Default,,0000,0000,0000,,energy into you and to the computer\Nsystems around you, would you believe
Dialogue: 0,0:56:57.55,0:57:01.00,Default,,0000,0000,0000,,that that was real or would that be\Nparanoid speculation of a crazy person?
Dialogue: 0,0:57:01.00,0:57:05.00,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NAnybody? You cynical guys
Dialogue: 0,0:57:05.00,0:57:08.09,Default,,0000,0000,0000,,holding up your hand saying that you’re\Nnot surprised by anything, raise your hand
Dialogue: 0,0:57:08.09,0:57:12.10,Default,,0000,0000,0000,,if you would be unsurprised by that.\N{\i1}laughter{\i0}
Dialogue: 0,0:57:12.10,0:57:16.77,Default,,0000,0000,0000,,Good. And it’s not the same number.\NIt’s significantly lower. It’s one person.
Dialogue: 0,0:57:16.77,0:57:23.71,Default,,0000,0000,0000,,Great. Here’s what they do with those\Ntypes of things. That exists, by the way.
Dialogue: 0,0:57:23.71,0:57:29.91,Default,,0000,0000,0000,,When I told Julian Assange about this, he\Nsaid: “Hmm. I bet the people who were
Dialogue: 0,0:57:29.91,0:57:33.89,Default,,0000,0000,0000,,around Hugo Chavez are going to wonder\Nwhat caused his cancer.” And I said:
Dialogue: 0,0:57:33.89,0:57:37.49,Default,,0000,0000,0000,,“You know, I hadn’t considered that. But,\Nyou know, I haven’t found any data
Dialogue: 0,0:57:37.49,0:57:42.64,Default,,0000,0000,0000,,about human safety about these tools.\NHas the NSA performed tests where they
Dialogue: 0,0:57:42.64,0:57:48.07,Default,,0000,0000,0000,,actually show that radiating people\Nwith 1 kW of RF energy
Dialogue: 0,0:57:48.07,0:57:51.36,Default,,0000,0000,0000,,at short range is safe?”\N{\i1}laughter{\i0}
Dialogue: 0,0:57:51.36,0:57:56.45,Default,,0000,0000,0000,,My God! No, you guys think I’m\Njoking, right? Well, yeah, here it is.
Dialogue: 0,0:57:56.45,0:58:00.72,Default,,0000,0000,0000,,This is a continuous wave generator,\Na continuous wave radar unit.
Dialogue: 0,0:58:00.72,0:58:05.25,Default,,0000,0000,0000,,You can detect its use because it’s\Nused between 1 and 2 GHz and
Dialogue: 0,0:58:05.25,0:58:09.63,Default,,0000,0000,0000,,its bandwidth is up to 45 MHz,\Nuser adjustable, 2 watts
Dialogue: 0,0:58:09.63,0:58:12.79,Default,,0000,0000,0000,,using an internal amplifier. External\Namplifier makes it possible to go
Dialogue: 0,0:58:12.79,0:58:19.23,Default,,0000,0000,0000,,up to 1 kilowatt.
Dialogue: 0,0:58:19.23,0:58:25.21,Default,,0000,0000,0000,,I’m just gonna let you take that\Nin for a moment. {\i1}clears throat{\i0}
Dialogue: 0,0:58:25.21,0:58:31.84,Default,,0000,0000,0000,,Who’s crazy now?\N{\i1}laughter{\i0}
Dialogue: 0,0:58:31.84,0:58:35.01,Default,,0000,0000,0000,,Now, I’m being told I only have one\Nminute, so I’m going to have to go
Dialogue: 0,0:58:35.01,0:58:39.48,Default,,0000,0000,0000,,a little bit quicker. I’m sorry. Here’s\Nwhy they do it. This is an implant
Dialogue: 0,0:58:39.48,0:58:43.95,Default,,0000,0000,0000,,called RAGEMASTER. It’s part of the\NANGRYNEIGHBOR family of tools,
Dialogue: 0,0:58:43.95,0:58:47.34,Default,,0000,0000,0000,,{\i1}laughter{\i0}\Nwhere they have a small device that they
Dialogue: 0,0:58:47.34,0:58:52.49,Default,,0000,0000,0000,,put in line with the cable in your monitor\Nand then they use this radar system
Dialogue: 0,0:58:52.49,0:58:57.07,Default,,0000,0000,0000,,to bounce a signal – this is not unlike\Nthe Great Seal bug that [Leon] Theremin
Dialogue: 0,0:58:57.07,0:59:01.06,Default,,0000,0000,0000,,designed for the KGB. So it’s good to\Nknow we’ve finally caught up with the KGB,
Dialogue: 0,0:59:01.06,0:59:06.54,Default,,0000,0000,0000,,but now with computers. They\Nsend the microwave transmission,
Dialogue: 0,0:59:06.54,0:59:10.70,Default,,0000,0000,0000,,the continuous wave, it reflects off of\Nthis chip and then they use this device
Dialogue: 0,0:59:10.70,0:59:15.32,Default,,0000,0000,0000,,to see your monitor.
Dialogue: 0,0:59:15.32,0:59:20.78,Default,,0000,0000,0000,,Yep. So there’s the full life cycle.\NFirst they radiate you,
Dialogue: 0,0:59:20.78,0:59:24.50,Default,,0000,0000,0000,,then you die from cancer,\Nthen you… win? Okay, so,
Dialogue: 0,0:59:24.50,0:59:30.08,Default,,0000,0000,0000,,here’s the same thing, but this time for\Nkeyboards, USB and PS/2 keyboards.
Dialogue: 0,0:59:30.08,0:59:34.56,Default,,0000,0000,0000,,So the idea is that it’s a data\Nretro-reflector. Here’s another thing,
Dialogue: 0,0:59:34.56,0:59:38.20,Default,,0000,0000,0000,,but this one, the TAWDRYYARD program, is\Na little bit different. It’s a beacon, so
Dialogue: 0,0:59:38.20,0:59:44.39,Default,,0000,0000,0000,,this is where probably then\Nthey kill you with a drone.
Dialogue: 0,0:59:44.39,0:59:48.91,Default,,0000,0000,0000,,That’s pretty scary stuff. They also have\Nthis for microphones to gather room bugs
Dialogue: 0,0:59:48.91,0:59:52.61,Default,,0000,0000,0000,,for room audio. Notice the bottom. It says\Nall components are common off the shelf
Dialogue: 0,0:59:52.61,0:59:57.14,Default,,0000,0000,0000,,and are so non-attributable to the NSA.\NUnless you have this photograph
Dialogue: 0,0:59:57.14,1:00:01.70,Default,,0000,0000,0000,,and the product sheet. Happy hunting!
Dialogue: 0,1:00:01.70,1:00:07.95,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,1:00:07.95,1:00:12.38,Default,,0000,0000,0000,,And just to give you another idea, this is\Na device they use to be able to actively
Dialogue: 0,1:00:12.38,1:00:15.99,Default,,0000,0000,0000,,hunt people down. This is a hunting\Ndevice, right? Handheld finishing tool
Dialogue: 0,1:00:15.99,1:00:22.91,Default,,0000,0000,0000,,used for geolocation targeting\Nhandsets in the field. So!
Dialogue: 0,1:00:22.91,1:00:28.86,Default,,0000,0000,0000,,Who was not surprised by this? I’m so\Nglad to have finally reached the point
Dialogue: 0,1:00:28.86,1:00:33.24,Default,,0000,0000,0000,,where no one raised their hand except\Nthat one guy who I think misheard me.
Dialogue: 0,1:00:33.24,1:00:38.30,Default,,0000,0000,0000,,{\i1}laughter{\i0}\NOr you’re brilliant. And
Dialogue: 0,1:00:38.30,1:00:41.04,Default,,0000,0000,0000,,please stay in our community\Nand work on open research!
Dialogue: 0,1:00:41.04,1:00:42.75,Default,,0000,0000,0000,,{\i1}somebody off mike shouts:{\i0}\NAudience: Maybe he can add something!
Dialogue: 0,1:00:42.75,1:00:47.31,Default,,0000,0000,0000,,Yeah! And if you work for the NSA,\NI’d just like to encourage you
Dialogue: 0,1:00:47.31,1:00:51.69,Default,,0000,0000,0000,,to leak more documents!\N{\i1}laughter{\i0}
Dialogue: 0,1:00:51.69,1:00:58.20,Default,,0000,0000,0000,,{\i1}applause, cheers{\i0}
Dialogue: 0,1:00:58.20,1:01:04.74,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,1:01:04.74,1:01:11.59,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,1:01:11.59,1:01:18.49,Default,,0000,0000,0000,,{\i1}applause, cheers, whistles{\i0}
Dialogue: 0,1:01:18.49,1:01:25.26,Default,,0000,0000,0000,,{\i1}applause, cheers, whistles, ovation{\i0}
Dialogue: 0,1:01:25.26,1:01:31.99,Default,,0000,0000,0000,,{\i1}applause, ovation{\i0}
Dialogue: 0,1:01:31.99,1:01:38.75,Default,,0000,0000,0000,,{\i1}applause, cheers, ovation{\i0}
Dialogue: 0,1:01:38.75,1:01:45.70,Default,,0000,0000,0000,,{\i1}applause, ovation{\i0}
Dialogue: 0,1:01:45.70,1:01:48.82,Default,,0000,0000,0000,,Herald: Thank you very much, Jake.
Dialogue: 0,1:01:48.82,1:01:52.76,Default,,0000,0000,0000,,Thank you. I’m afraid we ran\Nall out of time for the Q&A.
Dialogue: 0,1:01:52.76,1:01:55.57,Default,,0000,0000,0000,,I’m very sorry for anyone\Nwho wanted to ask questions.
Dialogue: 0,1:01:55.57,1:01:58.40,Default,,0000,0000,0000,,Jacob: But we do have a press conference.\NWell, if you guys… you know,
Dialogue: 0,1:01:58.40,1:02:01.31,Default,,0000,0000,0000,,I’d say: “occupy the room for another\N5 minutes”, or… know that there’s
Dialogue: 0,1:02:01.31,1:02:04.22,Default,,0000,0000,0000,,a press conference room that will be\Nopened up, where we can all ask
Dialogue: 0,1:02:04.22,1:02:07.26,Default,,0000,0000,0000,,as many questions as we want,\Nin 30 minutes, if you’re interested.
Dialogue: 0,1:02:07.26,1:02:11.48,Default,,0000,0000,0000,,And I will basically be available until\NI’m assassinated to answer questions.
Dialogue: 0,1:02:11.48,1:02:18.60,Default,,0000,0000,0000,,{\i1}laughter, applause{\i0}\NSo…
Dialogue: 0,1:02:18.60,1:02:22.25,Default,,0000,0000,0000,,in the immortal words of Julian Assange:\NRemember, no matter what happens,
Dialogue: 0,1:02:22.25,1:02:26.41,Default,,0000,0000,0000,,even if there’s a videotape of it,\Nit was murder! Thank you!
Dialogue: 0,1:02:26.41,1:02:30.34,Default,,0000,0000,0000,,Herald: Thank you. Please give a warm\Nround of applause to Jake Appelbaum!
Dialogue: 0,1:02:30.34,1:02:33.34,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,1:02:33.34,1:02:37.80,Default,,0000,0000,0000,,{\i1}silent postroll{\i0}
Dialogue: 0,1:02:37.80,1:02:42.40,Default,,0000,0000,0000,,{\i1}Subtitles created by c3subtitles.de\Nin the year 2016. Join, and help us!{\i0}