Intel Hack is NSA backdoor 'Discovered', NSA created BITCOIN - What's to worry?

[bitfools]

So a kid found the backdoor on the INTEL chip, and its ten years old, we all knew that the NSA had a back-door in the chip, most governments on earth don't allow these chips for this reason in sensitive areas,

All the routers and stuff its same, Microsoft has been working with NSA since 1990's, all mobile phones are NSA, hell even PUTIN says "Google is NSA"

So a kid in his 20's busted them we all knew this was a matter of time the Snowden leaks showed this,

BITCOIN is NSA, the white paper is NSA "How to mine a mint"(1996), SHA-256 is NSA,

PPL ask here how does the INTEL leak affect our BITCOIN, well it means that all is fair now, everybody of earth can now spy like the "NSA"

Intel has special instructions for CRYPTOGRAPHY, so they know when your doing crypto, and we knew these backdoors were in the chip;

No worry average person on this forum has 0.05 BTc, not likely a target by the NSA

More interesting is how the chinese/russian hackers will use this new information, its just another vector or path, into the bowels of Bitcoin.

You all have your wallet on your smart-phone (google-nsa), its not like they didn't have you all along, besides they created bitcoin to track&control your spending, your phones  job is your location, and what your saying, and doing

[1715297546]

1715297546

[1715297546]

1715297546

[1715297546]

1715297546

[AGD]

https://bitcointalk.org/index.php?topic=948636.msg10387510#msg10387510

There is no big business without national interest. If you have a tech company and make millions, you are making part of national security already. Intel IS part of the national security since the 70s. You think Bill Gates would have sold his OS, if he refused the offer from the guys in the black suits back in the days?

[aleksej996]

All of this is very possible, but let's not get ahead of ourselves like we have the proof already.
When people accept something as a fact without proof, even if they are right, they stop looking for proof as hard as they otherwise would.

Also there wasn't one "kid", there was a whole team of researchers.
And the "BITCOIN is NSA" part, a bit of an overreach, not that it would mean that Bitcoin is bad even if it was true.
Let's not forget that Tor was developed by US military and also the Internet and neither was a secret nor was bad for humanity.

Sometimes government agencies want to be anonymous as well. Especially if they like getting involved in other government's business.

It is not that black and white. Sometimes governments need to mask their operations by hiding in the crowd, so they gift the weapon to all, so no one knows when they use it and when their weaker enemies use it.
And when their weak enemies use it, it just gives them more justification for their existence.

[Ucy]

Some of your theories make no sense bro, sorry.
 Bitcoin can still run on non-intel PCs, right?  Unfortunately my laptops have Intel chips but what stops me from switching to Local or Chinese PCs to run my cryptocurrency Businesses?


We may well start focusing more on Transparency, Open source Technologies and Honesty.   Too much powers have been given to governments and companies already.



 My advice to us is never to throw all our lives/assets into digital currencies, virtual assets or the Internet. We must have lots of physical assets as well.

  Anyway,  we brought the evil upon ourselves by being too  fearful, self-centered and gullible.

He is in total control,whether we believe or not. Que será, será

[Ucy]

https://bitcointalk.org/index.php?topic=948636.msg10387510#msg10387510

There is no big business without national interest. If you have a tech company and make millions, you are making part of national security already. Intel IS part of the national security since the 70s. You think Bill Gates would have sold his OS, if he refused the offer from the guys in the black suits back in the days?

And it is no coincidence that those working hard to destroy Bitcoin are accused of one thing or another or are ex-convincts. . .  Intelligence Agencies are known to use these kind of persons.
And many being self centered will do ANYTHING to secure their freedom or get paid. Very unfortunate World.

[cellard]

Some of your theories make no sense bro, sorry.
 Bitcoin can still run on non-intel PCs, right?  Unfortunately my laptops have Intel chips but what stops me from switching to Local or Chinese PCs to run my cryptocurrency Businesses?


We may well start focusing more on Transparency, Open source Technologies and Honesty.   Too much powers have been given to governments and companies already.



 My advice to us is never to throw all our lives/assets into digital currencies, virtual assets or the Internet. We must have lots of physical assets as well.

  Anyway,  we brought the evil upon ourselves by being too  fearful, self-centered and gullible.

He is in total control,whether we believe or not. Que será, será

Lol, as if Chinese computers didn't had their own spying-chips on them, same goes for the Russian computers and so on.

There's no escape basically. Just get a robust linux laptop, libreboot it, and use it as cold storage. First, entirely wipe the hardisk, then install a linux distro of choice, and then generate the keys there. As long as your keys never saw the internet you should be safe.

Just consider that everything you do online is compromised by default. If SHA256 has a backdoor, I don't know about that, but we could always hardfork Bitcoin into a non-compromised algo.

[greg_kwski]

as far as I know AMD processors suffer the same problem though not as massive as intel's
Do you guys think this will usher in a new processor era, that will focus on privacy?

[cellard]

as far as I know AMD processors suffer the same problem though not as massive as intel's
Do you guys think this will usher in a new processor era, that will focus on privacy?

This is the only good thing that could come from events like this... then again, I have little hope about big changes in how people percieve their lack of privacy. Most people are complete morons when it comes to any of this, case in point, Microsoft still has the clear monopoly on desktop OS usage. If people cared about any of this, no one would use windows, but even I have a windows machine that I use mostly for videogames and video production because linux sucks for that, unfortunately.

What we would need is completely open source CPU with the idea of bitcoin on mind, to secure private keys and transactions. Until we can have completely open source computers we will not be safe. It is completely insane that we are using computers and trusting that the chips will not have strange things on them, such as IME.

[darkangel11]

Some of your theories make no sense bro, sorry.
 Bitcoin can still run on non-intel PCs, right?  Unfortunately my laptops have Intel chips but what stops me from switching to Local or Chinese PCs to run my cryptocurrency Businesses?

Of course it can, although the fact that AMD chips haven't had any flaws discovered doesn't mean they won't. Who knows what kind of backdoors they might have...
Anyway I'm still going to buy an AMD for my new PC. Who knows how the Intel chips will perform after the fix has been implemented. For now they're claiming performance might go down by 30% which is a disaster. They should offer me a refund!

AMD is rising after its rival central processing unit maker, Intel, was reported to have a security issue embedded in its hardware.
AMD shares are up 6.51% at $11.69 on Wednesday, while Intel shares slipped 2.45% to $45.70.
http://markets.businessinsider.com/news/stocks/amd-stock-price-is-gaining-as-intel-scrambles-to-fix-security-flaw-2018-1-1012439374

My advice to us is never to throw all our lives/assets into digital currencies, virtual assets or the Internet. We must have lots of physical assets as well.

  Anyway,  we brought the evil upon ourselves by being too  fearful, self-centered and gullible.

He is in total control,whether we believe or not. Que será, será

The problem with physical assets like real estate is that you get linked to a country and the state of your investment will depend on that country's moves. If they decide to raise the taxes you'll lose, if they decide to go to war you'll also lose, if they get an economic embargo like North Korea... you know what will happen

[Spendulus]

as far as I know AMD processors suffer the same problem though not as massive as intel's
Do you guys think this will usher in a new processor era, that will focus on privacy?

This is the only good thing that could come from events like this... then again, I have little hope about big changes in how people percieve their lack of privacy. Most people are complete morons when it comes to any of this, case in point, Microsoft still has the clear monopoly on desktop OS usage. If people cared about any of this, no one would use windows, but even I have a windows machine that I use mostly for videogames and video production because linux sucks for that, unfortunately.

What we would need is completely open source CPU with the idea of bitcoin on mind, to secure private keys and transactions. Until we can have completely open source computers we will not be safe. It is completely insane that we are using computers and trusting that the chips will not have strange things on them, such as IME.

I disagree, but before getting mad hear me out.

The first thing you must have is knowledge of, and possibly control of, the outflow of info from your devices.

For each program that runs, all of it's reporting upstream should be knowable.

If this were accomplished, it would be possible to use devices/software even though they are considered compromised.

[LeGaulois]

In this case, we could go even further with internet cables under the sea which can be used to extract data. Do you know it's possible right?
You can create  completely open source CPU, it won"t be so useful at the end

[aleksej996]

Of course it can, although the fact that AMD chips haven't had any flaws discovered doesn't mean they won't. Who knows what kind of backdoors they might have...
Anyway I'm still going to buy an AMD for my new PC. Who knows how the Intel chips will perform after the fix has been implemented. For now they're claiming performance might go down by 30% which is a disaster. They should offer me a refund!

All modern chips are affected by Spectre vulnerability. Including AMD and even ARM chips on your smartphone.

[Kakmakr]

Ok, so let's say it is true. Why would they make it OpenSource? You cannot hide anything in the protocol, because there are a lot of Peer review being done on the code by people globally.

The backdoor they discovered is running on it's own hidden OS and this has nothing to do with Bitcoin. Most backdoors are hidden in proprietary code in other OS like Microsoft and Cisco routers. <firmware>

Operate within the laws of your country and you will be fine, whatever happens in the future.

[penig]

Surprised there isn't more talk in this forum about these vulnerabilities, or understanding the cause and impact.  One of the vulns affects all Intel with no fix possible.  They'll have redesign chip architecture, test and produce, will take a year or two until a complete fix is in the field.  In the meantime you're vulnerable from nefarious code on your PC reading other code and memory.  Including your passwords and unencrypted data.  If you want to be safe, dig out your old hardware before speculative branch execution.

[cr1776]

...  Too much powers have been given to governments and companies already.
...

You are right, the governments have way too much power.

[This isn't directed at you, Ucy, btw.]:  The funny thing is that many of the people who are upset about the Snowden revelations and saying things like the statement above are the same ones clamoring for government regulation of the internet!  The biggest, most abusive, immoral and evil monopoly on the planet is the monopoly that governments have on controlling people via the use of force.  Every other so-called monopoly is minor compared to the power-hungry people who seek out positions in governments in order to abuse them.

As far as Intel goes, the Management Engine is a large enough backdoor to drive a truck through, these new ones may have been deliberate or may not, but with the ME, it certainly wasn't necessary.

[pixie85]

This is what we should really be scared of. Not that somebody will try to ban Bitcoins or trace our transactions to find our real IDs. The real threat is hardware companies implementing backdoors in our stuff to take control whenever they choose to. What if one day your PC just blows up because it was rigged by the hardware manufacturer to do it on certain day? You can't stop it, you're helpless.

[TommyZ]

I don't know about NSA but IRS is already tracing BTC transactions. I think that if we don't make everything very well encrypted on blockchain fast, it can be our doom instead of salvation.

[haltingprobability]

So much FUD in this thread. I have written up a blog post explaining Meltdown and Spectre for the average person (who has some familiarity with computer terminology).

The NSA has no interest in stealing your Bitcoins. If they are stored on your PC and the NSA wanted to steal them, believe me, they could steal them and the Meltdown and Spectre attacks have nothing to do with how they'd take them. For most people, a hardware wallet is the best way to keep your coins secure. Hardware wallets are not vulnerable to the Meltdown/Spectre class of attacks.

[_merelymetadata]

Well that was reaching deep in the what-if bag. 

[aleksej996]

So much FUD in this thread. I have written up a blog post explaining Meltdown and Spectre for the average person (who has some familiarity with computer terminology).

The NSA has no interest in stealing your Bitcoins. If they are stored on your PC and the NSA wanted to steal them, believe me, they could steal them and the Meltdown and Spectre attacks have nothing to do with how they'd take them. For most people, a hardware wallet is the best way to keep your coins secure. Hardware wallets are not vulnerable to the Meltdown/Spectre class of attacks.

You got any more info on this? What CPUs are hardware wallets using?
Spectre is pretty wide reaching, even some ARM chips are affected, so I am quite curious about architecture hardware wallets use, since there are not many CPU manufactures in the world.

[vapourminer]

So much FUD in this thread. I have written up a blog post explaining Meltdown and Spectre for the average person (who has some familiarity with computer terminology).

The NSA has no interest in stealing your Bitcoins. If they are stored on your PC and the NSA wanted to steal them, believe me, they could steal them and the Meltdown and Spectre attacks have nothing to do with how they'd take them. For most people, a hardware wallet is the best way to keep your coins secure. Hardware wallets are not vulnerable to the Meltdown/Spectre class of attacks.

You got any more info on this? What CPUs are hardware wallets using?
Spectre is pretty wide reaching, even some ARM chips are affected, so I am quite curious about architecture hardware wallets use, since there are not many CPU manufactures in the world.

doesnt make any difference what cpu the hardware wallet is using, its running signed trusted code from the manufacturer 100%. no way for the malware to get in.

trezor had a side channel attack (power draw analysis) a while back but thats been fixed for a long time.

[13abyknight]

If Bitcoin was NSA, this very forum where we are discussing about how NSA is behind everything wouldn't even exist. They've always been known to suppress everyone who talk about or against them and in this case, this forum is a place for rational discussions even about the accused organisation itself. It's all conspiracy and nothing more to it unless I see actual proof.

[Colorblind]

All the routers and stuff its same, Microsoft has been working with NSA since 1990's, all mobile phones are NSA, hell even PUTIN says "Google is NSA"

Where have PUTIN made that statement? Can you provide a link or something? That's curious!

BITCOIN is NSA, the white paper is NSA "How to mine a mint"(1996), SHA-256 is NSA,

More interesting is how the chinese/russian hackers will use this new information, its just another vector or path, into the bowels of Bitcoin.

You all have your wallet on your smart-phone (google-nsa), its not like they didn't have you all along, besides they created bitcoin to track&control your spending, your phones  job is your location, and what your saying, and doing

And this sounds a lot like racist paranoia honestly. First of all - if by hacker you mean criminal (that's racist on itself), then criminals will do with this what criminals always do with bugs - exploit them for maximum profit. Other hackers (security experts for example) will probably use it to explore measures they can take to prevent further breaches and leaks. Also nationality shouldn't matter, so calling them Russians, Chinese or Indians is nothing but pouring your emotions and hatred to the public.

[Tonyfredzy]

All of this is very possible, but let's not get ahead of ourselves like we have the proof already.
When people accept something as a fact without proof, even if they are right, they stop looking for proof as hard as they otherwise would.

Also there wasn't one "kid", there was a whole team of researchers.
And the "BITCOIN is NSA" part, a bit of an overreach, not that it would mean that Bitcoin is bad even if it was true.
Let's not forget that Tor was developed by US military and also the Internet and neither was a secret nor was bad for humanity.

Sometimes government agencies want to be anonymous as well. Especially if they like getting involved in other government's business.

It is not that black and white. Sometimes governments need to mask their operations by hiding in the crowd, so they gift the weapon to all, so no one knows when they use it and when their weaker enemies use it.
And when their weak enemies use it, it just gives them more justification for their existence.

Very insightful, not to take every news in hook, line and sinker.
NSA or not I guess we have not much to fear as long as you ain't harming no one or whatever

[aleksej996]

So much FUD in this thread. I have written up a blog post explaining Meltdown and Spectre for the average person (who has some familiarity with computer terminology).

The NSA has no interest in stealing your Bitcoins. If they are stored on your PC and the NSA wanted to steal them, believe me, they could steal them and the Meltdown and Spectre attacks have nothing to do with how they'd take them. For most people, a hardware wallet is the best way to keep your coins secure. Hardware wallets are not vulnerable to the Meltdown/Spectre class of attacks.

You got any more info on this? What CPUs are hardware wallets using?
Spectre is pretty wide reaching, even some ARM chips are affected, so I am quite curious about architecture hardware wallets use, since there are not many CPU manufactures in the world.

doesnt make any difference what cpu the hardware wallet is using, its running signed trusted code from the manufacturer 100%. no way for the malware to get in.

trezor had a side channel attack (power draw analysis) a while back but thats been fixed for a long time.

Meltdown and Spectre vulnerabilities are due to hardware implementation, that is why they are such a big deal now.
It doesn't matter if you are running Windows, Ubuntu, Android or the OS of your router, the problem is not in the code it is the hardware that has the vulnerability.

The problem however is local privilege escalation, so I guess you have a point, since code would have to be executed on them. The problem is that code wasn't built with this in mind, so it is maybe allowing some low privilege access to something that wouldn't be a problem if it wasn't for these vulnerabilities.

[AGD]

All of this is very possible, but let's not get ahead of ourselves like we have the proof already.
When people accept something as a fact without proof, even if they are right, they stop looking for proof as hard as they otherwise would.

Also there wasn't one "kid", there was a whole team of researchers.
And the "BITCOIN is NSA" part, a bit of an overreach, not that it would mean that Bitcoin is bad even if it was true.
Let's not forget that Tor was developed by US military and also the Internet and neither was a secret nor was bad for humanity.

Sometimes government agencies want to be anonymous as well. Especially if they like getting involved in other government's business.

It is not that black and white. Sometimes governments need to mask their operations by hiding in the crowd, so they gift the weapon to all, so no one knows when they use it and when their weaker enemies use it.
And when their weak enemies use it, it just gives them more justification for their existence.

It's even more effective, when you let your enemy (and everyone else) think, he could use these tools anonymously, while you only have the key to decrypt all traffic.

[Cryptophobia]

Everything is spying dont worry

[haltingprobability]

So much FUD in this thread. I have written up a blog post explaining Meltdown and Spectre for the average person (who has some familiarity with computer terminology).

The NSA has no interest in stealing your Bitcoins. If they are stored on your PC and the NSA wanted to steal them, believe me, they could steal them and the Meltdown and Spectre attacks have nothing to do with how they'd take them. For most people, a hardware wallet is the best way to keep your coins secure. Hardware wallets are not vulnerable to the Meltdown/Spectre class of attacks.

You got any more info on this? What CPUs are hardware wallets using?

It doesn't really matter because hardware wallets are not running applications - the hardware wallet is a "closed ecosystem".

Spectre is pretty wide reaching, even some ARM chips are affected, so I am quite curious about architecture hardware wallets use, since there are not many CPU manufactures in the world.

Try reading the summary of the linked blog post. It's crucial to keep in mind that Meltdown and Spectre are (timing) side-channel attacks. This means there has to be something that's living "on the side", some applications or something. Since a hardware wallet is only running the wallet software (it literally can't run anything else), there is no side-channel. Really exotic side-channels like power-draw analysis still require physical access to the wallet. If you can't keep your wallet physically secure, you have bigger problems.

Security is a holistic problem and keeping this in mind is key to shutting down all this FUD.

[haltingprobability]

It doesn't matter if you are running Windows, Ubuntu, Android or the OS of your router, the problem is not in the code it is the hardware that has the vulnerability.

No, your router is not vulnerable to Meltdown/Spectre because it's not running any applications, it's a standalone device.

[pebwindkraft]

@hardwarewallet: I think you are over a bit here. I have read your blog post explaining Meltdown and Spectre for the average person. Nice summary. I wonder how you can say, router OS or hardware wallets are secure. I cannot see how you derive this.

On your statement:

No, your router is not vulnerable to Meltdown/Spectre because it's not running any applications, it's a standalone device."

this wording creates wrong expectations. Even as non-expert in security one could easily create a linux box with two network cards, and then on top of the operating system run an application, which routes data from one network to the other. And also it is not at all stand alone...

With your words one would think to be secure. But the opposite is true! Even worth, reality is doing it exactly this way:
Looking at the providers, e.g. AT&T is asking for Open Network Automation Platform, which is exactly an OS with apps on top. And Cisco operating system is the same (only old IOS maybe... IOS-XE extended IOS and it's monolithic problems by abstracting some modules, with an underlying operating system is based on a Linux distro, IOS XR uses QNX, ...), Juniper uses FreeBSD, and you will find similiar on Nortel/Nokia/...

I have no proof that these systems are vulnerable or not, and I also have no proof, that the hardware wallets are secure or not.
Maybe best wording is, that up until today, no security issues (side channel attacks like Meltdown/Spectre) have been found in the wild for these systems (or at best are difficult to implement, cause attack vectors are limited...).

In security the wording is more decent. Statements are linked to specific environments and test cases, and do not derive "general security" for others from the observations. Security is a beast... You cannot only predict security, only when you have a fully deterministic machine.

So stating that hardware wallets or Routers are secure, is most probably overdoing it (if not wrong, but that will only be shown by the future  ).

[olubams]

A lot of controversy have surrounded the creation of bitcoin with several school of thoughts and even aside the ones we have read about, some are still coming and in all, they have been debunked for those who have not read about it, some are as follows;

1. Satoshi is a group of people

2. Bitcoin was created by China others said its from Korea, some even said Russia

3. Roger Ver is the creator of Bitcoin some even said its the Twins etc. Anyhow they make it seems, its does not matter.

[vapourminer]

@hardwarewallet: I think you are over a bit here. I have read your blog post explaining Meltdown and Spectre for the average person. Nice summary. I wonder how you can say, router OS or hardware wallets are secure. I cannot see how you derive this.

youre kinda missing the point.

at least on the trezor, it only runs its own code in its firmware. it never executes foreign code, so there is no way to get something to run on it to exploit something.

now if the firmware gets compromised then it could steal stuff via exploits, but at that point the compromised code can do anything it wants anyway, it hardly need to use an exploit.

meltdown and spectre need to get code on the device to run to exploit them.

[haltingprobability]

@hardwarewallet: I think you are over a bit here. I have read your blog post explaining Meltdown and Spectre for the average person. Nice summary. I wonder how you can say, router OS or hardware wallets are secure. I cannot see how you derive this.

On your statement:

No, your router is not vulnerable to Meltdown/Spectre because it's not running any applications, it's a standalone device."

this wording creates wrong expectations. Even as non-expert in security one could easily create a linux box with two network cards, and then on top of the operating system run an application, which routes data from one network to the other. And also it is not at all stand alone...

This is why you shouldn't be running untrusted user-code on a router. A router is (ought to be, anyway) a standalone device for this very reason.

Looking at the providers, e.g. AT&T is asking for Open Network Automation Platform, which is exactly an OS with apps on top.

Who is using a network platform for browsing the web? Please name names so they can be fired immediately.

Maybe best wording is, that up until today, no security issues (side channel attacks like Meltdown/Spectre) have been found in the wild for these systems (or at best are difficult to implement, cause attack vectors are limited...).

No, that's not the best wording because Meltdown/Spectre require the presence of malicious, user-space code in order to operate. If your kernel is compromised, for example, you have no need to worry about Meltdown/Spectre because the software that has compromised your kernel can do far worse things than anything that Meltdown/Spectre attacks can do. The level of FUD on this particular news story is astounding to me. This is my field, I worked for one of the companies involved in this for nearly a decade, in computer architecture.

Security is a beast... You cannot only predict security, only when you have a fully deterministic machine.

Meltdown/Spectre are very specific attacks. The security problem is separate. Any self-contained hardware/software environment is oblivious to Meltdown/Spectre, as long as it really is self-contained.

So stating that hardware wallets or Routers are secure, is most probably overdoing it (if not wrong, but that will only be shown by the future  ).

No, stating that they are insecure is overdoing the FUD.

[haltingprobability]

meltdown and spectre need to get code on the device to run to exploit them.

Precisely. What really makes Meltdown/Spectre so dangerous is that user-space code (read: "web browser") can potentially image your kernel memory. Secrets like passwords or keys may be stored in memory while it is being siphoned out to some remote party who is exploiting your machine and these secrets may, in turn, be useful in further breaking into your network, your system, your emails/logins, spoofing (certificates, public-keys), or - for crypto-holders - even your wallet. So, that's the risk profile for Meltdown/Spectre. These are strictly read-only attacks. Folks, go read the whitepapers and the official announcements from the affected companies (I have) before spreading FUD.

[aleksej996]

It seems like we are getting into a discussion on what is secure here. The point we can all agree on is that all devices, hardware wallets and routers as well, are vulnerable, but not necessarily exploitable as these attacks are strictly local privilege attacks only.

The question of exploitability is still an open one and depends on case to case basis. As some devices might allow a certain level of unprivileged code execution, that might be only contained to few parties or something. Either way, this vulnerability was not being accounted in development of these devices and can not be considered to have same level of security as before the disclosure of these vulnerabilities.

The point is that at it's core, on the CPU level, all of these devices are vulnerable and the only question that remains is if someone can exploit it.
For routers, I am certain that some are exploitable as these apps that are running on it can get quite complicated allowing many features. As for the hardware wallets, I don't know, but it is not impossible.