Encryption

Linsk

 * https://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html Evil maid attack.
 * Freenet
 * http://fiddler2.com/, http://www.wireshark.org/download.html , http://www.snort.org/start/download

The traffic is coming from inside the target's machine. Thus, you would have to have complete logs, like through Fiddler or equivalent, and cross-reference that to a Snort or Wireshark session running on another machine. When you see traffic that doesn't match normal system or user traffic, then you have a suspect.

Since this is based on two things: (1) a BIOS component, and (2) a hardware transmitter component, working together.... one way to defeat it is to wipe out the BIOS and upgrade it to your own compiled fully free and open source variant, like http://www.coreboot.org/. This could possibly disable the attack even if the hardware transmitter were hard to spot and physically remained.

https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html

Note how tor must be config on vm, win7 can be bypassed

http://www.loper-os.org/?p=1299

Obfuscated C-code
http://www.peereboom.us/assl/assl/html/openssl.html  openssl deliberately made unreadable by NSA agents part of the core coding team. See http://web.archive.org/web/20140414023227/https://www.peereboom.us/assl/assl/html/openssl.html as peereboom.us warns on fake certificates. Before the the Snowden release, read somewhere that the NSA has its agents as core openbsd,freebsd,linux etc. kernel coders with commit rights to the source tree. I thought this was just to conspiratorial, after Snowden computing from inside a faraday cage should be standard. Using obfuscated C-code the NSA can hack any linux, ssl system at will.

NSA antics
http://www.truecrypt.org is NSA software that uses Intel hardware encryption chipsets which the NSA agents with the complicity of Intel(according to various news outlets) has compromised so that the random key generator is not truly entropic and can be decrypted with specialized custom made ASIC chipsets. The max allowable password length is only 32 chars long, because not even the NSA can decrypt a 100 character password. They are not so stupid as to place any software backdoors in truecrypt itself, this would eventually be detected with a software audit, they did something that nobody even thought about: designed their very own chipset and then forced Intel to adopt it. All Truecrypt encrypted code is decrypted by the NSA when uploaded anywhere unto the Internet. The NSA can track down any person uploading to http://thepiratebay.org by comparing the file on piratebay with their cached copy of the same file that had to traverse an NSA controlled router, gateway, ISP etc. somewhere in this world. The NSA caches the entire Internet in realtime and especially homes in on encrypted files. Only by encrypting(not using truecrypt) a file before uploading to a torrent sharing site is some measure of protection provided. And even then this must start with i2p -> Tor -> clearnet. It seem that there aren't any file uploading sites that allows for encrypted upload or that allows for Tor based uploads. Tor itself is compromised, begin with i2p and then hop unto Tor.

Basically it should be clear that privacy does not exist anymore. i2p uses java, how many NSA agents have commit rights to the i2p source tree?

Chat sessions are not encrypted; Pigeon, Aim, Skype etc. You need to encrypt all text with a custom Microcontroller attached to an RS-232 port with a diode that blocks the read signal. The NSA cannot defy the physics of a diode. This encrypted text is then inserted into the skype session, the person at the other end must have a decrypting Microcontroller attached and the read the text from the LCD display of the micro. Anything in software on a pc is compromised.

FreeBSD10 has reverted recent commits to their source on using Intel compromised chip sets back to random key generation in software only.

All Lenovo motherboards have chip sets implanted that "phones home" to China. NSA has so compromised the Android system that no bitcoin wallet is safe on it.

Plastic rocks, thrown over the wall, embedded with electronic signal sniffing equipment that can detect keyboard presses, this was how the Iranian nuclear computer systems were penetrated. Faraday cages, lined with tin-foil is only solution to this.

Qubes linux
http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html Second, all mainstream desktop OSes, such as Windows, Linux, BSD, even OSX, are all based on a monolithic kernels, which present a significant security problem. This is because a typical monolithic kernel of a contemporary desktop OS contains tens of millions of lines of code, and to make it worse, most of this code is reachable from (untrusted) applications via all sorts of APIs, making the attack surface on the kernel huge. And it requires just one successful kernel exploit to own the whole system, bypassing any security mechanisms that might have been built on top of it, such as SELinux, LXC, etc.

In other words all US citizens can be forced to become NSA agents, the agency will find some means of blackmail such as failed tax return etc. Everything, cloud etc. from the USA and US citizens are compromised. Using Dropbox? Might as well publish your password on pastebin. http://www.mega.co.nz loads javascript locally to prevent man in the middle server impersonation. http://www.ghacks.net/2013/07/20/megas-chrome-app-improves-security-by-loading-javascript-locally/ Loads javascript locally.