where were GCHQ hiding on the Guardian’s PC (speculation)

cryptome vectors a request for information about why GCHQ might have destroyed particular chips – in a commodity PC.

Three chips were isolated: a keyboard controller, a trackpad controller and some kind of inverter.

Remember the function of the first two: to convert electrical signals into bus data; OR CONVER THE OTHER WAY AROUND. If you want to spy on a PC, ensure that things that “make sparks” susceptible to detection do lots of sparking – acting as bearer for modulated information flows of interest. For a keyboard and trackpad, each are able to emit signals and be a modulator.

Why destroy the record?

Well, first recognize that folks have to have know which PC they were targeting (and have prior knowledge of which chips are part of the destruction protocol).

Destroying the PC – vs the hard drive – was apparently a negotiated arrangement – that just happenstance happened to bring out the bover boys with their big’ammer (aimed at particular chips). Intended as part of the “install fear and awe” phase of handling the journalists, its a mix of showmanship and bravado – that MAY have done what UK is good at – undermining its own policy of keeping mum. One thing one can be assured of, once bob and fred were told to do down fleet street and have a chummy talk with the naughty boys at the Guardian, they will have been all posturing (and let their guard down). But, bob and fred would not know in any case WHY they were after particular chips.

An inverter release a power signal, called manchester signaling. inverting from -1 to 1 has a different power signature to the other way (particularly when part of a run code).

intending to leave the residual of the PC in the hands of the Guardian, it IS likely that GCHQ opted to remove the implants they had inserted (in the weeks before). This would show up in any analysis of the buffers of those chips.

how was the implant inserted? By induction. Remember, the Guardians office had its pavement dug up and an induction loop inserted – rather similar to those that are everywhere in the US (wherever there is a modern traffic signal).

The main purpose of the induction loop is to instill/leave a residual power signature that allows tracing of the physical device (as it wanders by a traffic signal…)

you should assume that a commodity PC has “capacity” to receive an arming signal that then uses its “sparking” devices to signal its signature. This is what GCHQ are hiding…


About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in coding theory. Bookmark the permalink.