Military Review

"The Naked King"

61
The current situation with information security in Russia, if you look at it impartially, fully corresponds to the plot of the famous children's fairy tale "The Naked King."


The deplorable situation, the state power, in the person of the first persons, began to be understood only after the secret information was discharged by the notorious Snowden, he is the boy who pointed out the obvious.

And he uttered the sacred words that the leaders of the country finally heard.

Professionals know what is happening now in the relevant state structures. As always with us, campaigning reaches marasmus, but it “shakes” coolly, threatens with organizational leads and landings.

I will not say anything more on global themes, otherwise I will be “carried” like the unforgettable Ostap. Let me turn to a concrete example, I hope everyone, even non-professionals, everything will become obvious.

Business in Russian

At one time, I stumbled upon an article in Komsomolskaya Pravda, “Do Spyware Notebooks Are Delivered to Russia?”, It was about the Getac A790 protected notebook by the Taiwanese company Getac Technology.

Here is this "handsome":

"The Naked King"


The article talked about the presence on this computer of the pre-installed program Computrace LoJack, developed by Canadian firm Absolute Software. It was argued that the program comes in activated form and immediately tries to connect to servers in Canada. In addition, the manufacturer has stimulated sellers of equipment in Russia to provide it with forward information about customers of data protected computers.

In conclusion, an unequivocal conclusion was made about the target action of a potential adversary and it was argued that these computers are widely used in the Russian armed forces ....

After reading the article in Komsomolskaya Pravda, I immediately recalled a three-year-old material devoted to the same program on rom.by: “The BIOS Trojan from Absolute Software”. It described in detail the mechanism for locating and working in the BIOS of the program module of this program, so the topic is not new.

Interested in visiting the developer’s website and reading, really, the program sends geolocation data to a remote server, has the ability to remotely lock a computer and erase information from disks by commands from Absolute Software’s servers. In addition, it is possible to complete a cycle of remote laptop management starting from updating the BIOS, installing, removing any programs and ending with reinstalling the OS. The official purpose of the program is to prevent data leakage and the use of a laptop in case of its theft or loss.

The software part of the Computrace LoJack system consists of two modules, the first one is written into the BIOS at the computer production stage, and the second is loaded from the network in case the computer owner decides to use the Computrace LoJack program. And this service is not free, you need to pay about $ 50 for a one-year subscription to the services of Absolute Software.

Altruism is not peculiar to business, free activation of a paid service suggests that the benefit obtained from this justifies financial costs (it does not mean free of charge for free). Who pays for the information I think is also understandable ...

Looking at the image of the protected notebook Getac А790 immediately remembered about a similar gray box seen on the site of one of the customers, it was pushed into a corner, covered in dust, and had not been used for a long time. I wanted to “touch” the machine myself and in the next visit to this customer immediately went to the dusty box that interested me.

I open and do not believe my eyes, this is not a Getac A790 notebook, judging by the nameplate on the front panel, this is the Russian computer MVK-2, moreover, on the label all the data about the model and the manufacturer, where it is written that this product was manufactured by InfoPro in 2010. In addition, the holographic sticker of special inspection flaunts on the laptop.

For those who do not know, I will explain, special inspection and special investigations are necessary procedures (and very expensive) for the equipment to appear on secret objects and in the troops. After these checks, the equipment is considered safe in terms of leakage of secret and confidential information and can be used on secret and protected objects.

The box was intrigued and I simply could not turn it on, my hands reached out for the keyboard, turned on, the initialization screen appeared on the screen and everything fell into place right away - the classic version of “business in Russian”.

The Russian company, which calls itself the developer and manufacturer of MVK-2 (InfoPro), did not even bother to register its own initialization graphic screensaver in BIOS and the name Getac А2 proudly appears on the Russian computer MVK-790.

I was not lazy and filmed this "miracle" on my mobile phone, here it is.



Immediately it became even more interesting, MVK-2 is not some kind of “left” Getac А790 for you. MVK-2 is a Mobile Computing Complex, - the main protected computer of the Armed Forces of Russia, domestic development, in the army there are thousands, if not tens of thousands ...

Well, about the domestic development and national assembly, it all became clear to me right away, but if there are any Absolute Software programs after special investigations (as indicated by a holographic sticker), I was interested in the Absolute Software program. Taking advantage of free time, without even asking the customer (I confess, is a sinner), I scanned BIOS for the signature of the Computrace LoJack program, which I took from an article on rom.by. And I was not surprised when I found them there. InfoPro engineers from the BIOS of their computers did not delete anything, and all the special studies did not reveal the presence of this official "bookmark" in MVK-2.

The bluntness and impudence of the “manufacturer” is amazing, there are official programs for assembling / disassembling BIOS, can any module from BIOS be removed or inserted without problems, which prevented InfoPro specialists from inserting their own screensaver and cutting the scandalous module from BIOS? This procedure was mastered by all domestic collectors, it is not unique ...

"Singed" chips

Unfortunately, the machine was not connected to the Internet or to the local network, so it was not possible to look at the network activity on the IP addresses to find out the state of the Absolute Software service.

The only thing that did was photographed the screens of the device manager in the Sandra program in order to deal with the equipment inside MVK-2 at leisure. There was a feeling that $ 50 bucks for the activation of the Computrace LoJack program is paid for a reason, there are still “miracles” in this thing.

Here is a photo of the screen that interested me specifically:



Broadcom network chips installed at MVK-2 have long enjoyed ill fame as potential sites for bookmarking. According to the manufacturer codes came out on a specific chip Broadcom BCM 5752.

The company Broadcom has a whole line of chips from the BCM 57xx series. The chips of this family lit up on many hacker sites, even our domestic magazine Hacker wrote at least twice last year about bookmarks on these chips.

There was an article “Rootkit in a network card: a programmer’s fantasies about creating an invincible rootkit” and a more specific news With reference to the successful exploit: "Rootkit in the network map." So, the VSM 57xx chips are used by hackers for a long time, this is no secret.

The VSM 57xx series chips have their own flash memory (you can also connect external flash memory on a dedicated SPI interface), its own RAM, and its own RISC processor.

Here is the official block diagram of the BCM 5752 chip used in the MC-2:



In fact, this is a computer in a computer, and programs that are flashed inside its flash memory are executed both on its own embedded RISC processor and on the central processor of the computing unit during system initialization (advanced BIOS on peripheral controllers).

According to the documentation, there are only 16Kbytes of flash memory inside the chip, but on the external interface you can place additional up to 8Mbytes of programs and data. Imagine how much you can "stuff" there?

In conjunction with the program Computrace LoJack, such a network chip can do anything. You can find out the contents of the flash memory of this chip only on the tool stand, and it’s not a fact that it will work out. I again began an attack of spy mania, but not virtual, but networked.

The severity of the laws and the lack of their enforcement

I look closely at the chip's block diagram, I can say I’m drilling it with my eyes, and finally it comes to me - TPM Security Core is the same TPM module! I look in the documentation and exactly, there is a built-in TPM module in the VSM 5752 chip from this family 1.2 standard connected to the LPC interface.

The presence of a module TRM in the Russian protected computer is nonsense, it is legally forbidden even to import equipment with such modules, and using them in military equipment is generally a matter of jurisdiction. The only option, the chip may be present on the board, but must be physically disabled at the production stage and be in an inoperable (de-energized) state.

Formally, the ban is based on the use of foreign-developed cryptographic algorithms in these TPM modules. The true reason for the ban is that TPM modules are a means of generating and storing encryption keys and passwords with a unique key (PRIVEK) for the root of the trust chain, which is the root encryption key for the RSA algorithm (its secret part).

Chip makers know this key, and in theory, no one else. But all manufacturers of crypto-tools have contacts with special services without fail, I think it is not necessary to explain who will keep duplicates of these keys?

Knowledge of the root key for a particular TPM module allows deciphering the contents of the TPM module memory and, moreover, always accurately localize the location of a particular computing installation in the network space.

I wanted to check for the presence of TPM module activity on MVK-2, it was easy to do, for this there are two possibilities. In system ASPI tables there is a special object that describes the presence of a TPM module, but this is only a mark in memory. The device may be present, and the records in the tables about its presence may not be.

So this method is not reliable enough if there are no records in the system tables, the OS will not see it either.

The second method is much more reliable, any device interacts with other components of the computing system through registers, if these registers are active (you can read them and write information in them) then the device is operational. The idea is that the module that is disabled in the production conditions of the TPM does not have workable registers. It's simple to check, all the TPM registers of the 1.2 standard module are on the system bus in the fixed address space 0FED4_0000h - 0FED4_FFFFh, it was not me who invented it, it is written in the standard.

Again, including the MVK-2 being investigated, I already had a program on hand to view the registers on the system bus (of my own production, of course), and was not at all surprised to find out the activity of the TPM module.

What happens if you do not comply with the laws

The expected result was confirmed, the TPM registers of the module were in working condition, so no one disconnected the TPM module chip. Only here the information in the registers did not meet the specifications. In one of the active registers, scan-codes of keystrokes were found ...

It seemed that the information about the scan code of the last key pressed is stored in the module's TPM registers, and this already resembled what is in a professional language called hardware bookmark, the keylogger.

Is it possible? It is quite possible, since the keyboard controller and the TPM module are located on the same interface — the LPC — and this interface is made according to the scheme of the serial connection of all devices connected to it. In fact, the TPM module was turned into a sniffer, listening to the bus and storing information in its registers from the keyboard. Thus, hacker technologies, which have been discussed at professional forums for more than a year, are now figuratively speaking in the service of some kind of special services.

The hardware keylogger in MVK-2 is “cool”, may I be mistaken - of course, since this is a preliminary result of external research. If you could get inside this machine, you can either prove it or disprove, in any case, you need to understand, but I have no such possibility.
A logical question, and maybe someone has already figured out and came to the conclusion that everything is normal, - you can work?

I doubt that experts who are not able to change the screensaver in BIOS, who do not know about the tab in the BIOS of the Computrace LoJack program, hardly even know anything about the TPM modules, not to mention understanding their specifications.

So this untested equipment continues to flow into Russia under the proud name “Mobile Computing Complex MVK-2” and carries on its board an obvious tab in BIOS and a hardware keylogger in a network chip. And these complexes are completed with very important objects and products, here is one of the examples downloaded from the Internet:



State secret as a commodity

And in conclusion, I still can not refrain from global generalizations, they are sad.

In our country, security has become a commodity that is being traded, no one has got. In order not to be unsubstantiated, I’ll give a specific screenshot of the site of one of the many intermediaries who make money at the state secret:



Especially touching is the frankness of the wording of the text on the site, such as "The ability to buy a license from the FSB for cryptography", it is highlighted in red on the screenshot. And this is not a reservation, it once again slipped the "Naked Truth" about the "Naked King".

What has long been talked about in smoking rooms (that the employees of the FSB 8 center turned the issuance of licenses into a “business in Russian”) found such visual, independent, public confirmation.

It's sad, gentlemen ...

PS Do not think only that the authorities do not know about this situation, not at all.

More than a year ago, everything that was written here was reported in very “high cabinets”, in particular, Deputy Prime Minister D. Rogozin was informed about this.

The result is zero, but after that I got problems, but as they say, the world is not without honest and decent people, it has passed.
Author:
61 comment
Information
Dear reader, to leave comments on the publication, you must sign in.
  1. saag
    saag 23 December 2013 09: 02
    +6
    remote controlled army
    1. Orik
      Orik 23 December 2013 09: 11
      +21
      What state, such and army ... Ducking new planes, diving new ships, and then it turns out that all this is without communication and control. New 41st!
      1. Vovka levka
        Vovka levka 23 December 2013 12: 59
        +4
        Quote: Orik
        What state, such and army ... Ducking new planes, diving new ships, and then it turns out that all this is without communication and control. New 41st!

        It has always been that way. The weakest points have always been: these are communications and logistics.
        And what the author of the article writes is a small, tiny part of the problems that exist in this area.
    2. cdrt
      cdrt 23 December 2013 11: 21
      +2
      If I am not mistaken, this is a repost of the note of the respected Dragon the First.
      Well, either R_T_T is the Dragon itself, or the article is just plagiarism. I did not seem to find links to the source text.
    3. Airman
      Airman 23 December 2013 11: 45
      +15
      Quote: saag
      remote controlled army


      Here is your answer, why rockets do not take off, satellites are not put into orbit, and Rogozin, in the person of a "highly professional" commission, appoints "Vasya, a locksmith." Until we have our own microelectronics, we can't get away from this.
      1. Airman
        Airman 23 December 2013 12: 33
        +3
        Quote: Povshnik


        Here is your answer, why rockets do not take off, satellites are not put into orbit, and Rogozin, in the person of a "highly professional" commission, appoints "Vasya, a locksmith." Until we have our own microelectronics, we can't get away from this.


        Some kind of minuser really did not like that Russia should have its own microelectronic industry, on which security now largely depends. In yesterday’s article on the fifth element, the developers themselves admit that the share of imported microelectronics in military products is 18%, while another article says that the share of Russian components in microelectronics ranges from 30 to 50%. A MUST BE OWN
        1. voffchik7691
          voffchik7691 23 December 2013 22: 53
          +2
          I apologize, did not read your post - wrote your own. Almost everything is the same! On the one hand it’s not convenient, on the other hand it’s nice to realize that there are people who think the same way!
    4. Horde
      Horde 23 December 2013 19: 48
      +3
      Yesterday on the topvo article "The threat of the fifth element. Technological breakthroughs in the development of new military equipment can turn into an embarrassment"

      http://topwar.ru/37599-ugroza-pyatogo-elementa-tehnologicheskie-proryvy-v-razrab


      otke-novoy-voennoy-tehniki-mogut-obernutsya-konfuzom.html # comment-id-1793782

      putinoids on shit went out proving that there can be no bookmarks on Yars and other new Russian ICBMs, that ALL components are OUR, although the article was just about that up to 18% of microcircuits on electronic warfare facilities, just NOT OUR FULL TECHNOLOGICAL DEPENDENCE, that "replacement" of the military commander with new ICBMs Russia will only win. HOW CAN THIS BE if there is NO ORDER in the country?
      1. Ascetic
        Ascetic 23 December 2013 21: 18
        +4
        Quote: Horde
        that on Yarsy and other new Russian ICBMs there can be no bookmarks, that ALL OUR components


        At YARS, a 16n-bit on-board computer of the 5th generation is equipped with a fully domestic element base "Biser-6". On Topol-M BTsVM "Biser" -3 from the same NPTs AP them. Pilyugin. Enough delirium to carry. Moreover, no one proved anything to you, but poked with a face about the table, for dense incompetence and populism.
        The evolution of the development of operating systems for digital computers of missile systems developed by the SPC AP
        The architecture of the digital computer on Topol was implemented in the same way as it was on Buran.
        in the form of four parallel independent computing channels and a comparator, which continuously compared the results at the output of the channels. In case of deviation of the results of any of the channels from the other three, it was disconnected and the digital computer continued to work as usual. In the same way, another damaged computing channel could be disabled, thereby achieving automatic backup and fault tolerance of the computer. Computational channels (or cores, in modern terminology) worked at a frequency of 4 MHz and had 128 KB of RAM and 16 KB of constant program memory. Such an architecture allowed the BCM to control the landing process of the “Buran” even in a nuclear war (this was included in the statement of work at the request of the military).
        A special problem-oriented real-time programming language PROL2 and an automation system for programming and debugging SAPO were created. The language PROL2 was largely repeating the well-known logical language Prolog, but was built on the basis of Russian official words. Also on the Prolog was written the operating system "Prolog-dispatcher", which controlled the operation of the computer.
        The car was called "Beads-4"
        Beads-6 YARS and "unknown" Bulpava digital computer classified
        1. Horde
          Horde 23 December 2013 21: 49
          +1
          Quote: Ascetic
          At YARS, a 16n-bit on-board computer of the 5th generation is equipped with a fully domestic element base "Biser-6". On Topol-M BTsVM "Biser" -3 from the same NPTs AP them. Pilyugin. Enough delirium to carry. Moreover, no one proved anything to you, but poked with a face about the table, for dense incompetence and populism.


          Listen to the ascetic, but the BISER3,4,5,7 family is still a development of the SOVIET UNION that is not embarrassing to put ancient microchips on the MODERN ADVANCED EQUIPMENT of Russia type? I’m more than sure that the BEADERS are SUPER-ADVANCED TECHNOLOGY from the 80s to 20v 6mic technology, we simply didn’t have another then.
          there is no bazaar, of course, it is BISER3 that stands in yars, but how many those yars? 20 pieces? then 20 microcircuits of beads3 have already been made, not bad, but where are the computers on beads? and you know why, because on the ICBMs the extra 20-30kg is not a question, but for the home ...
          is firstly
          and secondly, the hell with us everything falls and explodes from protons, maces, zeniths and everything else that has jet thrust and given our LEVEL OF THEFT, PITCH, YES CORRUPTION under this power, you will argue that everything is smooth, without sabotage. I DO NOT BELIEVE!!! you yourself that you don’t see?
          1. orizonti
            orizonti 23 December 2013 22: 51
            +3
            Listen to the ascetic, but the BISER3,4,5,7 family is still a development of the SOVIET UNION, isn’t it embarrassing to put ancient microchips on the MODERN ADVANCED EQUIPMENT of Russia type?


            I don’t know what the Beads are like, but modern Russian processors that go to military equipment have nothing to do with Soviet developments. Google Divisional, Quark, Elbrus.
            Regarding Elbrus, you can find a lot of information on the ICST website.
            1. Horde
              Horde 23 December 2013 23: 16
              -1
              Quote: orizonti
              I don’t know what the Beads are like, but modern Russian processors


              Quote: orizonti
              Google Divisional, Quark, Elbrus.
              Regarding Elbrus, you can find a lot of information on the ICST website.


              don’t know don’t say where elbrus is used, mstst? But Amer’s microcircuits, just the same, are in OUR MILITARY PRODUCTS and this is DANGEROUS for our DEFENSE.
              1. orizonti
                orizonti 24 December 2013 01: 11
                +2
                Elbrus are used in the S-300 starting with the S-300PMU2, on various KP and radar air defense, missile defense. Divisions are used in airborne systems. At least this is what is reliably known. In general, in all key systems are our processors.
              2. brainkiller
                brainkiller 24 December 2013 11: 58
                +1
                Quote: Horde
                don’t know don’t say where elbrus is used, mstst?

                Elbrus stands on DON-2Н.
          2. voffchik7691
            voffchik7691 23 December 2013 23: 13
            +1
            This once again confirms that all the latest Russian developments are not so new. What groundwork did Soviet science have ?!
            It’s good if the Yarses are made so that our sworn friends cannot be reached.
            But about the "second" I completely agree!
          3. Ascetic
            Ascetic 24 December 2013 00: 20
            +4
            Quote: Horde
            BEADS 3,4,5,7 is this development from the time of the SOVIET UNION, is it not a shame to put ancient microcircuits on the MODERN ADVANCED EQUIPMENT of Russia type?


            - A generation of BCVM was created at the SPC AP
            of the Beads family. Is it planned
            continue?

            - Now we base our SS on the basis of
            BTsVM "Beads-6". She is a program-
            but compatible sequel well
            proven BTSVM "Beads-3".
            However, Bead-6 has significantly improved
            overall weight, energy characteristics
            Ristic and reliability.
            Another feature of this machine:
            elemental base exclusively domestic
            production and increased durability
            to the effects of special factors
            . For
            parry failures when exposed to special
            additional factors apply additional
            functional protective equipment.
            The basis of "Bead-6" is LSI, having
            Higher performance. SU on
            the base of this computer passed flight tests
            in 2007 at the RB "Frigate"
            regatta ”, as well as DM-SLB and DM-03.
            We plan to use "Beads-6"
            in the SU of launch vehicles of the Angara family.
            By the way, the SU for the "Angara" is already in some
            sense worked out at launches of South Korea-
            missile KSLV-1.
            On the upper stage of the KVTK we want to install
            update the new Biser-7 digital computer. From the previous
            the model will be distinguished by it: increased
            double computing manufacturer
            a nostril; the ability to work with numbers,
            presented in floating form
            comma universal high speed
            serial interface increased
            Memory; reduced mass gaba-
            General characteristics. For "Bead-7" already
            the central processor is designed and
            even more integrated LSIs are available.

            If you look very far, then the landmark
            for SPC AP - development of a digital computer using
            using technology "system on a chip"
            .
            di-
            rector
            Tiya, Doctor of Technology
            science Yefim
            Leonidovich Me-
            Zhiritsky.

            link
          4. Ascetic
            Ascetic 24 December 2013 00: 39
            +3
            Quote: Horde
            20 pieces? then 20 microcircuits of beads3 have already been made, not bad, but where are the computers on beads? and you know why, because on the ICBMs the extra 20-30kg is not a question, but for the home ...


            In the west, microcircuits are divided into categories commercial, industrial, military and space.
            In Russia, everything is divided somewhat differently: microcircuits are sold with acceptance 1 (the so-called acceptance of quality control department - the technical control department, when the factory tests the microcircuits), acceptance 5 (customer acceptance, in the case of the military, the military representative controls the tests) and acceptance 9 (when only the most qualified personnel are involved in the work - for space and nuclear power plants). Acceptance of 5/9 in itself does not mean that the microcircuit is radiation-resistant - resistance to special factors is indicated in the (non-public) documentation for the microcircuit.
            These additional tests, the ceramic case and small-scale production (when the development cost is divided not by 1 million microchips, but by 100) and lead to the fact that a military / space microcircuit costs at least 10 times more than a civilian one, and a maximum - it can cost $ 100 apiece.
            However, not every microcircuit can be put in the Russian military equipment - There is a list of domestic (“domestic” includes Belarusian microcircuits from Integral) electronic components that can be used to create equipment where everything is listed by name. If a factory creates a new microcircuit, then it cannot be used until it gets to this list.
            The use of imported microcircuits requires individual permission (with the corresponding formal bureaucracy that there are no domestic analogues, but as they appear - we will definitely use them).
            MOS for the current year is not found here for 2011 you can download here

            The list of MOP 44.001 is an official publication of the Ministry of Defense of the Russian Federation and is mandatory for all organizations, enterprises and institutions, regardless of ownership, carrying out the development (modernization), production, operation and repair of military equipment by order of the Ministry of Defense of the Russian Federation, for military command and control bodies , research organizations and military missions of the Ministry of Defense of the Russian Federation, as well as for developers and manufacturers of products.
      2. voffchik7691
        voffchik7691 23 December 2013 22: 58
        +1
        This already does not seem to be lack of order, but to LAW!
        In the "arguments of the week" there was an article that the only institute in the country that investigated equipment, programs and radioelements for "bookmarks" two years ago was safely closed! Glory to our visionary leaders!
        1. Ascetic
          Ascetic 24 December 2013 00: 42
          +1
          Quote: voffchik7691
          There was an article in the "arguments of the week"


          Do not read the shaking hands of such publications at night ...

          OJSC "Roselektronika" implements a project to create a high-tech research and production complex of an intersectoral center for the design, cataloging and production of photo masks. The project is being implemented as part of the Federal Target Program "Development of the Electronic Component Base and Radio Electronics" for 2008-2015.
          The enemy will no longer be able to "bookmark" the microcircuits used in Russian weapons
          1. studentmati
            studentmati 24 December 2013 00: 51
            0
            Quote: Ascetic
            Quote: voffchik7691
            There was an article in the "arguments of the week"


            Do not read the shaking hands of such publications at night ...


            The tradition is fresh, but hard to believe. From what I know and understand, I see that there is not enough capacity for "combing".
          2. studentmati
            studentmati 24 December 2013 00: 51
            0
            Quote: Ascetic
            Quote: voffchik7691
            There was an article in the "arguments of the week"


            Do not read the shaking hands of such publications at night ...


            The tradition is fresh, but hard to believe. From what I know and understand, I see that there is not enough capacity for "combing".
    5. AVV
      AVV 5 January 2014 12: 42
      0
      When they will be punished for the headshots of officials, state structures, including power !!! Who sells state secret or gives permission to use such equipment in the troops and other state structures !!! Some earn money, while others do not take any measures, for counteraction to legal espionage !!! It is necessary not only to dismiss such chiefs without pensions, but also to prosecute !!!
  2. Nayhas
    Nayhas 23 December 2013 09: 21
    +5
    How is the classic "This is some kind of shame!" ...
  3. makarov
    makarov 23 December 2013 09: 31
    +10
    It’s bitter to read such material ... I don’t want to spit on embezzlers and paddy, and this happens when ordinary 20-year-old boys give their lives for their homeland.
  4. baltika-18
    baltika-18 23 December 2013 09: 35
    +14
    The author did a fine job, plus laid out everything clearly, even to me a person who was little versed in these matters, something became clear.
  5. saag
    saag 23 December 2013 09: 37
    +2
    if we recall that satellite communication goes through Iridium with its head station in the USA, it’s interesting, but does China have such leverage over state electronics?
    1. RDS-1
      RDS-1 23 December 2013 14: 45
      +4
      Quote: saag
      Interestingly, does China have similar leverage over state electronics?

      Yes, here, on your favorite site in last year's article "Backdoor detected in Chinese-made chip in US"read:

      The Chinese backdoor (backdoor, undocumented features) was found in a processor in the US, in the course of a study that was conducted in connection with statements by some intelligence agencies, such as MI5 and the NSA, that microchips may contain “bookmarks” placed by manufacturers.

      Chip - Microsemi / Actel ProASIC3 is widely used in many systems, including Atom stations и public transport... The difference between the ProASIC3 version in the "military" version is in better resistance to radiation and electromagnetic effects, as well as temperature drops, the design is completely identical to the "civilian" version.

      After checking the chip for the presence of "atypical functions", a backdoor was found, placed there by the manufacturer, and capable of remove crypto protection from the chip, change the AES encryption key, gain access to an unencrypted data stream or cause significant malfunctions, that is, it can be used as a kind of "master key", the work of which was not interfered with even by the fact that the configuration was protected by the key of the official user

      Honestly, I would be very surprised if there were no bookmarks;) The Chinese need to be full suckers so that, given the opportunity, they will not be made.
  6. shurup
    shurup 23 December 2013 09: 55
    +1
    Problems, say, received? And the developer did not even bother to change the screensaver?
    Maybe it was necessary to drip into Canada right away so that they could sue a round sum of fines. You can remove your percentage for the tip.
    But if this is part of a special operation to hook the next big general, which is "state security in Russian", then there will be more problems.
    I liked the loaf of connection with the flyers. I hope that it has a lot of multi-colored light bulbs for bosses.
  7. avdkrd
    avdkrd 23 December 2013 10: 07
    +5
    I read this article or not this one, but with this material for a long time, as if not a year ago. I hope that something has already changed. The author described the situation in detail and the problem is not that this rubbish is used (used) in the Armed Forces, but that those people (officials) who gave the green light to this rubbish, not only did not incur punishment, but continue to "give" the go-ahead for similar equipment. There is no high-profile case and even the switchmen were not appointed, so I'm afraid the hopes are not justified.
  8. Heccrbq.3
    Heccrbq.3 23 December 2013 10: 11
    +6
    The author of the hammer, did a great job, and what he writes about is from a series of cutting BZHRK, blown up Satan mines, liquidation of Russian intelligence centers in Cuba, Vietnam, NATO base in Ulyanovsk, granting Russian citizenship secretly from the indigenous population to tens of millions of foreigners, mainly to Caucasians, the export of rough diamonds to South Africa, well, the freshest trick is forgiveness of the debt to Africa and money for Yanukovych for some kind of Ukrainian candy wrappers, this is with our pensions, child benefits, etc., etc. THANKS Vovochka !!!
  9. hohryakov066
    hohryakov066 23 December 2013 10: 12
    +1
    This is not just a shame - it is complete! The fact that our valiant ABVGD indulges in commerce I know to such an extent!
  10. Yun Klob
    Yun Klob 23 December 2013 10: 13
    +3
    The legacy of the economic progress of Doctor of Sciences Serdyukov. But perhaps he didn’t do it on purpose, but because of natural stupidity.
    1. urganov
      urganov 24 December 2013 11: 21
      0
      But what does this name have to do with it? I am simply familiar with the morals and customs of the "spetsura" since the late 80s. ... (small white polar fox), while not diminishing the presence of individual ideological patriots)
  11. hitech
    hitech 23 December 2013 10: 46
    +3
    Yes, yes, what is there, while Medvedev was playing with the "Oyfon" and so they brought me.
  12. rolik2
    rolik2 23 December 2013 10: 54
    -3
    SW comrade author of this opus, do you even have an idea about the organization of communications in the armed forces?
    It touches me that without understanding how everything works, you start broadcasting to the whole country that "everything is gone."
    So I want to open your eyes to the fact that this device, if it takes off information to someone, is only using the Internet, but here's the catch, the use of the Internet in the sun is allowed only from computers that are not included in the shared local network, and which are not processed AT ALL no information.
    And internal internal networks of the military unit do not have access to the Internet, not to mention computers on which secret information is processed.
    Now please explain to me what harm this program can do after all of the above ??
    1. revnagan
      revnagan 23 December 2013 17: 42
      0
      Quote: rolik2
      on which no information is processed at all.

      Excuse me, but ... Did you yourself understand what you wrote? NOTHING AT ALL? Or no CRITICAL at all?
      1. The comment was deleted.
      2. rolik2
        rolik2 23 December 2013 18: 00
        0
        They rarely even put an office on them, so the browser is enough
    2. Cpa
      Cpa 23 December 2013 21: 35
      +2
      MVKs are used as a terminal, a control panel operating in a Wi-Fi-type local area network, so that only a hardware-independent encryption station can prevent the removal of information and keys in the reception area, and if the BIOS does not mark them with marker messages.
    3. voffchik7691
      voffchik7691 23 December 2013 23: 31
      +2
      I worked at a joint venture and we also have in each department, the machine connected to the Internet was separate. Only now, our craftsmen in the evening in the absence of system administrators put screws from their computers into this machine, and loaded everything that they needed. Then everything was returned to the place. Didn’t you think about this option?
    4. brainkiller
      brainkiller 24 December 2013 11: 36
      +1
      Quote: rolik2
      So I want to open your eyes to the fact that this device, if it takes off information to someone, is only using the Internet, but here's the catch, the use of the Internet in the sun is allowed only from computers that are not included in the shared local network, and which are not processed AT ALL no information.
      we don’t know the specific method of removal from this computer, but the fact that it is prepared for these purposes greatly simplifies the task.
      But in order to transmit the signal from a button pressed in the USA to this box, a GPS signal is quite enough, which means that you can completely paralyze the communication centers where this technique is involved (well, if you take a specific example with a loaf above).
      In addition, judging by the quality of verification of this device, you can easily assume that anything can be in this box, up to independent transmitters.
  13. atarix
    atarix 23 December 2013 11: 18
    +5
    But how much pathos! Laws, secrets, protection - everything is like in adults.
    but in reality they carry water with a sieve from empty to empty.
    IMHO, China is now in the best position in the cryptography industry, at least at least some kind of control of the hardware, and with a bureaucracy as it is more strict.
  14. rolik2
    rolik2 23 December 2013 11: 20
    -2
    Quote: atarix
    China is now in a better position in the cryptography industry,

    Details, please?
    Do you have cipher cracking data?
    Or so pi..t decided?
    Gaining pluses?
  15. ed65b
    ed65b 23 December 2013 11: 25
    +1
    She will seek access to the Internet through the transfer of a bribe in the form of a bubble of vodara prapora. laughing
    1. CHILD
      CHILD 21 January 2014 23: 34
      0
      do not need dirt)))) promissory notes for a bubble are not for sale))))) at least three ..... and after three what the hell the Internet is for you, only in your ear for a power and the words are not clear ...
  16. SIT
    SIT 23 December 2013 11: 35
    +7
    In general, secrecy on the basis of the Law on State Secrets seems to be just another extortion method that has nothing to do with state security. Paper cards M 1: 50000 and larger are secret! Although it is written in black in Russian - the year of the 1984 edition updated to 1978. Those bridges that are on these maps have been on country roads for about 20 years since they have decayed and collapsed, there are already no rivers in the place of fords, it changed its course. Here is such military information on them, but without the FSB’s license these papyruses won’t even let you hold it, and you should do a review on them, because the examination does not accept others. Pay. High-resolution satellite images of the naked tundra from American satellites, too, buy only from Russian distributors through the 1st department. Pay again for privacy. Praise be to the Almighty Google, even if he is late for a year he will dump most of these pictures simply into the Internet. And on the other hand described in this article. I understand that the general should only be able to put the signature on the order in the place that the colonel indicates to him, and he, in turn, should know only this place, and they shouldn’t strain their brains at the expense of the rest. But then it is time to introduce a service of specialists at all levels of management to ensure the real security of digital information, and to disperse the 1st departments to hell as an atavism of the last century. Maybe in time, when the level of computer literacy of the command staff approaches at least 14 modern teens, such a service can be reduced, but it can’t be completely removed, in any case, because generals only with a commanding voice in their heads in the Russian army have been from time immemorial and will continue to be.
  17. Pacifist
    Pacifist 23 December 2013 11: 42
    +7
    I have the good fortune to directly use cryptography and information security systems, and communicate with people who call themselves "specialists" and "professionals" in this field ... except for a couple of really serious professionals, I want to strangle the rest ... they should not be allowed to get a cannon shot on this topic ... Unfortunately, the practice of recent years has led to the process of washing out real professionals for the sake of mindless plankton ... sadness, however. Although, in my opinion, not all is lost, the main thing is that the relevant services begin to pull out all this riffraff from the process at least by grain.
    1. CHILD
      CHILD 21 January 2014 23: 45
      0
      they’re not pulled out, nepotism however)))) other specialists will disappear only with the government, and that’s not a fact ..... personnel decide everything)))) not competence, while they’re not even shy about it ... but after some time, people already a major specialist, went uphill))))) was like at a meeting with the builders .... there aunt a boss, such a speech moved, I already wept, the Komsomol remembered ..... well, at least they didn’t make notes .. ....
  18. Stinger
    Stinger 23 December 2013 11: 49
    -1
    Is the author smarter than everyone and seriously thinks that the army is controlled via the Internet? Do not bully the average person. If you understand one piece of iron, this does not mean that the rest are stupid.
    1. voffchik7691
      voffchik7691 23 December 2013 23: 41
      +2
      The conversation is not about the army being controlled via no-no. And about who admits all this and why? Do you really believe that these bookmarks are so children's games ?!
  19. I think so
    I think so 23 December 2013 12: 55
    +8
    The situation in the field of intelligence and counterintelligence has never been so depressing for Russia ... And this despite the fact that the country is headed by a "professional" (the word intelligence in relation to this is somehow inconvenient to pronounce). It's just that when the weak people who can't do EVEN YOUR work get down to business, the country is doomed to slow extinction, and people are not extinct ... What we see in reality ...
  20. saag
    saag 23 December 2013 12: 58
    +1
    Quote: Povshnik
    Until we have our own microelectronics, there is no getting away from this.

    Here you are right, this is the basis of any business today, I wonder today do they do it at all or not?
    1. Airman
      Airman 23 December 2013 14: 57
      +1
      Quote: saag
      Quote: Povshnik
      Until we have our own microelectronics, there is no getting away from this.

      Here you are right, this is the basis of any business today, I wonder today do they do it at all or not?

      All microelectronics is privatized and private entrepreneurs are engaged in it.
    2. brainkiller
      brainkiller 24 December 2013 12: 16
      +1
      Quote: saag
      do they do it today or not?

      Yes! one notorious red =)))
  21. scientist
    scientist 23 December 2013 13: 05
    +4
    INFOPRO CJSC is the same shell organization as Rosoboronservis, which launders budget money by supplying thousands of “protected” computers with their own stickers to the troops, without worrying about state security. It is difficult to imagine the excess profits from business on the security of a huge state, the drug, arms and oil trade are not near. Although it’s not at all difficult to guess whose pockets flow money.
  22. HollyGremlin
    HollyGremlin 23 December 2013 15: 00
    +2
    Do you want to hide a tree, hide it in the forest. How to get rid of bookmarks? - Buy laptops on Gorbushka. But seriously speaking, a computer is such a thing that even if you completely assembled it yourself, you won’t be sure of its security. If there was a will, they would have long ago assembled their machines with their software, but the state is stubbornly thinking that private companies should deal with this.
    1. voffchik7691
      voffchik7691 23 December 2013 23: 49
      +1
      This is not the state that thinks, it was they (our leaders) who were told by Western experts, those who helped Chubais to carry out privatization.
  23. Yutas
    Yutas 23 December 2013 15: 48
    +3
    The persons responsible for such a criminal race are 3,14 acts - in court and in the tower.
    As long as impunity continues, so we will prosiri out of the blue.
  24. mountain
    mountain 23 December 2013 16: 33
    -6
    The article is interesting. But I doubt that it has anything to do with the security of the army. Yes, a lot of mistakes and shortcomings, but not to that extent. Yes, I admit, the possibility of access to a closed zone with prohibited gadgets and flash media. But, the protection of secret enterprises, not to mention military facilities, is important and, believe me, reliable.
    1. wanderer_032
      wanderer_032 24 December 2013 11: 51
      -1
      We will not believe until we are convinced. yes
      1. The comment was deleted.
      2. mountain
        mountain 24 December 2013 13: 27
        0
        Your status is not the one to convince you of something. Everyone does his work. Cope with yours, and only then put your nose in secret affairs, if the broom does not fall away.
    2. brainkiller
      brainkiller 24 December 2013 12: 05
      +1
      Quote: mountain
      But, the protection of secret enterprises, not to mention military facilities, is important and, believe me, reliable.

      Did you serve In the new armament of electronic warfare equipment, I did not see a single laptop or an analyzer of the spectrum of production of the Russian Federation. On the basis of Kamaz, for example, a completely secret car - inside almost nothing of its own.
      1. mountain
        mountain 24 December 2013 13: 21
        -1
        If you, dear friendship, served or worked at special facilities, you would understand the degree of protection, and at the forum I am not going to explain to you and explain what. Only think like you. Today is not the 90s. Yes, and in the 90s, there were secrets. You can not find on the forum, photos of new developments and at least some. technical descriptions. Go into closed networks, since you are so smart and PATRIOTIC here. Pease ... yes ... bols.
        1. brainkiller
          brainkiller 24 December 2013 14: 31
          +3
          If you, dear friendship, served or worked at special facilities, you would understand the degree of protection, and at the forum I am not going to explain to you and explain what.
          Yes, you can’t explain anything to me because you don’t know and have not seen Nicherta.
          If we talk about myself, then I graduated from VKA them. A.f. Mozhaiskogo in 2004, majoring in electronic warfare.
          He served in military unit 03525 beginning RTK groups.
          This topic is better than any other suits me as a specialist.
          You can not find on the forum, photos of new developments and at least some. technical descriptions. Go into closed networks, since you are so smart and PATRIOTIC here. Pease ... yes ... bols.
          I will leave without comment, because this statement put everything in its place =))
          1. The comment was deleted.
            1. brainkiller
              brainkiller 24 December 2013 17: 59
              +2
              That would understand what you write. You have to deal with why, where did you serve, there was a mess. And aren't you responsible for negligence. In principle, he himself explained everything. Wait for a visit. Citizen.
              damn, it’s very funny what exactly you write here about fools =)))
              on this forum, no fools gathered, but no, they could not have done without them, and here.


              Wait for a visit. Citizen.
              balabolov as you are not waiting for a visit.

              I’m not afraid to tell the truth with an open visor, it apparently infuriates you.
              1. The comment was deleted.
  25. aud13
    aud13 23 December 2013 16: 44
    +6
    Razdolbaisky attitude to information, unfortunately, is carried out in many places.
    So, for example, did you know that our Bank of Russia auditor is ZAO Price Waterhouse Coopers, a subsidiary of one of the largest foreign auditors.
    In your opinion, is it possible for the Russian Federal Reserve System to become an auditor of a subsidiary of some Russian audit company?
    As I understand it, they wouldn’t let us go to their documents with a cannon shot.
    Another question - why does the Bank of Russia need an audit report issued by a company created with foreign participation?
    Well, it is understandable export-oriented enterprise for the conclusion of contracts, with preparing an audit report in order to show the counterparties.
    If this continues to be the case, then soon the cabinet of ministers of Russia, the ministry of defense and the presidential administration will be very carefully checked by foreign auditors.
    Our auditors, by the way, over the past few years have been successfully spread rot by a native of this very Price Waterhouse Coopers "
  26. yanus
    yanus 23 December 2013 17: 01
    +1
    Funny article. The author threw up "scandals, intrigues, investigations", but could not check))
    Unfortunately, the machine was not connected to the Internet or to the local network, so it was not possible to look at the network activity on the IP addresses to find out the state of the Absolute Software service.

    Well yes. Only on the screen for some reason the network connection icons are lit.))) By wifi, which seems to be in this piece of iron, there was nothing to connect to? )))

    I have not seen such a dull "black" PR of competitors for a long time.
    1. Cpa
      Cpa 23 December 2013 21: 36
      0
      The author wanted to track activity on the Internet, and the MVK is connected to a LAN. IMHO
  27. wanderer_032
    wanderer_032 23 December 2013 18: 40
    +2
    If this is indeed the case, as the author of the article says, I am not so much surprised.
    As the saying goes, "Every flaw has a name and surname," Stalin's grandfather is now fashionable to find fault with and pour slop, but with him for such a mess, they would have put a "seal" in the back of the head for all the guilty.
    I do not believe that in our country it is impossible to find good IT specialists who can create OS and other necessary programs, so necessary for the Russian Armed Forces.
    As for the hardware, I think, and many people will agree with me, all this can be produced in Russia (there would be will and desire).
    PSOne gladdens that the "computer" was in the dust, it seems that they did not really use it (maybe those who should work with it have brains in their heads and did not use it, understanding what the use of a sim device smells like).
  28. uzer 13
    uzer 13 23 December 2013 19: 11
    +4
    The problem of bookmarks and espionage exists and will be aggravated every year. In Russia there is no production of our own computers and electronic components. This also means that foreign products cannot be fully checked for the presence of spyware modules and programs. There is no such equipment and such service. Specialists also there isn’t enough, and they don’t respect them in our society, that’s the mentality. If a person does not dig the earth with a shovel and does not carry logs on his back, then he is not very busy and is the first candidate for reduction. If laptops for the needs of the army are already purchased for abroad, then they must be sent immediately to the alteration. First of all, you need to write your BIOS and delete the one that was on the computer. There is nothing complicated about it, BIOS is the basic I / O system. This is a program that determines the order in which the modules are loaded, controllers and services. TPM modules should be removed immediately, the same thing should be done with a network controller. If anyone needs access to the Internet (and not everyone who wants it), the application is submitted to activate the network controller. Local networks are also good. But if a laptop of unknown origin with an activated Internet connection (or even with a connected USB modem) is lying next to the local computer, this is already bad.
  29. invisibility
    invisibility 23 December 2013 20: 25
    +3
    And this is in a country that possessed all the necessary complex in the field of high technology!
    The conclusion is very valuable and correct: everyone knows about it. This is treason, treason, call it what you want. According to the legislation, this period is not small. How many electronics are in the hands of the population?
    Is the production of elementary base. not profitable? However, it is not the case to give strategic sectors into the hands of a private trader ..
  30. Docklishin
    Docklishin 23 December 2013 20: 47
    +5
    Thanks to the author for the article. I liked it very much. I would write something similar, but I am not an expert in this field. Only a gadget lover. About bookmarks, everything is clear and have long been aware of this. Therefore, the described fact, like sloppiness and treason, cannot be called otherwise. What to go far, the same Americans got around ... when they bought computers on the Chinese element base. WISH to the author - if there is time, please write a review on OUR Russian electronic industry. As far as I know, we have enterprises such as ANGSTREM, MCST. Both of them are part of the Russian Electronics Corporation (it seems so called). We lag behind normally, but for the needs of the army we can release the entire line. In 2010, we bought a used factory from the Germans (AMD), we will switch to 90 nm. Now 130 nm. The world is moving to 32, and some comrades to 20 nm.
  31. Docklishin
    Docklishin 23 December 2013 20: 54
    +7
    This year, Multiclet processors began to be released. It’s only a pity that they are doing them in Asia. From my point of view, the development of the electronics industry is a political issue. Nah ... th Olympiad, Universiade, World Cup in football (at all so laughter). And let the money to develop high technology. At least for a start, create your own quality computer set up entirely on the domestic element base. We can develop the software ourselves - this is what I have no doubt about. And sell voluntarily by force to schools, clinics, hospitals. Our brothers in the CIS. Only in this case can something happen. As for me personally, I would love to take a domestic product. And so China China China ... We are moving in the right direction, but slowly. And then .... that it is impossible to emboss technology in the end ....
    1. invisibility
      invisibility 23 December 2013 21: 58
      +4
      It seems to me that we are not moving. The business does some kind of effort ... for profit.
      Screwdriver assembly, without a base is a waste of energy (for state interests). But the question is a political one. You are the point.
      Only with us, that’s not a question, it’s a political one.
      Yes, and some kind of rotten politics ..
  32. Docklishin
    Docklishin 23 December 2013 21: 02
    0

    A short video from the exhibition New Electronics 2013.
  33. Docklishin
    Docklishin 23 December 2013 21: 17
    0

    Or here's another video
  34. voffchik7691
    voffchik7691 23 December 2013 22: 37
    +7
    Yesterday, within the framework of the article "Threat of the Fifth Element", people argued for a long time (up to insults) that it is bad that our latest developments contain foreign radioelements.
    This article is a direct confirmation of this, only in my opinion it's even worse. Not only can someone turn off the "product", but before that, this someone will know everything they need!
    Here everything falls into place - the Mace more often falls than flies, and the satellites do not want to follow into orbit!
    By the way, why if our launch vehicle starts with the Americans satellites, everything is fine! But if only ours, then ...
  35. The comment was deleted.
  36. The comment was deleted.
  37. brainkiller
    brainkiller 24 December 2013 12: 22
    +3
    Quote: KPA
    The author wanted to track activity on the Internet, and the MVK is connected to a LAN. IMHO

    The mere presence of Wi-Fi indicates the absence of a proper check of the machine.
    Or 010 in the army was canceled completely.
    1. Cpa
      Cpa 26 December 2013 00: 26
      +1
      Well, the automated control system of TK is built on Wi-Fi, the role of special orders can be judged by the allowed mobile phones for conscripts. negative
  38. mountain
    mountain 24 December 2013 13: 34
    -1
    On the one hand, it seems that where, where, but on this forum, no fools gathered, but no, they could not have done without them, and here. Yes, the very essence of new developments, without a secret, cannot exist by itself. And first, this is security, and only then everything else.
  39. Takashi
    Takashi 24 December 2013 18: 31
    0
    "For those who do not know, I will explain that special checks and special investigations are necessary procedures (and very expensive) for the equipment to appear at secret facilities and in the troops. After these checks, the equipment is considered safe from the point of view of leakage of secret and confidential information and can be used on secret and protected objects. "

    I once saw how typewriters (60s release) checked. Long neighing to himself.

    And how you have not yet been taken for a zugunder, because you took a super secret machine :) :) :):

    My question arose, and if I buy a computer with a TRM chip for personal use, will the computer be picked up at customs or will people in black come to me and solder the deadline?
    1. studentmati
      studentmati 25 December 2013 00: 13
      0
      Quote: Takashi
      My question arose, and if I buy a computer with a TRM chip for personal use, will the computer be picked up at customs or will people in black come to me and solder the deadline?


      Never underestimate the opposite side! Everything is imported and sold and used on a large scale! Including technology TRM! For the good of Russia.
    2. The comment was deleted.