I doubt the components are backdoored by default in stock hardware. More likely, GHCQ was worried that other nations (China, Russia, etc.) were targeting Guardian journalists in an effort to gain access to the Snowden cache. As such, GHCQ probably was simply taking extra precautions in the event that hostile intelligence agencies had installed implants into the Guardian's hardware. Or perhaps, GHCQ/NSA had installed the implants themselves to monitor the journalists, and then wanted to destroy the evidence. See the leaked ANT catalog for an idea of the types of hardware implants that SIGINT agencies have developed.
There is a possibility that GCHQ knows these chips are storing data without users knowing it.<p>It's equally possible that GCHQ isn't sure that they aren't storing data (double negative, I know). Or that GCHQ wants to be sure nobody at the Guardian was savvy enough to sneak data on to these chips.<p>I'm not suggesting one or the other is more likely, I really wouldn't know. I find it more interesting that they felt the need to do this, when really the only assurance they have that the documents are destroyed is the word of the Guardian's employees. Other than someone speaking up, there's no way for anybody to <i>actually know</i> if there are other copies floating around.
It sounds like there are 3 plausible reasons. (1) they had compromised those components and were trying to clean up after themselves (2) they were afraid someone else had compromised them (3) intentional misdirection.<p>If the GHCQ knew that these components were easily compromised, they would have bugged them themselves given their interest in the material on those machines.
Perhaps they were looking for common attack vectors/device modification surfaces, rather than looking for specific information there.<p>For example, perhaps the GCHQ have reason to believe that Chinese spys were bugging keyboards and mice sent to journalists and their companies. So they removed the chips that they knew could possibly be bugged and took them home for further inspection?<p>If they could prove that the Guardians computers were already compromised by Chinese spys, and that the guardian was holding top secret sensitive information on them... GCHQ could skewer the Guardian publicly for releasing state secrets to China.<p>/speculation
The purpose of the exercise was only partly to destroy any potential storage, but also to intimidate the Guardian. Having an air of fake mystery to irrational actions just adds to the effect.<p>If the whole thing was too easy the capacity for that intimidation would have been greatly reduced, and leaving it hanging allows paranoid people to latch on to stuff while giving GCHQ the air of having preserved some secrets, when their instructions were probably get rid of certain components, for sure, but randomly do some other stuff for confusion to cover exactly what it was we did have to get rid of.
Who was that guy with that bigass beard was? You know, the one everyone in tech takes lightly and treats as the butt of the joke? He keeps owning your asses as you keep ignoring him.<p>The one who advocates open hardware. You know.
It's surprising that they didn't destroy the entire computer to cover up what they were hiding. This seems like a relatively small subset of components to investigate.
We've been here before, 20 years ago, in the "Spycatcher" trial. The UK sued to suppress information from the book which had been printed in Australia from making it into the UK newspapers. <a href="http://news.bbc.co.uk/onthisday/hi/dates/stories/october/13/newsid_2532000/2532583.stm" rel="nofollow">http://news.bbc.co.uk/onthisday/hi/dates/stories/october/13/...</a><p>United Kingdom vs. Observer (sister paper to the Guardian) is worth reading at this point: <a href="http://hudoc.echr.coe.int/sites/eng/pages/search.aspx?i=001-57705" rel="nofollow">http://hudoc.echr.coe.int/sites/eng/pages/search.aspx?i=001-...</a><p>" These two newspapers had for some time been conducting a campaign for an independent investigation into the workings of the Security Service. The details given included the following allegations of improper, criminal and unconstitutional conduct on the part of MI5 officers:<p>(a) MI5 "bugged" all diplomatic conferences at Lancaster House in London throughout the 1950’s and 1960’s, as well as the Zimbabwe independence negotiations in 1979;<p>(b) MI5 "bugged" diplomats from France, Germany, Greece and Indonesia, as well as Mr Kruschev’s hotel suite during his visit to Britain in the 1950’s, and was guilty of routine burglary and "bugging" (including the entering of Soviet consulates abroad);<p>(c) MI5 plotted unsuccessfully to assassinate President Nasser of Egypt at the time of the Suez crisis;<p>(d) MI5 plotted against Harold Wilson during his premiership from 1974 to 1976;<p>(e) MI5 (contrary to its guidelines) diverted its resources to investigate left-wing political groups in Britain."<p>(a) and (b) are basically the same as some of Snowden's allegations: diplomatic meetings are bugged.<p>(c) is a routine violation of international law, although to be fair we were trying to invade Suez at the time;<p>(d) is MI5 trying to overthrow our democratic government, straightforward totalitarianism;<p>(e) is still going on, and Scotland Yard are involved as well (e.g. the deeply embedded undercover officers in the Green movement).<p>The judgement eventually held that MI5 attempting to block the publication of Spycatcher was a human rights violation. I would expect a similar result in an ECHR trial about attempts to block Snowden's leaks, if such a trial happened.
One possibility, as mentioned, is that these ICs are not what they're claimed to be. Someone should take them out of equivalent devices, decap them, and publish some photos.<p>Another possibility is that they weren't just looking to destroy data, but also to sneak a peak at the data being destroyed. Scraping off a power IC might let them attach a power source, to turn on parts that were supposed to be off. Scraping off other ICs might get them access to I2C buses.
> We have reached out to Apple to understand the storage characteristics of this component and the role it plays in overall device operation.<p>I spit out my beverage when I read that. They reached out to Apple to understand the 'storage characteristics' and 'role' of a DC regulator...
GCHQ are probably pretty far ahead of the game as far as disinformation goes. Consider what the UK government did to cover up operation overlord.<p><a href="http://en.wikipedia.org/wiki/Operation_Bodyguard" rel="nofollow">http://en.wikipedia.org/wiki/Operation_Bodyguard</a><p>I seem to recall a story where they put fake plans in the pocket of an army coat, which they put on a recently deceased person dressed in full military uniform (of military service age), and then strategically dumped it where they knew the germans would find it. Or maybe that was just a spy movie I watched.
Destroying those components would render the machine useless without external inputs and outputs, maybe their intention was simply just to disable the machine, executed in a rather odd manner.
My <i></i>theory<i></i> is that they were not destroying any kind of persistent data on these components like IC's; rather, destroying what/where/whom they might be able to identify or correspond with via serial numbers, dates, manufacturer, locations of where that component came from, etc.<p>At least for the components of which have no memory, volatile or not.
Obviously, the easy answer is that theres somehow something that lets you record data in those components. On the other hand, you have to consider that perhaps those are components that they've known other groups (them selves included) to use to store data, so they want to ensure that they're destroyed. Perhaps they dont want any inadvertent leaks of the data to a third party?
If I may speculate about why those ICs were destroyed, then I'd wager on, that the decision about which ICs to destroy was not made by an engineer, but by some overseeing manager who went through a number of PowerPoint slides (like they were leaked over the past year) and identified those as a threat, because those ICs have been mentioned for being an active part in data exfiltration.<p>Let me explain: What those ICs have in common is, that each of them bases their function on fast switching of voltages:<p>The keyboard controller IC rapidly (at several hundred kHz) switches voltage through the key matrix row-lines (addressing the row) so that on the column lines the voltage is read out and thereby telling if a key is pressed, hence making the connection.<p>The touchpad controller IC does the same, but not for reading out electrical connection made by keys, but the change of capacitance caused by a dielectric (=finger).<p>The voltage inverter IC is switching a voltage to drive an induction coil for a voltage converter.<p>Now the (often unwanted) side effect of switching voltages is, that they create electromagnetic waves, that radiate away. Unless you're building a radio transmitter you don't want that, as this is then EMI (electromagnetic interference). EMI is a big concern in the design of keyboard, touchpad and voltage conversion controller.<p>But for spooks the EMI caused by regular device operation can be a great covert channel to exfiltrate information. To the unwary it just looks like the regular, random EMI but a spy agency may know how to cleverly use it.<p>Now making use of keyboard row-column switching caused EMI to eavesdrop on user input is by no way something new. This kind of tempest attack is as old as it gets. You can nicely see on an oscilloscope when the controller begins reading out the keypad (there's some pause before) and every row switching produces a pulse; if there's a key pressed the pulse looks different; also the shape of the pulse depends on the amount of wire closing the circuit, so this gives you the key position on the row and column, thereby telling you which key is pressed. When voting computers were about to introduced in the Netherlands European hackers demonstrated, that the entry system of the machines used could be eavesdropped on by their EMI. Unless you got yourself a super EMI optimized keyboard on your computer, you're likely giving away your inputs by EMI.<p>The touchpanel controller is similar.<p>Now the inverter controller is interesting, because those normally drive a display's backlight, which is more or less independent from the data displayed on the display. But then the display brightness can be controlled by software! So by having a spy program run on the computer that modulates the display brightness with some data you want to exfiltrate you can make use of that channel. However the bitrate will not be very high; if I had to make an educated guess, I'd say about 100 Baud to 1 kBaud.<p>Anyway I think those techniques may have been presented or documented somewhere and a person without the technical understanding at GCHQ command thought those particular controllers would maybe hold some secrets or are something special, while in fact the really interesting stuff happened somewhere else. It's not even clear that the laptop computer had display modulating spyware installed. But that's what I was looking for on suspect computers first, because the keyboard and touch controllers are boring and their principal vulnerability to eavesdropping by EMI emission is well known.
The most likely explanation I think is that these extra chips are targeted for implantation as part of Tailored Access Operations, or the GCHQ equivalent.<p><a href="https://en.wikipedia.org/wiki/Tailored_Access_Operations" rel="nofollow">https://en.wikipedia.org/wiki/Tailored_Access_Operations</a>
When I was serving I always used to wonder why the Ministry of Defence never used to defend itself with a public spokesman about public allegations.<p>Now I know why - people are morons and no explanation will suffice. It is really not worth the time or resources to argue with people who have no primary experience of the subject they think they are qualified to argue about.<p>Carry on HNers; you are doing a fine job.
Just to be clear on this matter. The Guardian were given every option to return the classified material.[1]<p><i>In two tense meetings last June and July the cabinet secretary, Jeremy Heywood, explicitly warned the Guardian's editor, Alan Rusbridger, to return the Snowden documents.</i><p>>> <i>At one point Heywood said: "We can do this nicely or we can go to law"</i><p>That is not intimidatory. It is exactly how I would expect a democratic institution to act. They didn't send in jackbooted armed personnel to shut down the editorial department. Two computer engineers arrived and oversaw classified material being destroyed. That's it.<p>It's about as intimidating as a police officer telling a suspect he can get in the car nicely or he can be handcuffed.<p>The Guardian were asked point blank in a Parliamentary Hearing - "Do you think the entire episode was a PR stunt?" and they said "No."<p>EDIT TO ADD: I love it :-) Voted down for publishing the story written <i>by</i> the Guardian about the entire incident.<p>[1]<a href="http://www.theguardian.com/uk-news/2014/jan/31/footage-released-guardian-editors-snowden-hard-drives-gchq" rel="nofollow">http://www.theguardian.com/uk-news/2014/jan/31/footage-relea...</a>