mikedilger on Nostr: Exfiltration is Extremely Rare (alternately titled: "I'm not wearing a tinfoil hat") ...
Exfiltration is Extremely Rare
(alternately titled: "I'm not wearing a tinfoil hat")
For an intelligence agency to exfiltrate data from a computer, that data has to travel over the network. That means such data is discoverable, either by packet sniffer or oscilloscope. Enough people of high technological background are looking at enough packets and enough ethernet segments to know that there is no hidden exfiltrated data in there in the general case. And the odds that you might decide to take a look, or that your router is looking for anomolies all the time, are far too high for intelligence agencies to exfiltrate data off of your computer regularly.
An intel agency could try to obfuscate the data, but that is very hard and still discoverable.
Therefore, in my opinion, this almost never happens.
WE KNOW however that they exfiltrate data from central hubs on the Internet. This was exposed multiple times. That is a different thing.
And I am nearly certain that they CAN exfiltrate data from your computer if you are targetted, and this is almost entirely undefendable (but maybe not quite and still worty trying). Someone makes the call for whether it is worth the risk to involve Tailored Access Operations to hack your computer and exfiltrate data. Specific targetting is so risky that it is highly limited. BUT I claim it does happen, and I claim that it happens more easily than most people realise, and that it happens at the lowest levels of hardware and that most security mechanisms cannot prevent it. Consider for example that sandsifter found undocumented instructions, found hidden RISC instructions inside instruction data offering direct memory access that completely bypasses processor security.
(alternately titled: "I'm not wearing a tinfoil hat")
For an intelligence agency to exfiltrate data from a computer, that data has to travel over the network. That means such data is discoverable, either by packet sniffer or oscilloscope. Enough people of high technological background are looking at enough packets and enough ethernet segments to know that there is no hidden exfiltrated data in there in the general case. And the odds that you might decide to take a look, or that your router is looking for anomolies all the time, are far too high for intelligence agencies to exfiltrate data off of your computer regularly.
An intel agency could try to obfuscate the data, but that is very hard and still discoverable.
Therefore, in my opinion, this almost never happens.
WE KNOW however that they exfiltrate data from central hubs on the Internet. This was exposed multiple times. That is a different thing.
And I am nearly certain that they CAN exfiltrate data from your computer if you are targetted, and this is almost entirely undefendable (but maybe not quite and still worty trying). Someone makes the call for whether it is worth the risk to involve Tailored Access Operations to hack your computer and exfiltrate data. Specific targetting is so risky that it is highly limited. BUT I claim it does happen, and I claim that it happens more easily than most people realise, and that it happens at the lowest levels of hardware and that most security mechanisms cannot prevent it. Consider for example that sandsifter found undocumented instructions, found hidden RISC instructions inside instruction data offering direct memory access that completely bypasses processor security.