[HN Gopher] The NSA Furby Documents
___________________________________________________________________
The NSA Furby Documents
Author : gumby
Score : 131 points
Date : 2024-01-23 17:21 UTC (5 hours ago)
(HTM) web link (www.404media.co)
(TXT) w3m dump (www.404media.co)
| itishappy wrote:
| Now I'm curious if there's any evidence of Furbies actually being
| used for espionage.
| bragr wrote:
| Furbies just have a simple microcontroller and the code has
| been released [1]. It's a clever bit of code to give the
| impression of intelligence, but it doesn't have anything like
| the abilities in urban legends. You could put other hardware in
| them of course, they'd be prime targets for that kind of thing.
|
| [1] https://archive.org/details/furby-source/mode/2up
| wolverine876 wrote:
| > It's a clever bit of code to give the impression of
| intelligence
|
| AI hasn't changed.
| masswerk wrote:
| OMG, it's 6502 code! (Or for some variant of the 6502.)
|
| Marginally interesting, the source uses standard MOS
| assembler syntax, but Intel-like _xxH_ notation for hex
| values, rather than _$xx_.
|
| ---
|
| [Edit] According to Wikipedia, actually a Sunplus SPC81A
| microcontroller using the 6502 instruction set, but lacking
| the Y register:
|
| > The first Furby model was based around a 6502-style Sunplus
| SPC81A microcontroller, which had 80 KiB of ROM and 128 bytes
| of RAM. Its core differed from the original 6502 in the lack
| of the Y index register. The TSP50C04 chip from Texas
| Instruments, implementing the linear predictive coding codec,
| was used for voice synthesis.
|
| https://en.wikipedia.org/wiki/Furby
| rarely wrote:
| it's certainly possible with a modified furby. there could have
| been a voice recorder placed inside, but that threat seems
| possible with other toys as well, maybe there was some
| opportunity due to the popularity of furbys.
|
| in terms of the furby's unmodified hardware capabilities, the
| microphone was simply used for volume level reaction. reading
| through the furby's firmware, the mic was used as a peak volume
| input.
| xsmasher wrote:
| Probably better to hide your microphone in something that is
| more commonplace and doesn't already have a security hysteria
| around it.
| refulgentis wrote:
| Context: Furbys were _the_ toy for a year or two, and were
| actively marketed as learning from speech, had an active mic, and
| did adjust their speech based on what they heard, "learning" to
| speak English from Furbish. [^1]
|
| It's not so different from the fundamental fear of
| Alexa/Assistant/microphones that's fairly well diffused now.
|
| Except the Furby actively claimed to learn how to speak based on
| your speech, and had a built-in feedback loop to make it appear
| as such.
|
| In retrospect it looks like it more was "shift mix towards
| English based on how much you've heard" than "add words you heard
| to your speech patterns"
|
| [^1]: https://www.listenandlearn.org/blog/no-you-cant-teach-
| your-f...
| kube-system wrote:
| Many voice assistants _do_ record your voice and send those
| recordings elsewhere:
|
| e.g.
| https://www.amazon.com/gp/help/customer/display.html%3FnodeI...
| refulgentis wrote:
| Absolutely.
|
| Is there a portion of my comment that indicated otherwise? I
| can still edit it for clarity (I thought that wasn't allowed
| after a reply occurred)
| kube-system wrote:
| I'm not arguing with you, just adding to the conversation.
| While the Furby was feared to be recording, but actually
| wasn't, voice assistants can be a real concern in that they
| actually do.
| pvg wrote:
| One of these fears is rational and based on things people
| know are in fact taking place. The other one is isn't, so
| drawing the parallel seems iffy. Maybe it's a little closer
| to the fear your phone is listening to you and that's how
| you get eerily targeted ads when browsing the web.
| odyssey7 wrote:
| What makes the two fears fundamentally different?
| pvg wrote:
| One is the fear of the possible consequences of something
| you know - with a voice assistant, you know you are being
| recorded and the recordings are sent somewhere. 'Is furby
| spying on me' is a vague suspicion but it's not (for most
| people with the fear) based on any known facts about the
| furby.
| refulgentis wrote:
| I don't think you read my comment fully, the Furby thing
| was real, based on known facts, that were trumpeted by
| the manufacturer.
|
| The idea the Furby was "[not] real" persisting after
| reading the comment, is probably why it seemed like I was
| saying the voice assistants don't record voice.
| pvg wrote:
| I read the comment and explained why I don't think it's
| the fear of the same thing. Maybe you didn't read _my_
| comment fully!
|
| A Furby didn't have the capacity to meaningfully spy on
| you. You could be afraid that it actually does but it
| didn't. A voice assistant is already, in a sense,
| actually spying on you and you know that - the
| manufacturer tells you upfront. These aren't the same
| kind of fear.
| refulgentis wrote:
| The Furby manufacturer told you upfront: - it listened
| all the time - it learned to speak, word by word, via
| your speech
|
| The first comment, 10 comments up, was specifically
| written to provide that context: the Furby manufacturer
| was up front about spying.
|
| Working with you, and steel-manning your contributions:
|
| - You're trying to explain a distinction you see between
| local data processing and remote data processing. i.e. a
| microphone in a room recording you isn't spying, but a
| microphone with a data connection is "in a sense,
| actually spying" on you "meaningfully".
|
| - example: "the Furby didn't relay audio data anywhere
| other than the Furby, and I'd like to point out the voice
| assistant does - your comment intends to highlight the
| Furby listened, but it only listened locally. Mentioning
| voice assistants and using them in an analogy may give a
| reader the understanding voice assistants process data
| locally, like Furbys"
| duskwuff wrote:
| The Furby came out in 1998. Less than 50% of US homes even
| owned a computer at the time, let alone had Internet access
| (and that was usually dialup if they did). Cellular networks
| were largely voice-only and quite expensive. In short: even
| if Furbies had some way to record data (which they didn't),
| there would have been no practical way for them to exfiltrate
| it.
| kube-system wrote:
| > there would have been no practical way for them to
| exfiltrate it.
|
| Pick it up and carry it? It's not like analog tape
| recorders are permitted in these places either. All outside
| recording devices are banned. See the link in the now top-
| comment: https://news.ycombinator.com/item?id=39107224
| pnw wrote:
| Practicality has never been an issue for spies. Look at the
| lengths the Soviets went to for surveillance.
|
| https://en.wikipedia.org/wiki/The_Thing_(listening_device)
| jabyess wrote:
| the craziest thing about this is:
|
| > The Thing was designed by Soviet Russian inventor Leon
| Theremin,[7] best known for his invention of the
| theremin, an electronic musical instrument.
| yorwba wrote:
| Of course some people _really_ wanted to teach it to say new
| things, and figured out how to swap out the audio files (among
| other modifications): https://github.com/Jeija/bluefluff
|
| Fun fact: If you mess up and need to reset the furby, the
| procedure is to turn it upside down and hold down the tongue
| while pulling the tail for ten seconds.
| patrickmay wrote:
| Instructions unclear. Toddler still not speaking clearly, but
| appears upset.
| zenolove wrote:
| > What I have achieved so far
|
| > * Understand large parts of Furby's BLE communication
| protocol
|
| > * Open a secret debug menu in Furby's LCD eyes
|
| Then I looked at the project logo again and it spooked me out
| folmar wrote:
| Note that this works for Furby Connect, original Furby had
| IrDA only.
| swozey wrote:
| Whats gov policy around Alexas and like half the IOT market? My
| botvac even has a microphone. I'm sure it's "don't ever speak
| about outside of this room" sort of thing.
|
| I guess phone calls would be over a secure line. Are there secure
| cell phone towers/whatever? I'm curious how gov phones are
| hardened.
| alistairSH wrote:
| In any SCIF or SCIF-like office space, they're all prohibited.
| You leave your cell phone at the front door of the secured
| area.
|
| Internet access is via SIPRNet (for classified) or NIPRNet
| (non-classified, but secured). Phones are through dedicated
| secure switchboards.
|
| The above is common in the DC area (lots of DoD contractors).
| RajT88 wrote:
| My company infosec training actually advises you don't have
| voice assistants _or cellphones_ in your work area. They even
| make light of it in the video: "I know it sounds crazy, but
| it's not".
|
| Google and Amazon as the biggest voice assistant makers are,
| of course, our competitors. But they are competitors to I
| would say most software companies in some fashion.
| ljf wrote:
| We have been told that so many times at work, but I know
| most snr people seem to leave them and their smart watches
| in listen mode as they occasionally go off in video calls.
| tylerflick wrote:
| A relative of mine used to work in this space 20 years ago.
| Seems policies haven't changed at all.
|
| Tangental story about how serious the Gov takes OpSec. When I
| was in Iraq, a Marine in my unit found a roll of red
| Classified tape. He thought it would be cool to put a strip
| on his personal laptop, which was confiscated almost
| immediately. It was very clearly a personal machine, but
| policy is policy, and he never got that laptop back.
| alistairSH wrote:
| Oh yeah, they take it seriously most of the time. But you
| do get seemingly odd outputs from those procedures. Case in
| point...
|
| Many years ago, I worked part-time for a small construction
| cost management contractor. They did some TS work for
| DoD/State (usually combo projects, where NSA/CIA/Army had a
| wing of a consulate that State managed).
|
| I did not have a TS (or any other clearance) at the time.
| One day, I'm tasked with counting the windows and doors in
| an old hospital in Munich. All the room numbers are
| Sharpied out in one half of the building.
|
| So, it's pretty obvious "men in black pajamas" are using
| that wing. I just don't know the room numbers.
|
| Seemed super weird to me that only the numbers were
| considered secured info. I'm sure there was an explanation.
|
| Years later, a friend-of-a-friend was moving to Munich to
| do "State Department" work (he was an HVAC contractor with
| a TS). Off hand, I said "oh, I bet you'll be in wing X,
| floor Y or Z in the old hospital". He about fell over that
| somebody in no way associated with his agency would know
| that. Got a chuckle from me.
| coolspot wrote:
| Thank you for publishing this info, comrade! Ve arr going
| to chek all old Munich hospitals.
| alistairSH wrote:
| It may or may not be in Munich.
|
| Regardless, WikiLeaks already spilled the beans.
| hwillis wrote:
| > Seems policies haven't changed at all.
|
| Yes and no.
|
| CUI was created: https://en.wikipedia.org/wiki/Controlled_U
| nclassified_Inform...
|
| The number of SCIFs increased a ton, especially in
| contractors being allowed to have their own SCSI rooms. The
| number of clearances also went up a lot, and the cycle time
| on granting a clearance got much faster. Overall some
| things got relaxed, other things got stricter, scale
| increased everywhere.
|
| IMO the biggest factor in the increase is just the ever-
| increasing DoD budget
| px43 wrote:
| I like this idea of magical red tape that makes things
| disappear.
|
| Did he test it on any other items?
| akira2501 wrote:
| > Tangental story about how serious the Gov takes OpSec.
|
| ...and yet, Chelsea Manning walked in with nothing more
| than a CD player and a self labeled CD-RW and exfiltrated
| tons of data from a secured facility.
|
| > and he never got that laptop back.
|
| There are several morals to this story.
| miki123211 wrote:
| I wouldn't be surprised if something like the Apple Vision
| Pro becomes common in such spaces (and for classified /
| company-confidential work in general) over the next few
| years.
|
| I think the combination of biometric authentication with a
| display that is immune to cameras and shoulder-surfing is
| really powerful. If the device has anti-screenshot protection
| and automatically logs the user out when removed from their
| head, there's virtually no way to quickly transfer sensitive
| documents out of it.
| l33t7332273 wrote:
| I would be floored if that happened. SCIFs and cameras are
| like oil and water.
| nox101 wrote:
| I wonder how that's going to work in our augmented future.
| Especially if people replace non-functional eyes and ears
| with digital ones.
| chatmasta wrote:
| How strictly are SCIF policies enforced? I'm just a civilian
| who's never had exposure to that world, but based on my
| experience with other parts of the government, I'd expect
| SCIF compliance to fall on a broad spectrum from "sloppy or
| non-existent" to "overly strict and paranoid." Is my
| intuition accurate? Who's accountable for the compliance of a
| given SCIF - can anyone with clearance "setup a SCIF" or does
| it need to be registered, audited, etc?
| dwheeler wrote:
| In my experience, they are seriously enforced, though any
| time you have a large number of people you'll definitely
| find exceptions. The threat of massive fines and long jail
| times tends to encourage compliance. Also, many of the
| people who work in SCIFs _know_ they are dealing with
| information that, if released, could lead to a number of
| people getting killed (think intelligence sources) or a
| country being unable to defend itself because a US weapon
| system was compromised (think Ukraine). Nation-states _are_
| working to extract information from SCIFs, it 's not a
| theoretical problem, and SCIF users know this.
| alistairSH wrote:
| I don't work in this space, but many of my friends do, as
| did my father.
|
| SCIF policies are usually strictly enforced. But, that's
| the most secure workplace available to civilians and they
| aren't all that common. They also tend to be located in
| facilities that are higher-than-normal security. Out here
| in Reston, all my friends who work in SCIFs are also in
| fenced/gated complexes with paramilitary guards.
|
| There are secure (but not SCIF) facilities that probably
| vary more. My father's little 6 person contracting office
| had a secure room, with a Dod approved design and a safe
| inside, for contracts that required that level of security
| (State/DoD facilities in China and Russia required TS
| clearance, other projects varied).
|
| The people that work in SCIFs also generally take it
| seriously. TS+poly is worth a big chunk of salary here in
| DC and not something to risk (and that's ignoring that
| flaunting those laws is a felony for anybody not named
| Trump). And most believe in the mission (whatever that
| happens to be). The work spans everything from military
| hardware to CIA or NSA operations. And a lot of stuff that
| probably doesn't really need to be TS, but that's a whole
| other discussion.
| qingcharles wrote:
| I always remember the posters inside RAF secure spaces that
| say "IN EVENT OF EMERGENCY, SECURE ALL HARD DRIVES, _THEN_
| EXIT THE BUILDING. "
| pastword wrote:
| From a friend who worked in IT work at DIA c. 2000: there
| were an absurd, non-zero number of researchers with
| clearances who _surfed for porn_ while on [SN]IPRNet,
| networks they knew were monitored, and unsurprisingly were
| caught and lost their careers. _Nonzero._ I 'd posit the
| reason it continued for so long was the real reasons for
| termination were kept secret to avoid organizational and
| political embarrassment but at the expense of not setting an
| example.
|
| If individuals in this particular demographic are hired but
| lack self-control and are sexually frustrated, then they're
| potentially huge liabilities to being recruited by
| adversaries (MICE). It would seem that before issuing
| clearances, these factors should be assessed rather than
| going through a standard clipboard audit by the FBI. And,
| while holding clearances, positive socialization
| opportunities should be encouraged if not artfully arranged.
| Who's ever going to leave a job or be disloyal when your boss
| or some coworkers expedite the love lives of those who aren't
| already full in that regard? This implies fostering a layer
| of socially astute managers. It would be a radical departure
| for government culture perhaps, but a necessary one to ensure
| the integrity and stability of a clandestine community.
| Happiness isn't just recognition or sufficient autonomy, but
| total happiness beyond work. (Throw away the "work-life
| balance" cliche that is tired and paid lip-service to.)
| nonameiguess wrote:
| It's actually more restrictive than the sibling makes it sound.
| A SCIF can't have any radio-transmitting device, recording
| device, or storage media without special approval. Computers
| hooked up to classified networks can't have USB ports. Even
| medical devices are case by case. My wife requires hearing aids
| and needed them to be analyzed and approved by a security team
| before she could bring them in. Pacemakers require approval.
|
| The phones and networks are hardened by being their own
| separate network from public networks. The lines are all buried
| and protected and utilize hardware-encrypted point to point
| tunnels to merge with public backbone fiber. I've told an
| anecdote here many times of working at a facility where AT&T
| contractors dug too close to a JWICS fiber cable and had an
| unmarked black SUV show up in minutes to confiscate all of
| their gear and question them.
|
| Keep in mind the military has been encrypting radio traffic
| over hostile territory for a century, so they don't even
| necessarily require the lines themselves to be physically
| secure as long as the endpoint devices are. Encryption keys are
| loaded from hardware random number generators that are synced
| manually on some rotating basis determined by local command or
| national policy, depending on the intended reach of the comms
| device. The NSA has something called a key management
| infrastructure for the wide-area computer net that replaced the
| legacy system a few years ago that is similar to PKI, but keys
| are only issued in-person and stored on unnetworked hardware
| key loaders that are kept in locked arms rooms on military
| installations (or with deployed units). There is, of course,
| also a DoD and IC PKI so they can still use develop and use
| regular web applications and browsers, but it is also more
| restrictive than regular PKI. Everything requires client certs
| and mutual TLS and you need to be personally sponsored to get
| your personal certificates.
|
| It's actually really cool the way the JWICS websites work
| because your client cert provides an identity that is linked to
| your sponsoring agency's clearance database and web apps
| automatically redact content on the server side that you are
| not cleared to see. It's possible I'm making up memories but I
| _think_ I 've seen at least a few cases where some applications
| can do this inside of a single page, but typically you get a
| denial for an entire application if you're not cleared for the
| highest level data it provides.
|
| I almost hate to say it because it's antithetical to the
| Internet and Hacker News ethos, but it's a testament to how
| well networked applications _could_ work with a central
| authority and no anonymity. You don 't need passwords. Accounts
| are provisioned automatically. SSO is global to the entire
| network. You only need one identity. But no, your office can't
| have Alexa.
| mhink wrote:
| > I almost hate to say it because it's antithetical to the
| Internet and Hacker News ethos, but it's a testament to how
| well networked applications could work with a central
| authority and no anonymity. You don't need passwords.
| Accounts are provisioned automatically. SSO is global to the
| entire network. You only need one identity. But no, your
| office can't have Alexa.
|
| I don't think it's necessarily a dealbreaker if you consider
| this: from a purely technical standpoint, there's nothing
| really stopping anyone from setting up a certificate
| authority- the only issue is getting service providers to
| trust it enough to accept those client certs as sufficient
| identification. I could easily imagine a world where I
| receive an "official" client cert from a government (which I
| can use to thoroughly prove my identity if needed) as well as
| several "pseudonymous" certs from various other CAs that I
| may use from time to time.
|
| The main difference between CAs would be the kind of
| attestations they provide for a given certificate holder. For
| example, I could imagine a CA which (for example) is set up
| to attest that any holder of a certificate signed by them is
| a medical doctor, but will not (by policy) divulge any
| additional information.
|
| Or perhaps a CA which acts as a judge of good character- they
| may issue pseudonymous or anonymous certs, but provide a way
| for application owners to complain about the behavior of a
| user presenting that cert.
|
| I'm sure there are plenty of holes that can be poked in this
| model but I don't think it'd be completely out of the
| question?
| sandworm101 wrote:
| There is an entire industry for secure phones. Many have to be
| "unlocked" before dialing other secure phones. It isnt simple.
| Getting a normal phone line to passively carry an encrypted
| call is a bit of a hack.
| dTal wrote:
| A hack? The entire point of encryption is to permit messages
| to be sent over insecure channels, no?
| sandworm101 wrote:
| The hack is getting the unsecure system not to damage your
| encrypted signal, to carry even though it is expecting
| plain voice talking rather than a stream of binary digits.
| CrazyStat wrote:
| We've been doing that for dialup internet for decades.
| richardwhiuk wrote:
| Dialup actively co-operates with the telephone system -
| e.g. the screeching at the start is designed to disable
| echo cancellers and other such mechanisms.
| arpa wrote:
| POTS didn't have an opus audio codec.
| sandworm101 wrote:
| Dialup doesn't work over every phone line, especially
| over sat voice lines.
| hiatus wrote:
| > It isnt simple. Getting a normal phone line to passively
| carry an encrypted call is a bit of a hack.
|
| How so? It would seem fairly trivial considering we have ways
| of sending data over phone lines as sound for decades.
| sandworm101 wrote:
| Because the signal transmitted over normal phones has to be
| encrypted. That encrypted signal will then be
| digitized/compressed by the standard phone line. Any
| artifacts in the phone line digitization might turn the
| encrypted signal into gibberish. Its like compressing a
| jpeg too many times. So you need an encryption method that
| isnt simple digitization. You need something that is
| encrypted but essentially sounds like human speech so that
| the digitization/compression process does not damage it.
|
| https://gdmissionsystems.com/products/encryption/secure-
| voic...
|
| https://www.cryptomuseum.com/crypto/gd/viper/
| Pwntastic wrote:
| The FOIA documents are up on archive.org now:
| https://archive.org/details/nsa-furby-memo/
|
| I'm amused at page 8 of the listserve doc, in which someone
| points out that the ongoing discussion may at some point be
| released to the public under FOIA and to consider how it might
| look after showing up on the front page of a news site
| j-wags wrote:
| It's interesting to see how quickly the norms around
| cybersecurity changed. In 1999 the NSA was worried about
| avoiding ridicule for banning simple electronics in secure
| areas. In 2010 Stuxnet was introduced via simple electronics
| into a secure area and set back the Iranian nuclear program by
| several years.
|
| Some of the people receiving these furby emails were probably
| already conceiving of (or actively working on) Stuxnet-like
| capabilities. Maybe a future FOIA request will reveal several
| teams quietly emailing up the org chart to absolutely not relax
| the rule for furbies.
| wolverine876 wrote:
| NSA is a military agency; their norm has always been to
| protect US assets and attack others.
| halJordan wrote:
| The NSA is not a military agency. It is within the dod, it
| provides combat support. But it is emphatically not a
| military agency.
| crmd wrote:
| Emphatically? The director of the NSA is required to be a
| four star general and concurrently serves as commander of
| US Cyber Command. Ostensibly non-military, perhaps.
| sandworm101 wrote:
| It is no more a military agency than NASA or the USGS.
| Having military customers doesn't make an agency or company
| part of that military.
| gnfargbl wrote:
| NSA dealt with cases of espionage via the introduction of
| simple electronics into secure areas decades before [1] [2],
| so awareness of the risk was likely widespread.
|
| The issue here seems to have been that in 1999, it was a
| relative novelty for random consumer devices to have a
| recording functionality. Hard to imagine now, but there we
| are.
|
| [1]
| https://en.wikipedia.org/wiki/The_Thing_(listening_device)
|
| [2]
| https://www.cryptomuseum.com/covert/bugs/selectric/index.htm
| FirmwareBurner wrote:
| _> in 1999, it was a relative novelty for random consumer
| devices to have a recording functionality. Hard to imagine
| now, but there we are._
|
| For added context, the plot of the corny movie _Charlie 's
| Angels_ from the year 2000, was about stopping an evil guy
| from using some evil software he developed to ... track
| people using their cellphones.
|
| Who knew that only 10 years later we'd be doing that
| voluntarily.
| halJordan wrote:
| Wikipedia claims the nsa's active cyber mission
| (anachronistic terminology ) was up and running from as early
| as 1997, so there were definitely people having those
| thoughts and working those capabilities. And we're totally
| ignoring people like Markus Hess in the 80s. Thank you for
| taking the time to add perspective to the knee jerk
| reactions.
| jdewerd wrote:
| They wanted to avoid FURBYGATE. They avoided FURBYGATE. Sounds
| reasonable to me!
| nerdponx wrote:
| Right. The whole email thread seems very reasonable to me.
| TFA characterizing this as "freaking out" is nonsense.
| kotaKat wrote:
| Yep. Who would have guessed 25 years later I'd be bored and
| then a year later this packet showed up at my doorstep? It's
| oddly perfect timing, around all the AI discourse. :)
| 0xEF wrote:
| I'm surprised it only took them a year. Would you care to
| share more about your experience on filing FOIA? The circles
| I run in seem to view it as a clunky, bloated process, but I
| feel like it has gotten better than when it was introduced. I
| have zero first-hand experience, though.
| kotaKat wrote:
| No problem to help, but bad news: Every government agency
| has different processes. You'll have to go through their
| own FOIA office.
|
| The NSA FOIA form is actually really easy:
| https://www.nsa.gov/about/contact-us/Submit-a-FOIA-Request/
|
| I simply asked for what I wanted (information about policy
| memos about 'Furby Alerts' and recording devices at the NSA
| from late 1998 to early 1999) and submitted the form. About
| a month later I got a response back from the NSA
| acknowledging they got my request, and located records that
| were part of another FOIA request being processed as well,
| so I'd get those documents as well once released.
|
| And then... yesterday afternoon I got the message "hey what
| did you get from the DoD?" - bewildered, sending me a photo
| of the cover (in the full article). They finally delivered,
| and I hastily scanned my spoils for everyone. :)
| qingcharles wrote:
| And to piggyback on your comment. State FOIA is a
| different beast to federal FOIA. Lots of states have much
| tighter timelines. Illinois requires the government body
| to respond with the records within 5 business days.
| qingcharles wrote:
| I need to redo my FOIA request [0]. I was investigated by the
| Secret Service in 1996 as they thought I intended to
| assassinate President Clinton. This was down to me selling a
| selling a shell account on a Linux server to someone, who in
| retrospect, might have had fundamentalist ideals and that
| person sending a detailed email to the White House outlining
| their plot, from my domain.
|
| I always wanted to see the chain of events that led to the
| Special Branch turning up on my door step in England.
|
| [0] I FOIA'd this a couple of years back, but I changed
| address and never got the documents, only a letter to say it
| was being worked on.
| aerostable_slug wrote:
| Years ago, I used to see low quality sun-faded warnings printed
| from color inkjets about Furby on entries to NNSA secure spaces.
| I hadn't thought about that little fellow in the longest time...
|
| I'm guessing there are still a few taped up in various Labs at
| less-used portals.
| itomato wrote:
| Tell us more about these IRC channels responsive to FOIA request
| n4jm4 wrote:
| Analysis is fun, but any device with a microphone or camera
| represents a security risk for sensitive environments... Fropies.
| cush wrote:
| Pretty sure this was a Simpsons episode
| px43 wrote:
| The Simpsons episode was referencing the media frenzy when this
| happened in 1999.
| 1oooqooq wrote:
| these are the caliber of the American praetorian guard who owns
| our politicians.
| CamperBob2 wrote:
| Eh, I don't see anything inappropriate in these documents. If
| they seem overly paranoid, it's because some major security
| breaches have historically involved silly things like this.
| Where do you draw the line between a Furby and a Casio SK-1 and
| a Teddy Ruxpin and a Minidisc recorder and any number of other
| stateful gadgets of the day, especially when the Furby is brand
| new and nobody really knows what's inside it?
|
| The NSA is an intelligence agency. The NSA doesn't want people
| bringing things in that might have the ability to exfiltrate
| voices or other signals, and in any event the NSA doesn't want
| random employees talking about it to the press. Where's the
| element of surprise here? I don't understand why it was even
| newsworthy in the first place.
|
| As for the intelligence agencies "owning our politicians," LOL.
| If there were the slightest truth to that, Trump's headstone
| would read "1946-2016."
| nickaflip wrote:
| I used to like reading 404, but they need to chill out on posting
| articles about porn.
| neilv wrote:
| Note that this was several years after _performance artists_ (not
| even state-level actors) had demonstrated compromising toys
| retail supply chain with hacked firmware.
| https://www.mentalfloss.com/article/547659/barbie-liberation...
|
| So, look of concern at whomever thought it was a good idea to
| bring an effectively blackbox electronic device with a microphone
| into a secure area where those were prohibited. Kudos to whomever
| raised the issue.
|
| Someone should've done a proof of concept mod (firmware or
| hardware) of a Trojan Furby to appear (to visual and X-ray
| inspection) to have the stock hardware, but do something
| nefarious. Or shown how, say, the stock Furby hardware and
| firmware turned sound into RF leakage.
___________________________________________________________________
(page generated 2024-01-23 23:00 UTC)