Did NSA Just Reveal Its China BIOS Story Was Made Up?

Secrecy News just released an NSA notice to Congress of authorized disclosure of classified information. The notice was dated December 13, just two days before 60 Minutes had a solicitous piece on the NSA.

Here’s the classified information the NSA says they gave what must be 60 Minutes.

The reference to assisting in locating hostages probably map to the metadata analysis of pirates done onscreen (albeit with altered phone numbers).

But what’s not there in unredacted form — at least beyond the vague description of “USG efforts to mitigate cyber threats” was the China kaboom story told on the show.

John Miller: Could a foreign country tomorrow topple our financial system?

Gen. Keith Alexander: I believe that a foreign nation could impact and destroy major portions of our financial system, yes.

John Miller: How much of it could we stop?

Gen. Keith Alexander: Well, right now it would be difficult to stop it because our ability to see it is limited.

One they did see coming was called the BIOS Plot. It could have been catastrophic for the United States. While the NSA would not name the country behind it, cyber security experts briefed on the operation told us it was China. Debora Plunkett directs cyber defense for the NSA and for the first time, discusses the agency’s role in discovering the plot.

Debora Plunkett: One of our analysts actually saw that the nation state had the intention to develop and to deliver, to actually use this capability– to destroy computers.

John Miller: To destroy computers.

Debora Plunkett: To destroy computers. So the BIOS is a basic input, output system. It’s, like, the foundational component firmware of a computer. You start your computer up. The BIOS kicks in. It activates hardware. It activates the operating system. It turns on the computer.

This is the BIOS system which starts most computers. The attack would have been disguised as a request for a software update. If the user agreed, the virus would’ve infected the computer.

John Miller: So, this basically would have gone into the system that starts up the computer, runs the systems, tells it what to do.

Debora Plunkett: That’s right.

John Miller: –and basically turned it into a cinderblock.

Debora Plunkett: A brick.

John Miller: And after that, there wouldn’t be much you could do with that computer.

Debora Plunkett: That’s right. Think about the impact of that across the entire globe. It could literally take down the U.S. economy.

John Miller: I don’t mean to be flip about this. But it has a kind of a little Dr. Evil quality– to it that, “I’m going to develop a program that can destroy every computer in the world.” It sounds almost unbelievable.

Debora Plunkett: Don’t be fooled. There are absolutely nation states who have the capability and the intentions to do just that.

John Miller: And based on what you learned here at NSA. Would it have worked?

Debora Plunkett: We believe it would have. Yes.

As I noted at the time, the story — the claim that a country of 1.3 billion people who have become very interdependent with the United States would want to destroy the US economy — was a bit absurd.

I’ll need to go back and review this, but the jist of the scary claim at the heart of the report is that the NSA caught China planning a BIOS plot to shut down the global economy.

To.

Shut.

Down.

The.

Global.

Economy.

Of course, if that happened, it’d mean a goodly percentage of China’s 1.3 billion people would go hungry, which would lead to unbelievable chaos in China, which would mean the collapse of the state in China, the one thing the Chinese elite want to prevent more than anything.

But the NSA wants us to believe that this was actually going to happen.

That China was effectively going to set off a global suicide bomb. Strap on the economy in a cyber-suicide vest and … KABOOOOOOOM!

And the NSA heroically thwarted that attack.

That’s what they want us to believe and some people who call themselves reporters are reporting as fact.

Anyway, like I said, no unredacted mention that this was among the classified information shared with CBS. Even accounting for the fact that NSA didn’t identify the country in question to CBS, even the description of the plot would seem to be classified.

If it were true.

But it doesn’t appear on the list of classified things revealed to CBS.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

5 replies
  1. Thomas says:

    I believe—but I’m not 100% sure—that all modern manufacturer’s digitally sign their BIOSes. So this particular hack would require first stealing the keys from every motherboard builder and then getting credulous users to run the fake update program.

    This still wouldn’t work if the user or system administrator set up password protection on the BIOS. Which one would hope computers that run the global economy would have, but then John Podesta just fell for a phishing scam.

    • greengiant says:

      Thomas,   there has been great concern about back doors being built into hardware and software at the manufacturer to be used at a later date.   I would have to google to find explicit cases of detection of such in the past.    I find the 60 minutes story to be credible,  but only the tip of an iceberg,   as in what manufacturing back doors have they not detected,  and what is within the power of a single individual to create a virus.

  2. greengiant says:

    Isn’t this a prank on the order of changing the HOLLYWOOD sign to read HOLLYWEED?     Bricking hardware goes back a long way,  in computers there was the halt and catch fire “instruction”. ( Wikipedia is incorrect,  the original meaning literally meant catch on fire or melt the circuit through overheating at least in the instruction sequences I heard about).   This happens in the real world,  someone makes a “mistake”  and the rest of the organization/world runs with it as if it had just come down from Mt. Sinai without anymore thought or analysis until it runs into reality.

    The second order is the confusion of using a country’s name to refer to the actions of a few individuals.    It only takes one crazy hacker to make or use such a bricking virus,  not a nation state agency.      Since most BIOS are now written in China,  ( I suspect ),  as well as other programmable hardware in computers, phones,  internet of things,  they could be referring to placement of mines or time bombs in such hardware/software.    I can give them a pat on the back for minding the store, no one else seems to be doing it.

    Another black swan sighting,  and much more probable than an EMP burst.

  3. Renbo says:

    What was that law that Congress recently (2008? 2006?) passed allowing the military to publish propaganda for domestic consumption?

    Hopefully some of you, if outraged by the mediocrity and fawningly naiive reporting wrote to CBS? It makes a difference.

  4. martin says:

    Since most BIOS are now written in China,  ( I suspect ),  as well as other programmable hardware in computers, phones,  internet of things,  they could be referring to placement of mines or time bombs in such hardware/software.

    Give this man a prize.

    Meanwhile, Foxcon churns out 1/2mil iphones a day.  Lemmings are now in 2nd place.

Comments are closed.