I would like to know the feasibility of certain kinds of attacks. To be clear, a
ID: 656206 • Letter: I
Question
I would like to know the feasibility of certain kinds of attacks. To be clear, assume the target is a high-level priority of the NSA.
1. Is an OS such as tails useless against root-kits/keyloggers, etc? As far as leaving no trace on computer?
2. Could such malware/root-kit be transferred to a computer which has never been connected to the internet, has its physical wifi card removed, etc., by transferring pdf files to that computer?
3. Could using the same usb from offline computer to online computer transfer information/files without my knowledge? (ie. malware that loads files onto USB without my consent)?
4. This one may take some specifics. Let us suppose that when I run Tails OS there is some incompatibility with hardware/software that does not allow Tails to "see" my wifi card, and thus, in order to access the internet I have to use a usb-wifi card. Could a sophisticated adversary with full remote access/control to my normal OS/machine, "see" my Tails sessions via remote access to my normal OS and WiFi card?
5. What is a defense against remote access to my machine?
Any other information/suggestions welcome.
Explanation / Answer
1) No. Tails OS and the like focus on providing a platform with tools that enhance privacy and confidentiality of your computing session - they do nothing to ensure the actual security of your data. Though malware infection is less likely on a *nix based system, exploitation is still very possible.
2) Yes and it has happened countless times. This is known as bridging the air gap. For classic examples see: StuxNet. Additionally, PDF files are notoriously known for being prime vessels for malicious code.
3) Yes, again this is possible and has been proven in practice.
4) Not sure what the first part of this question has to do with the second part. If you are running Tails directly on your physical machine (not in a virtual machine), then your host operating system is not running at all therefore cannot be an attack vector.
5) Browse the internet with a Script Blocker. Don't execute code/programs you don't trust. Disable all uneccessary servers & services. Remove insecure defaults (passwords, etc). Encrypt your data.