6 minute read

Your computer will always be vulnerable to some sort of attack from those who want to harm you in some way. Whether it is harm your privacy, steal your information or throw you in jail.

It should come to no surprise to us that the US government is actually the largest purchaser of malware.


According to a new report, the United States government is now in fact the single largest buyer of malware in the world thanks to the shift to “offensive” cybersecurity and is leaving us all vulnerable in the process.

In order for the government to exploit vulnerabilities discovered in major software, they cannot disclose those vulnerabilities to the manufacturers or the public, lest the exploit be fixed.

“My job was to have 25 zero-days on a USB stick, ready to go,” one former executive at a defense contractor told Reuters. The defense contractor would purchase vulnerabilities from independent hackers and then turn them into exploits for the government to use as an offensive cyberweapon.

After reviewing the sources in the article and other articles, some of these defense contractors expressed concern that the government was essentially funding criminal activity. They are paying independent hackers, in some cases blackhats to find zero day exploits (ones that have not been publicly announced yet) and buy these exploits off of them for huge sums up money, upwards of $100,000.

If you are using a laptop with a built-in microphone and camera, you are extremely vulnerable to an attack as John McAffee, the man who started McAffee Anti Virus explains.


“We don’t have much [security] anymore, and certainly not in the online world,” he said at Saturday’s talk. “If you can give me just any small amount of information about yourself, I promise you, within three days, I can turn on the camera on your computer at home and watch whatever you’re doing.”

So the first thing you should do right now is go grab some opaque tape and put it over your camera. If you are on a desktop and you have a webcam plugged in, unplug it unless you are using it. There is no reason to give an attacker an open window into your home. Next is your microphone, again desktops usually do not have built in microphones, but most laptops do. A microphone can be activated to listen to you talking and you need to find a way to physically disable it. The best way of course is to physically remove it, but I am not writing a tutorial on how to do that.

The FBI developed a keystroke logging software called Magic Lantern. Magic Lantern can reportedly be installed remotely, via an e-mail attachment or by exploiting common operating system vulnerabilities, unlike previous keystroke logger programs used by the FBI. It has been variously described as a virus and a Trojan horse. It is not known how the program might store or communicate the recorded keystrokes.


   The FBI intends to deploy Magic Lantern in the form of an e-mail attachment. When the attachment is opened, it installs a trojan horse on the suspect’s computer. The trojan horse is activated when the suspect uses PGP encryption, often used to increase the security of sent e-mail messages. When activated, the trojan horse will log the PGP password, which allows the FBI to decrypt user communications.

Spokesmen for the FBI soon confirmed the existence of a program called Magic Lantern. They denied that it had been deployed, and they declined to comment further


Then of course we have cell phones which can be activated remotely as well.


Mobile phone (cell phone) microphones can be activated remotely, without any need for physical access. This “roving bug” feature has been used by law enforcement agencies and intelligence services to listen in on nearby conversations

According to a few of the sources in the Wikipedia article, the cell phone can be activated to listen to you even when it is off. Pulling the battery will likely do the job, but there is no guarantee. So make sure the phone is not in the same room as you if you are talking about anything sensitive. As always, be super paranoid. Turn on the shower and put the phone in the bathroom if you have to, or better yet if you are going somewhere and you do not need your cell phone, leave it at home. Since most people never leave home without their cell phones, if somebody is snooping on you, they might think you are still at home. The first group of people that went to visit Snowden in Russia were told not to bring any laptops or cell phones with them for those reasons.

So we know the government is actively trying to gain remote access to your computer, they can listen to your phones, what should you do about it ?

You need to do the best you can to make sure the computers that you use are not exposed to the elements of risk. Always disable Javascript when visiting any websites unless the website is 100% trusted. Start phasing out the use of Microsoft Windows and MAC OSX because these closed source proprietary operating systems are not open to scrutiny and auditing the way open source Linux distributions are. There are more Windows users and thus more exploits available for Windows.

Running your operating system in a Virtual Machine, even if your host OS is Linux (remember Virtual Box can run on Linux) will help cut down on the retention of any malware you might pick up when on the internet. Do not go to any potentially harmful sites on your freedom fighting computers. Do not open any emails from anyone that you do not trust 100%. Regularly format your hard drives to keep them clean of any hidden viruses.

If you are unsure if something is safe, test it on a computer only meant for testing and one that is not connected to the internet. If you can reset your boot sector on your hard drive from time to time that would be a good idea as well, because you can get master boot sector viruses that would boot up a virus before your computer even boots into the OS.

Flash your BIOS, the BIOS is the first thing that runs when you turn on your computer, if you have a virus in your BIOS, there is no antivirus that can remove it, you would need to flash your BIOS and install a new firmware. Make sure the firmware is 100% trustworthy as infected firmware is the most common way to get a BIOS virus.

In the interest of saving space I will not go into detail on how to do all of these virus removals because there are numerous tutorials online and I am certainly not an expert in this field. I am sure there are many other things I have not covered in this post and if somebody else wants to chime in, please feel free to do so as long as you can provide sources for the claims you are making. I do not want to turn this thread into a bunch of unsubstantiated claims and paranoid conspiracy theories. But if you have something valuable to add to this, I am open to your input.

Updated: 2014-02-13