Author Topic: Exploits And Mitigation  (Read 31496 times)

0 Members and 1 Guest are viewing this topic.

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Exploits And Mitigation
« on: September 03, 2018, 07:27:41 AM »
Naturally this thread will be focused on Windows, but since they are moving to an OSAAS (Operating System As A Service) model, let them handle it - LOL !
Can't help you - switch to Linux or BSD.
For those of you (in the Doze camp,) smart enough to still be running Doze - 7 [or XP]   (Hope you've switched off automatic updates) this is the thread to post your problems and worries.  I'll try to help - to the best of my knowledge.
Linux, BSD, and IOS users, Dump your Questions here too. (There won't be many from the BSD users dumping questions - there's a reason for that ;) )
As far as mobile users go - I can't help you - all your systems are compromised from the factory.
Others may be able to help, but I probably won't be able to.

There it is Ladies and Gents.
Take it or leave it.
It may be that your sole purpose in life, is to serve as a warning to others.   :o

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #1 on: September 03, 2018, 07:43:12 AM »
It may be that your sole purpose in life, is to serve as a warning to others.   :o

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #2 on: September 03, 2018, 07:47:18 AM »
Oh, one thing you might notice with a lot of these articles, is that most exploits come in through JavaScript.
Please don't confuse JavaScript with Java.
One is a Browser script, the other is a Programming Language.     ;)
It may be that your sole purpose in life, is to serve as a warning to others.   :o

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #3 on: September 03, 2018, 07:52:08 AM »
Watch worldwide Cyber-Attacks in real time:
https://geekflare.com/real-time-cyber-attacks/
It may be that your sole purpose in life, is to serve as a warning to others.   :o

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #4 on: September 03, 2018, 07:58:11 AM »
This one falls under mitigation - if you're running a server, any server, check this out...
https://www.kitploit.com/2015/12/collection-of-awesome-honeypots.html

(This article is mainly geared towards Linux,)
It may be that your sole purpose in life, is to serve as a warning to others.   :o

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #5 on: September 03, 2018, 08:14:52 AM »
BlackHat - 2018 _ _  Keynote address - 1:12:07    (skip the first 10 minutes - it's nothing but an audio track - actual info starts around 10:26)
This is just the Keynote, but It gives an overview of what I saw.  ;)
If you're into tech, these conferences are really worth going to.
Don't let the name scare you. there are some damn intelligent people there - along with shit-tons of 3-letter agencies.  ;)





Cats & Chicks, even if you have no clue about Tech stuff, I'd really recommend listening to this vid.
((Oh yeah - Fuck political correctness - erhm - I mean Cultural Communism)   LOL !      Bite Me Libs ! ! ! !  )
It may be that your sole purpose in life, is to serve as a warning to others.   :o

wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #6 on: September 03, 2018, 09:26:03 AM »
Naturally this thread will be focused on Windows, but since they are moving to an OSAAS (Operating System As A Service) model, let them handle it - LOL !
Can't help you - switch to Linux or BSD.
For those of you (in the Doze camp,) smart enough to still be running Doze - 7 [or XP]   (Hope you've switched off automatic updates) this is the thread to post your problems and worries.  I'll try to help - to the best of my knowledge.
Linux, BSD, and IOS users, Dump your Questions here too. (There won't be many from the BSD users dumping questions - there's a reason for that ;) )
As far as mobile users go - I can't help you - all your systems are compromised from the factory.
Others may be able to help, but I probably won't be able to.

There it is Ladies and Gents.
Take it or leave it.
switching off updates is a terrible idea right now. with meltdown and spectre variants appearing daily it seems , those security updates are essential.

spectre and meltdown effect all operating systems and require a processor firmware patch to fix . intel is the worst affected, but amd and arm can still be affected, albeit to a much lesser degree. 

these patches are distributed via operating system updates and bios updates. anything much older than the current generation of chips is unlikely to get the bios update. the older a machine is ,the less likely a bios update will be available.

 thus its left to the os vendors to implement the intel (amd/arm) microcode.
statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/

wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #7 on: September 07, 2018, 03:48:12 AM »
Quote
US, UK, and other governments asks tech companies to build backdoors into encrypted devices
The US, UK, and three other governments have called on tech companies to build backdoors into their encrypted products, so that law enforcement will always be able to obtain access. If companies don’t, the governments say they “may pursue technological, enforcement, legislative, or other measures” in order to get into locked devices and services.


it will also provide access for those with the ability  and little to no moral compass .
we have seen this over and over in the past. govt finds a exploit and sits on it for their own purposes. then a security researcher finds it and publishes it, and every black hat hacker (along with misc scumbags that are not govt) suddenly exploits it; recently spectre/meltdown .


this in the articles comments describes it perfectly :

Quote
Security flaws in applications and operating systems leading to unintentional back-doors are patched once discovered.

Introducing official back-doors into device encryption code is probably the most dangerous of all. The mere mention of their existence will entice non-law-abiding entities and individuals to seek them out. Furthermore, such official back-doors will be, by design and under the law, un-patchable.

No matter what, it will be difficult to achieve a reasonable balance between privacy rights and public safety.
statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #8 on: September 08, 2018, 10:30:35 AM »
switching off updates is a terrible idea right now. with meltdown and spectre variants appearing daily it seems , those security updates are essential.

spectre and meltdown effect all operating systems and require a processor firmware patch to fix . intel is the worst affected, but amd and arm can still be affected, albeit to a much lesser degree. 

these patches are distributed via operating system updates and bios updates. anything much older than the current generation of chips is unlikely to get the bios update. the older a machine is ,the less likely a bios update will be available.

 thus its left to the os vendors to implement the intel (amd/arm) microcode.
I had a really nice reply all typed up for you, and then the input box bit the dust on a preview.   >:( >:( >:( >:( >:(
So 2nd try:

Allow me to be more precise; I stand behind my statement to turn off updates for XP, which as of June of this year, still commanded over a 5% market share.
https://www.windowslatest.com/2018/06/03/new-stats-show-windows-xps-market-share-increased/
If you are still running XP and want the updates, do the registry hack to fool the M$ servers into thinking you're an embedded system - at your own risk.
http://www.expertreviews.co.uk/software/8089/how-to-get-new-windows-xp-updates-for-free-until-2019-with-a-registry-hack

Why would I put it out there to turn them off for XP ?  3 months before EOL (2014) I had two XP machines that the updates totally hosed. In fact they were hosed so badly by the updates that I had to reinstall (from Bkps and turn off auto updates on them. (I use them for regression testing - XP Pro SP2 & SP3.)

As far as Spectre and Meltdown go, there is absolutely no software or Bios update that will fix them. Those are NSA backdoors built right into the hardware of the motherboard that integrate with Intel ME and go all the way back to the Celeorn (the design all newer chips are based on) CPUs.
The NSA has been in bed with Intel since at least the early 90's so SPECTRE and Meltdown are not bugs, they're design features.
The only reason any of these 'features' have come to light is because the Shadow Brokers released them into the wild and the NSA had to cover their ass, so they they ran it down the pipe to their other bedroom buddies to look for the exploits - with some hints as where to look, I'm sure.
XKeyScore ring any bells ?     ;)
BTW, that design was developed in Israel. (I have no paper trail for the NSA shennanigans, but all the evidence points to it )
Of course they're going to say this; https://www.techdirt.com/articles/20180106/10334238946/nsa-denies-prior-knowledge-meltdown-spectre-exploits-claims-it-would-never-harm-companies-withholding-vulns.shtml 
Now, these exploits are being modified;  https://www.csoonline.com/article/3253247/security/3-leaked-nsa-exploits-work-on-all-windows-versions-since-windows-2000.html
Meltdown can be slightly mitigated, but forget about SPECTRE until the manufacturing process for the chips is revamped.

visitors can't see pics , please register or login


SPECTRE operates at the Instruction Set Architecture level, which is lower level than the BIOS / EFI or Operating System level. The machine doesn't need to be turned on, it just needs batteries or to be plugged in.
https://en.wikibooks.org/wiki/Microprocessor_Design/Instruction_Set_Architectures

https://en.wikipedia.org/wiki/Instruction_set_architecture

"   According to some cybersecurity experts, fixing Spectre will require a complete overhaul of the way chips are made and could take years.

    6. Spectre will require a complete re-architecture of the way processors are designed and the threats posed will be with us for an entire hardware lifecycle, likely the next decade.

    — Nicole Perlroth (@nicoleperlroth) January 3, 2018   "
https://www.trustedreviews.com/news/intel-chip-problem-cpu-flaw-meltdown-spectre-vulnerability-patch-3365861

"    AV-Test, an independent antivirus testing house, is reporting that they’ve seen about 139 separate code samples that exploit the vulnerabilities. They include the first JavaScript-based proof-of-concept exploits attacking browsers.   "
https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

Time to look into a fine grained JS blocker like NoScript if you're not already running one.   :o

Nice, eh ?     ::)


(Not as elegant a response as I wanted, but I'm tired - I think it's nap time.)    ;)       ;D
 
It may be that your sole purpose in life, is to serve as a warning to others.   :o

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #9 on: September 08, 2018, 11:32:32 AM »
Chrome Users:  "   Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now.   "
https://thehackernews.com/2018/09/mega-file-upload-chrome-extension.html
https://news.ibinex.com/2018/09/06/chrome-extension-mega-full-of-malware-that-steals-peoples-monero/
It may be that your sole purpose in life, is to serve as a warning to others.   :o

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #10 on: September 08, 2018, 11:36:28 AM »
 "   A highly popular top-tier app in Apple's Mac App Store that's designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China.   "
https://thehackernews.com/2018/09/mac-adware-removal-tool.html
It may be that your sole purpose in life, is to serve as a warning to others.   :o

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #11 on: September 08, 2018, 11:52:21 AM »
8 1/2 real time cyber attack maps.  ;)
https://geekflare.com/real-time-cyber-attacks/

visitors can't see pics , please register or login
It may be that your sole purpose in life, is to serve as a warning to others.   :o

wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #12 on: September 09, 2018, 05:02:47 AM »

As far as Spectre and Meltdown go, there is absolutely no software or Bios update that will fix them. Those are NSA backdoors built right into the hardware of the motherboard that integrate with Intel ME and go all the way back to the Celeorn (the design all newer chips are based on) CPUs.
The NSA has been in bed with Intel since at least the early 90's so SPECTRE and Meltdown are not bugs, they're design features.
The only reason any of these 'features' have come to light is because the Shadow Brokers released them into the wild and the NSA had to cover their ass, so they they ran it down the pipe to their other bedroom buddies to look for the exploits - with some hints as where to look, I'm sure.
XKeyScore ring any bells ?     ;)
BTW, that design was developed in Israel. (I have no paper trail for the NSA shennanigans, but all the evidence points to it )
Of course they're going to say this; https://www.techdirt.com/articles/20180106/10334238946/nsa-denies-prior-knowledge-meltdown-spectre-exploits-claims-it-would-never-harm-companies-withholding-vulns.shtml 
Now, these exploits are being modified;  https://www.csoonline.com/article/3253247/security/3-leaked-nsa-exploits-work-on-all-windows-versions-since-windows-2000.html
Meltdown can be slightly mitigated, but forget about SPECTRE until the manufacturing process for the chips is revamped.

visitors can't see pics , please register or login


SPECTRE operates at the Instruction Set Architecture level, which is lower level than the BIOS / EFI or Operating System level. The machine doesn't need to be turned on, it just needs batteries or to be plugged in.
https://en.wikibooks.org/wiki/Microprocessor_Design/Instruction_Set_Architectures

https://en.wikipedia.org/wiki/Instruction_set_architecture

"   According to some cybersecurity experts, fixing Spectre will require a complete overhaul of the way chips are made and could take years.

    6. Spectre will require a complete re-architecture of the way processors are designed and the threats posed will be with us for an entire hardware lifecycle, likely the next decade.

    — Nicole Perlroth (@nicoleperlroth) January 3, 2018   "
https://www.trustedreviews.com/news/intel-chip-problem-cpu-flaw-meltdown-spectre-vulnerability-patch-3365861

"    AV-Test, an independent antivirus testing house, is reporting that they’ve seen about 139 separate code samples that exploit the vulnerabilities. They include the first JavaScript-based proof-of-concept exploits attacking browsers.   "
https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

Time to look into a fine grained JS blocker like NoScript if you're not already running one.   :o

Nice, eh ?     ::)


(Not as elegant a response as I wanted, but I'm tired - I think it's nap time.)    ;)       ;D
 


while spectre is indeed a hardware issue, intel can still update microcode to not allow access to that part of the hardware. this microcode is implemented through operating system updates, or bios updates.


it does slow the processor down though.
 also software is able to mitigate this by blocking specific code from running; such as,but not limited to, web browsers patched to  block javascript code that could exploit this.
see https://meltdownattack.com/ for an explanation ; it has the whitepapers available as well.
i have stated elsewhere that the NSA has had knowledge (and therefore access) to all these exploits for at least a decade, and more likely 2 decades.


a thought on intel ME:
this was designed for sysadmins to be able to have remote access to a machine, that allows the admin to change BIOS settings remotely (without having to travel perhaps hundreds of miles). this is so a admin can fix things with minimal downtime. this makes sense if you think about it, if a sysadmin has to drive 50 miles on a saturday to for example, change a setting in bios, and drive home; then you (the company) has the cost of paying said admin OT, as well as a hour or more of downtime on the server. this could be done in a minute or 2 remotely.


an example of this would be :
a company has a webserver for ecommerce.
the power is cut,your ups runs out, everthing shuts down
now the original webserver is stuck in bios for whatever reason (kb not found, press F1 to continue for example)
the admin can remote in to intel ME and fix these things.

all of the above said, intel ME has its flaws and spectre can certainly exploit them via speculative execution.
statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #13 on: September 12, 2018, 04:10:08 AM »

while spectre is indeed a hardware issue, intel can still update microcode to not allow access to that part of the hardware. this microcode is implemented through operating system updates, or bios updates.  ...
Excellent retort.  ;)

For the non-Techs, here's a report - from 2012 -  that pretty much covers it.
Offensive Language Warning

http://truedemocracyparty.net/2012/11/new-intel-based-pcs-permanently-hackable-jim-stone-new-core-vpro-processors-no-longer-any-pretense-about-your-private-information-internet-freedom-is-over/

Here's a workaround fro P4's up to VPro - you'll need to be a DIYer though.
(The folowing direct quote was lifted from Intel Exchange, which referenced a 2014 Jim Stone article that no longer exists afaik.
(JS is under constant attack by state actors)
(I've also X'ed out the usernames in the following quote.)

Quote
June 18th 2014, by xxxxxx xxxxxx @ Jim Stone Forum / Computer security thread

__________________________________________________________________

Excuse me please - something hot has emerged re Hardware Security.

To wit: We have all been informed of the always-on cellphone link embedded in the Intel proceesors from (iirc) the Pentium-4 forward. To date, no real word seems to have surfaced as to countermeasures, though. For my part, I have puzzled over the "How" of this foul bit o' tech from the start, with an eye toward, ah, "Sovereign Remedy". Well, I could indeed be mistaken - but I think I have caught onto it. Here's what:

My first notion was to do a leetle surgery on the chip, possibly by removing The Antenna Pin(s) from the package. So starting from knowing exactly nothing in particular about any aspect of the package, I up 'n' got myself a copy of the official P4 spec sheet, since I have nothing newer than that in my lab's Resource Pile. Read that fine Intel pinout chart top-to-bottom. Found NO designation for any pin or clampable terminal (as used in the later models) that could be seen even as a veiled reference to an antenna-feed terminal connected to the mainboard.

Didn't make much sense to bury such a key board trace between the ground-plane layers of that fine four-layer composite item anyway. Moreover, all the PC-Board-based etched-trace antennae I have observed (all both of 'em) were etched in a fully recognizable manner.

So what is left...? Too simple. Hidden in plain view! It's the top cap of the chip plus the heat-sink. The "rubber" pad that provides thermal contact between the two parts is in fact electrically as well as thermally conductive. So is metal-filled heat transfer paste. Perfect connection for the purpose.

Ohmmeter tests done @ ~1.5 volts across the probes of a 20K ohms-per-volt Shack-grade multimeter, done this morning on several naked boards of the P4's vintage, clearly demonstrate the presence of semiconductor junction(s) standing between the P4 chip's protective top cap and System Chassis Ground. High resistance one way, much lower in the other direction. But only on Intel P4-equipped boards, NOT with any of the AMD-based ones. Ditto the Intel Celeron-equipped boards; an open circuit is all I have found on any of those boards currently in-house.

So there we have it. 99.44% Confidence Factor. Nailed solid, afaiac. The Rogue Stealth Cellphone Connection Antenna is the bloody heatsink!

Sidebar: The likely answer to the "So what's left?" question, which I had left to "simmer" as I often do when things Look Impossible, first rose to mind last night while conversing with a friend on an entirely different Edgy Topic. So I said something to her in passing on the matter, having warned her of the remote-shutdown/hacking/datamining hazard a couple of months prior. And POOF! - just as soon as I set the topic and then said, "...looks like it's the Heat Sink..." our connection (via Skype-to-iPhone and back again) went DOWN. Just like in the old days when Mr. Christopher Story FRSA was alive and howling in the Bush Gang's face for Honest Banking, real estate prices were gonna' never drop and Financial Derivatives were the Big Criminal Secret! (My friends finally caught on that I was Not Paranoid from that series of forced hangups, fwiw. Such a lovely backfire! {grin} ). So per SOP, I just dialed her back up and we finished-off with no further interference.

So what to DO about it...? Can't just go out and blow up all the cellie towers, though doing so'd surely spark a resurgence of Citizens Band and Family Channel Radio activity in its place. (GET 'em while you CAN imvho.) Well, I dunno' fer sure; my test gear ain't exactly up to the full task today. (OK for that to change too, fwiw.) But classic "Faraday Cage" shielding of the heatsink+fan assembly seems both mechanically difficult to achieve on the kitchen table and thermally impractical besides, once installed. How about braided copper straps fastened to the fins with aggressive-thread screws on one end and to the board's grounding connections on the other? Possibly, but those fine handcrafted copper straps just might even unintendedly resonate at the frequencies involved, making themselves a New Part of the Old Problem. But oh wait wait... Capacitive bypass... HM!

The object of the exercise, of course, is to divert the incoming signal to system ground before it can enter the logic and play hob with one's work. Best first-cut notion from out of my own "seat o' th' pants" instinct seems to be .001 to .005 microfarad disk-style ceramic capacitors connected from the heatsink to the nearest system ground points, using leads as short and as fat as can be soldered onto 'em. (It seems on reflection that those caps should be mounted as close to the fins as possible, just to capture as much microwave energy as can be without lead inductance getting in the way.) Mylar caps seem unsuitable due to the inherently unavoidable (significant at those frequencies though indeed tiny) inductance component built into that rolled-up foil+dielectric design.

Others with deeper microwave engineering exposure than mine may have something to contribute to this notion and the line of hardware-mod development that follows. One thing has come out plain as day once again, though: High-tech assault can often be stopped in its tracks by means of a leetle intelligently devised low-tech defense. This instance simply does look, for all the world (at least on the first cut) just like Another One of Those.

So I sure do hope this input proves to help keep the Rest of Us safe, free and online without interruption. Love to hear from others on this line; this tab stays open now. Let's just harden 'em up, shall we not? And that is all. 0{:-)o[


xxxxxxxxxxxxx
   
4 years and 11 weeks ago

Wow. Using the heat sink was ingenius. Is there a possibility of some kind of non electrically conductive heat sink paste? Something that would still pull heat up like is needed, but would electricaly insulate the cpu?
xxx
   
4 years and 11 weeks ago

I've been waiting for this... I'm not that good in electronics, so I guess I'll wait for an answer to SlapstickLlama's question.
xxx
   

Don't think using a heatsink as an antenna is possible ?   :o

(Please give special note to the dates in this article.)   ;)

https://www.researchgate.net/publication/3883616_Study_of_heatsink_grounding_schemes_for_GHz_microprocessors
It may be that your sole purpose in life, is to serve as a warning to others.   :o

wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #14 on: September 12, 2018, 05:42:36 AM »
Excellent retort.  ;)

For the non-Techs, here's a report - from 2012 -  that pretty much covers it.
Offensive Language Warning

http://truedemocracyparty.net/2012/11/new-intel-based-pcs-permanently-hackable-jim-stone-new-core-vpro-processors-no-longer-any-pretense-about-your-private-information-internet-freedom-is-over/

Here's a workaround fro P4's up to VPro - you'll need to be a DIYer though.
(The folowing direct quote was lifted from Intel Exchange, which referenced a 2014 Jim Stone article that no longer exists afaik.
(JS is under constant attack by state actors)
(I've also X'ed out the usernames in the following quote.)

Don't think using a heatsink as an antenna is possible ?   :o

(Please give special note to the dates in this article.)   ;)

https://www.researchgate.net/publication/3883616_Study_of_heatsink_grounding_schemes_for_GHz_microprocessors

any electrically conductive material can be used as a antenna. however the antenna length must be tuned to match the desired radio frequency. you *could* use a paperclip as a tv antenna. you wont pick up many (possibly 0) tv stations. this is because the length of the antenna must match the frequency (or a quarter of said frequency)  of the radio wave you want to transmit/receive, or (remote) reception will be degraded. and yes television uses radio waves.
usually antennas are designed to transmit/receive (well not so much transmit) a range of frequencies, such as fm radio, am radio, uhf tv , etc.

a metal heatsink doesnt match any frequency, mainly because they are designed to dissipate heat, not transmit/receive. thus any transmissions will be of poor quality at best. and when encased in a solid metal case (a standard desktop pc for example) is further degraded or blocked entirely because the case becomes a (poor) faraday cage. the new glass cases tend to let radio waves through.
furthermore tempest monitoring* may (further) drown out any transmissions from said heatsink.
modern LCD screen have cut down significantly on tempest monitoring due to much lower power requirements and therefore less transmit power over older crt monitors. while still possible, tempest monitoring may only extend a few tens of feet from the monitor. instead of 100 or so for crt monitors.

*tempest monitoring is when a person picks up emissions from your monitor ,and reconstructs those to see what you are doing on your monitor. arguably it can include monitoring any emissions from your computer.
see here for more info.
statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/