Computers can still transmit information when turned off!
I laughed and hung up.
Yea. You need to know about wake on lan, ATX power states, network card chipset firmware security, and how trusted the network stack is at various levels. Better yet, don't go digging, because you'll get upset.
Bottom line though is that with a little help from the hardware manufacturer, there is no "off", and a network controller card (or sound card) today has more computing power than many large/expensive computers had just a decade or so ago. And the firmware for those cards is often flashable, and TRUSTED by the operating system because the OS simply has no way to tell what any particular controller is doing when it isn't talking to the OS.
Lots and lots and lots of doors, and any true computer geek with time on his hands can exploit an awful lot of really unexpected vulnerabilities. People don't realize that their hard drive has a fairly capable controller chip and more RAM than is required to simply act like a hard drive. If someone is able to exploit the firmware validation process, they could probably make your hard drive do all sorts of naughty things. And now they're hanging SSDs directly on the pci-e bus, so they could theoretically talk to other devices (like network cards) without cpu or OS intervention. How about a hard drive firmware exploit that opens a network socket and streams your HD contents directly to the network stack? It could be done with 2 firmware hacks and MAYBE a driver hack to ensure the OS doesn't notice. Input buffers are simply memory address ranges. Yea this stuff shouldn't be possible (signed drivers/firmware, protected address spaces, etc) but almost everything has a back door, intentional or not. To exploit "black box" systems, hackers used to, and still do, send inputs to all memory addresses in sequence just to see what happens. Sooner or later you find out which address range does what, and with time you can reverse engineer almost anything. For a networking controller where the network stack has been well defined for decades, figuring out where you can directly make stack inputs may not take as long as you would hope.
I sort of did this kind of thing for fun right after I finished school while awating training. Back then it wasn't the heinous federal offense it is now, and the network admin helped me do it anyhow. Nowadays, running a program that talked directly to networking hardware on a military computer, or set up a TCP-IP tunnel over a telnet terminal connection would probably earn a few years of jail time. In 1994 it was simply zero credit post-grad work for fun and cool points. Just for fun I could duplicate that work in less than a week now (remaining within a browser sandbox using cookies to communicate between processes), but if they caught me I'd go to jail, so I won't do it or even explain my solution.
