Cryptography Failure Story

By Russian spies:

Ricci said the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.

EDITED TO ADD (7/2): More information.

Posted on July 1, 2010 at 7:35 AM • 37 Comments

Comments

EvilTrevJuly 1, 2010 7:57 AM

Well, those long passwords may be difficult to brute force, but if the humans have to write it down because they can't remember it, then someone could just find it. Passwords need to be Human memorable too. Perhaps we should be training people to remember long passwords....

lots of questionsJuly 1, 2010 8:08 AM

Some questions:

1. Anyone have any idea what the password might have been doing? Was it the key that an unencrypted steg program was using to find out which pixels to select from the picture, and then what to make of those selected pixel values? Or was the program encrypted? Or was the HDD encrypted? Or all of the above? Or none of the above?

2. On the surface it doesn't seem to be a failure of the encryption per se. The FBI had to break in and photograph the password in order to decrypt the messages. And it could only decrypt the messages that worked with that password. Presumably the others had other passwords which were not photographed--unless the USG actually brute-forced all or some of the passwords and doesn't want to admit it, only revealing the content of messages for which it had a photographed password.

3. The court documents say absolutely nothing about the content of communications between agents and handler via the ad hoc WiFi connection, only that the connection was between so-and-so and the Russian diplomat in the car or van. Again, perhaps the FBI is being coy, but if we take it at face value it seems that they couldn't break the ad hoc connection to find out what was being communicated.

Hence, it seems a failure of tradecraft more than encryption--unless memorizing your password and then burning the piece of paper is part of cryptography. Whatever happened to putting the password into the hollowed-out nickel in your pocket?

IanJuly 1, 2010 8:26 AM

@lots

Re: point #2

Do we know if they actually tried to break the encryption? I thought they just found the password and didn't even try breaking it.

Romeo VitelliJuly 1, 2010 8:41 AM

"Do we know if they actually tried to break the encryption? I thought they just found the password and didn't even try breaking it."

Isn't that pretty much how most security systems are bypassed?

lots of questionsJuly 1, 2010 8:45 AM

@Ian

Since the FBI only provides messages that were decrypted with a password photographed during a B & E (with a warrant), in the course of a 10-year investigation, it would be reasonable (?) to think that they would at least have an interest in finding out what the others were steg-messaging to Moscow Center and getting back from Center, and what they were saying on the ad-hoc WiFi connections with their handlers.

I dunno. You can't prove this sort of thing; you can only work in terms of logic and common sense: what would I do if I was head of an FBI CI operation that went to the trouble of going down to Latin America to video a hand-over in a park when faced with encrypted communications between Moscow Center and my suspects or between local diplomatic-cover handlers and my suspects. Personally, I'd want to know what the content of the messages were. Would I restrict myself to B & E's to see if they left the password taped to their CRT? Probably not. If I could get some other agency to work on brute-forcing the messages, I would.

Something I forgot. The FBI also does not reveal, AFAIR, the content of the burst transmissions between the suspects and Moscow Center, again raising the question whether they couldn't decrypt them, or did and don't want to admit them. Hard to imagine they wouldn't bother to try to decrypt them.

charlieJuly 1, 2010 8:55 AM

I wonder how many NSL the FBI blew through on this investigation. I'd imagine a massive number of people would look at a picture, and you'd have to quickly follow through each one of them to make sure they are not spies as well..

JBWJuly 1, 2010 8:58 AM

It's in the FBI's best interest to make these folks look incompetent. It allows them to deflect questions about how much work they really had to do - how many messages could they decrypt with the found password vs. how many they decrypted by other means vs. how many they couldn't crack, for instance. The FBI wants the focus to remain on The Illegals and their actions rather than on the steps and technologies that the US had to use to crack the case.

IanJuly 1, 2010 9:05 AM

@lots of questions

Good point(s) - I wasn't thinking of the time frame involved. I agree that it'd be a reasonable assumption that they'd have done some fairly extensive work in the years before getting to the point of procuring a warrant and doing the physical entry stuff.

StenosaurusJuly 1, 2010 9:26 AM

Re: point #1

I would assume that the Stenography program simply hid encrypted data, the password was used to decrypt that data.

Clive RobinsonJuly 1, 2010 10:47 AM

What really surprises me is the use of Short Wave radio it is "so last century" and stands out like the proverbial sore thumb these days.

Modern equipment can pull out the entire HF band with accurate directions without requiring the good old "elephant cage" of RAF Chicksands etc.

In point of fact HP had an I&Q receiver over 15 years ago that could swallow 20Mhz of bandwidth that you can pick up second hand fairly cheeply. With a few minor mods it would push it straight out into a digital recorder or computer to store the data away.

With out much effort and a couple of mildly expensive A2D converters you could do the same at home these days.

Chewing up the data looking for "HF Burst" would not require that much effort (compared with crackng any serious pencil and paper encryption thats not an OTP) so these folks might just have brought the investigation down on themselves by using well out of data methods.

stepsJuly 1, 2010 10:55 AM

Why are newspapers so biased towards assuming that anything to do with spying has to be super-dooper-high-tech?

"private Wi-Fi networks, flash memory sticks, and text messages" and "range extenders" are not that high-tech. And Jason Bourne was around in 1980 - that comparison was just dishonest.

jacobJuly 1, 2010 11:13 AM

I am genuinely torn in my thinking on this. For years I have wondered if criminals/terrorists/pedo, etc., whoever the bad guy is this week are that stupid or not. The authorities catch 'em, usually through simple detection. Does that mean they are only catching the dumb ones? I have suspected that mentality of the above makes them not think clearly in other ways and trips them up. What clearly thinking person corresponds with someone radical on the internet in IRAN? Or hands over for development pictures of them holding flags/guns? Or props a "child" on the internet? They honestly think that 1. Someone wouldn't report them.
2. They couldn't be FBI, local police, or other group? They might as well walk around with a sign around their neck.
Kind of confirms my thinking. I would love to hear an alternate explanation. Maybe the authorities don't talk about the smart ones? Oh, Gore groped during a late night massage alone with a woman? If true, bad judgement. Another example.

acJuly 1, 2010 11:14 AM

And we're all pressing ctrl-alt-e on our PCs right now :). Now when the spies start using Macs like in all the movies, we'll have something to worry about.

Now what would be even more interesting is to us stenography at such a level as to make the hidden message retrieveable from a photograph of the image. Bonus points for being able to read it from a youtube video.

I wonder if HTML5 video will run on Tor Button's security model.

Davi OttenheimerJuly 1, 2010 11:23 AM

Reminds me of the old proverb that the only criminals are dumb criminals. I guess you could apply the same to spies. (Those who aren't dumb are able to evade detection/conviction).

jacobJuly 1, 2010 11:28 AM

@Davi. You summed it up much better than I. Kind of like my view that only dumb men cheat on their wives, or treat people badly. ;)

dhJuly 1, 2010 11:53 AM

I'm sorry to be flippant, but isn't this a Bullwinkle episode:

Natasha: Daaahhhling... where is secret password?
Boris: Here, on highly secure post-it note.. safe from Moose and Squirrel.

Trichinosis USAJuly 1, 2010 12:08 PM

A look at the meta: The FBI was watching this group for about 10 years. The timing of the attempt to infiltrate was deliberately designed to coincide with the G8/G20 summits. If one reads the transcript of the FBI complaint, it's clear that Chapman figured out something was wrong with her new contact and got ready to run.

http://documents.nytimes.com/criminal-complaints-from-the-justice-department?ref=europe

The result was a barrage of sensationalist media coverage that knocked something else off the front pages - a classic Rovian stratagem that was employed during the Bush administration. I have my own ideas of what that something was supposed to be, but suffice to say the diversion didn't work for very long... at least not at the NY Times.

Even to my inexpert eyes, the laptop communication thing is incredibly crude and probably how they were initially detected. I suspect the FBI's shyness over whether the communications encryption was cracked or not is similar to their shyness about exactly how long they were monitoring these communications.

What a photographer on the Gaza flotilla did by secreting 4 hours of video and photo evidence of Israel's actions on memory sticks was vastly more effective. If these people had been using dead drops with memory sticks they might have succeeded. Of course, looking at the results, it would appear that their definition of "success" was living large on Russia's dime. In that light one wonders if one or more of them were double agents, flushed out at a time convenient to someone in the US government in order to manipulate world events and US media coverage. I mean, come on. The laptop thing is so crude it's the kind of thing that high school kids would think would work undetected, especially in a post-Patriot Act United States. Even *I* know about AirMagnet and it's ilk.

DayOwlJuly 1, 2010 12:12 PM

A well-publicized capture of Russian agents in the US? Give me a break! Something about this stinks.

clvrmnkyJuly 1, 2010 12:42 PM

@EvilTrev: we already know how to remember long passwords. They are called "sentences."

Seriously, if you aren't already using pass phrases...

SamJuly 1, 2010 2:10 PM

There's some other interesting details on this case. The one that stands out to me is:

"A secret Russian agent identified as Christopher Metsos was surreptitiously
handed the money by a Russian official as the two swapped nearly identical
orange bags while passing each other on a staircase at a commuter train
station in New York.

After giving some of the money to one of the defendants, Metsos drove north
and stopped his car near Wurtsboro, N.Y. Using data from a GPS system that
had been secretly installed in his car, agents went to the site and found a
partially buried brown beer bottle. They dug down about five inches and
discovered a package wrapped in duct tape, which they photographed and then
reburied.

Two years later, video surveillance caught two of the defendants digging up
the package.

So the FBI A) witnessed a covert money transfer from a "russian official" to Metsos, B) GPS tagged Metsos' car C) tracked down his dead drop location & D) kept the location under video surveillance for two years....

Pretty impressive work on the part of the FBI!

Clive RobinsonJuly 1, 2010 2:13 PM

I was once told the art of field craft had few rules but No1 was always,

Blend in so you are invisable.

Followed by,

Do nothing out of place that would attract attention.

Have nothing in your possession that can show you are not who you claim to be.

If it's not in your head then either it does not exist or it is not secret.

And a few others, that are as easy to remember.

I would say owning and operating a clandestine SW Burst transmitter does not fit in with any of those rules period. Likewise having stego software on your computer.

For those with a little knowledge and ability to remember the code you can use the MD5 hash in perl or python to make a stream cipher and it's the work of a few more lines of code to put crude stego into a picture as a "watermark".

However stego has a problem it's very very rarely sufficiently below the noise floor to be even close to invisable.

It is this inability to hide the information that was one of the things that made digital watermarks a bit of a "dead duck" technology before it had even hatched at the turn of the century. And at the end of the day stego and digital watermarks are effectivly one and the same.

You can use the Internet via open blogs and big player search engines with caches to set up a two way communications channel which is as close to fully detached as it's possible to get (certainly more so than the likes of TOR etc). I have described one way before when talking about botnets without attackable control channels.

And I have even pulled Bruce's leg that this blog and some of it's stranger messages could be covert messages...

John HardinJuly 1, 2010 2:44 PM

"Um, wasn't your own advice to use long, strong passwords and to write them down and store them in their wallets?"

Do that, and then add ten or so characters (five before and five after, say) that you can remember and that you *don't* write down anywhere.

Richard Steven HackJuly 1, 2010 3:40 PM

There's a lot of suspicion rising on the part of various commentators that this whole case stinks to high hell of some sort of PR or disinformation effort. The whole case just smells.

The main problem anybody should have is WHY the FBI took TEN YEARS to close in on these people. Either those people were VERY good at what they were doing or they weren't. Based on the tradecraft, they were so-so. Based on the FBI taking ten years to close them down, they were very good.

Which is it?

Frankly, it's impossible to trust anything the US government says any more about ANY subject. There's just too much corruption, game playing, media manipulation, and outright lies from everybody from the President on down. And the FBI is known for being the worst of the lot (next to the Pentagon and the CIA, anyway).

Given that the entire Iran "nuclear crisis" has been made up from whole cloth without a shred of evidence, but Obama continues to push a course of action which inevitably must lead to a war with Iran, exactly as Bush did with the Taliban in Afghanistan and with Saddam in Iraq, I think it's naive to assume that this spy business is in any way "legit".

antibozoJuly 1, 2010 4:38 PM

I wonder why this information is coming out. Based on the charges filed, I don't see how it's relevant, unless some of the coded messages somehow relate to the alleged money laundering.

What I do see is that there is an undercurrent of "if you use cryptography you must be a criminal" sort of thinking going on.

Trichinosis USAJuly 1, 2010 6:18 PM

@Richard Steven Hack:

You nail it exactly. Why did it take them 10 years to flush these people out? Was it because they couldn't do it, or because they wouldn't?

@Sam:

Yes, a very pretty fairy tale being told by the FBI about Metsos there. They surely were watching his every move with minds like a steel trap, their artfully torn bullet proof vests flashing shorn Van Damme-like pecs and biceps, while dialogue written by Richard Marcinko dropped like pearls from their lips.

Oh, by the way, isn't Metsos the guy who also ESCAPED?

MattJuly 1, 2010 9:00 PM

Why dont they use software that runs the passphrase through MD5 a bazillion times. Something that takes 2 minutes on a current laptop should be sufficient. Then an easily memorable pasphase of 6 random characters would be fine. Wouldn'd it?

Matt from CTJuly 1, 2010 10:50 PM

>D) kept the location under video
>surveillance for two years....
>
>Pretty impressive work on the part of
>the FBI!

Yes, kudos to the FBI's persistence. I don't want to take anything away from it with the next comment.

If there was a nearby building, video surveillance today is cheap and easy -- a convenience store quality video system will easily store a year of video.

Alternatively, for motion-activated still photography game cameras are very popular (and have been for years) with the police. Nearly 10 years ago we were experiencing a rash of arsons that had a non-random pattern to them. Several of the buildings that matched the profile of other targets the State Fire Marshal's Office setup infrared (i.e. no flash) game cameras at.

Just saying persistence isn't necessarily resource intensive.

>The main problem anybody should
>have is WHY the FBI took TEN YEARS
>to close in on these people. Either
>those people were VERY good at what
>they were doing or they weren't.
>Based on the tradecraft, they were
>so-so. Based on the FBI taking ten
>years to close them down, they were
>very good.

What would the strategic reason for shutting them down sooner be?

Sure, you could have a quick tactical victory "Hey this guy's a spy, no he's not doing anything dangerous to national security, but let's bust and deport him!"

Or you can go "Ok, this guy's a spy, he's harmless right now. Let's watch him, see who else is involved, how they operate, if they become an actual danger to national security we can bust them, otherwise let's let this game play as possible."

I'm going to think the strategic "let's play this game and see what more we can learn" beats out a quick bust of one or two people any day in this type of business.

My quick read of one of the affidavits is that while they were probably getting ready to bust them anyway, they spooked Anna Chapman on Saturday -- which caused her to buy the Tracfone so she could discretely contact SVR. Sunday was spent writing up warrants so they could bust all known individuals before arrangements to flee could be made.

LarsJuly 2, 2010 1:33 AM

This password obviously opened up the cover-story data within which an easy-to-remember 12-letter password steg-hides the real information. :-) Seems like the nefarious fiend from outer space (nffos) got the upper hand ... again.

KenelmJuly 2, 2010 7:23 AM

I don't really get how they could use a key for steganography.

Basically, steganography is about using any means to transmit data, and prioritizing those means based on how they affect data, hence how noticeable they are. Most people see steganography as hiding something in a picture; it works, but you can do much better than that, even on a picture.
Apart from the obvious hiding of data in a 24bit bitmap formatted to 32bits, using the transparency bits, you can alter the LSB of each byte of each color component, which would slightly alter the picture, but not enough to make it noticable by the human eye, and when used on a photograph, it just can't be noticed unless you have the original unaltered photograph. On a 800x600 pixels BMP, you can hide 175 kilobytes of data, which is HUGE. You can also change how the colors are ordered in a paletted image format, such as GIF or PNG, giving you thousands of different possibilities, which can be used to store a bit more than 1 kilobyte of data.
Once you get the thing, the possibilities are endless. Just pick a file format, and see what can be altered, and calculate all the possibilities to see how much data you can pack in: you can change the order of the XML nodes of a document if their order isn't relevant, you can add as much data as you want at the end of an executable without breaking it, you can add additionnal data fields to a PNG image, you can add hidden tracks to a sound file that media players will never use, you can alternate CR+LF, CR and LF to mark the end of lines and use the variation to store data in ternary format, you can use unused/reserved fields in all kinds of file formats...

The enemy of steganography is strict formats that give you no room to move and/or alter things around. To give you an example, you can't hide stuff to a X.509 certificate, there's just no room for that. You also have to fear peers that might modify and/or destroy data, such as pic hosting websites, some of these store your pic exactly the way you uploaded it, while others will create a blank new file and copy exclusively the image data and strip everything else.

But the problem here is obvious: once people find out how you hide data, you're screwed. Just like ciphers back then didn't use any key, and couldn't be reused once revealed, steganography doesn't use any key, and likely never will. I think that's where steganography stops, and cryptography begins. So there is of course some cryptography in there, you just wouldn't hide plain data, and I think that's where this key belongs.
But unless you're using an overly complex scheme, I don't really get how you could put a key in there. Maybe you could like switch things around, mix them up, transform them, to change things a little bit... but that's cryptography, not steganography.

MoonShadowJuly 2, 2010 11:26 AM

"And at the end of the day stego and digital watermarks are effectively one and the same."

That's actually not quite true. They differ in one vital way.

Digital watermarks for the purpose of DRM need to be able to survive image processing. This pretty much means they need to be perceptible or fail at their purpose, since the intent of lossy image compression is basically to preserve only perceptible image information.

For stego, fragility is fine and possibly even desirable, leaving the door open to mutating images in ways the human eye has difficulty perceiving.

jacobJuly 2, 2010 11:47 AM

Good points above. My questions would be the following:
1. why so long to arrest? probably observing them and timing of the g20 meeting.
2. Another article mentioned them using encrypted notebook "bursts", and ad hoc setup. What?? were they using?
3. Article mentioned that the FBI copied their hard drives. Unless GeekSquad was involved, they did it covertly. I would have installed a keylogger of some kind. Spies really need to set up covert cameras to know if the agencies break in. Might have saved their bacon. Maybe that's how they broke the encryption if it really was encryption in the classic sense.
4. As bruce has said, against a government that really wants to get you, you're screwed before the game begins. You're just the mouse and they are the cat playing with you.
5. I view encryption as protection from thieves/loss of computer, etc. I'm sure the abc's have tor nodes set up for example.
6. They caught what they are describing as relatively harmless gang. The dangerous ones, I imagine are shipped overseas for "questioning".

PaulJuly 2, 2010 12:45 PM

But unless you're using an overly complex scheme, I don't really get how you could put a key in there. Maybe you could like switch things around, mix them up, transform them, to change things a little bit... but that's cryptography, not steganography.

Most likely they simply used a program that would automatically extract the relevant ciphertext from the stego image and decrypt it using the provided key (in this case 27 characters, likely hashed who knows how many times before being used as a symmetric key). It's both stego and crypto.

Clive RobinsonJuly 3, 2010 5:15 AM

@ MoonShadow,

"For stego, fragility is fine and possibly even desirable, leaving the door open to mutating images in ways the human eye has difficulty perceiving"

Sorry no "fragility" in stego is most definatly not fine.

If it breaks for whatever reason then the message will not get through. Thus requiring a reasend in some form that would be very suspicious.

No stego for carrying encrypted traffic/messages has to be very robust and in now way fragile.

AndrewJuly 3, 2010 3:29 PM

"WHY the FBI took TEN YEARS to close in on these people"

It's usually a lot more valuable to watch a spy than to arrest them.

Nick PJuly 6, 2010 2:46 AM

@ Andrew

"It's usually a lot more valuable to watch a spy than to arrest them."

Wise words. ;)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..