Friday Squid Blogging: A Squid that Fishes

The Grimalditeuthis bonplandi is the only known squid to use its tentacles to fish:

Its tentacles are thin and fragile, and almost always break off when it's captured. For ages, people thought it lacked tentacles altogether until a full specimen was found in the stomach of a fish. Weirder still, its clubs have neither suckers nor hooks. Instead, they are flanked by a pair of leaf-shaped membranes. Why?

Now, after observing a live individual off the coast of California, Hendrik-Jan Hoving from the Monterey Bay Aquarium Research Institute (MBARI) in California thinks he knows what how the squid uses its feeble tentacles. They're not grasping limbs, but fishing lures. By waving the membranes, the squid uses its clubs to mimic the movements small animals and attract its prey.

Academic paper.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on September 27, 2013 at 4:53 PM • 79 Comments

Comments

65535September 27, 2013 9:47 PM

@ RB

It looks like a classic weakening of encryption for future implementations under the ruse of "speed" enhancement.

Now, that lavabit is gone does anyone have suggestion for a similar service that is free or low cost?

DanielSeptember 28, 2013 12:11 AM

@65535

You missed the memo. The closing down of lavabit and Silent Circle made it very clear that there are only two types of e-mail providers left in the USA...those that work with the NSA/FBI and those that don't exist.

I doubt sincerely that it is any different in any other nation either. Perhaps you might find an e-mail provider in Mongolia that isn't being spied upon but even then all the traffic back and forth is being monitored and they would cave in an instant if the NSA came calling.

In short, anyone who promises secure e-mail to the general public lies.

JacobSeptember 28, 2013 3:24 AM

@65535

It depends on your interests and the cooperation of your contact list.

Regardless of what you choose, direct email comm will always expose your meta data (your IP address, routing info) and have it possibly tapped.

However:
- If you want to keep the body of the email confidential, encrypt it and add it as an attachment.
You can use any mail service for that.
If your addressee cooperate you can also use gnuPG encryption with some free email clients, but remember that, in addition to your metadata, the subject line will always show in the clear.

- If you don't want to go through the hassle of encryption, and just want to have a trustable service that will not spill the beans to a gov agency, than you should not use any US-based commercial service. The one that I'd recommend (requests accepted for a personal use only!) is an Italian collective offering free service (donation based), with very strong privacy, anti-fascism inclination and a good manifesto, by the name inventati/aiustici:
http://www.inventati.org/en/services/mail.html

They don't keep server logs, and they details their past brush with the law at http://www.inventati.org/en/who/collective.html

Naturally, if their 3 or so European servers are stealthy compromised, so are your emails.

BenSeptember 28, 2013 5:58 AM

Reposting this (off-topic) comment of another commenter, to here where it is on-topic. I hope it will get a bit more notice. What I would like to know is: Is it true? Is there a 3G radio on every Sandy Bridge mobo? Is it powered on and capable of receiving data whenever the laptop is on? Even when the feature is not wanted?

@i'll take your coat -thank you- you're welcome • September 26, 2013 2:25 PM

"Secret" 3G Intel Chip Gives Snoops Backdoor PC Access

vPro processors allow remote access even when computer is turned off

Paul Joseph Watson | Infowars.com | September 26, 2013

http://www.infowars.com/91497/

Intel Core vPro processors contain a "secret" 3G chip that allows remote disabling and backdoor access to any computer even when it is turned off.

Although the technology has actually been around for a while, the attendant privacy concerns are only just being aired. The "secret" 3G chip that Intel added to its processors in 2011 caused little consternation until the NSA spying issue exploded earlier this year as a result of Edward Snowden's revelations.

In a promotional video for the technology, Intel brags that the chips actually offer enhanced security because they don't require computers to be "powered on" and allow problems to be fixed remotely. The promo also highlights the ability for an administrator to shut down PCs remotely "even if the PC is not connected to the network," as well as the ability to bypass hard drive encryption.

"Intel actually embedded the 3G radio chip in order to enable its Anti Theft 3.0 technology. And since that technology is found on every Core i3/i5/i7 CPU after Sandy Bridge, that means a lot of CPUs, not just new vPro, might have a secret 3G connection nobody knew about until now,"reports Softpedia.

JacobSeptember 28, 2013 9:31 AM

@Ben
I would not be concerned about this. This is just a hyped paranoia.
The Intel AMT (based on vPRO-enabled processors) allows you to communicate remotely with the computer via a side channel, even when it is on a stand-by power, whereby you can turn it on (and off) and control it.
2-3 years ago they had in the i5 etc but you could only connect via the internet. So now they added 3G connection. So what? for this to work, you need a supported motherboard and BIOS (you must enable AMT in the BIOS), and for the 3G connection you need a SIM card to connect to your local carrier.
Some say that "they" can siphon off the data when the computer is off. Nonsense. If you have mechanical HD, it is not spinning - no data can be sent out. If SSD, the stand-by power is usually not enough to power it and operate a full speed comm for effective transfer.
And why should "they" jump through such hoops to begin with? If you are connected to the internet or to 3G (having an active SIM card), any high quality hacker can just get into your working computer and take whatever he wants - no need for a vPRO system.

I would be more concerned that my OS is compromised and sends out data whenever I am online. That's the reason that concerned people do their secret stuff on computers that have never been connected to the internet (and now also to 3G :-))

Kevin an auditorSeptember 28, 2013 11:39 AM

@ Ben
and
@ Jacob

I need to relate an experience and then relate it to my concern.

I recently pulled out a pre-paid phone I had owned for more than 18 months but had never charged or activated (or even removed from the package). I charged the battery, then installed a SIM card from a different phone (same manufacturer). When I turned on the phone, I got a "SIM card rejected" message. However, the phone updated the date and time accurately! Unless this data was transmitted by 'corpuscular bodies transmitted through the aether', the phone had communicated with a cell tower.

If the Intel chip referenced has the capabilities claimed, transmitted data is not the only issue. The computer or device can be located, whether or not it has ever been connected to the internet. This is important to people working on sensitive material.

Also: Any claims made on Infowars.com really need independent verification. Browse through the stories.

NobodySpecialSeptember 28, 2013 11:55 AM

@Kevin an auditor
You turned on a phone, which even without a SIM card, is able to contact the nearest cell tower and announce it's presence. It is even required to do this and allow you to make emergency calls without a SIM. The tower id broadcast includes the time and date.

It's like saying that my new radio when I turned it on was able to get NPR even though I hadn't subscribed - an obvious plot by a secret group of NPR libertarians (or librarians) to infiltrate all FM receiver chips.

BenSeptember 28, 2013 12:51 PM

@Jacob, Phones connect to the network whether there is a SIM or not, to be able to make emergency calls.

So will the 3G unit in the i7 contact a cell tower, announcing my location, whenever I switch my computer on? Or not? If it does it is a tracking device on all laptops. And it can also be fooled by a stingray type device to connect to that instead, in which case if the 3G stack has any remote-execution vulnerabilities, it's also a way to inject any code into the system.

JacobSeptember 28, 2013 3:07 PM

@Ben
1. I tried to find additional info re connection without a SIM. The only info I found was not conclusive, some say that it is carrier-dependent, just one way and basically useless since there is no way to get back to you since the tower can't route info back to you. I think that you should try this with your cellphone and see if you get connected.

2. I want to sress the fact that not all new i5/i7 have or will have this vPRO/3G feature - you have to buy specific computer models that support it (vPRO CPU, appropriate chipset and supported Intel ethernet adapter). This is a more expensive configuration than Intel systems lacking this feature. Please also note that 3G can not reside in the CPU alone - it is not physically possible to fit RF subcircuit with cellular-level power and an antenna in there.

3.I assume that you have specific concerns about 3G in a computer, as opposed to more common concerns of tracking via Wi-Fi or through 3G in your cellular phone. If this is the case, then yes, if you buy a computer with vPRO 3G technology in it, and set it up appropriatly for cellular communication with a SIM (notwithstanding your no-SIM opinion), then you can be tracked whenever you turn the machine on. This is the basis for the Intel cellular anti-theft technology. It is also technically feasible to siphon off info from your system then, as well as injecting malicious code.

kashmarekSeptember 28, 2013 7:22 PM

Matchstick microphone can eavesdrop on your conversations outside (or possibly anywhere):

http://tech.slashdot.org/story/13/09/28/2047256/...

I imagine that this would be for "targeted" listening (once a target is found). It can't be for "everything" as the data traffic would be insurmountable and akin to the 95% plus of tweets that are just jibberish. It would take a thousand such devices (and recorders) to listen to as many concurrent conversations...try that during a Bears-Packers game.

However, it might make our population more "silent" and perhaps more introverted out of fear of being overheard. What good would the device be in that situation?

This is likely more FUD, just to present confusion for the mind, much like the Ted Cruz 21 hour talk was to keep our minds off other things that someone didn't want to have noticed.

FigureitoutSeptember 28, 2013 7:38 PM

Quick Sunday afternoon read:
Every cipher is breakable, given enough traffic, and every cipher is unbreakable, if the traffic volume is restricted enough.
http://cryptome.org/2013/09/...

So say they crack your Caesar cipher and get the plaintext; is that really the plaintext or another layer? I would say separation of the process is needed too. Meaning you need a separate system for each individual. You can hide your keys in near plain sight w/ a unique set of symbols in your notes; and generate a lot of notes and scatter them, thus they need to bruteforce a lot of crap. Every system needs to be unique and you need to generate your own unique methods under the assumption you're being watched.

You're not going to have a good system right away, for me it took at least 3 years to where I can successfully evade state-level surveillance and now even play w/ the agents heads.

FigureitoutSeptember 28, 2013 8:00 PM

If you bring an individual into your system, you must separate them from all aspects of it until you have sufficient information on them to deem it ok. If you can convince an attacker that they have access to your system, when they don't; then you have succeeded. And you can enjoy that tiny amount of security, and hell, brag about it; beat your chest, stand up and fight for your security.

FigureitoutSeptember 28, 2013 8:24 PM

kashmarek
--It's just like the drug war. You would be blown away at the innovations druggies come up w/ to evade capture and get their fix. So it merely forces innovation and doesn't solve the root problem of drug abuse. Which in my mind is let it be and show what losers druggies eventually become.

With microphones, means of communication will become so subtle and discrete you will be blown away at some of these systems. Or, a simple code system.

Keep in mind, they will also pick up all the less than desirable sounds ;) And you can send the DSP off the charts w/ certain extremely loud noises.

And yes, "civil society" will be affected and people will stop talking to each other "off the cuff" if whatever you say and be stored and eventually used against you. So basically it's encouraging an anti-social society.

65535September 29, 2013 2:52 AM

@D That does thin the selection process.

@J Thanks. I'll check out inventati. It seems to have IMAP-SSL. That is a help.

Mike the goatSeptember 29, 2013 3:16 AM

Clive et al » I am working on a project called bSure which is designed to facilitate easy key signing in meatspace (e.g. user group meetings etc) based on the assumption that devices are not trustworthy enough to store your private key.

My concept revolves around an app that runs on Android and iOS and a 'server' portion they run on their desktop.

They install the server, load their public key into the desktop app and a QR code is displayed which contains a session key. They load the mobile app and capture the QR code (or hand enter) and visually confirm.

They now load their public key into the desktop app and can either scan a QR from the desktop app that contains their keyprint and the mobile app will download the key from a keyserver and validate it or they can copy it over via USB etc and load it into the app manually.

From this point on the app is setup and ready to use.

If they meet another user who is also using the software they can tsp phones and utilize NFC or they can scan QRs. The matching keys are pulled from the key server and details supplied along with a prompt and asked to agree to sign keys (and set trust levels etc). At which point the app will capture the keyprint and store it in its database asymmetrically encrypted to the desktop app's key.

It will also update a database that simulates what their actual public key would look like had these actions taken place just for illustrative purposes.

If the user encounters someone who isn't using the app he can enter their key ID and it will download the key. They verify the fingerprint and it is enqueued.

When they arrive home they can either copy over the database file manually or use the inbuilt android shell extension to "share" via email. This will attach it to an email and send.

When home they load their database into the desktop app and it shows the queued actions. If they agree it will open a cut&paste window with all of the required gpg/pgp commands required to pull each key from the keyservers, sign and return the signed public keys.

They can then cut and paste it into a shell or if they trust the software click an execute button.

Any thoughts?

Paul RenaultSeptember 29, 2013 8:20 AM

I was hoping that 'tenticles' was a typo - it looked too much like "testicles".

Bruce: it's 'tentacles'.

GregWSeptember 29, 2013 2:33 PM

NYTimes article describes NSA use of email and phonecall metadata to build social graphs:


http://www.nytimes.com/2013/09/29/us/...

Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.

The spy agency began allowing the analysis of phone call and e-mail logs in November 2010 to examine Americans’ networks of associations for foreign intelligence purposes after N.S.A. officials lifted restrictions on the practice, according to documents provided by Edward J. Snowden, the former N.S.A. contractor.

The policy shift was intended to help the agency “discover and track” connections between intelligence targets overseas and people in the United States, according to an N.S.A. memorandum from January 2011. The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said. Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners.

The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.

Clive RobinsonSeptember 29, 2013 3:01 PM

@ Figureitout,

With regards the "sunday afternoon read" of Mr H Campaigne, most odd. I don't know when the piece was written but the odd use of the term "crib" suggests prior to the formation of the NSA, only he also mentions Mr Khan which would be some time later.

With regards, ciphertext that is also plaintext from a previous cipher function that your adversary may have broken. In a very over generalised statment --that should most definately not be taken as gospel-- the "plaintext" will be too stylistic in nature and thus give away the fact it is some code, cipher, steganography or combination thereof.

The soloution to this is to make the final real plaintext so styalised and ambiguous in meaning that an attacker goes looking for another layer of cipher that is not there.

As Claude E Shannon pointed out "confusion and diffusion" is the way to go but not as people tend to think "Substitution and Permutation". Think in terms of Code and Cipher as your alternate layers, where the coding is not "one to one" but "one to many" (for some reason sugesting "expanding" message length has always been considered heretical).

One such expanding coding system was where each letter of the alphabet was given one or more numbers the number of which coresponded to the letters percentage usage in the language of use, in an attempt to flatten the plain text statistics. In your case however you would be looking to shape the statistics to look artificial and thus appear to be something else.

Clive RobinsonSeptember 29, 2013 3:12 PM

@ Paul Renault,

I'ts not an uncommon mistake, I have made the same mistake myself once or twice (to many ;-)

Phonetic spelling and vowels have got me into trouble often with things like,

"The tern of the turn"...

Clive RobinsonSeptember 29, 2013 3:18 PM

@ Mike the goat,

It's Sunday and for some reason I cann't get my head around your idea...

I'll have another go tomorow.

ThankYouSeptember 29, 2013 3:21 PM

@Mike the goat "open a cut&paste window with all of the required gpg/pgp commands required to pull each key [...] then cut and paste it into a shell.

Very good Idea. Please release that as free, and only collect money via a donation account.

Ideally, your server should be installed on a desktop with a full hostname that is easy to remember (full name of the user, or a passphrase). billy_the_butcher.new-york.sprint.com for example.

Otherwise, it would be easy to spoof the iOS/android App so that you end up signing key downloaded from NSA servers.

Brian M.September 29, 2013 10:20 PM

@Mike the goat:

Clive et al » I am working on a project called bSure which is designed to facilitate easy key signing in meatspace (e.g. user group meetings etc) based on the assumption that devices are not trustworthy enough to store your private key.

The premise is good, but I think that all you need to do is store the private key on the QR code, and use normal encryption protocols and a web of trust. Keep your private key QR code in your wallet. You can scan the private key into the device's memory without it ever touching the file system. When the app is stopped, the private key disappears from memory. Only your public key resides in any form of a potentially accessible location.

hmmmmmSeptember 30, 2013 1:08 AM

Nobody can access this website through any anonymous service unless that service does not exit its traffic in the United States. Changing a Tor identity or vpn exit isn't a problem but it is strange.

It is very likely somebody in the US government is censoring Schneider's blog in a highly specific sense designed to slow down but not eliminate information getting out while giving us a subtle fuck you. The Chinese model of censorship basically.

My thought is that it's the kind of thing a geek doesn't notice because it's easy to circumvent, but too confusing for the general public who will assume the site is down, slowing information spreading rather than stalling it and causing a fuss. It's been like this for at least 2 weeks.

dynamically linkedSeptember 30, 2013 2:49 AM

"It is very likely somebody in the US government is censoring Schneider's blog in a highly specific sense designed to slow down but not eliminate information getting out while giving us a subtle fuck you."

Simple.. they cannot use the traditional means of penetrating the blog/comments at high levels like they do forums, usually by kissing ass until they receive a moderator status where they can control the board, so they might be 'rocking the boat' to discourage users here.

It's all in the Gentleperson's Guide To Forum Spies:

http://cryptome.org/2012/07/gent-forum-spies.htm

Mike the goatSeptember 30, 2013 6:02 AM

@Brian M. » of course but bSure is being designed with the understanding that the cellular device is to be given the least amount of trust possible. I simply don't trust my phone to hold the PGP private key even if it was loaded into memory and never written to disk.

Having the private key on a QR (given the increasing size of private keys as people move to 4096, 8192 etc. the key may even need to be spread across a fair bit of paper real estate) would potentially expose the user to physical loss of the key via theft or simply misplacement. Even if the key is protected with a passphrase it is still an unacceptable risk IMO.

Mobile malware has become increasingly sophisticated. Even manufacturer inserted "diagnostic software" like CarrierIQ apparently has the ability to log keystrokes.

The key - in memory - could also be stolen by another app with root access (there are quite a few apps that request superuser permissions if you have a rooted phone... it's conceivable one day we will have one that doesn't play nice or perhaps a bug in Dalvik (the android java VM) will render the key somehow visible (or will cache it to disk). Who knows? Most of this is tin foil hat stuff, I agree.

My point is - if we can engineer a solution where the private key is not on the device then we can completely avoid even the possibility of any of the above happening. As they say, you can exploit data you simply don't have.

Perhaps the two most compelling reasons are: a) many users will download the precompiled version from their vendor's App Store and thus a sensible user shouldn't trust my app with my key. Even if I was the most respected and trusted guy around then it still doesn't mean that my app could be buggy and one of these bugs could leak your key. b) we know mobile phones are notoriously insecure and some are arguably even sent to us straight from the factory with spyware like CarrierIQ pre baked on it for us.

Mike the goatSeptember 30, 2013 6:30 AM

@ThankYou: both keyID and fingerprint are encoded in the QR code that you scan from another user who is also running bSure (or the same is done via an NFC URI if you choose to use it).

The software will immediately fetch the key from a key server¹ and then check the key fingerprint. If the key print does not match then you will be warned. This is very bad ju ju. You can't proceed to do an easy enqueue but can - if you insist - do an 'offline sign' which is done without using the key servers. The key itself can be simply beamed across using WiFi direct (android beam) or you can scan a series of QRs. You must then manually confirm key fingerprint details. The signing request is then enqueued along with a flag set which denotes "use attached key. Don't trust or try key servers"

Assuming the key is found and the keyprint matches you need only do a 'quick sign'. The metadata from the fetched key is supplied including name, email, comments and who has signed their key. This is checked against your own public key and your trust database and any 'mutuals' are highlighted for convenience.

The following screen is the most important. The key fingerprint should be read to the other party verbally and confirmed. They will also do the same for you when they are signing yours (if you are signing each other's keys).

If everything is good the signing request (which includes all the metadata) is encrypted to the key of the desktop app and stored in its CSR database file. That's it.

1. When you load your CSR database into the desktop application each entry in the decrypted and verified database is scrutinized. The desktop app will pull each key from more than one key server (optionally via tor if you wish to use this feature).

The keys will be checked against each other. The CSR database also embeds the key it pulled when running on your phone or tablet (the one that validated OK). If there are any discrepancies then you are notified and given options.

For example the key the mobile app downloaded may not match the current one on the keyservers as others in the mean time had signed their key and they uploaded their new public key block. This is obviously legit but you will be notified and shown how these extra signatures fit into your keyring's social matrix.

More serious would be completely different keys being pulled from the keyservers. Or one key server giving bad keys, etc.

No matter what the issues are you will be notified. You deserve to base your decisions on the most current data. Obviously keys that have already been marked offline only are not checked against the key servers.

So you are given a cute little social map showing the characters in your keyring and how they relate to each other. You can fiddle with trust settings etc to your heart's content.

When done it will spew out an .asc file with all of the needed keys inside (it can alternatively spit out the relevant commands to fetch all of the keys again from the servers) and a .sh (or .bat) file with all the gpg commands that need to be effected to do what you have queued.

You can click execute and run the script or you can vet it and run it yourself (perhaps on another unconnected machine where you store your private key).

It can then send updated keys automatically to the key servers and/or email signed keys to the people who you have signed for.

So you can see it is designed to be ultra paranoid.

JacobSeptember 30, 2013 8:16 AM

Another interesting read in the NYTimes article is the speculation that AQ did not really comprehend the implication of Snowden's revelations since NSA hasn't detect meaningful changes and volume reduction in electronic comm from them. Not being shocked by the revelations leads me to surmise that cryptography is not their strong point.
Now they have been rolling, since 2007, their own implementation of crypto stuff - MS2 (Mujahedeen Secrets V.2), which supports their on-line comm activities.

Therefore, one must wonder how strong their implementation is.

ModeratorSeptember 30, 2013 1:38 PM

Problems accessing the site through Tor are definitely not limited to U.S. exit nodes, and are probably due to the webhost's firewall. (You can check and see that the host's own site at http://www.modwest.com is also inaccessible.) There is a fix in the works but unfortunately it may take a while, so in the meantime hitting the "new identity" button should get you through sooner or later.

ThankYouSeptember 30, 2013 2:24 PM

@Mike the goat: "the signing request (which includes all the metadata) is encrypted to the key of the desktop app"

How do you know that the signing request cannot be silently replaced by NSA before this encryption ? Remember that your app will run on a suspect OS.

Brian M.September 30, 2013 2:28 PM

@Mike the goat:

If everything is compromised, then the only solution is to use a keyboard that produces encrypted data. And what ready-made solution is there for this? Why, the rotor machine! It could be connected to the phone via Bluetooth, and be switched between plaintext and encrypted text.

And the brass and wood would be just so cyberpunk!

ThankYouSeptember 30, 2013 2:43 PM

@Mike the goat: "the signing request (which includes all the metadata) is encrypted to the key of the desktop app"

How do you know that the signing request cannot be silently replaced by NSA before this encryption ? Remember that your app will run on a suspect OS.

hmmmmSeptember 30, 2013 3:51 PM

@Moderator

I don't understand so how does a firewall glitch at the host explain overseas anonymizers (not just Tor) exit nodes allowing access to this blog but not the ones that exit in the USA?

Obviously my checks can't be a wideranging survey of all anonymizer exit nodes so I may be totally and factually wrong but the specificity of the glitch is odd. Three or four other people who post regularly on this blog have noticed the same glitch so it is worthy of some investigation.

It's been like this for a few weeks now and the timing is highly questionable given it's the same period that we found out that Bruce is working with the Snowden documentation. We're paranoid on here but not for no reason. Can we at least confirm that http only connections within the USA have been working alright this past while? Cos if that is not so then no member of the general public has been able to access this blog without time-outs for quite a while.

MmmmhSeptember 30, 2013 5:34 PM

I have the same problem only different. I CANNOT connect over https, but must use tor. Also, traceroutes stop dead about 2 hops from schneire . com

It is really weird and a pain.

Clive RobinsonSeptember 30, 2013 5:37 PM

@ Jacob,

With regards AQ and their comms the answer to your queastion,

    Therefore, one must wonder how strong their implementation is?

Could well be "weak enough to meet their objectives".

Osama Bin Laden was nearly killed by the use of a satelite phone and shortly there after switched to what we are led to belive was stego in hard core adult low costume budget productions carried on memory sticks in couriers underware to get across boarders etc.

Based on other information his OpSec appeared to be all things considered reasonably good.

It's clear his near fatal brush with technology caused him to shy away from electronic communications as have others of his confidants. So you need to ask the question,

    Who in AQ (if it actualy exists) is actualy using electronic communications and for what purpose?

Also it helps to consider the human condition which gives rise to such sayings as "If it ain't broke don't fix it!".

The important thing to not is the "have not changed proceadures"... Some time ago I noted that any change would be slow due to logistics and training whilst still remaining covert. Thus what you would expect to see would be an initial rise in comms followed fairly quickly by a significant drop to a lower level and then for comms to increase again, change or stop altogether. Which is what has happened with military comms over and over again in the past when the operators suspect a security breach.

Which "apparently" has not happened acording to the journalists sources... Which gives rise to the thought of why?

Firstly is the journalists source real? And if so are they actually in a position to know directly? Further can they actually be trusted as a confidential informant giving legitimate information and not sowing false information?

The reason to ask this is the official story is Ed Snowdes revelations have "hurt" the electronic comms gathering, thus it jibes.

On the assumption that the information is true you come to some questions that are problematic,

The first of which is can AQ et al actually change?

For various reasons the answer may well be no.

Secondly is do they need to change?

There are various reasons as to why this may be no, one of which is AQ have tested it and found it to be secure. Another is it's a "False Flag Operation" thus there would be no need to change the comms.

If it is an FFO you need to ask the question is it actualy AQ or some other entity trying to look like AQ for various reasons...

If it is AQ (which is doubtful) then it may be a way to feed false information into various nations intel services to waste their resources, or a way to keep "idiots occupied" and away from the real activities that is it's a sacraficial front.

But it could also be a FFO of a nation state used for a whole variety of reasons. The Pakastan - India conflict would be sufficient grounds for either side to set up such a network. For Pakistan the advantage is the US is in effect on their side not India's due to AQ and Pakistan has become a nuclear nation without the sanctions the US try to impose on other states. For India running such a network would get them much needed intel on organisations which Pakistan are known to harbour and assist and who have contacts into those terrorist organisations that attack India.

Similar arguments could be made about many nations including the US it's self. The US has a long and inglourious history of running and resourcing terrorist organisations and even inventing them for the purpose of US National Interest (though most US citizens would not see it that way). It's more than possible that AQ is a US invention that serves many people quite profitably as it keeps the tax dollars flowing in their direction (in point of fact quite a few journalists have dug up information that show AQ was an invention of the US DoJ to get OBL tried and convicted in his abscence over attacks significantly prior to 9/11).

Then there is Russia, they like the US have a long history of running resourcing and manufacturing terrorist organisations. They even have laws that specificaly allow it, as well as overseas assasinations etc etc. Putin is known to be a believer in "the old ways" of the KGB, and it would appear the FSB are quite adept at dealing with their terrorist problems with occasional assistance from the US (providing sat phone locating and destroying missile capability).

So in many respects this supposed AQ comms network could be, not what it seems and this could well explain the "no change" behaviour rather better than assuming that it is OBL's legacy behaving irrationaly in the face of the Ed Snowden revalations.

The fun bit with humans and intel is the "scientific method" and "Occam's razor" are not of much help in trying to find the truth.

name.withheld.for.obvious.reasonsSeptember 30, 2013 6:20 PM

Some poetic prose, the art of expressive language is not easy but I am giving it a go. Any suggestions or critiques welcome.


Short Story Title:
Squids and Squirrels, and other forms of malevolent leadership; An Open, Source story

I share my story, not as a cathartic exercise but as a "real-life" example of cause and effect in modern society. Best by determination, a story to be told to the young-before the wood becomes hard or the cement dries upon the wall.

As your time is valuable, let me preface by stating the purpose for which I write. I am a middle-aged white Anglo-Saxon male that has experienced the effects of the "dark-side" of technology. Ironically, I am a technologist and have a long history of working and toiling in the fields of communications, computing, mathematics, and electronics. My story, though not new, is different. It is the collision between our social normative values, the depth of cultural tolerance, the civic mind, and our seemingly intractable systems. For me, all stems from an auto-didactic internal
mechanism for digesting external stimuli, combined with unique experiences, and sublimated by a keen sense of "the past, present, and future" and causes me to write. I have been labeled or referred to by peers, colleagues, friends, and family by a number of cultural figures; this includes the likes
of Nicholas Tesla, Richard Feynman, and Michael Moore (not politically). As well, others have quantified my abilities with the words "Visionary", "Inventor", "Cassandra", and (though I prefer non-Euclidian) "Too n-dimensional". Not in boasting do I mention, instead for context so might a picture the canvas gives.

The commentary and critique is comprised by examples of fragility, rigidity, ignorance, arrogance, naivety, betrayal, loyalty, dishonor, honesty, conspiracy, and failure-includes players like commercial giants, large and small governments, international relations, academic, and civic institutions...and the life and death of so many. Derived not from interviews, research or academic exercise; the story is based from personal experiences collected over forty years, summarized, and expressed using a narrative form. It is a wonder that William Shakespeare has not returned from the dead to write a play, one with which Shakespeare's sense and craft employs the instruments of irony, and tragedy using a sublime linguistic artistry that could use well our day. Hope, the destination of my writing, was to pen a story as a collection. Plurality instead found, and asked different, of me. What thought gives way to action? It is action's strength that assuredly gives thought a second glance, not the other way round. Reason does not flex and move and then rest to ponder, no, ponder first is the rule...a guidance by wiser souls be had. But this day; the reason and means to ponder, where are they? Missing? Defunct, dead and dying by a lonely roadside tavern...has reason given us up? Reason seems to have surrendered to a beast of foul origin and manner. Can reason be reclaimed, or much like the glass of water had with breakfast yesterday, left this place for much some time.

My fate, more hopeful than Edward Snowden, less sure than most, I am likely a subject of the conspiratorial environment of United States culture and to its law. For the moment, the situation is not dire, and I remain as optimistic as one can, given the current domestic socio-political environment. For me there is much more to worry about irrespective of the head-winds or my plight--for it is the larger societal dilemmas, which are both large in number and grave in affect, as to what is the concern. Our world, and more specifically western democratic societies, is in peril-largely of our own making. Whether by purpose or design, we find ourselves individually and collectively challenged to achieve several tasks in the near future.

The paralysis; as an individual, the western socio-political mind disconnects from efficacy as the state (governance), the self (governor), the strictures of societal power (the hidden hand) writhe in conflict. Leading us, (and the self), to a most fractured, disharmonious, and difficult future. Without a grounded, internalized and reflected sense of one's own circumstances as it persists in the current U.S. hegemonic malaise, the opportunity to see the way forward becomes diminished. Recognizing the disease that consumes us, developing a
prognosis, and focusing on a cure is of utmost importance-before being drawn into any action, cooler heads must prevail. Deliberative formulation, planning, and execution that was dismissed as superfluous now becomes mandatory, our ignorance and arrogance has led us here.

.

ModeratorSeptember 30, 2013 8:56 PM

Tor and some other anonymizers were getting blocked by -- in Modwest support's words -- "a service we recently began using to dynamically protect against emerging network threats." They've now made some adjustments that seem to have fixed the issue, at least for the ten exit nodes I just tried. If anything is still failing, please let me know.

The problem was never limited to the US at all. US, UK, Russia, Sweden, the Netherlands. Those are just the ones I happen to know about.

FigureitoutSeptember 30, 2013 9:56 PM

Clive Robinson
--I figured you would've known before I posted the link and had a copy saved to a qic or dat tape. :)

Why not both? Plus I find leading agents (the primary attackers I'm dealing and have dealt w/) on to being less capable as a valuable tactic; as it leads to overconfidence and lazy mistakes on their part which I can scoop up on their emotional lapses and get more confirmation of my investigations.

BuckSeptember 30, 2013 9:59 PM

@Jacob et al (Re: AQ)

Most interesting bit of that article for me was:

"It was something that was immediate, direct and involved specific people on specific communications about specific events," one senior American official said of the exchange between the Qaeda leaders. "The Snowden stuff is layered and layered, and it will take a lot of time to understand it. There wasn't a sudden drop-off from it. A lot of these guys think that they are not impacted by it, and it is difficult stuff for them to understand." (emphasis Buck's)

Is it really AQ who are "these guys", or is more complicated than specific people on specific communications about specific events... and therefore requires a lot of time to understand what lies beneath every layer of the onion and what/who will be impacted by its peeling.


@Mike (Re: Bsure)
I agree with others here... If you're thinkin' 'bout puttin' any sorta trust in Android/iOS, you'll bee runnin' a fools errand!


@Clive (Re: "confusion and diffusion")
Not sure if never taught, and/(n)or just forget said lesson... But I like it! :-D

Lovin' the poetry 'round here lately!

@anyone (Re: 3g)
Do you think an EM carrier
could induce enough current to at least Rx basic instructions through modern CPU, motherboard, & power supply combos?

Mike the goatSeptember 30, 2013 10:19 PM

Buck/BrianM/ThankYou: I am playing the numbers like all of us have to. I don't trust Android enough for private key storage and so this is an attempt to make key signing easier but somewhat less risky.

The worst thing that could happen in my app's threat model is for a nation state to somehow alter which key you are actually signing.

With other key signing apps that actually load your private key onto the device the worst thing that can happen is key compromise, which is considerably worse.

Although I think the likelihood of signing the wrong key is extremely unlikely given the two layers of paranoia of both inapp and outside app validation once you get to your desktop.

BuckSeptember 30, 2013 11:23 PM

@Mike

With that most recent thought in mind, I wonder if there would be a better protocol for visually inspection of a key... I never memorize the fingerprints, and it seems like QR codes would have so many similar looking patterns to locate collisions amidst. Can we somehow make security which takes advantage of solutions that the human mind can actually arrive at quite naturally?

(Forgot to mention before, really like where you're goin' with this! ;-)

Mike the goatOctober 1, 2013 12:47 AM

Buck: I quite like the 'plain English' hash that pgpfone, etc does. You know, it reduces the fingerprint down to two English words. Although it would appear that you would also increase the risk of collisions too.

Maybe a ssh style key 'randomart' ?

Mike the goatOctober 1, 2013 2:38 AM

@mod:

Has schneier.com recently changed SSL certs? I used to see

ce:be:43:11:9d:80:6e:d6:0a:13:12:03:4a:9f:b5:5e

Now I see

a2:47:7c:cc:07:c7:f5:e7:3b:a4:3f:09:0e:9d:ed:e7

Clive RobinsonOctober 1, 2013 4:11 AM

@ Buck,

    Do you think an EM carrier could induce enough current to at least Rx basic instructions through modern CPU, motherboard, & power supply combos?

The simple answer is "Given enough field strength, currents will be induced in conductors".

The answer then get's more complex, because for most computers there is the requirment to meet EMC standards. Which generaly means stoping unwanted radiation and suceptance with most effort going to mitigate the broad band noise generated by the computer.

Which likewise means shielding carefull PCB layout and some filtering components. Which are generaly two way in that what it stops for radiation it also stops for succeptance in the frequency range of the specification (atleast 9KHz to 3GHz).

However filtering components are expensive enough to make using them prohibitivly expensive in a very cost sensitive market which third party PC component supply is.

So rather than use them other solutions are used. One of which is an explotation of the measurment methods in the standards.

When you look at the broadband noise generated by a PC it is not "white noise" but a comb of harmonics and sub harmonics of the CPU clock frequency. Whilst the individual frequency spurs will break the standards "mask" they can be reduced in any single frequency slot by shifting the CPU frequency slightly. If you do this fast enough, compared to the standards measurment process the amplitude of the spur is reduced by the fact it's averaged across several frequency slots and thus now meets the mask.

The usual way of doing this is what is in effect the equivalent of Direct Sequence Spread Spectrum generation and exploits the "process gain" to spread the energy of the noise more thoroughly across the band.

However DSSS is an easily reversable process. If you know or guess the chip set in use you know the sequence and thus only require to synchronise with it to remove it's effects. And in the process bring the susceptability of the system up by the process gain...

Further slots in cases and PCB traces are "frequency selective" if you find the right combination then the susceptance of the system gets worse due to the resonance effects

A while ago two researchers over at the UK's Cambridge Computer labs took a commercial (supposadly) secure TRNG product with atleast 32bits of entropy and by subjecting it to an unmodulated RF carrier in the microwave region brought the entropy down to around 7bits and published the results.

What they had infact done is exploit the fact that all semiconductor based systems act like old fashioned "Crystal Set" AM receivers. The PCB trace acts as a resonant circuit and the semiconductor at one or both ends acts as a diode that rectifies the RF signal to produce a base band signal. Which with an unmodulated RF signal poduces a DC offset that unbalances the "bias point" of a signal input.

However if you envelope modulate (AM et al) the carrier with a digital signal, that signal will be demodulated and appear on the signal input just like any preceading circuit generated signal...

So you do not actually need a "designed" receiver 3G or otherwise any high impedance logic trace input will do.

However having a designed in receiver makes the whole process many orders of magnitude simpler.

Mike the goatOctober 1, 2013 5:06 AM

Clive: I think Buck may have asked this question due to a story (I first saw it on right wing conspiracy shock jock Alex Jones' page) claiming that the NSA has some secret 3G chip on modern computers. The author seems to have been confused with the features of vPro's lights off management feature. No doubt there are numerous security risks involved in these lights out management interfaces (especially AMT which is on the same physical interface as in-band communication. IPMI was at least generally on a separate NIC) but a secret integrated 3G transceiver doesn't sound likely. I guess if the laptop had an integrated UMTS radio (like some do, with a miniPCI style radio and a SIM slot) it could theoretically commandeer this if it knew APN settings but this would have a noticeable impact on battery life not to mention being ridiculously easy to detect.

You see all these articles pondering on these kinds of things that would have to be quite targeted in usage yet real established risks like TEMPEST style eavesdropping don't get a mention. I saw a demonstration just a few years ago with a modern laptop. The guy was picking up beautifully legible text from about 200' away (through a drywall wall) from leakage from the LVDS cable within the laptop. It goes to show that things haven't got harder since CRTs were abandoned.

Buck/ThankYou/BrianM: one of the things I am trying to avoid in my app design is uh, security stupidity. I figured I would elaborate quickly as a friend on Facebook just shared a suggestion of an app called "seeder" to make the use of, say browsing SSL sites faster on an Android device (the app page suggests other uses abs benefits which seem a bit strange as many don't involve an RNG but anyway). I was horrified when I read that the app page spoke of the Linux CSPRNG blocking when the entropy pool was low as almost as if it were some kind of bug. The app basically runs a cat /dev/urandom>/dev/random whenever it senses the pool is near exhaustion.

If app writers wanted to use a lower quality source then they would have used urandom. If they didn't need something cryptographically secure they would use something faster like

Dirk PraetOctober 1, 2013 8:27 AM

@ Moderator

The problem was never limited to the US at all. US, UK, Russia, Sweden, the Netherlands. Those are just the ones I happen to know about.

I experienced similar problems from Belgium, but they seem to have been solved now.

Clive RobinsonOctober 1, 2013 9:54 AM

@ Mike the Goat,

    You see all these articles pondering on these kinds of things that would have to be quite targeted in usage yet real established risks like TEMPEST style eavesdropping don't get a mention.

I don't know how far back you have read on this blog, but you will find comments by Nick P and myself about TEMPEST and more correctly these days EmSec.

Many people incorrectly believe that EmSec is in effect a passive activity, that is you monitor for the targets "radiated energy" (be it EM/Audio/mechanical/etc). One fundemental rule of "trancducers" is they are bi-directional so an ordinary moving coil microphone can be used as a tiny speaker. And sometimes this "reverse path" leaks a large amount of information, for instance the back EMF on a DC motor gives you the actual rotational speed of the motor, the trick is exploiting it.

So people should have it drumed into their head that radiation & succeptability are opposing faces of the same coin when it comes to transducers. So in EmSec there are two sides the passive that every one talks about and the active that few appear to acknowledge or understand.

The two tricks are then firstly "recognising a transducer" and secondly "exploiting it". Some times the "recognition" is a lot lot harder than "exploting" it when you have, which is not to say the explotation will be easy.

At the simplest level a conductor is a transducer, it converts incident changes in a magnetic field to changes in an induced current, which importantly causes a magnetic field in opposition. However what happens is dependent on any other components that "see" either the magnetic field or induced current. If you think a closed circuit with zero resistance it stops the magnetic field dead (see fundemental properties of super-conductors) it manifests it's self in all sorts of ways. For instance on sailing vessals the safety wires that run around the side are not joined together to form a compleat circuit, because of the effect it would have on the radio equipment. To electrical engineers the most common manifestation however is the "shorted turn' in a transformer which takes out fuses quite effectivly. As the impeadence of the closed circuit rises due to Ohm's law a potential difference occures and one consiquence of this is that "Power" is disipated in the resistance (V^2/R, I^2R). Ohm's law has an assumption of "steady state at a point" which does not of neccesity apply in practical circuits where resistance may be non linear with respect to PD or the wavelength of the frequecy of change is only a small multiple of the physical circuit size.

In practice it is possible for the non linear response to be such that we get "negative resistance" which can cause oscillitory behaviour. Another is a square law effect that can cause frequency multiplication to take place, or even simple rectification causing envelope detection.

One consiquence of nonlinear behaviour in semiconducter devices that couple two tuned circuits is frequency multiplication and with slight variation "parametric amplification" where a weak signal at one frequency is converted to a strong(er) signal at another frequency simply by injecting a signal of sufficient power at another frequency. Thus a wire acting as a multi frequency stripline resonator with a diode connected to it produces a strong signal that radiates but has a weak baseband signal significantly imposed on it. Thus radiating a piece of equipment with a strong EM carrier produces another signal with "internal secrets" superimposed on it. The process is sometimes called "NONSTOP/HIJACK" when it happens accidently and escapes by radiation/conduction or "TEAPOT" when done deliberatly using EM frequencies outside of the EmSec certified range (ie equip is rated to say 3GHz, but has ventilation slots through which 10GHz and above will pass through quite happily).

But one area almost compleatly unmentioned by just about everybody including EmSec trained engineers designing and testing equipment is what happens when you use the TEAPOT EM carrier not to cause secrets to be radiated but to induce operational faults in equipment.

Back in the 1980's when I independently discovered and researched this EM Fault Injection nobody appeared to have a clue or even to have considered it. However I mentioned it to some engineers working on designing BID kit as something they should realy think about. I got definate blank looks and had to explain at length what I was on about. Any way I guess they must have talked to others about it and a while later I got "warned off" to which I responded badly and in effect told the person to Foxtrot Oscar pronto. Even though I mentioned it to academic researchers back in the early days of Smart Card attacks where people were looking at non synchronus logic as a method to stop DPA (Ross J. Anderson being one) nobody appeared to want to take up further research on it. I've subsiquently found other engineers have also independantly discovered it for themselves but nobody appears to want to take it further. It's kind of like "Golden Goose Syndrome" or "Not Invented Here Syndrome" where people are frightend to investigate lest they cannot find solutions and have opened a technolocical Pandora's Box.

Clive RobinsonOctober 1, 2013 10:29 AM

@ Mike the goat,

Having just trugged over to the UK Cambridge Labs web site to find some links for you to read, I discover Ross J. Anderson has very recently posted a TEMPEST related post with respect to the Ed Snowden revelations about secure fax machines...

http://www.lightbluetouchpaper.org/2013/07/01/...

Oh and for those thinking of getting a "secure fax machine" don't the fax technology is compleatly inappropriate for being made secure. There are much better ways of achieving the same end result with much lower security risk.

Brian M.October 1, 2013 10:35 AM

@Mike the goat:
(I first saw it on right wing conspiracy shock jock Alex Jones' page) claiming that the NSA has some secret 3G chip on modern computers.

Alex Jones has an alarmist article about the CPU itself containing a hidden 3G radio. I researched the Intel literature, and it's all about Intel's management and anti-theft software suite. While there is some limited hardware functionality for the LAN chip to run while the main CPU is sleeping, the main focus is on waking up the whole computer, doing some stuff, and then putting it back to sleep. This functionality has been available for at least a decade.

The computer is woken up intermittently by the BIOS timer or the LAN chip. At this time it goes out for updates, etc. The updates can be management patches, OS updates, or checking an anti-theft service to see if you want to brick the laptop. These things only happen if the appropriate software is loaded, if the laptop has a 3G connection, and you've paid for the services.

Can the NSA arbitrarily brick one of these machines? If they rootkit it first, I'm sure they can. But then again, they've just rootkitted the machine, so what's the point of bricking it?

Nick POctober 1, 2013 11:01 AM

@ Clive re TEMPEST

"Having just trugged over to the UK Cambridge Labs web site to find some links for you to read, I discover Ross J. Anderson has very recently posted a TEMPEST related post with respect to the Ed Snowden revelations about secure fax machines..."

Thanks for the link. It's actually Mark Kuhn that posted that. Many people over there post articles on the blog, not just Ross. Regarding what was planted, here's what I think:

1. It looks like a processed emission so they're probably collecting it that way.

2. They prefer something that's deniable.

3. They planted something there.

I think they probably just strengthened the emanations that are already occurring. They might have planted a material or [intentionally] defective part that has this effect. It would be unlikely that anyone find it and if they do it looks like it could be a manufacturer's innocent mistake. That would be ideal.

Far as transmitters and such, our spy agencies know the opponents do sweep for transmitters and might detect a variety of bugs sending radio signals. They also know emanation attacks are esoteric and most devices are vulnerable to them. So, it would seem stealthier to use emanation attacks. And it follows to use a bug that enhances the emanation while looking like a vanilla defect.

Clive RobinsonOctober 1, 2013 11:38 AM

@ Nick P,

I see you poped over to lightblue and left a message ;-)

For some reason both messages I posted there have not been "displayed".

One was to not that the skew seen in the picture was not due to clock sync failure but due to the source being skewed on the scanner.

The other pointing out that the Cryptofax model is not named and that a major manufacturer of such using that trade name is Crypto AG with model HC-4221 being current at the time. It's of interest to note that Crypto AG of Zug Switzerland, suffered badly from the alegation they had help from the NSA "backdooring" their Crypto products...

As you no doubt remember this caused a quite serious international incident with one of their employees being imprisoned abroad and when finaly returning home was the prosecuted by the Swiss Government and Crypto AG.

Now it's known that the NSA has "funny moments" when selecting project code words ( ie TEAPOT under TEMPEST) and thus the code word DROPMIRE may be short for "Dropped in the Mire" which is what happened to Crypto AG after the allegations of NSA backdoors came to light.

ModeratorOctober 1, 2013 11:45 AM

@Mike,

Has schneier.com recently changed SSL certs?

As far as I know, the only recent change was in June when the old cert expired. What you're seeing now matches what I'm seeing, though.

name.withheld.for.obvious.reasonsOctober 1, 2013 12:13 PM

@ Clive

A while ago two researchers over at the UK's Cambridge Computer labs took a commercial (supposadly) secure TRNG product with atleast 32bits of entropy and by subjecting it to an unmodulated RF carrier in the microwave region brought the entropy down to around 7bits and published the results.

I mentioned before the work we did in the last decade. One of the things that was highest on our list was proper characterization at several levels. Sorry to be so cryptic but the sensitivity of this subject is moderate and I am conscious of my minders. Needless to say we made several breakthroughs,on the emitter side (a highly effective HREF gun) and the detector (or target) side. The biggest advance was in taking advantage of dielectric (skin effect) and EM field transients...that's about as clear I it gets without getting my ass in a sling. Think of it as a side channel attack. I'm sure your aware of the issues, your writing indicates as much.

It bothers me that I cannot add more to the discussion--our political and state security apparatus is a REAL pain in the ass. I was working with a mathematician in Argentina (collobrating on-line) and I walked my friend through the process of using PGP to exchange research. A couple of months ago my friend received a letter from the government--it was a threat. My friend when we started this project (application of AI in cryptography) in March said "I am not afraid" when we discussed that there could be issues. The month before last the story had changed, while on the phone my friend said "I'm afraid". So, the real effects of this bulls*** can be confirmed--and--I have not been able to contact my friend...phone rings as busy, no replies to e-mails, and the websites that act as a portal have not been logged onto. I am worried about their situation...

Clive RobinsonOctober 1, 2013 12:45 PM

@ Nick P,

    It's actually Mark Kuhn that posted that. Many people over there post articles on the blog, not just Ross.

Oops, I hope Markus is not going to be to upset...

My fault I was reading a number of the posts on LB and the last one was about the court case over Prisoner Tagging.

The technology involved with that is realy crap if the design docs squirreled away on the Internet are anything to go by, there are many ways it can be abused. But even in clear cases of violation few prosecutions or returns to prison happen. Lets just say the contractor running it has a very bad reputation in the UK press.

The fact they dropped the prosecution like a hot potato when the official evidence disclosure request went in is a very significant "tell".

Clive RobinsonOctober 1, 2013 12:55 PM

@ Name.witheld...,

I can make some educated guesses about HERF having played with it some years ago, and yes I've an RF Burn scar for my pains (the dam thing took ages to heal).

As for you friend the best I can say is get a trusted friend to post a harmless letter for you from another country.

In the past that part of the world had a very bad reputation, so I hope they are well.

name.withheld.for.obvious.reasonsOctober 1, 2013 1:49 PM

@ Clive
"and yes I've an RF Burn scar for my pains (the dam thing took ages to heal)."

That's kind of funny (not your injury obviously), I have a related story. Back in the year 1999 we occupied on of those structural steel buildings. A copper clad mini trailer inside the building housed instruments for test and characterization. A d-dot probe was mounted in the middle of the room. The second partition, sans one wall, contained the HERF gun. In between the d-dot and the gun where our targets. One of the first live tests we had some computer and medical equipment running. All of us, except the primary scientist (he was wearing a copper suit) he was in the Farad trailer. We power up the gun, immediately reflections start arcing between the beams in the partition housing the gun. I shake my head and think what a bunch of smart fellas we are. The beam was behind us, to see it arc across and I channel beam (along with the sound) was quite exciting (pun intended). Too make a wag, that suggested we were getting more than 30kv as a reflection! We achieved significant output power (approaching a terawatt) without a large power source.

Nick POctober 1, 2013 7:14 PM

Microsoft's cloud offerings certified under FedRAMP

http://venturebeat.com/2013/09/30/...

Many are reporting it's been certified secure or safe from hackers. I posted the rebuttal below to slashdot.

"The FedRAMP security assessment process defines a set of controls for low and moderate impact level systems based on NIST SP 800-53 controls." (FedRAMP Website)

The key words here are "for LOW AND MODERATE impact level systems." Low and medium robustness are what the government usually accepts. All kinds of stuff that was routinely compromised fits that profile too. The Shapiro paper on the Window's EAL4 evaluation illustrated why it actually meant "certified insecure" and sadly still applies to this one. At least the NIST standard has plenty of useful controls to keep out the riff raff attackers.

The EAL7 or Orange Book A1 certification are very rigorous security standards. So few products reached that level that I could fit many of their names in a single tweet (97 characters actually). Cygnacom has a nice breakdown of the assurance levels and extra work that must be done to verify the entire lifecycle to reach something resembling secure. Such solutions look... nothing like Azure. And Azure was neither built on such standards nor evaluated to one. It's not secure. QED.

RobertTOctober 1, 2013 8:24 PM

EM injection attacks are very well understood and have been discussed somewhat openly since at least 1980, they were becoming less of a problem because as system shrank so to did their susceptibility to EM injection but that has all changed in the last 10 years because of the wide spread use of differential signalling.

Most chip to chip interfaces these days use balanced twisted pairs or on PCB differential balanced micro-stripline. It is difficult to achieve differential signal injection however it is easy to achieve Common mode signal injection. This point is VERY important to understand because signal imbalance is one of the main reasons for signal interconnect radiating. Ideally all Transmitted signal energy is differential (balanced positive signal on one wire and negative signal on the other and the local EM fields completely cancel = no radiation!). the wires are then terminated with a differential impedance matching network...way beyond the scope of this discussion but the termination network must correctly match the interconnect "line-impedance" over all frequencies of interest or the Rx signal will be reflected back to the Tx end)

Now the problem with this approach is that low impedance fully differential signal systems typically have a high common mode impedance. (otherwise the intended differential signal leaks to the common mode and common mode signals radiate VERY nicely). The high common mode impedance means that Active EM injection attacks can easily inject a common mode signal onto something like an LVDS cable. The only thing preventing the injection mode is the cable shielding.

The common mode signal gets rejected by the input differential Rx electronics however the power injected into the wire forward biases the ESD protection structures (Diodes, SCR's, GCNMOS clamps.....) In the case of diodes this power leaks straight to the AVDD chip supply. Typically on chip regulators (LDO's) only use 2 quadrant voltage regulation so these LDO's literally turn-off if you supply power to the circuit from any other source. This means if you inject sufficient common mode power than your common mode signal becomes the Receiver power source, because it turns off the LDO)

OK so why is this important
1) Once you have common mode signal on the wires you indirectly cause differential signal imbalance (impedance of the +ve and -ve clamps is different)....remember differential balance is what reduces EM emissions.

2) Normally a differential Rx circuit can only reject Common mode signal well on one side, For NMOS inputs the rejection is good at and even below VSS but is not very good once both signals go above VDD-Vtn (one threshold below the high supply). this means that common mode signals can inject information into the Rx electronics.

3) If you are supplying the chip power than you can implement effective DPA attacks this is done using "back-scatter" information. Look at how passive RFID systems work and imagine the LVDS common-mode is a passive RFID tag......

I think thats enough to give you guys an idea about whats possible with active EM attacks, you have to figure the rest out for yourselves.

WillemOctober 1, 2013 8:34 PM

on the subject of US Government conspiracies and some such...

There is the AUTEC military test center, supposedly in the middle of the Bermuda Triangle...(who knows if it now is true that more ships and planes have disappeared in that area than elsewhere...maybe they were shot down by US military)...

Beyond Area 51: 16 Secret UFO Locations
http://www.trutv.com/conspiracy/paranormal/...
AUTEC (officially known as the Atlantic Underwater Testing & Evaluation Center) is what many UFO researchers call the U.S. Navy's version of Area 51. Not only have many UFOs been reported in its vicinity over the years, but hundreds of USOs (Unidentified Submerged Objects) have been seen near this super-secret facility as well. (The Navy denies all this, of course.) Maybe the eeriest thing about AUTEC is that it's located on the Bahamian island of Andros, which puts it smack in the middle of the Bermuda Triangle.

and then there is the Tonopah Test Range in Nevada...

http://www.trutv.com/conspiracy/paranormal/...
About 70 miles northwest of Area 51 is a place so secret, even people in the U.S. intelligence community rarely talk about it. Called the Tonopah Test Range, F-117 Nighthawk stealth fighter was kept under wraps there for ten years without anybody but the president and the highest reaches of the U.S. military knowing about it. The Nighthawks left Tonopah years ago but the highly secret base remains operational. This begs the question: What's being kept there now?

Mike the goatOctober 2, 2013 10:20 AM

Clive: thanks for the links regarding compromising emanations. It appears that the subject of TEMPEST and even technologies that are understood in the civilian world (for example 'passive' surveillance devices like the Great Seal Bug and more modern devices that work on directed energy) are shrouded in secrecy and I am not entirely sure why.

I - like many people who post on security oriented blogs - have been aware of the implications of leakage through VDUs since Van Eck. It seems (at least in the case of LVDS in laptop display adaptor cables and in DVI) that modern hardware is just as bad as the CRTs of old, and arguably in the demonstration I saw the image quality pulled from the test unit showing a laptop display from quite a distance away produced a quality image that was far more discernible than what I've seen (at least in the civilian sector) from analog TEMPEST demos from CRTs and analog display cables.

Given the level of secrecy around these subjects it seems reasonable for me to conclude that this isn't just a theoretical threat that makes a cool demo piece. Using a highly directional antenna even passively picking up leaked RF from, say a DVI cable from a van in a lot several hundred feet away seems like an easy enough task.

Interesting stuff....

Mike the goatOctober 2, 2013 11:09 AM

Breaking » Feds arrest Silk Road webmaster

So . . . did they find him via traditional detective work, traffic analysis (timing attack?) or has tor been silently broken?

The latter doesn't seem entirely likely given the FBI resorted to using shellcode exploit for the Firefox browser included in the tor bundle for win32 platforms. Although a more plausible explanation is that tor is correctly anonymizing end users but the hidden service (.onion) functionality is somehow broken.

All speculative at this stage but the feds have got two people who (if they didn't stuff up) shouldn't have been traceable.

It is also possible that a large number of tor nodes are now owned by the feds, meaning that traffic analysis is indeed possible.

?

Dirk PraetOctober 2, 2013 8:58 PM

@ Figureitout

NSA chief admits figures on terror plots foiled by snooping are misleading

Hardly a surprise as these claims had already been debunked shortly after they first made them. The *really* laughable part of the story is where DNI Clapper tells the hearing that the number of plots foiled should not be the only metric by which the success of the program is measured. “I think there’s another metric here that’s very important. … I would call it the peace-of-mind metric.”

Can you imagine Dick Cheney making a similar statement about the Iraq war, telling an assembly "Well, we didn't find any WMD's, but there is also an economic metric in that we secured more oil and that many US companies are thriving because of the fine work they did over there" ?

However much I respect Gen. Alexander, James Clapper is becoming a bigger embarrasment by the day. And I wonder whose piece of mind he is talking about anyway ? That of a privileged few in DC or that of the millions of innocent people all over the world that have their privacy and civil liberties stepped upon every day ?

FigureitoutOctober 2, 2013 11:25 PM

Dirk Praet
--Yeah hardly a surprise; yeah I thought that part was really funny too. My "peace of mind" as a 25-year old looking to the future is anything but. My gov't just shut down, the national debt is bigger than the GDP and I don't trust any of the numbers. A police state continues to expand and they're infecting my hardware. More pollution, cancer, waste; less resources and coordinated constructive action for productive projects.

Yeah, "cheap oil", gas is still like $3.50-$4.00 a gallon b/c of all the inflation. All the exhaust fumes and the factories running at the night time when the rich people go home in the city makes for lovely air to breathe on an evening jog.

The "privileged few" are going to find themselves not so privileged when this system collapses, which it is; I know it is. No one will address these problems b/c they're too big for any individual and a "committee" will make a groupthink derper "kick the can" decision. Someone take these issues head on, besides some college kids, christ.

name.withheld.for.obvious.reasonsOctober 3, 2013 4:48 AM

@ Clive & Nick
Thanks for the suggestions and sentiment...on learning more I will inform.

@ Bruce Schneier
The last time you reported on the DoD budget, I responded that your figures were too low...well I have a more formal response extrapolated from OMB's 2012 budget report--and the story doesn't get better. First, let me preface that two of the largest social programs (general welfare); social security and medicare, are both offset by payroll taxes that are collected for these programs. The problem is the revenues are treated as "general funds" or as the same as the income tax--even though the tax is paid specifically for these programs. Next piece of research is the offset vale (i.e. social security payments were cost positive for quite some time (how is social security taxes amoratized. In essence, the congress has "STOLEN" the money from social security. You cannot tell me that with a deficit of $17,000,000,000,000.00 (17 trilion dollars) that social security checks are the problem--they are not.

Additionally, the Federal Reserve is holding nearly $5,000,000,000,000.00 (5 trillon dollars) in asset purchases--debt incurred using debt. This is not showing up on the books--it's off book debt. Quantitative easing is anything but easing--the Fed does have the quantifying part down. Here is what I don't like, quantitative easing is providing private parties with cheap money, used to leverage capital and other assets (such as M&A activity) and large block real estate purchases--huh.

Issue a bunch of questionable loans via mortgages, bet againt the paper (CDS), borrow cheap money,on real property--now ask the government for additionally market liquitity and repurchase the bad loans (minimize negotiating with home buyers) and acquire the real estate asset. Next speard the risk (inflation and increases in the cost of money) to the general population. The down side will be born by all of us. So, the bankers take the cheap money and when the Fed reverses easing--we get the shaft. Back to the DoD budget...

Department of Homeland Security: $43,000,000,000.00 (43 billion dollars), DoD $730,000,000,000.00 (730 billion dollars), Intelligence $80,000,000,000.00 (80 billion dollars), Department of Veterans Affairs $141,000,000,000.00 (141 billion dollars); the total of $994,000,000,000.00 (994 billion dollars). Also, I suspect that equipment replacement and opportunity costs adds a possible 30% to this figure.

Social security, in outlays is $790,000,000,000.00 (790 billiob dollars), is add to the medicare cost of $480,000,000,000.00 (480 billion dollars) and CHIP comes in at $909,000,000,000.00 (909 billion dollars). The total outlays of $1,903,000,000,000.00 (1.93 trillion dollars), this number does not include the payroll tax payments that offsets the costs.

name.withheld.for.obvious.reasonsOctober 3, 2013 5:03 AM

DAMN Browsers (W3M, Lynx, etc.)

@ RobertT

We went pretty ar down the rabbit hole--one of our prototypes was delivered or EW testing--looks very Rube Goldberg. The last project made some inroads that we'd not expected to encounter. And yes, you can say all you want about what has been said in the past--but how's listening in the present--our work had the effect of planners wondering what to do with over a trillion dollars in FCS investments. To bring the issue more to the fore, I have not heard from my friend, a mathematician in Argentina (I know their politics, but we are researchers not politicos). One thing my friend said on the phone last time we talk was "Are people there disappearing?", this along with a number of other weird events has me very concerned.
This is not funny...but I have to remain optimistic...irrespective of other peoples perceptions. My friend is very interesting and I hate to think that something terrible has happened. Fascists SUCK!!!

Mike MartinezOctober 4, 2013 2:51 PM

Excellent and timely topic. Security is a major concern these days. Your coverage of the topic is complete and useful.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..