US Government Monitoring Public Internet in Real Time

Here's a demonstration of the US government's capabilities to monitor the public Internet. Former CIA and NSA Director Michael Hayden was on the Acela train between New York and Washington DC, taking press interviews on the phone. Someone nearby overheard the conversation, and started tweeting about it. Within 15 or so minutes, someone somewhere noticed the tweets, and informed someone who knew Hayden. That person called Hayden on his cell phone and, presumably, told him to shut up.

Nothing covert here; the tweets were public. But still, wow.

EDITED TO ADD: To clarify, I don't think this was a result of the NSA monitoring the Internet. I think this was some public relations office -- probably the one that is helping General Alexander respond to all the Snowden stories -- who is searching the public Twitter feed for, among other things, Hayden's name.

Posted on October 26, 2013 at 5:43 PM • 65 Comments

Comments

NobodySpecialOctober 26, 2013 6:09 PM

Similarly the UK police questioned (ironically) a mobile phone engineer who texted the lyrics of a Clash song (he was in a tribute band) to his guitarist.

http://www.theregister.co.uk/2004/06/03/text_punk/

More interestingly when asked how special branch (the UK anti-terrorist police) knew this they claimed, and the BBC reported, that he had sent it to the wrong number and the member of the public had informed them.

Nobody sends a text message to a random number, not in their phonebook, the women couldn't be named and the band member wasn't questioned about if he received the message.

So the medium isn't the message, but the hamfisted cover-up attempt was.

TryggthOctober 26, 2013 6:31 PM

Maybe not surprising. Since he is a moron, Hayden is probably considered only slightly less a security risk than Snowden. Consequently he is no doubt monitored 24/7.

Gavin SharpOctober 26, 2013 6:44 PM

Seems just as likely to me that someone well connected happened to see the tweet and placed a call.

Brandioch ConnerOctober 26, 2013 7:01 PM

Maybe, maybe not.

It would depend upon whether or not one of the tweets identifying Hayden was "retweeted" sufficiently to end up with someone who could alert Hayden (or who could alert someone who could alert Hayden).

This could be a very quick example of "7 degrees of separation".

thothOctober 26, 2013 7:36 PM

Those Governements are getting overly paranoid and such paranoia would harm the environment.

Muddy RoadOctober 26, 2013 7:40 PM

I heard about this already. However, I would like to add it's very important that WE start watching the WATCHERS.

Police departments are institution vast surveillance systems with plate readers, cameras and cell phone tracking. OK, then we should take pictures of them wherever they go, post videos on the youtube of encounters and so on.

Politicians keep voting to fund BB? Fine, start putting everything they say and do on the net. And so on.

Watch the Watchers!

They need it.

FigureitoutOctober 26, 2013 7:50 PM

I love that real derp-face photo the article has. With leaders of this quality, it's no wonder this country is going to sH*t quick and all Americans get unfairly lumped in w/ these idiot decision-makers in the eyes of citizens of the world.

George MaschkeOctober 26, 2013 8:18 PM

With respect to real time monitoring of the public Internet, I received a communication from a Navy petty officer in August that when he showed up for a DoD polygraph examination, he was presented with logs of his
web browsing activity from the night before (his personal ISP in his personal house). He had visited my site, AntiPolygraph.org, a non-profit, public interest website dedicated to polygraph policy reform:

https://antipolygraph.org/blog/2013/10/20/is-antipolygraph-org-being-targeted-by-the-nsa/

This would be an instance of NSA targeting American visitors to a lawful, public interest website run by a U.S. citizen, and exploiting that information within 24 hours.

CpragmanOctober 26, 2013 8:28 PM

Given Hayden's previous positions, it only seems natural that he would be on some sort of monitoring list.

RayOctober 26, 2013 8:35 PM

I'm going to suggest he has a PR staff who monitor such powerful government surveillance tools as Google and Twitter for mentions of their boss.

FigureitoutOctober 26, 2013 8:36 PM

This would be an instance of NSA targeting American visitors to a lawful, public interest website run by a U.S. citizen, and exploiting that information within 24 hours.
George Maschke
--Wow...sounds like a surveillance state. Bruce was right. The internet is a surveillance state. I bet the interrogations are like coppers on the street asking why you're nervous when they're approaching your car w/ their hands on their guns or blinding you w/ their flashlights.

Marc-Andre HerouxOctober 26, 2013 8:43 PM

Bruce, we must not be surprised to see all our communications on the Internet monitored.
It's the case for many individuals.

It is a simple and actual fact. I choose to accept it and live with. Being true, transparent and honest is a good starting point you will agree.

Personally, I think it's appropriate to collaborate with any monitoring organizations.

On the other hand, I agree that we must implement proper technical security controls over confidential and secret information.

If it's very secret, we can always keep in on paper!

Have a good one,
Marc-Andre

FigureitoutOctober 26, 2013 8:52 PM

Hey does anyone know if Caitlin Hayden, spokeswoman for NSC is related to Michael Hayden? I remember his jab that hackers can't get laid, what if someone sealed the deal w/ his daughter then uploaded pics on twitter? Wonder what kind of derp face we'd get...

BrianOctober 26, 2013 9:15 PM

So what part of that story sounds anything like "US Government Monitoring Public Internet"? Since Twitter is public, pretty much anyone who knew Hayden could have read those tweets and alerted him or his office (and I would imagine a former head of the CIA and NSA would know quite a few people). I'm not sure inventing a government monitoring program is a necessary part of this story...

robinOctober 26, 2013 10:58 PM

If the tweets had been private, I'd have been concerned, but as they were on a public account this is probably nothing nefarious. I would be very surprised if this was anything more than some entity (political or governmental) that he worked with having a subscription to a service that scanned Twitter activity for his name (probably with associated identifiers like 'NSA'). While these services are too expensive for most citizens to bother with, it would not be surprising if someone in his position was a subscriber.

SingleNamedGovAgentThatHatesFreedomOctober 27, 2013 12:10 AM

Brian and robin must have been living under a rock for the last few years. Nothing to see here, people.

That it took 15 minutes from Matzzie's tweet to make a phone call directly to Hayden is the paranoid ramblings of a conspiratard.

Hayden probably has friends on twitter, after all. He's one of us, shucks. He's just a working class man trying to get by. His family cat even has a facebook account! That Hayden's twitter friend had his mobile number on hand, just means that Hayden is an approachable, open guy.

That the NSA have already have a vast government monitoring program that includes Google, Microsoft, Facebook, Yahoo, Skype, etc. couldn't possibly include mass surveillance of Twitter, as that is bordering on wild accusations. Why are you guys so paranoid?

That Tom Matzzie was heavily involved in MoveOn just proves that Matzzie was in the wrong place at the wrong time. That the NSA _allegedly_ monitored Matzzie was probably on par with those paranoid rumors that the NSA _allegedly_ monitored the German head of state for over ten years. The mere fact that Matzzie was eavesdropping on Hayden goes to show that we need a powerful intelligence apparatus that stops this sort of thing.

That Hayden was discussing classified material with a journalist just goes to show the brave nature of our nation's warriors who are willing to speak truth to power. Apart from Snowden and Manning, those guys are treasonous attention whores. I'm sure Hayden had good reasons for wanting to remain anonymous, good classified reasons.

Twice ShyOctober 27, 2013 12:23 AM

A naive interpretation of the Hayden event may not be accurate.

It could be a media stunt to steal focus from the NSA protest this weekend.

Or it may be a building block in some larger knowledge shaping strategy.

GopiballavaOctober 27, 2013 1:14 AM

This seems to have some interesting DOS implications. The chain of events:

1. Witness sends out tweets
2. Either an automated bot searching for interesting stuff notices, or it gets retweeted enough that some person connected notices
3. Now, a human interested in informing Hayden is made aware *of the claim* that Hayden is doing something embarrassing. Specifically, an off-the-record private interview. How many people would know whether Hayden is on a train and giving an interview? Almost nobody. So the person in (3) is unlikely to have any clue whether the tweets are even marginally accurate
Two options:
4a. The message is passed along to one of the small number of people who can verify the facts
Or:
4b. The person in (3) calls or passes along to somebody else the request to call Hayden and figure out if the tweets are true or not

Given that off the record interviews of the type that Hayden was giving *could* be given without any of the subject's handlers knowing that he was doing that, I would lean towards (4b), the *unsubstantiated* tweets resulted in a phone call to him.

I can see some interesting DOS pranks. People tweeting vaguely plausible things about what people are doing, resulting in lots of interruptions. "What? No, I am not on a train, and, no, I did *not* forget to zip up my fly", etc.

If it was a centralized reporting chain, I'd expect them to notice the DOS quickly and stop reporting possible events like this quickly. Also, you'd never really know if your tweets actually resulted in anybody getting hassled, so it wouldn't be a very fulfilling prank.

jmlOctober 27, 2013 3:00 AM

It's also quite possible that a commercial service is involved.

A couple of years back, a relative was taken to an ER in another city. A friend who accompanied hir was tweeting about the situation. Within an hour or two, the attending physician asked my relative about whether sie knew that friend were Tweeting and blogging about hir condition. Medical privacy concerns, and suchlike.

Turns out the hospital subscribed to a service which monitors what's being said in public media about the hospital, and follows up.

Since it was all done with knowledge of the patient, the doctor the asks whether there could be some posting on the condition, and early warning signs, and suchlike.

Overall, I was impressed by how it was handled.

I can easily see how the same service, at a higher service level, could result in the reported series of events.

-jml

AspieOctober 27, 2013 3:11 AM

Ha. That's priceless. Makes me think there's a Conrad Bean character in the loop somewhere getting trigger messages from any of the people who are being closely watched if socal media suddenly trends with their name.

Hayden seems very egotistical and eager to stay relevant. Once they've tasted the power they just can't sit down and shut up.

WaelOctober 27, 2013 3:33 AM

Hard to believe a former director of the CIA and NSA discussed sensitive topics in a public place!!! What's funnier and stranger is he asked to remain anonymous!

WaelOctober 27, 2013 3:38 AM

@ Aspie,

Hayden seems very egotistical and eager to stay relevant. Once they've tasted the power they just can't sit down and shut up.
Until someone tells him to have a nice cup of STFU, that is;)

AspieOctober 27, 2013 4:25 AM

@Wael
I wonder if they then called the people interviewing Hayden and served them with a nice hot cup of STFU too...

TimOctober 27, 2013 10:56 AM

"Being true, transparent and honest is a good starting point you will agree."

This is the mistake. It is not about your privacy, it is about the concentrated power of having access to all that information, and being able to take decisions on the basis of it - better decisions, more competitive decisions, decisions that you will never be able to outwit. That is a corrupting power, and something we need to be very wary of and mitigate at all costs.

If we ALL had access to all the information, it wouldn't matter so much.

BryanOctober 27, 2013 11:36 AM

Not impressive, they still missed out on Snowden; All the gadgets are now worth much given they can't even secure their own network.
or mouths...

BenjaminOctober 27, 2013 1:24 PM

I'm with @jml on this one. This is almost certainly just a commercial service, and no big deal.

Ever see someone tweet complaining about some company and then the company tweets back with a variant of "I'm so sorry you're upset. If you PM your contact info, I'll make it right"? This is the same thing - there are TONS of commercial solutions for monitoring your "brand" on twitter. If this guy's media-savvy enough to be talking to multiple reporters, he and his staff are media-savvy enough to use those services.

The NSA and the Government are doing some pretty reprehensible things. Let's make sure not to dilute the coverage with stuff they're not doing because it weakens the impact when we talk about how they really are fucking us over.

bemusedOctober 27, 2013 3:08 PM

wow you mean that people can hear other people who talk on trains- and that people can look at other people's twitter feeds? thanks for yet more incisive commentary on our technological fascist {hysterical buzzword 1,2,...} governnment.

pretty amusing that hayden was willing to sit in for a pic, though.

delphi_oteOctober 27, 2013 3:10 PM

Don't see nearly enough discussion of the flagrant hypocrisy here. Hayden and Snowden are under the same legal restrictions. The politically connected one can talk to the press liberally and demonize whoever he likes. The other is labeled a traitorous enemy combatant and forced to flee the country.

Security clearances are not about protecting classified information anymore. This is about protecting the political powerful and controlling the public. OSI is already here.

BPOctober 27, 2013 4:28 PM

I don't want a fascist President so I understand that they might spy on him. After all, he has control of the nuclear button. But I don't think they like the fact that I mentioned what I saw in the Snowden cache that was for one brief night on Cryptome but got forwarded to the privacy board by John Young. Shocking indeed. I do understand the public might not be ready for what I saw, it was seriously depressing to me.

But I worry more about the rogue hacker who keeps breaking into my accounts and putting in loopbacks in my disks. I know it's someone spying on me when I'm using encrypted disks. I spent several hours trying to fix a USB drive that had a second format underlying the first with a loopback in it at the start of the disk and wouldn't format with gparted. Only when I went online with something that the Regents of the University of California came out with GhostBSD or one of the other ones I had and formatted that drive online did I get it fixed. I presume this to be some second rate actor, perhaps a state or corporate spying outfit that has no idea what they are doing that's involved because truined several hard drives I have. And when I used Windows I bought all my software, at least since a long, long time ago. However, if the free software you use doesn't spy on you, then pay them something. I liked ubuntu until they went across the spying line. Ηε'σ αηεαρ σοεε ςηατ Ι'μπτθτινγ θπ ςιτη. He just showed up Thats what he does

Jimmy AngletonOctober 27, 2013 4:52 PM

@Gopiballava: What do you mean by "it wouldn't be a very fulfilling prank"? The difference between an amateur and a professional prankster is that the amateurs seem obsessed with having to see the results. The pros already know, and just walk away with a smile.

(And they don't have to get a hit every time. They make it a point to use shotguns.)

Andrew WallaceOctober 27, 2013 5:32 PM

All it would take was for Michael Hayden to look at his phone and notice his name being mentioned on Twitter. It is not unusual for someone to monitor their own name.

BPOctober 27, 2013 5:42 PM

My hacker was back. See those characters in my post. SCIM starts up mysteriouslly in my browser at odd times and I can't continue typing. Google has noted odd behavior and warned. I've written to Firefox, Google, Parted magic developer and Twitter to try to get him permanently out of here. But I like parted magic because it's in memory and no disk to steal data from.

Dirk PraetOctober 27, 2013 9:26 PM

@ Wael

Hard to believe a former director of the CIA and NSA discussed sensitive topics in a public place!!!

Actually, it isn't. Although everyone working in sensitive environments is getting security awareness training according to role and is required to follow policies and procedures, one often observes that the higher you go up the food chain, the more you find management types asking for exceptions or - even worse - believing themselves to be exempt from rules that in their eyes apply only to commoners. It is a combination of arrogance and stupidity fed by the belief that they are untouchable in their position. I've seen it many times when implementing or enforcing security policies, and it's an Achilles' heel in many an organisation.

WaelOctober 27, 2013 9:33 PM

@ Dirk Praet,

True! I've seen that too, in the industry. But for NSA and CIA, still hard to believe -- The stupidity, that is!

WaelOctober 27, 2013 9:41 PM

@ Dirk Praet -- continued...

fed by the belief that they are untouchable in their position.
That is often the case, they are untouchable. Can you imagine this was a "lower rank" person?

Wesley ParishOctober 28, 2013 1:14 AM

I'm reminded of something I did myself on Twitter:

TWITFIC: CIA Director waterboards girlfriend. "She said yes! Unbelievable! Was she telling the truth?"

And then Petraeus and girlfriend get outed ... I don't think there's a direct link between my joke and him-and-her getting outed, but I suspect it's a way of "suggesting" things to the impressionable, such as media types. Eg:

TWITFIC: AlQaeda suspect confesses being deposed Queen of England. CIA plot deposed monarch's restoration.

You may as well have fun with the twits.

Brian DellOctober 28, 2013 1:31 AM

"Here's a demonstration of the US government's capabilities to monitor the public Internet.... wow"

More like a demonstration of the private sector's capabilities to monitor the public Internet. Did you know that there are public relations firms out there that can track mentions of your name for you on Twitter? How many times did this guy say "Michael Hayden" before Hayden was called, probably by someone with a firm contracted to do PR for Hayden's office?

You could hire the exact same "wow" inducing "capabilities" as a private citizen, but I suppose that point doesn't jive with the tin foil hat mentality around here.

Brian DellOctober 28, 2013 6:26 AM

Has Schneier ever actually PROVED that the NIST, under in the influence of the NSA, has ever deliberately weakened standards?

But the New York Times says otherwise, you say. And how do you know that whatever documents the NYT was looking at with respect to this particular issue (I'm not denying that BULLRUN exists or operates in other areas) weren't in the context of the NSA's interest in ensuring standards that protect America against adversaries? Recall that if there's a conspiracy here, according the NYT the Canadians helped enable it, suggesting a rather wide conspiracy.

How about the possibility that Schneier, who, as we see here, is very quick to see "US Government Monitoring," was the one who suggested to the NYT or the Guardian that there was a link to the theoretical possibility of a backdoor to DUAL_EC_DRBG's encryption and the NYT just ran with that instead of asking another experts, "is the vulnerability in DUAL_EC_DRBG of the sort that would require an army of Math PhDs to come up with or could an undergraduate see the problem such that the more likely explanation is NIST was looking for an elliptic curve algorithm to complete the set of four and 'rushed out' a flawed product?"

We already know the NYT story was weak reporting because it oversold the idea that encryption is pointless. Even if DUAL_EC_DRBG was a case of deliberately weakening a standard, did the NYT story explain that in fact the NSA wouldn't have seriously left users vulnerable to criminals because it remained extremely difficult to figure out the "magic numbers" if you didn't know what they were? In other words unlike, say, GSM A5 1, DUAL_EC_DRBG has never been "cracked"? How often has Schneier, for that matter, clarified that if the NSA put a backdoor into DUAL_EC_DRBG it's essentially "one way" such that nobody other that the NSA can use it (unless you've got square miles of servers)?

The New York Times says that "the Dual EC DRBG standard... contains a back door for the NSA" as if it is an uncontestable fact but the truth is that there is no smoking gun here. If they can be wrong on that they can be wrong about their general thesis.

The NIST has denied any knowledge of a backdoor and has also denied the charge that the NSA was the exclusive author of its standard yet the conspiracy theorists insist the NIST is lying to you. Remember all the denials about the NSA having "direct access" to the servers of Facebook etc? The Washington Post then admitted that "it is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author." How about trying on the same explanation here, i.e. that even if the NYT's source material here is unambiguous, the NSA author could be wrong?

What's sad is that the conspiracy theorists here are damaging U.S. technology exports by spreading these unproven, speculative claims about NSA backdooring. Undermining confidence in NIST standards only helps America's competitors and adversaries.

Nick POctober 28, 2013 7:36 AM

@ Brian Dell

"What's sad is that the conspiracy theorists here are damaging U.S. technology exports by spreading these unproven, speculative claims about NSA backdooring. Undermining confidence in NIST standards only helps America's competitors and adversaries."

The leaked NSA slides and admissions from various companies show the NSA gets them to deliberately weaken US encryption products. If there's any "conspiracy," it's on their side as they're constantly conspiring and their own files prove it. ;) I agree the RNG wasn't a big a deal as it didn't provide an attack vector except for them. Many other things they've done have made the products weaker against nation states and black hats. Actual attacks resulted on some of these.

Were those accidents or deliberate backdoors? We can't tell, but we know they deliberately leave bugs in by their own admission. (see Stuxnet Siemens 0-days) And they've been weakening crypto since back in the Lotus days. That one's actually in the product documentation! Haha. And for uncooperative companies the leaked slides indicated "HUMINT:" an opaque, umbrella term for infiltration, sabotage, extortion, bribery, theft of IP, etc by human intelligence assets.

This... doesn't paint a bright picture for the confidentiality or integrity of one's bits if they use a US product or service.

Risk to Foreign Use of US Products or Services: Six Simple Points

1. United States has a ridiculously powerful agency with vast math, hacker, signals collection, and military resources which operates in total secret, aims to spy on all communications worldwide, and effectively has criminal immunity for everything it does.

2. This agency backdoored domestic and foreign products in the past.

3. This agency fought all strong crypto standards and tried to convince firms to secretly use weaker standards for international use.

4. This agency knowingly pushed bad options into the IPSec standard to weaken it, while keeping the good version for themselves as HAIPE.

5. This agency regularly pulls live data from telecoms and online service providers via secret arrangements.

6. This agency spies on foreign politicians and businesses to give America an edge on them.

There were many more but just these six known facts should be enough to convince any foreign country that using US tech means the US will know everything about your operations if it wants to. I mean, how does a foreign company outbid a US defence contractor if NSA is intercepting foreign communications and feeding that info to the defence contractor? There's circumstantial evidence that this scenario has played out quite a few times and a bit of hard evidence in leaked/declassified files. That's reason enough not to trust our products, yeah?

Now, what about Americans? Well, any Americans concerned with US govt power or abuse will have a problem. They will be unable to successfully organize and act against the organization as all their private communications about strategy can be intercepted. Their only hope is using face-to-face communications away from any potential listening devices or using crypto on top of old tech. That we're even in a situation where I have to consider this stuff is really, really bad.

So, far from conspiracy theories, it's pretty damned simple: our current government is about total surveillance, near total secrecy, strong police powers & no accountability. History, including American history (J Edgar's FBI), shows us that this always goes bad for The People. Always. These massive spying capabilities should be dismantled and banned quickly as possible before the existing or a future regime has the ability to use it to subvert our democracy. I just hope they haven't already...

Katrina LoweOctober 28, 2013 8:32 AM

Regardless of whether or not this was an example of the NSA monitoring the internet, this is still a sad indication of where the level of privacy is for many Americans today.

While I don't think it was appropriate for Hayden to speak the way that he did in public, it's crazy that someone's 'private' phone conversation can end up on Twitter within a matter of minutes. Of course, we should all be aware that we live in a digitally-driven society, and live our lives accordingly, but I find myself continually astounded that Twitter continues to incriminate folks who (presumably) had no idea what they were doing was being recorded.

Of course, there's really nothing we can do about it, but to monitor what we say in public. Especially since Hayden is a public figure, I'm surprised that he didn't even stop to THINK about what he was saying...but what's done is done.

wumpusOctober 28, 2013 8:53 AM

@Muddy Road "watching the watchers"

Perhaps an update to the propaganda:

"if you see something, capture it and post it to utube".

wumpusOctober 28, 2013 9:04 AM

@Nick P

First, even for for US users, DUAL_EC_DRBG is still slow, second rate, and has the danger that a more hostile power will break the master backdoor keys. It is basically a smoking gun that US users should never use NSA influenced crypto and should do as much as possible to reduce the NSA mission and budget.

Second, most of your six points work for US users of US software as well. To be more blunt, those same agencies have our communications systems already in their pocket and have even less need of the weakened crypto. US users should want NSA-free at least as much as foreign users (actually US citizens aware of the issues would likely prefer US crypto and not be spied on, but it might be awhile before enough people care to change this).

While this might sound blatantly unfair and pointless, hopefully someone knows how to word such things to convince the US public.

Clive RobinsonOctober 28, 2013 9:50 AM

@ Brian Dell,

    How about the possibility that Schneier, who, as we see here, is very quick to see "US Government Monitoring," was the one who suggest...

Oh please... don't make me laugh to hard I'll end up coughing.

I know Bruce won't like me saying it but historicaly he is very very conservative in his published words about back doors, bad standards, bad implementations etc. And to be honest if I was in his position I might be as conservative but I have the advantage of not being so...

I as others can remember when we were warning Bruce that his assumptions about SCADA system security was overly optomistic.

Likewise with CO telephone switches. I've repeatedly stated the UK Gov through what was the General Post Office and later British Telecom and now just BT deliberatly over many years weakened the international digital telephony standards to permit fairly easy surveilance.

I also pointed out much to the suprise of quite a few on this blog that "code signing" was at best faux security quite a long time befor Stuxnet made it bleeding obvious.

I have pointed out many times over many years what the US and UK were upto under BRUSA (later UKUSA) which even a few months befor the Ed Snowden revelations people were voiciferously saying was not true/possible.

I have also repeatedly pointed out that there is strong evidence of the NSA backdooring crypto equipment, going back before they officialy existed with various bits of "mechanical field cipher equipment".

I have also pointed out for a long time I belive the NSA quite deliberatly nobled the AES competition since fairly shortly after NIST anounced the winner. It's why I don't use AES but other finalists where the implementation can be realised without opening up a myriad of side channels.

I have also repeatedly stated that you should never use AES on a PC or other computer in "Online Mode" only "Offline mode" which is the equivalent of "air-gapped use only".

I also pointed out as others have before it became obvious that crackers were turning from "ego food" to "guns for hire" for criminals something that is so endemic now few can remember when it was not the case.

I also indicated how to do "air-gap" crossing malware when indicating voting machine software could not be made secure. Which was long long before Stuxnet proved the point.

I also showed how it was possible to setup covert zombie malware such that it did not need a comand and control server. I also worked out how to do covert return of stolen documents etc (which appeared briefly in a modified version of the Zeus Trojan) for what we now call APT.

On each and every one of these Bruce as were nearly all the commenters on this blog way way behind the curve, waiting for solid evidence that such was happening in the wild.

In all these cases I worked out how I would go about doing it and verifying it was technicaly possible, I did not wait for such things to be found in the wild (when it's to late) before warning/talking about them.

In fact thinking back I can only remember one occasion when Bruce jumped ahead and it was found to be incorrect. And that was when PC malware was blaimed for crashing an aircraft. It later turned out to be the airline covering up it's internal maintanence problems with a carefully worded statment that got repeatedly mis-translated into English. And I still feel slightly guilty for that as I posted a couple of the english translated news articals on the friday squid page without getting another translation from a more trusted source.

So yes Bruce is very conservative in what he writes and I don't blaim him for taking that stance. Which is why I find your suggestion so laughable.

BPOctober 28, 2013 10:46 AM

The dark comments about the prisons and rendition is what turned me against him. That guy was pretty convincing that Hayden enjoys seeing that done to people and having control of those sites. That's not someone in the US government, or at least the one I used to believe in. That's Stalin.

Dirk PraetOctober 28, 2013 10:47 AM

@ Brian Dell

Has Schneier ever actually PROVED that the NIST, under the influence of the NSA, has ever deliberately weakened standards?

No, he hasn't, but there have been sneaking suspicions about DUAL_EC_DRBG ever since 2007 and Bruce was hardly the only one to voice his concerns about it. Same goes for RC4. The subject has been discussed to great lengths on this blog a while ago. Pre-Snowden, all of this was pretty much in the realm of conspiracy theories, but we're well beyond that point now. As long as Greenwald and the other journalists reporting on the affair continue to withhold on the technical details of products, services and technologies that have been weakened/backdoored, much of the discussion remains speculation based on the best clues we have, many of which are now being seen in an entirely different light. Using the USG's own standard of "reasonable articulable suspicion", it is hardly a surprise that an entity like RSA has recently recommended its developer community to stop using it. Or that others are becoming a bit more careful in blindly trusting AES or Intel's RDRAND to name just a few.

What's sad is that the conspiracy theorists here are damaging U.S. technology exports by spreading these unproven, speculative claims about NSA backdooring.

You only have your own government to blame for that. It's not the "conspiracy theorists" who are damaging US technology exports, it's your own laws that allow your government to force tech companies into "cooperation", especially in a legal context that makes anything foreign fair game for spying. We've seen plenty of evidence of that lately.

You can regret it as much as you want, but for most of the world any and all US technology today is "insecure by law". I'm not saying other countries aren't doing the same, but in practice it does mean that US product exports will take a blow in many non-US environments where confidentiality of data and communications is of the issue. Just like Huawei, ZTE, Lenovo and the like have taken similar hits over similar accusations. Nobody is buying the "everyone is doing it"-argument. When caught selling or smoking pot, you're not going to make a better defense telling the judge that the rest of the neighbourhood was doing it too. "We are the good guys protecting you from terrorists" is equally laughable.

I understand that many Americans are having a hard time coming to terms with Snowden's revelations and how they are affecting US reputation and business abroad. Neither of them are helped by "it's all legal"-statements, deceptive word games, playing the NSA's activities down as "minor encroachments", narrowing the discussion to technical details of specific allegations like whether they have direct or indirect access or where the smoking gun is for possible IPSEC, RC4 or DUAL_EC_DRBG subversion. What counts is the bigger picture, and that's one of a thinly disguised surveillance state usually only associated with China or the former Soviet Union.

The only way American citizens today can positively influence the perception of their nation by the rest of the world is by demanding their government meaningful oversight, transparancy and accountability of NSA programs both domestic and abroad, including allowing corporations to speak out over what exactly it is they have been forced to do on behalf of the USG. Short thereof, I'd say that the overall trust in the confidentiality aspect of US ICT products and services for al practical purposes is as extinct as a dodo.

65535October 28, 2013 10:54 AM

From some comments it seems like a few for those "K-Street PR Firms" are getting a little hostile on this podium. They even could be making excuses for their benefactors and themselves. But, they are getting paid well. My eyes are glazing over; my ears are getting plugged and a slow vacant smile is crossing my face. K-Street PR firms fronting for the most powerful government in the world don't impress me.

WaelOctober 28, 2013 11:33 AM

@ wumpus

"if you see something, capture it and post it to utube".
I was thinking the same, but you beat me to it! I was thinking:
If you see something, tweet something!

Lance CottrellOctober 28, 2013 11:55 AM

Noticing these tweets is hardly shocking. There are a number of companies that have access to the whole "twitter firehose". Those businesses sell a number of services, among which is the ability to monitor Twitter in real time for any number of flagging events. I would expect that Hayden's name, along with the names of many other current and former officials, would be tracked to watch for threats if nothing else.

Onetime PadOctober 28, 2013 1:51 PM

Does the NYT article quote the Tweets? Had anyone here actually seen the Tweets?

Is the Tweet story a cover for plain old tapping of Michael Hayden's phone?

Brian DellOctober 28, 2013 4:05 PM

"historicaly he is very very conservative"

If Bruce were at all "conservative" then he would have complained that the New York Times statement "the Dual EC DRBG standard... contains a back door for the NSA" was too definitive. He could have called attention to the fact that if there is a back door, the people who revealed it, Shumow and Ferguson, said at the time that "WHAT WE ARE NOT SAYING: NIST intentionally put a back door in this PRNG."

Bruce has insinuated that NIST, under NSA influence, deliberately underminded the new SHA-3 algorithms, claiming that NIST had made suspicious changes. After the winners of that hash function competition responded to the accusations, Bruce backtracked to admit that the "NIST made the changes in good faith" and the changes were not to the algorithm. A "conservative" person would have tried to get solid evidence for his claims BEFORE making them, ESPECIALLY when the effect is to smear someone's reputation, in this case NIST's. If NIST is defamed, it hurts everybody (except for Huawei, etc) , but many of you are apparently not concerned enough with getting solid proof to care.

I might add that if Bruce were "conservative," he'd restrict himself to accusing the NSA of immoral activity as opposed to "illegal." Is Bruce a legal expert? Has he quoted the statutes that have been violated? This sort of loose, blanket language is that of someone with an agenda, not someone "conservative."

As for the claims in this thread that AES isn't secure because the NSA deliberately undermined it, you're just providing more evidence that Bruce has allowed his website here to turn into conspiracy theory central.

Nick POctober 28, 2013 4:14 PM

@ wumpus

"First, even for for US users, DUAL_EC_DRBG is still slow, second rate, and has the danger that a more hostile power will break the master backdoor keys. It is basically a smoking gun that US users should never use NSA influenced crypto and should do as much as possible to reduce the NSA mission and budget."

The point of my statement to Brian Dell about that is to present it from his view. He's in the category that wants more solid evidence than "certain attributes mean it might be a backdoor, might not." Plus, this one is very unlikely to allow [other] enemies access. So I downplayed it. Straight up, most audiences won't see it as much of a problem compared to NSA weakening major security standards, bribing companies, leaving in 0-days, etc. Gotta focus on what has the most impact.

"Second, most of your six points work for US users of US software as well. To be more blunt, those same agencies have our communications systems already in their pocket and have even less need of the weakened crypto. "

I agree.

" US users should want NSA-free at least as much as foreign users (actually US citizens aware of the issues would likely prefer US crypto and not be spied on, but it might be awhile before enough people care to change this)."

It's true for some and not true for others. In practice, most users in the US will gladly give up tons of privacy, safety & even control of their own data in exchange for specific attributes in a product or service. That's often "good appearance," "it's cool," "many features," "cheap," and so on. Far as security/privacy threats, many of them are more worried about foreign nation states, online crooks, snooping spouses, people stealing their laptops, etc. Most aren't worried about the NSA even though they should be. So, given their priorities and preferences, they will typically accept all kinds of US tech if it addresses their many worries. Even if the NSA/FBI might be listening in.

There is a market segment that is quite concerned about privacy, security or civil liberties. They are the ones that should be protesting the NSA activity as it will affect them more. Many are. These are also the people who are willing to put more time and money into achieving their privacy goals. Unfortunately, NSA expended considerable resources to prevent their success. The majority's market and political choices also worked against this minority segment. So, the bar for maintaining privacy or anonymity is now *much* higher than it was before.

"While this might sound blatantly unfair and pointless, hopefully someone knows how to word such things to convince the US public."

That's what I was trying to do with the six points. Glad you liked them. I think we in the security community just aren't doing well enough in presenting the message in a way the public can immediately see is true and worth acting on. So, for my part, I'm trying to focus on specific US examples of democracy-destroying corruption in the past, the specific risks of power they've grabbed, specific shocking practices they're doing, etc. Best analogy I've come up with so far was Hoover's FBI. There's many similarities far as risks go and we have examples of how they played out. Just add all the capabilities in the NSA leaks to that situation, along with their evidence of corruption/non-accountability, then even a lay person starts getting concerned.

I also like this too. I'd take a few things off the list that Americans probably expect the NSA to be doing and narrow it down to what can/has hurt Americans. Stuff like that. Your thoughts on this aspect of the discussion?

Dirk PraetOctober 28, 2013 6:55 PM

@ Brian Dell

I think you are confusing conservative with pro government.

Bruce has insinuated that NIST, under NSA influence, deliberately underminded the new SHA-3 algorithms, claiming that NIST had made suspicious changes.

Bruce didn't insinuate squat on the Will Keccak = SHA-3? thread. He followed up on a John Kelsey talk pointing out a couple of weird-looking changes to the original submission. The conservative thing for a subject matter expert to do in light of the Snowden revelations was to take a very cautionary position as to any suspicious-looking changes. He then went on to change his opinion a couple of days later after the response of the Keccak team. Does that sound like anything a true conspiracy theorist would do ?

I might add that if Bruce were "conservative," he'd restrict himself to accusing the NSA of immoral activity as opposed to "illegal."

You may have heard about some interesting lawsuits against the USG claiming that the NSA's activities under PA 215 and FISA 702 are illegal indeed and a violation of the 1st, 4th and 5th amendments to the US Constitution. Even congressman Sensenbrenner, one of the authors of the Patriot Act, has publicly spoken against the USG's interpretation of PA 215, saying it was never intended to be used like that. Only under relatively new and until recently very secret interpretations of the law by a secret court are the NSA's activities legal. The conservative stand in this case again is to consider them illegal. And that is of course without mentioning the fact that the NSA's global spying activities are probably violating quite some laws in countries all over the world too. Which is why in my opinion under a conservative interpretation of laws both inside and outside the US the NSA's activities are indeed both immoral and illegal.

As for the claims in this thread that AES isn't secure because the NSA deliberately undermined it

Since you are only too keen to question Bruce's legal background, may I ask what your cryptography background is to question @ Clive's expert opinion on the matter, which by the way is shared by quite some others in the community ?

@ Wael

If you see something, tweet something!

+1

nOctober 28, 2013 9:07 PM

Doable?
Spider from non-range ips. Ignore robots.txt.
Scan own cache.

"twitter firehose"
tweetnozzle?

FigureitoutOctober 28, 2013 10:24 PM

Brian Dell
--Hey bdell, the threat model includes more than the NSA. Prove otherwise, can you do that for me? What is proof, some electronic bits on you PC, Lol! What is proof, some video evidence that "can't" be modified w/ existing software? LOL. What is proof, especially in the IC? It will be poofs of hints that one can only become accustomed to w/ such exposure, and I've had goddamn enough. I can give you an exact address or coordinates and come call me a conspiracy theorist to my face pussy, no guns/knives please. Re-read Nick P's posts here b/c he hit the nail on the head so hard he might as well have a nail-gun w/ a nice clip of nails for this thread.

Keith IveyOctober 28, 2013 10:53 PM

Folks, there's no need for anyone with access to the Twitter firehose in this case. Tom Matzzie is followed by plenty of political types and journalists, including people who are followed by even more political types and journalists. His tweets were noticed right away and retweeted all over within minutes. People who know Hayden would have seen them with no need for intervention by a PR agency, much less the NSA.

Mike amlingOctober 29, 2013 3:55 AM

@wumpus
"DUAL_EC_DRBG is still slow, second rate, and has the danger that a more hostile power will break the master backdoor key."

I'd be more concerned that the secret (P/Q) would leak. "break" not so much. If a hostile power can take ECC logarithms, then we have more to worry about than DUAL_EC_DRBG.

ModeratorOctober 29, 2013 1:48 PM

@Figureitout:

I can give you an exact address or coordinates and come call me a conspiracy theorist to my face pussy, no guns/knives please.

If you ever say anything like this to anyone on this blog again, I will ban you without further notice.

If you want to stay here, you may not threaten people. You may not offer to fight people. You may not warn people that someone else might hack them for an on-blog disagreement. You may not call people names. And generally, you need to get yourself under better control, because your temper is an ongoing problem.

It may sound like a joke, but I honestly do recommend getting up and taking a walk around the block before you reply to someone who's making you angry. Even a short break can make a difference.

FigureitoutOctober 29, 2013 3:13 PM

Moderator
--Sorry, I get too angry. Calling us all conspiracy theorists, I think skepticism is healthy. The next step is calling us delusional or diagnosing us w/ fake mental problems. Anyway, ok.

baffledNovember 3, 2013 8:10 PM

How did they call him while he was on the phone with the news agency? If I were him, I would let any incoming call go to voicemail.

Sounds bogus to me.

Regardless, I have no doubt our communications are monitored.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..