Schneier on Security
A blog covering security and security technology.
December 2013 Archives
Der Spiegel has a good article on the NSA's Tailored Access Operations unit: basically, its hackers.
"Getting the ungettable" is the NSA's own description of its duties. "It is not about the quantity produced but the quality of intelligence that is important," one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed "some of the most significant intelligence our country has ever seen." The unit, it goes on, has "access to our very hardest targets."
The article also has more details on how QUANTUM -- particularly, QUANTUMINSERT -- works.
Until just a few years ago, NSA agents relied on the same methods employed by cyber criminals to conduct these implants on computers. They sent targeted attack emails disguised as spam containing links directing users to virus-infected websites. With sufficient knowledge of an Internet browser's security holes -- Microsoft's Internet Explorer, for example, is especially popular with the NSA hackers -- all that is needed to plant NSA malware on a person's computer is for that individual to open a website that has been specially crafted to compromise the user's computer. Spamming has one key drawback though: It doesn't work very often.
Another article discusses the various tools TAO has at its disposal.
A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.
The German version of the article had a couple of pages from the 50-page catalog of tools; they're now on Cryptome. Leaksource has the whole TOP SECRET catalog; there's a lot of really specific information here about individual NSA TAO ANT devices. (We don't know what "ANT" stands for. Der Spiegel speculates that it "stands for Advanced or Access Network Technology.") For example:
(TS//SI//REL) SOUFFLETROUGH is a BIOS persistence implant for Juniper SSG 500 and SSG 300 series firewalls. It persists DNT's BANANAGLEE software implant. SOUFFLETROUGH also has an advanced persistent back-door capability.
(TS//SI//REL) An active 802.11 wireless exploitation and injection tool for payload/exploit delivery into otherwise denied target space. NIGHTSTAND is typically used in operations where wired access to the target is not possible.
NIGHTSTAND can work from as far away as eight miles, and "the attack is undetectable by the user."
(TS//SI//REL) DROPOUTJEEP is a software implant for Apple iPhone that utilizes modular mission applications to provide specific SIGNIT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.
There's lots more in the source document. And note that this catalog is from 2008; presumably, TAO's capabilities have improved significantly in the past five years.
And -- back to the first article -- TAO can install many of the hardware implants when a target orders new equipment through the mail:
If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.
They can install the software implants using techniques like QUANTUM and FOXACID.
Remember, this is not just about the NSA. The NSA shares these tools with the FBI's black bag teams for domestic surveillance, and presumably with the CIA and DEA as well. Other countries are going to have similar bags of tricks, depending on their sophistication and budgets. And today's secret NSA programs are tomorrow's PhD theses, and the next day's criminal hacking tools. Even if you trust the NSA to only spy on "enemies," consider this an advance warning of what we have to secure ourselves against in the future.
I'm really happy to see Jacob Appelbaum's byline on the Der Spiegel stories; it's good to have someone of his technical ability reading and understanding the documents.
Joseph Stiglitz has an excellent essay on the value of trust, and the lack of it in today's society.
Trust is what makes contracts, plans and everyday transactions possible; it facilitates the democratic process, from voting to law creation, and is necessary for social stability. It is essential for our lives. It is trust, more than money, that makes the world go round.
At the end, he discusses a bit about the security mechanisms necessary to restore it:
I suspect there is only one way to really get trust back. We need to pass strong regulations, embodying norms of good behavior, and appoint bold regulators to enforce them. We did just that after the roaring ’20s crashed; our efforts since 2007 have been sputtering and incomplete. Firms also need to do better than skirt the edges of regulations. We need higher norms for what constitutes acceptable behavior, like those embodied in the United Nations’ Guiding Principles on Business and Human Rights. But we also need regulations to enforce these norms a new version of trust but verify. No rules will be strong enough to prevent every abuse, yet good, strong regulations can stop the worst of it.
This, of course, is what my book Liars and Outliers is about.
Frozen squid makes him happy.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
"Talking to Vula" is the story of a 1980s secret communications channel between black South African leaders and others living in exile in the UK. The system used encrypted text encoded into DTMF "touch tones" and transmitted from pay phones.
Our next project was one that led to the breakthrough we had been waiting for. We had received a request, as members of the Technical Committee, to find a way for activists to contact each other safely in an urban environment. Ronnie had seen a paging device that could be used between users of walkie-talkies. A numeric keypad was attached to the front of each radio set and when a particular number was pressed a light would flash on the remote set that corresponded to the number. The recipient of the paging signal could then respond to the caller using a pre-determined frequency so that the other users would not know about it.
Lots more operational details in the article.
On Friday, Reuters reported that RSA entered into a secret contract to make DUAL_EC_PRNG the default random number generator in the BSAFE toolkit. DUA_EC_PRNG is now known to have been backdoored by the NSA.
Yesterday, RSA denied it:
Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.
We know from both Mark Klein and Edward Snowden -- and pretty much everything else about the NSA -- that the NSA directly taps the trunk lines of AT&T (and pretty much every other telcom carrier). On Friday, AT&T denied that:
In its statement, AT&T sought to push back against the notion that it provides the government with such access. "We do not allow any government agency to connect directly to our network to gather, review or retrieve our customers’ information," said Watts.
I've written before about how the NSA has corroded our trust in the Internet and communications technologies. The debates over these companies' statements, and about exactly how they are using and abusing individual words to lie while claiming they are not lying, is a manifestation of that.
This sort of thing can destroy our country. Trust is essential in our society. And if we can't trust either our government or the corporations that have intimate access into so much of our lives, society suffers. Study after study demonstrates the value of living in a high-trust society and the costs of living in a low-trust one.
We no longer know whom to trust. This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix.
EDITED TO ADD (12/23): The requested removal of an NSA employee from an IETF group co-chairmanship is another manifestation of this mistrust.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
The Register reported that I am leaving BT at the end of the year. It quoted BT as saying:
We hired Bruce because of his thought leadership in security and as part of our acquisition of Counterpane. We have agreed to part ways as we felt our relationship had run its course and come to a natural end. It has nothing to do with his recent blogs. We hired Bruce because of his thought leadership in security, not because we agree with everything he says. In fact, it's his ability to challenge our assumptions that made him especially valuable to BT.
Yes, it's true. And contrary to rumors, this has nothing to do with the NSA or GCHQ. No, BT wasn't always happy with my writings on the topic, but it knew that I am an independent thinker and didn't try to muzzle me in any way. I'm just ready to leave. I spent seven years at BT, and seven years at Counterpane Internet Security, Inc., before BT bought us. It's past time for something new.
As to what comes next: answer cloudy; ask again later.
Last week, Eben Moglen and I had a conversation about NSA surveillance. Audio and video are online.
EDITED TO ADD: The site seems to be down, so here's a YouTube link.
This is neat:
Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
Eldo Kim sent an e-mail bomb threat to Harvard so he could skip a final exam. (It's just a coincidence that I was on the Harvard campus that day.) Even though he used an anonymous account and Tor, the FBI identified him. Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed the Tor network, and went through them one by one to find the one who sent the threat.
This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess.
Tor didn't break; Kim did.
An interesting research paper documents a "honeymoon effect" when it comes to software and vulnerabilities: attackers are more likely to find vulnerabilities in older and more familiar code. It's a few years old, but I haven't seen it before now. The paper is by Sandy Clark, Stefan Frei, Matt Blaze, and Jonathan Smith: "Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities," Annual Computer Security Applications Conference 2010.
Abstract: Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the rate of vulnerability exploitation. This paper examines an earlier period in the software vulnerability life-cycle, starting from the release date of a version through to the disclosure of the fourth vulnerability, with a particular focus on the time from release until the very first disclosed vulnerability.
This story is about how at least two professional online poker players had their hotel rooms broken into and their computers infected with malware.
I agree with the conclusion:
So, what's the moral of the story? If you have a laptop that is used to move large amounts of money, take good care of it. Lock the keyboard when you step away. Put it in a safe when you're not around it, and encrypt the disk to prevent off-line access. Don't surf the web with it (use another laptop/device for that, they're relatively cheap). This advice is true whether you're a poker pro using a laptop for gaming or a business controller in a large company using the computer for wiring a large amount of funds.
Snappy-looking bow tie.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Really good article from the New Yorker.
This is an interesting story from World War II about trust:
Jones notes that the Germans doubted their system because they knew the British could radio false orders to the German bombers with no trouble. As Jones recalls, "In fact we did not do this, but it seemed such an easy countermeasure that the German crews thought that we might, and they therefore began to be suspicious about the instructions that they received."
I think about this all the time with respect to our IT systems and the NSA. Even though we don't know which companies the NSA has compromised -- or by what means -- knowing that they could have compromised any of them is enough to make us mistrustful of all of them. This is going to make it hard for large companies like Google and Microsoft to get back the trust they lost. Even if they succeed in limiting government surveillance. Even if they succeed in improving their own internal security. The best they'll be able to say is: "We have secured ourselves from the NSA, except for the parts that we either don't know about or can't talk about."
Barton Gellman and Ashkan Soltani are doing some fantastic reporting on the Snowden NSA documents. I hope to be able to do the same again, once Pierre Omidyar's media venture gets up and running.
I have been writing and saying that surveillance is the business model of the Internet, and that government surveillance largely piggy backs on corporate capabilities. This is an example of that. The NSA doesn't need the cooperation of any Internet company to use their cookies for surveillance purposes, but they do need their capabilities. And because the Internet is largely unencrypted, they can use those capabilities for their own purposes.
Reforming the NSA is not just about government surveillance. It has to address the public-private surveillance partnership. Even as a group of large Internet companies have come together to demand government surveillance reform, they are ignoring their own surveillance activities. But you can't reform one without the other. The Free Software Foundation has written about this as well.
Little has been written about how QUANTUM interacts with cookie surveillance. QUANTUM is the NSA's program for real-time responses to passive Internet monitoring. It's what allows them to do packet injection attacks. The NSA's Tor Stinks presentation talks about a subprogram called QUANTUMCOOKIE: "forces clients to divulge stored cookies." My guess is that the NSA uses frame injection to surreptitiously force anonymous users to visit common sites like Google and Facebook and reveal their identifying cookies. Combined with the rest of their cookie surveillance activities, this can de-anonymize Tor users if they use Tor from the same browser they use for other Internet activities.
The NSA is spying on chats in World of Warcraft and other games. There's lots of information -- and a good source document. While it's fun to joke about the NSA and elves and dwarves from World of Warcraft, this kind of surveillance makes perfect sense. If, as Dan Geer has pointed out, your assigned mission is to ensure that something never happens, the only way you can be sure that something never happens is to know everything that does happen. Which puts you in the impossible position of having to eavesdrop on every possible communications channel, including online gaming worlds.
One bit (on page 2) jumped out at me:
The NMDC engaged SNORT, an open source packet-sniffing software, which runs on all FORNSAT survey packet data, to filter out WoW packets. GCHQ provided several WoW protocol parsing scripts to process the traffic and produce Warcraft metadata from all NMDC FORNSAT survey.
NMDC is the New Mission Development Center, and FORNSAT stands for Foreign Satellite Collection. MHS, which also appears in the source document, stands for -- I think -- Menwith Hill Station, a satellite eavesdropping location in the UK.
Since the Snowden documents first started being released, I have been saying that while the US has a bigger intelligence budget than the rest of the world's countries combined, agencies like the NSA are not made of magic. They're constrained by the laws of mathematics, physics, and economics -- just like everyone else. Here's an example. The NSA is using Snort -- an open source product that anyone can download and use -- because that's a more cost-effective tool than anything they can develop in-house.
This is the best explanation of the Bitcoin protocol that I have read.
I have a new book. It's Carry On: Sound Advice from Schneier on Security, and it's my second collection of essays. This book covers my writings from March 2008 to June 2013. (My first collection of essays, Schneier on Security, covered my writings from April 2002 to February 2008.)
There's nothing in this book that hasn't been published before, and nothing you can't get free off my website. But if you're looking for my recent writings in a convenient-to-carry hardcover-book format, this is the book for you.
I'm also happy with the cover.
Unfortunately, the paper book isn't due in stores -- either online or brick-and-mortar -- until 12/27, which makes it a pretty lousy Christmas gift, though Amazon and B&N both claim it'll be in stock there on December 16. And if you don't mind waiting until after the new year, I will sell you a signed copy of the book here.
Suggestions for a title of my third collection of essays, to be published in five-ish years, are appreciated.
0-Day Clothing has taken 25 Bruce Schneier Facts and turned them into T-shirts just in time for Christmas.
Telepathwords is a pretty clever research project that tries to evaluate password strength. It's different from normal strength meters, and I think better.
Telepathwords tries to predict the next character of your passwords by using knowledge of:
Password-strength evaluators have generally been pretty poor, regularly assessing weak passwords as strong (and vice versa). I like seeing new research in this area.
Here's a new biometric I know nothing about:
The wristband relies on authenticating identity by matching the overall shape of the user's heartwave (captured via an electrocardiogram sensor). Unlike other biotech authentication methods -- like fingerprint scanning and iris-/facial-recognition tech -- the system doesn't require the user to authenticate every time they want to unlock something. Because it's a wearable device, the system sustains authentication so long as the wearer keeps the wristband on.
EDITED TO ADD (12/13): A more technical explanation.
Some apps are being distributed with secret Bitcoin-mining software embedded in them. Coins found are sent back to the app owners, of course.
And to make it legal, it's part of the end-user license agreement (EULA):
COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.
This is a great example of why EULAs are bad. The stunt that resulted in 7,500 people giving Gamestation.co.uk their immortal souls a few years ago was funny, but hijacking users' computers for profit is actually bad.
It's not new, though. People have been explaining how to evade airport security for years.
Back in 2006, I -- and others -- explained how to print your own boarding pass and evade the photo-ID check, a trick that still seems to work. In 2008, I demonstrated carrying two large bottles of liquid through airport security. Here's a paper about stabbing people with stuff you can take through airport security. And here's a German video of someone building a bomb out of components he snuck through a full-body scanner. There's lots more if you start poking around the Internet.
So, what's the moral here? It's not like the terrorists don't know about these tricks. They're no surprise to the TSA, either. If airport security is so porous, why aren't there more terrorist attacks? Why aren't the terrorists using these, and other, techniques to attack planes every month?
I think the answer is simple: airplane terrorism isn't a big risk. There are very few actual terrorists, and plots are much more difficult to execute than the tactics of the attack itself. It's the same reason why I don't care very much about the various TSA mistakes that are regularly reported.
As more and more media outlets from all over the world continue to report on the Snowden documents, it's harder and harder to keep track of what has been released. The EFF, ACLU, and Cryptome are all trying.
None of them is complete, I believe. Please post additions in the comments, and I will do my best to feed the information back to the compilers.
EDITED TO ADD (12/5): Wikipedia also has an exhaustive list.
EDITED TO ADD (12/13): This is also good.
One of the things I do is expert witness work in patent litigations. Often, it's defending companies against patent trolls. One of the patents I have worked on for several defendants is owned by a company called TQP Development. The patent owner claims that it covers SSL and RC4, which it does not. The patent owner claims that the patent is novel, which it is not. Despite this, TQP has managed to make $45 million off the patent, almost entirely as a result of private settlements. One company, Newegg, fought and lost -- although they're planning to appeal. The story is here.
Since we learned that the NSA has surreptitiously weakened Internet security so it could more easily eavesdrop, we've been wondering if it's done anything to antivirus products. Given that it engages in offensive cyberattacks -- and launches cyberweapons like Stuxnet and Flame -- it's reasonable to assume that it's asked antivirus companies to ignore its malware. (We know that antivirus companies have previously done this for corporate malware.)
My guess is that the NSA has not done this, nor has any other government intelligence or law enforcement agency. My reasoning is that antivirus is a very international industry, and while a government might get its own companies to play along, it would not be able to influence international companies. So while the NSA could certainly pressure McAfee or Symantec -- both Silicon Valley companies -- to ignore NSA malware, it could not similarly pressure Kaspersky Labs (Russian), F-Secure (Finnish), or AVAST (Czech). And the governments of Russia, Finland, and the Czech Republic will have comparable problems.
Even so, I joined a group of security experts to ask antivirus companies explicitly if they were ignoring malware at the behest of a government. Understanding that the companies could certainly lie, this is the response so far: no one has admitted to doing so.
Up until this moment, only a handful of the vendors have replied ESET, F-Secure, Norman Shark, Kaspersky, Panda and Trend Micro. All of the responding companies have confirmed the detection of state sponsored malware, e.g. R2D2 and FinFisher. Furthermore, they claim they have never received a request to not detect malware. And if they were asked by any government to do so in the future, they said they would not comply. All the aforementioned companies believe there is no such thing as harmless malware.
Powered by Movable Type. Photo at top by Per Ervland.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.