SOMBERKNAVE: NSA Exploit of the Day

Today’s item from the NSA’s Tailored Access Operations (TAO) group implant catalog:


(TS//SI//REL) SOMBERKNAVE is Windows XP wireless software implant that provides covert internet connectivity for isolated targets.

(TS//SI//REL) SOMBEKNAVE is a software implant that surreptitiously routes TCP traffic from a designated process to a secondary network via an unused embedded 802.11 network device. If an Internet-connected wireless Access Point is present, SOMBERKNAVE can be used to allow OLYMPUS or VALIDATOR to “call home” via 802.11 from an air-gapped target computer. If the 802.11 interface is in use by the target, SOMBERKNAVE will not attempt to transmit.

(TS//SI//REL) Operationally, VALIDATOR initiates a call home. SOMBERKNAVE triggers from the named event and tries to associate with an access point. If connection is successful, data is sent over 802.11 to the ROC. VALIDATOR receives instructions, downloads OLYMPUS, then disassociates and gives up control of the 802.11 hardware. OLYMPUS will then be able to communicate with the ROC via SOMBERKNAVE, as long as there is an available access point.

Status: Available—Fall 2008

Unit Cost: $50K

Page, with graphics, is here. General information about TAO and the catalog is here.

In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.

EDITED TO ADD (2/6): It’s implants like this that illustrate why I believe the world’s major intelligence services have copies of the entire Snowden archive. While I don’t believe they can decrypt Snowden’s archive, they can certainly jump the air gaps that the reporters have set up.

Posted on February 5, 2014 at 2:04 PM32 Comments


Josh Rubin February 5, 2014 2:17 PM

I’m confused by the $50K cost.

I understand that secret, customized hardware could be very expensive, but I don’t understand why software could cost anything.

Do they amortize development and maintenance costs over a small number of units, or maybe want to discourage its use?

gonzo February 5, 2014 2:23 PM

@Josh Rubin

I’m reminded of the old man in the movie Independence Day.

My guess is that this $50K is an accounting entry that is placed in the books when an exploit is requested and used. Somewhere, later, that money comes into the NSA via the black budget process.

Nicholas Weaver February 5, 2014 2:36 PM

The $50K figure is really strange, the other things in the SpyMall don’t have prices when its just software implants like this.

And the operation is pretty expected: its basically a “turn on the WiFi and look for open APs” code module that fits into a larger malcode payload.

Marsh Ray February 5, 2014 2:37 PM

@gonzo > I’m reminded of the old man in the movie Independence Day.

You know, that quote comes to mind all the time. I believe it went something like:

US President: “Where did you get the money to build all this?”

Spook: “You didn’t really think we spend $500 on a hammer, did you?”

SJ February 5, 2014 2:44 PM

Does this have the ability to bypass systems with physical Active/Deactivate-switches for WiFi?

I often think of them as WiFi Power Switches, but I don’t know if that is accurate.

Marsh Ray February 5, 2014 3:30 PM


IMHO, hard physical cut-out switches ought to be mandatory on all (portable, consumer) microphones and radio circuits.

However, they are increasingly hard to find. I have not seen a hardwired audio cut out switch on anything with a CPU in years. Due to some challenges posed by RF engineering, antenna switches are not cheap. For battery time/size/weight reasons, killing and restoring power to the radio circuits is a process carefully controlled by software. This is not to say it’s a feature that’s difficult at all to engineer, it just doesn’t happen by accident.

This is the fault of us as consumers. Most people seem to like their gadgets clean and smooth.

Tell everyone you know to ask for hard switches on their microphones and radios just like you insist on switches on your lightbulbs at home.

Even better: Ask your governments if their purchasing standards require it, and if not, why not?

Elena February 5, 2014 3:50 PM

“Most people seem to like their gadgets clean and smooth.”

I agree:

Meet Davecat – The 40-year-old who has shunned ‘organic women’ to marry a synthetic doll and keep another as a mistress

“A robot fan has told how he lives in a strange three-way love triangle to two life-like dolls which are so anatomically correct they have their own tongue.

Davecat, the online pseudonym he lives by, has shunned what he calls ‘organic woman’ in favor of plastic females as they will never cheat on him or end their relationship.

He married one doll he has called Sidore Kuroneko and keeps a second, Elena Vostrikova, to keep her company while he is out at work. They all live together in his apartment in Michigan.

Davecat, 40, says that he and his ‘girlfriends’ never row, they never stand him up – and he finds them more easygoing than a human being.”

3f3jkfnf34kjf4n February 5, 2014 4:21 PM

50k is likely because of software support for the data relay firmware. They’d cover development costs in a couple dozen unit sales probably and don’t sale these high-frequency..

Why does software cost money? Go write some for months or years that has high demand and distribute and support it for free and find out.. I’m pretty sure they taught basic economics in your grade or primary school so I wonder why you ask? Reminds me of the why not give a game that costs 30 million USD to make away, question..

Hotspots and PCB boards? Do the targets audit incoming hardware and active network infrastructure or are they all just extremely stupid and ignore even public sector management and security practices?

Also, someone in another post’s comments said this wasn’t for embedded high security environments but for political and activist environments. Why would you need JTAG and other bus hardware meant for drop-gathering of data for environments that have mostly consumer and business electronics?

Most, note I said most, of this stuff has zero-implementation in those environments, and countless deployments in embedded logistics environments common to big industry and defense facilities..

In a building with some IBM blades, networking blades, and a lot of targets with workstations and laptops, concealed PCBs with PHY level logging have -NO- place..

Clive Robinson February 5, 2014 4:59 PM

This page brings up some questions which are probably of more interest than this component.

Firstly it talks of,

    If an Internet-connected wireless Access Point is present

Begs the question of “how” even back then most Wirless Access Points were not open access. The implication of this being that there was –and probably still is– a way to overcome Wirless Access Point security. Which if you think about it implies a “protocol attack” via deficient or weakened standards.

Secondly it talks about redirecting network packets, the implication is the airgapped system is connected to a wired network, be it by dialup modem or ethernet etc.

This gives a good indication of the type of people this device was aimed at. It certainly was not “lone wolf” or “terrorists” because they are very unlikely to be connecting to a wired network at any time. It was at the time also unlikely to be Civil Service pay grade types due to the usuall lack of it spending (which is why Win98 can still be found on Gov networks). This leaves those with prestige egos, such as Government ministers or those with sufficient capital resources such as corporate employees.

Which raises quite a few questions…

Ben Brockert February 5, 2014 7:24 PM

Can any computer with a wifi adapter in it be said to be “air-gapped”? If I was doing air-gapped work I wouldn’t want the computer to have wifi, IR, powerline gigabit, wireless mouse or keyboard, etc.

n0n3 February 5, 2014 7:35 PM


A system and method for enabling human beings to communicate by way of their monitored brain activity. The brain activity of an individual is monitored and transmitted to a remote location (e.g. by satellite). At the remote location, the monitored brain activity is compared with pre-recorded normalized brain activity curves, waveforms, or patterns to determine if a match or substantial match is found. If such a match is found, then the computer at the remote location determines that the individual was attempting to communicate the word, phrase, or thought corresponding to the matched stored normalized signal.

Clive Robinson February 5, 2014 8:20 PM

@ n0n3,

Have you actually read the patent?

It’s one of those that is distinctly questionable.

To see why replace “brain waves” with “vocal waves” and you will see at best it’s a reworking of very early –and mostly usless– voice recognition (which ended up being used in very unreliable “voice opperated locks” etc).

The earliest patents on “stored waveform comparison” systems are now out of date and as far as I can remember never earnt their inventors a brass nickle.

Based on this patent you should have a look at how voice recognition systems have improved and then patent them to work not with voice but brainwaves…

65535 February 6, 2014 12:25 AM

“Somberknave” looks like a fairly sophisticated air-gap jumping system. It does require “Olympus” or “Validator” to call home.

I notice “…If the 802.11 interface is in use by the target, Somberknave will not attempt to transmit.” – NSA

Interesting. The slide doesn’t indicate if special packets or encryption is used to obscure the transmissions to the AP. And, I don’t know if this is a persistent implant (which seems to be the trend).

I think difference in the various versions of XP and the individual service packs my play role in the $50K price of the implant.

For example, after XP SP2 tighter wireless security was implemented (and differences the in x64 and x86 XP versions are signification).

“Service Pack 2:
“Microsoft has described Service Pack 2 as a “standard” service pack release containing previously released security updates, hotfixes, and reliability and performance improvements. In addition, Service Pack 2 contains Microsoft Management Console 3.0, Windows Deployment Services (which replaces Remote Installation Services), support for WPA2, and improvements to IPsec and MSConfig. Service Pack 2 also adds Windows Server 2003 Scalable Networking Pack (SNP), which allows hardware acceleration for processing network packets, thereby enabling faster throughput. SNP was previously available as an out-of-band update for Windows Server 2003 Service Pack 1.”

“[XP] Professional Blade PC Edition:
“This version comes preinstalled on OEM solutions providing desktops on Blade PC hardware. In addition to a copy of Windows XP Professional, it includes a Remote Desktop License.”

“Microsoft Windows XP Professional x64 Edition released on April 25, 2005 is an edition of Windows XP for x86-64 personal computers. It is designed to use the expanded 64-bit memory address space provided by the x86-64 architecture.

“The primary benefit of moving to 64-bit is the increase in the maximum allocatable random access memory (RAM). Windows XP 32-bit is limited to a total of 4 gigabytes. Although the theoretical memory limit of a 64-bit computer is about 16 exabytes (16 billion gigabytes), Windows XP x64 is limited to 128 GB of physical memory and 16 terabytes of virtual memory… Windows XP Professional x64 Edition is not to be confused with Windows XP 64-bit Edition, as the latter was designed for Itanium architecture. During the initial development phases, Windows XP Professional x64 Edition was named Windows XP 64-Bit Edition for 64-Bit Extended Systems… Uses the Windows Server 2003 kernel which is newer than 32-bit Windows XP and has improvements to enhance scalability. Windows XP Professional x64 Edition also introduces Kernel Patch Protection (also known as PatchGuard) which can help improve security by helping to eliminate rootkits… Benefits from IPsec features and improvements made in Windows Server 2003 [included in x64 XP versions]… 32-bit applications can be run transparently, the mixing of the two types of code within the same process is not allowed. A 64-bit program cannot use a 32-bit dynamic-link library (DLL) and similarly a 32-bit program cannot use a 64-bit DLL. This may lead to the need for library developers to provide both 32- and 64-bit binary versions of their libraries. Specifically, 32-bit shell extensions for Windows Explorer fail to work with 64-bit Windows Explorer… [But certain] Windows XP x64 Edition ships with both 32-bit and 64-bit versions of Windows Explorer. The 32-bit version can become the default Windows Shell. Windows XP x64 Edition also includes both 32-bit and 64-bit versions of Internet Explorer 6, so that user can still use browser extensions or ActiveX controls that are not available in 64-bit versions. Only 64-bit drivers are supported in Windows XP x64 Edition, but 32-bit codecs are supported as long as the media player that uses them is 32-bit.”

“Known limitations x64 editions: Does not include NTVDM or Windows on Windows, so MS-DOS or 16-bit Windows applications cannot run. Some old 32-bit programs use 16-bit installers which do not run; however, replacements for 16-bit installers such as ACME Setup versions 2.6, 3.0, 3.01, 3.1 and InstallShield 5.x are hardcoded into WoW64 to mitigate this issue. Command Prompt does not load in full-screen. Does not contain a Web Extender Client component for Web Folders (WebDAV)… IEEE 1394 (FireWire) audio is not supported… The RTM version of Windows XP Professional x64 Edition is based on Windows Server 2003 Service Pack 1 codebase. Because Windows XP Professional x64 Edition comes from a different codebase than 32-bit Windows XP, its service packs are also developed separately…”

With all those versions of XP a lot of customization probably goes into the exact implant – which increases cost. All in all, it is a nasty air-jumping implant.

bitmonki February 6, 2014 12:53 AM

Re: 50k, document is dated 20070108, availability as Fall 2008.

Perhaps 50k in this context is the budgeted development cost?

Iain Moffat February 6, 2014 4:02 AM

@Clive: I would have thought IT professionals as well as those with prestige egos would have roamed between Wifi and Wired networks back in 2008 (I certainly did); bearing in mind the alleged use of malware targeted at network administrators in at least one European telco that is another target group for this method. Use of a secure wireless network is not necessarily a problem if the WPA or WEP credentials are reversibly stored on the compromised machine. And NSA’s reversible may cover more than we think …


DellD420 February 6, 2014 4:43 AM

@SJ: “Does this have the ability to bypass systems with physical Active/Deactivate-switches for WiFi? I often think of them as WiFi Power Switches, but I don’t know if that is accurate.”

Yes, at least on Dell D420.

My Dell D420 had such a physical switch. But I observed that even with this switch off, software glitches in XP allowed me a few times to surf on Wifi. On these occasions, I have double-checked that switch.

Clive Robinson February 6, 2014 5:31 AM

@ Iain,

    Use of a secure wireless network is not necessarily a problem if the WPA or WEP credentials are reversibly stored on the compromised machine.

Agreed but that’s not what the paperwork in the shortform catalog says, not once but twice,

    If an Internet-connected wireless Access Point is present.
    as long as there is an available access point.

which is why I drew attention to it.

Whilst it does say,

    and tries to associate with an access point. If connection is successful data is sent over 802.11…

If by “associate” they mean use credentials on the PC/laptop then, this device is going to be of even more restricted use, in that even those with ‘prestige egos’ in senior government are very unlikely to be in range of a WiFi Access Point they have credentials to access whilst also using a wired network connection.

Now I don’t rule out the TAO embedding credentials into the software and then LEA etc agents putting a specialised AP in range, but for the more interesting government sites this will be spotted very quickly unless placed inside the restricted area…

Which brings us back to “commercial” targets and as you noted SysAdmins would be choice targets, especially as they usually “carry the keys to the kingdom” as Ed Snowden so abely demonstrated to the NSA…

Iain Moffat February 6, 2014 5:59 AM

@Clive: It might not even need a specialised AP in range, or even to steal the end user’s credentials, if one or more brands of access point in wide use have a vulnerability and said vulnerability was known to the developers of this exploit. I started researching for WPA or WEP products that were found with undocumented keys but I subsequently discovered the WPS problems found in 2012. If a wireless router supports WPS, has not been fixed since 2012, and the implant is prepared to transmit enough traffic to brute force the PIN (see: and then it will not need any pre installed or borrowed keys ….

To me the statement that it will not use the 802.11 hardware in the compromised machine when the user is using it means that it was expected to time share with legitimate use of 802.11 implying that there would very likely be WEP or WPA login information on the machine to steal.

Iain Moffat February 6, 2014 6:16 AM

If the intent was opportunistic access to WiFi, then interesting CVE reports from around the right time are: (Known preset key on some Avaya access points; (Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys) and CVE-2005-4696 (Keys in Explorer memory in Windows); (DLINK routers give access to configuration via unprotected TFTP server) and (Zyzel Prestige routers allow authenticated users remote access to keys)

Anyone with access to the CVE list at would have plenty of options !

AnonymousCoward February 6, 2014 1:04 PM


As I recall, the switch on the D420/620/630 was a physical switch that could be deactivated through the BIOS – meaning that it’s not interrupting the power source or the antenna, and therefore no more valuable than a software switch.

Brandioch Conner February 6, 2014 8:24 PM

@Ben Brockert

Can any computer with a wifi adapter in it be said to be “air-gapped”? If I was doing air-gapped work I wouldn’t want the computer to have wifi, IR, powerline gigabit, wireless mouse or keyboard, etc.

I agree.

There may be other exploits that can transmit data via methods that are NOT normally used for such.

But if a system has a working wifi sub-system then it is not “air gapped”. Or bluetooth. Or any other sub-system designed to transmit data without a physical connection.

Clive Robinson February 6, 2014 9:03 PM

@ Ian Moffat,

I just tried to post you a reply, it got through “preview” OK but crashed out on “submit”.

I don’t know if the Moderator or Bruce can pull it back or not. If not I’ll type it up again tommorow.

Moderator February 6, 2014 9:18 PM

I don’t see any unpublished comments by you, so I’m afraid you’ll have to recreate.

Clive Robinson February 6, 2014 9:58 PM

@Ben Brockert, Brandioch Conner,

    Can any computer with a wifi adapter in it be said to be “air-gapped”? If I was doing air-gapped work I wouldn’t want the computer to have wifi, IR, powerline gigabit, wireless mouse or keyboard, etc.

I would say that any computer not following “EmSec Best Practice” is a liability.

This applies not just to pasive TEMPEST “emmissions”, “active EM” attacks including “injection attacks” but also importantly to other types of “energy emmissions” be they by sound, mechanical, gravitational etc and secondary emmissions by other means.

For instance the bandwidth of “convected heat” may be low but it does convay one bit of information “the equipment is energised” which might be sufficient (ie to send in the SWAT team to catch you “logged in”).

Likewise “gravitational” mad as it sounds back in the 1970’s researchers found that buildings with “concreat raft” construction bent and distorted when people walked across them and this could be detected and measured with a relitivly simple pendulum type device. Three such devices enabled other researchers to triangulate the distortions to get a positional fix… The modern equivalent used in some high tech alarms with appropriate DSP processing could potentialy follow a number of individuals around such a building…

Roger February 7, 2014 7:32 AM

I think you’re reading too much into too little:

Firstly it talks of, If an Internet-connected wireless Access Point is present Begs the question of “how” even back then most Wirless Access Points were not open access.

But … you didn’t include all the caveats:

If an Internet-connected wireless Access Point is present, … tries to associate … If connection is successful, … available access point

(Emphasis added.) TAO offers no guarantees here. Nothing in this text claims it can use a restricted AP.

Secondly it talks about redirecting network packets, the implication is the airgapped system is connected to a wired network, be it by dialup modem or ethernet etc.

Err, no it doesn’t. The only traffic that is described as being routed or redirected, it is that from the “designated process” — which is later identified as VALIDATOR or OLYMPUS.

This seems straightforward to me. VALIDATOR and OLYMPUS are tools which will typically “phone home” using whatever network connection is already available. In the event that the targetted system normally does not have a network connection, they can be modularly extended by the SOMBERKNAVE tool, which provides opportunistic linking to any AP it can use.

The document does not discuss what types of AP that the tool can use. Maybe it can only use open APs and cached credentials. Maybe it can also brute force weak keys. Maybe it can hack into any AP ever built.[1] We simply don’t know from the information provided.

This gives a good indication of the type of people this device was aimed at. It certainly was not “lone wolf” or “terrorists” because they are very unlikely to be connecting to a wired network at any time.

I really can’t agree. This is clearly a general purpose module to be used to extend functionality of other tools. It has no specific target, other than that it would be pointless on a system with a permanent internet link.

  1. Although if TAO did have an exploit that coud easily break into (say) WPA2, it probably wouldn’t be wise to install it in a general purpose module like SOMBERKNAVE. Most of the time it will either be in a public area where it will be able to find an open AP, or in a restricted area where there is a good chance that there will be cached credentials available to use. But suppose you know that the target device only ever passes some unrelated APs that all happen to be secured by WPA2. Would you then want your secret cracker built into SOMBERKNAVE? No, surely it would be safer to use your exploit to get access to the APs, and then build those specific keys into your SOMBERKNAVE install.

Benni February 7, 2014 9:49 AM

@Clive: Probably they know your wlan passwort because you once logged into wlan with your android smartphone and they are sitting in googles dark fibers. Perhaps this software can be instructed, before placement on the victim’s computer, to connect with login data that the nsa got from your selector criteria applied to googles wlan password list.

David Henderson February 9, 2014 11:46 PM

Bruce wrote: “EDITED TO ADD (2/6): It’s implants like this that illustrate why I believe the world’s major intelligence services have copies of the entire Snowden archive. While I don’t believe they can decrypt Snowden’s archive, they can certainly jump the air gaps that the reporters have set up.”

An extra 802.11 a/b/g/n interface can easily be added to many systems. Once added, it can easily connect to an planted AP nearby, perhaps in a wall cavity. This AP can serve as a relay for another unit much further away in distance.

What this says is that physical access is required for much of the TAO functionality, and once the physical system has been implanted, the leech can siphon away data practically forever.

Clive Robinson February 10, 2014 4:26 AM

@ Iain Moffat,

Hmm it’s been busy the past few days so it’s rebuild the comment from the old grey cells, that I guess are now turning white with age 🙁 so the rebuild is going of necescity to be larger to ensure I’ve not forgoton anything ).

The question that arises about the “exploitable faults” you and others have found is,

    Did they occure by accident or design?

Especialy those that don’t get fixed.

I’ve been saying long before the Ed Snowden revelations that protocols and standards are the places I would expect the likes of GCHQ and NSA to be playing in these days, since other unsubtle approaches such as that of the “clipper chip” have been recognised for what they are and the resulting hew&cry ment such obvious legislative initiatives failed.

Partly because I’ve seen it in action with the likes of MI5 / GCHQ working through the GPO / BT with phone standards and other 5eye’s nations at ITU and similar international bodies. And mainly because as history shows us the problems will exist for a good third of a lifetime after the standard gets fixed (if they ever do). Due to embedded infrastructure and other “backwards compatability” giving rise to “MITM fallback attacks”.

The clasic example being, causing communication link encryption to “fallback” to “plaintext/ascii” without informing, let alone warning the user “in case it scares them” and they end up “calling tech support”…

I’ve called foul on the NSA on the NIST AES competition for a considerable period of time and in this I’m not alone [1].

As you are probably aware the AES algorithm though theoreticaly secure causes all sorts of side channels when implemented practicaly. The NSA would have known well befor the competition rules were set that this would be the likely outcome, and at the very least the NSA should have warned NIST, but they chose to keep quiet, much to their advantage.

Likewise other standards bodies such as the IEEE have produced standards that were either not realy in their domain of expertise or were “finessed” in some way. In fact when you look at how standards organisations are set up you could not wish for a better system for finessing [2].

The only reason it came to light over the EC random generator was the compleatly ham fisted way it was done. Which NIST had been pretending was not an issue –presumably on seaking advice from the NSA– untill the Ed Snowden docs forced the issue [1].

The way to go about finessing is to either make a simple task complex by mandating different methods for “edge cases” or by not documenting behaviour under exception, either way you make “holes” in the standards. You then produce prototypes where you use these holes to down grade security, knowing that “as your prototype works” everyone will either use it or ensure they are compatible with it… at which point it’s now “baked in” and will only go away when the standard is finally fully obsoleate some 25 to 50 years hence. The second trick which we see in GSM Standards is to encode your old standard into a sucsession of newer standards for which “regulatory compliance” is required… thus the “listen in” feature of the old POTS makes it’s way forwards in time through early digital telephony through ISDN into mobile telephony. And the way to get it in, in the first place is the old gag of claiming it’s a nessecary “test” or “safety” requirment or both.

For a recent example have a look at how unnessary GPS hardware is mandated for all US mobile phones and thus by extention of mass production cost savings into all other phones that might be usable in the US…

Thus the question “accident or design” answer depends in part to the skill of the finesse. Thus I view unexploitable bugs as “accidents” or incompetence of which we are all capable. But those bugs which are shall we say “fortuitously exploitable” with a degree of suspicion, especialy when as the result of a “commitee decision” with representatives of a dubious pedigree (as many commitee members are due to trade and other associations 😉 Thus it’s best sometimes either to just shake your head in disbelife or as made famous by Watergate “Follow the money” because somebody is paying those commitee members wages and expenses…

Which brings me back to the issue of “comercial spying” money has to come from somewhere, and as has so often been observed “wheels need greasing”. Crude greasing with brown paper envolops stuffed with high denomination notes cause problems to both parties. A nod to the wise on an investment or two is a lot lot less problematic, as is information on what R&D routes won’t get results and which will. All of which nicely side steps US national and international corupt practices legislation by not leaving a paper trail that’s actionable unless one of the parties is particularly stupid (which might account for why US politicos have exemptions etc).

The French have made no secret of the fact they spy on foreign companies to cut the cost of R&D in the favourd French companies. The Japanese are likewise known to do industrial espionage with government paid agents, it’s one of the reasons the South Koreans have such stiff legal penalties to deter such activities. We likewise know that the US spys on trade delegations which often have industry representatives on board. Thus US claims “we don’t do that’ are frankly not belivable, and in the fullness of time I expect the press will find sufficient evidence of this in the Snowden document cache.

We also know from Olly North that commercial organisations –legal or otherwise– and the hidden money they make are vital to the intel game. For a front company to make money it has to have “product” in one form or another and “information” is the most profitable primary product there is. And with the likes of “parellel construction” it’s virtualy impossible to trace the source of the information.

So yes I feel on balance that the US intel entities are very much into industrial espionage for one reason or another. And it matters not if the NSA designes and builds the resources and supplies them to other agencies to collect the intel or if they do it directly themselves. Such “compentmentalised hair spliting” is the game of politics just as Pontious Pilate supposadly “washed his hands” of the awkward political problem of the Hebrew Massiah and Jewish religious leaders who were playing their own political game. Such games are older than mankinds recorded history. In fact it is often joked that “Spying is the real oldest proffession, but keep it a secret”.

[1] The problem with pointing out such things is that it suffers from the “Lead the horse to water…” problem, people don’t in general want to take it on board as this means “thinking and acting” all of which is messy and complicated. So you say it politely and give your evidence / reasoning / suspicions and then don’t push it. Because if you do push, the not wanting to “thing&act” people will simply cry “your wrong”, “your reasonings faulty”, “you don’t understand”, “your evidence is wrong” etc etc through to writing you off as a “conspiracy nut” because that way they neither have to think or act… And when the evidence comes in to force them to think and act do they say sorry? To use the old saws “Don’t be daft…” and “don’t hold your breath…”. I’m sure if Peter Gutmann or Niels Furguson are reading this they will be nodding their heads as will many others 😉

[2] The word “finessing” is an odd one and it comes about due to the British upper middle classes and upper class interest in the card game called “bridge”, which is basicaly “Whist” with a whole bunch of other rules on top used to make the betting/playing aspect more intresting. In essence Finessing means “puting one over” onto your opponent “to win a trick” in their full view such that you can mislead them without any come back in essence you “force their hand”. It’s derived from the word finesse which is in turn derived from a “French courtly word” from the “Old French word” ‘fin’ meaning subtle or delicate which also gives us the common English word ‘fine’. The use of the word in cryptography started with the British and seems to have come to the fore during WWII, though certainly in use in espionage etc well back into the 1800’s.


Iain Moffat February 10, 2014 2:06 PM

@Clive: Thanks for taking the time to reconstruct this. I come from a telecommunications electronics background so the ways of the IETF and ITU are not new to me 😉

In terms of insecure standards I think you have a case, although I think “backwards compatibility” with systems developed in trusting environments is at least as much of the problem (be that protocols from the Arpanet or software that began on non networked PCs). Certainly no one would have designed DNS or FTP or SMTP the way they are knowing how the Internet is now used.

In terms of bad implementations of good standards (bugs and side channels) I have dealt with enough cases of things written and tested by people I know to be honest that still got hacked in ways that weren’t foreseen that I believe human error (or the tendency to think only about how something was expected to be used) also has a substantial part to play, so I would suggest that state-sponsored bug hunting and reverse engineering is at least as important part of the story.

As to reuse of insecure “reference implementations” I think the need to do ever more with less that seems universal these days has much to answer for – it’s much easier than trying to develop things from scratch and then arrange interoperability tests ! Unfortunately it is a downside of open source as it is by far the easiest way to ensure that “my” implementation handles the undocumented edge cases in the same way as most pre-existing ones.

You will see that I tend to believe in human laziness and fallibility as much or more than conspiracy (or rather, that they make conspiracy largely unnecessary!). You and I have been around long enough to look at a gift horse and think of its dental bills, the average graduate developer or programme manager under pressure is much more likely to accept the apparent saving in time and effort of reuse and not think too much about the consequences, which is another aspect of your footnote [1]


preston January 31, 2018 11:04 PM

i love the fact that everyone is hung up on the 50k price tag and not the fact that the NSA can remotely breach airgapped systems. you have to pay peoples salaries, if hacker bob took 6 months to write this exploit then its essentially cost the agency 50k to produce it. even the NSA cant get people to work for free….but hell who knows maybe they can.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.