The Simple Trick that Will Keep You Secure from Government Spies

Last week, the German government arrested someone and charged him with spying for the US. Buried in one of the stories was a little bit of tradecraft. The US gave him an encryption program embedded in a -- presumably common -- weather app. When you select the weather for New York, it automatically opens a crypto program. I assume this is a custom modification for the agent, and probably other agents as well. No idea how well this program was hidden. Was the modified weather app the same size as the original? Would it pass an integrity checker?

Related: there is an undocumented encryption feature in my own Password Safe program. From the command line, type: pwsafe -e filename

Posted on July 7, 2014 at 1:51 PM • 35 Comments


sep332July 7, 2014 2:27 PM

Well they found the app and he got arrested, so apparently it's not going to keep you safe from anything.

ChrisJuly 7, 2014 2:28 PM

Click here for the top ten reasons Bruce is using click-bait titles for his blog!

AnuraJuly 7, 2014 2:29 PM

Just FYI, I think you mean "The US gave him" and not "The US game him" in the third sentence (note I assume you can figure out that it was the third sentence, I just am never happy with period placement if a sentence ends with a quote).


I think it's a cry for help. Bruce: If you are under duress, blink twice!

Keep an eye on his picture, if it doesn't blink we will assume he's okay.

JustusJuly 7, 2014 2:34 PM

Well, they intercepted an unprotected e-mail to the russian embassy with a couple of files attached. This guy was only arrested because they thought he was a _russian_ spy.

I'm really surprised this hasn't been dropped yet. Normally the german government is so far up the Obama administrations backside it's not even funny anymore. Although seeing Angela Merkel cringe and all those conservatives blubber impotently for the lack of words over this latest escapade did give me a very personal sense of achievement.

AlexJuly 7, 2014 3:01 PM

The encryption feature is documented for Password Safe - it's in the help text.

Dr. I. Needtob AtheJuly 7, 2014 3:18 PM

Also, the encryption feature doesn't work with the -key switch. If you use that format it thinks the text you entered for -key is the filename. Instead, the format that works is pwsafe -e filename. After you enter that, the program prompts you for a password.

Clive RobinsonJuly 7, 2014 3:50 PM

Hmm "Easter Eggs" as tradecraft, hardly original. Any one else remember getting a flight sim for free in an Office product?

As a hardware engineer with comms RF and analog experience people tend to forget I also do digital including uControlers.

Likewise they forget even though I say it often around hear and other places that "test harnesses come as standard" and "test harnesses are 'official' back doors" it takes little thought to realise they are also "Easter Eggs" by another name.

One way to right software is by having subroutiens some of which are general purpose some of which are unipurpose and appart from those with no purpose the rest have some dual etc purpose. However it's sometimes difficult to see the dual purpose, most high level programmers think "single entry point" most "old school" assembler programers use "multi entry point" to save on ROM space. There are a few high level programmers that know you can still have multiple entry points if --and only if-- you know how to do it. Further they also know that subs can be addressed via pointers etc which is handy for writing self modifing or protected code that is difficult to reverse engineer.

Thus the trick is to make an app with dual purpose subs that looks like it's "copy proof" protected but not malware.

The second trick is to make all those subs do something benign and expected within the app, such as decode protected code during run time. The fact that you can make some encryption code reversable without change --eg stream ciphers-- means it is not obvious that the "decode code" can also be "encrypt" code when called as part of the Easter Egg function.

If you have not tried to do this sort of thing when learning how to code, then you were probably not blesed with a suitably inquisitive mind (or were doing something normal like having a social life ;-)

Hugh JassJuly 7, 2014 6:17 PM

@Clive Robinson

"Hmm "Easter Eggs" as tradecraft, hardly original. Any one else remember getting a flight sim for free in an Office product?"

Excel 95?

Chris AbbottJuly 7, 2014 8:38 PM

@Bruce, @Clive

I can't imagine this passing a simple integrity test, like comparing a SHA-512 hash of the original program with the one they found on him, short of an unlikely as hell collision. Unless, (conspiracy theory) the NSA discovered (or built in) a way to do that and they shared that with the German government and forgot about it, so they used Whirlpool or Keccak to compare the hashes. Wouldn't that be a big oops.

Mitch Guthman July 7, 2014 9:43 PM

Setting aside the merits of spying on Germany (which seems arrogant, idiotic and unjustifiable) and bearing in mind how little we know about it, the use of the encryption program seems very odd. They are running a spy in an extremely open liberal democracy, meaning that the CIA would presumably have very easy access. Since he was apparently a BND man, the CIA quite possibly would have had access to him on a social or professional basis which would have made servicing him simple as meeting him for lunch.

Basically, they left him with a communications device that might necessary in Moscow but which seems inappropriate (and needlessly incriminating) for a Germany based asset. The CIA would seem to have organized their relationship with this guy so that he if he ever came under any level of suspicion, his goose was cooked. Why does his product need to be encrypted? Why can't he just hand somebody a USB stick or leave it somewhere to be picked up? If there's a reason then his stuff needs to be encrypted, why couldn't the CIA give him a girlfriend or somebody to be the go between that picks up what he's got to sell and carries it to the American embassy to be encrypted?

Everything about this seems unimaginably sloppy. If these people can't even run an asset in Germany, it's not surprising that they seem to have struggled with human sources all during the Cold War and don't seem to me particularly covering themselves with glory at the moment. The USA should put the DEA in charges of running spies. They know what they're doing and have a publicly established track record of success.

derpJuly 7, 2014 10:43 PM

The guy confessed everything to his German state interrogators, that's how they found the weather app easter egg. Thegrugq was looking for a clandestine way to launch his Darkmatter tcplay app to open encrypted containers, guess we should scratch weather apps.

NobodySpecialJuly 7, 2014 11:03 PM

@Chris Abbott - I think what gave it away was that the developer was listed as NSA

HassoJuly 8, 2014 1:24 AM

Pruce, is this you way of telling us noit to trust you anymore and you warrant-canary wouldnt be updated anymore? just wondering

AnonJuly 8, 2014 1:32 AM

What's this with the really annoying, emotionally manipulating click-bait titles? I don't want these in my feed reader. For everyone not using one, there's Downworthy.

vwmJuly 8, 2014 5:12 AM

Wait, you have to enter the key twice for pwsafe decryption? Does that mean it's as secure as connecting to WiFi with Windows XP?

vwmJuly 8, 2014 5:37 AM

I figure it's quite easy to build an inconspicuous dual-use whether app: Just make it capable of querying the whether service via TLS/SSL and you have a valid explanation to link in crypto libraries, in case someone gives it a second glance.

JoelJuly 8, 2014 9:37 AM

This article title is blatantly lying.

If the level of your posts go this way you can count me as one reader less.

Dave WalkerJuly 8, 2014 9:51 AM

As Chris Abbott says, I can't imagine the app passing an integrity check compared to an unmodified weather app, unless the folk in the Puzzle Palace are even more talented than I'd think, in massaging content to hit an arbitrary hash. Even then, simple program size will probably be a giveaway that "something more interesting is going on".

The thing that surprises me, is that the means of getting to the crypto app is quite so straightforward. Granted, a balance has to be achieved between obscuring the crypto program from a casual examiner and not making an authorised user jump through too many hoops to get to it, but this seems skewed too far in the direction of not worrying about the casual examiner - especially if the authorised user ends up leaving NYC in their standard weather lookup list (whether by accident or design). There's better ways to do it, I'd say.

SBJuly 8, 2014 11:37 AM

@Mitch Guthman:

"The USA should put the DEA in charges of running spies. They know what they're doing and have a publicly established track record of success. "

IIRC there's a Tom Clancy novel (_Executive Orders_ ?) in which the CIA decides to hire cops as clandestine service officers.

IgorJuly 8, 2014 11:41 AM

So NY weather is already taken (will link me to the CIA)... I'll use weather in Moscow then.

BJPJuly 8, 2014 1:42 PM

Smarter way of doing this: use one of the existing weak little native apps that does little more than render HTML5 from a webpage. Own the web host and modify the backend code. Identify a way to access the easter egg functionality (look at NY weather, then Berlin, then NY again, then Stuttgart, then finally NY one more time) at which point the server-side changes behavior to accept an upload, or sends out client-side active scripting to implement crypto in code that's not even on the device the rest of the time...

Mike the goat (horn equipped)July 8, 2014 6:05 PM

I am actually really concerned something is going on with Bruce and he is trying to send a canary out. The whole nature of these buzzfeedesque article titles just seems to be crying out for attention and he isn't normally one to do that.

Nick PJuly 8, 2014 8:50 PM

@ Mike the Goat

re Bruce's Canary

*If* I was thinking along those lines, I'd download Password Safe and look at the code for the undocumented function. It's the thing he repeatedly mentions. A subversion? A guaranteed clean, little known tool? Who knows what the message would be. If Bruce is using a canary, the effect of it is like someone sending a message with stego without telling the other party. It can only benefit those knowing what to look for and even then only so much.

The safer way of looking at things is that Five Eye's countries' covert ops might compel anyone. The more authority they have, like in their own countries, the better for them. They also have agents and hackers to hit foreign targets. So, one should consider a person or product untrustworthy against them unless they are outside their jurisdiction with excellent security throughout their whole operation and their offering reviewed for subversion.

Under this theory, Bruce couldn't be trusted because his assets and family can be hit quite hard. It's not reasonable to expect him to make that sacrifice for no certain gain, although he might. His high profile and focus on writing rather than products shields him a bit. The real protection is that BULLRUN-type programs target actual products/services rather than people who write essays and do news interviews. So it seems, anyway. So, his products/services can't be trusted without vetting, yet his writing can as he seems to take personal risk to write what's for the greater good.

My best security advice for Schneier's Blog (and similar forums) is to archive his blog into pieces, then offer them as direct downloads or let his biggest fans turn them into BitTorrent swarms. The copies will spread across the world. That preserves his main legacy of his thoughts, many discussions, and solutions some of us have designed. There's actually a lot of esoteric knowledge on here that academia and industry still doesn't understand. The content of the blog is the threat to the NSA: preserve it and they loose that battle. Might loose others down the line.

Note: The Eternity Service would be quite handy right now. Closest thing is Freenet, but it's had too little peer review to be certain of its security.

ThothJuly 9, 2014 7:30 AM

This blog should have a 'mirror me on torrent' button that will allow you to trigger your torrent client and start seeding a fragmented archive of Schneier's blog (including comments).

AnonymousBlokeJuly 9, 2014 1:41 PM

@Mitch Guthman

That is a very well worked out analysis.

What if the CIA does not typically use this application, but gave it to the BND agent as a test? If they saw the BND performing analysis looking for that application, it would tell them he was not a genuine agent. Which would remain a possibility even though he has been disclosed and arrested.

The DEA operates generally against entirely different classes of targets.

Their priorities are also very different.

You can note DEA operations, but you typically can not note CIA operations.

One could say "the CIA would not make such a stupid move", if they have a known record of incompetence. If they are known as never making stupid moves, then you can be sure of exactly why they gave that agent that application.

If it is murky - maybe they are incompetent, maybe they are competent - then all options would be open.

Mike the goatJuly 10, 2014 6:45 AM

Nick: I'm not convinced; I just found it curious that he decided to start randomly posting with these hyperbolic article titles and wondered what the deal is, and my mind immediately resorts to the most interesting yet paranoid answer which would involve Bruce staging a one man counterattack on his captors - very Harrison Fordesque. If it ever gets made into a movie, I have but one request, and that is a droll one liner about the birthday paradox just before he takes the last rogue government agent out.

Man, I got to get out more. :-)

D.July 10, 2014 8:46 AM

@Mitch Guthman

From one of the German news sources I read it seems he got caught as a result of trying to sell the same documents he sold to the US to the Russians which makes placing the blame for how he was discovered considerably harder. Perhaps he thought he was as smart as his handlers and clearly wasn't. Perhaps he was sold out by one side or the other to expose him.

TruePathJuly 10, 2014 3:02 PM

Why does his information need to be encrypted? Because the information itself would be obviously more incriminating (and easier to find) than the existence of some unknown data and lots of executable code on his computer/device some of which (under high scrutiny) turn out not to be binary identical to the commercial version (under even higher scrutiny) and can be hand decompiled by expert programmers to reveal it's a hidden encryption program not some novel malware he got infected with. Besides, even if he is caught the true scale of his activities may be obscured or used as a negotiating point in reducing his prison time.

Point is that if you find this guy going to meet with a suspected foreign agent you could quickly pat him down and browse files on any USB stick and see if any look restricted or are encrypted data produced by a non-internal public encryption program. You might even regularly do this to your own agents, especially those with any outside contact with other agencies as a precaution.

On the other hand the cost of looking at every binary on his electronic device is enormous. The cover for any easter-egged spy program is likely substantial (hashes registered with platform provider and even posted as an update publicly for a very brief period) and the only way to discover it isn't just a rare version of the normal commercial release is to attribute all data on the device to programs and look for unexplained data and/or employee many expert programmers to decode any binary sequence not previously so verified internally.

That cost is so high you can't spend it unless you already are virtually certain the individual in question is probably a foreign spy. Even so, he can deny the charge up and down and insist the code is really the result of foreign penetration of his device and provided as a false flag to cover the real attack code and offer an easier mole explanation. In germany (and other EU democracies) that might produce enough doubt in any jury to get him acquitted or at the very least make it more desirable to simply trade him back home for some nugget of info than imprison him (and we want to avoid discouraging people from becoming our agents).

Nick PJuly 10, 2014 3:40 PM

@ Mike the Goat

You use the Internet, probably proprietary hardware/software, and often live/work in Five Eyes countries. How paranoid can you really be? :P

I'm sold on your movie idea, though. The birthday paradox shooting scene would make a nice climax. The non-technical viewers would also learn something in the Googling they do later.

circuit_breakerJuly 10, 2014 11:43 PM

I'm amused at the fact that Schneier's attempt at light-hearted titles are really upsetting a lot of people. Relax guys, go outside for a while maybe. Also they're not canaries.. heh.

Nick PJuly 11, 2014 12:01 AM

@ circuit_breaker

Yeah, that's been amusing me too. I was mostly ignoring it but had to pick on Mike cuz what are buddies for? ;)

Besides, with what Bruce has done so far, they will either (a) not mess with him much or (b) take an approach that a canary won't affect. It's a consequence of the tough, moral choices he made. Hopefully, he'll be safe.

sena kavoteJuly 13, 2014 1:38 PM

Most kinds of software could have encryption naturally integrated in file save menu. For example, GIMP could have an option to save the image in encrypted form with high or medium security key lenghts. A text editor like gedit, msword or kate could have only high security option for encryption. Video encoder or video downloader like clive or youtube-dl could have more levels of security and algorithms meant for CPU, GPU and ASIC.

If the encryption option is wanted to be bit like easter egg but not quite, then it could be listed among the file formats (jpeg, gif, png, encrypted... ) . If "encrypted" is selected, then the file format is asked again to know the encoding before encrypting.

Even games can encrypt their save game files or network packets in multiplayer from client to server or in-game chat between players end-to-end via the game server. Game's huge datafiles could be encrypted during installation. There is some reason to store as many files as possible in an encrypted form with even a symmetric key that is attached to the file, because if the file is deleted and the key gets written over, then there is some unrecognizable data for giving excuses etc.. This can be seen as a lighter option to full disk encryption or extra security for encrypted partitions.

Few encryption algorithms in a program like gimp are better to be from statically linked library functions, not some .lib or .dll, because then the attacker would have to attack more software.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.