NSA/GCHQ/CSEC Infecting Innocent Computers Worldwide

There's a new story on the c't magazin website about a 5-Eyes program to infect computers around the world for use as launching pads for attacks. These are not target computers; these are innocent third parties.

The article actually talks about several government programs. HACIENDA is a GCHQ program to port-scan entire countries, looking for vulnerable computers to attack. According to the GCHQ slide from 2009, they've completed port scans of 27 different countries and are prepared to do more.

The point of this is to create ORBs, or Operational Relay Boxes. Basically, these are computers that sit between the attacker and the target, and are designed to obscure the true origins of an attack. Slides from the Canadian CSEC talk about how this process is being automated: "2-3 times/year, 1 day focused effort to acquire as many new ORBs as possible in as many non 5-Eyes countries as possible." They've automated this process into something codenamed LANDMARK, and together with a knowledge engine codenamed OLYMPIA, 24 people were able to identify "a list of 3000+ potential ORBs" in 5-8 hours. The presentation does not go on to say whether all of those computers were actually infected.

Slides from the UK's GCHQ also talk about ORB detection, as part of a program called MUGSHOT. It, too, is happy with the automatic process: "Initial ten fold increase in Orb identification rate over manual process." There are also NSA slides that talk about the hacking process, but there's not much new in them.

The slides never say how many of the "potential ORBs" CSEC discovers or the computers that register positive in GCHQ's "Orb identification" are actually infected, but they're all stored in a database for future use. The Canadian slides talk about how some of that information was shared with the NSA.

Increasingly, innocent computers and networks are becoming collateral damage, as countries use the Internet to conduct espionage and attacks against each other. This is an example of that. Not only do these intelligence services want an insecure Internet so they can attack each other, they want an insecure Internet so they can use innocent third parties to help facilitate their attacks.

The story contains formerly TOP SECRET documents from the US, UK, and Canada. Note that Snowden is not mentioned at all in this story. Usually, if the documents the story is based on come from Snowden, the reporters say that. In this case, the reporters have said nothing about where the documents come from. I don't know if this is an omission -- these documents sure look like the sorts of things that come from the Snowden archive -- or if there is yet another leaker.

Posted on August 18, 2014 at 5:45 AM • 60 Comments

Comments

George H. H. MitchellAugust 18, 2014 6:17 AM

Remember when the MPAA wanted blanket authority to enter people's computers from the net to see if there was pirated material on them, and to be able to remotely wipe it out?

Philip Le RicheAugust 18, 2014 6:23 AM

I think you mean Canadian CSIS, rather than CESG. CESG is the defensive cyber security branch of GCHG.

AndrewAugust 18, 2014 6:40 AM

You usually hear about the lawyers who specialize and become a "1st amendment attorney". This seems like this is the chance that 3rd amendment attorneys have been waiting for.

GweihirAugust 18, 2014 6:46 AM

Well, if this is not highly criminal (and completely immoral), I don't know what is.

ParanoidMarvinAugust 18, 2014 8:17 AM

CSIS is the security intelligence agency, like the CIA, CSEC (Communications Security Establishment Canada) is the equivalent of the NSA. But yes, there is a typo of some sort. Is it a Canadian (CSEC) or British (CESG) slide mentioned?

AndyAugust 18, 2014 8:18 AM

@andrew

Oddly there is a 3rd amendment case working its way through the courts now (over a mil'd up PD that force a family to house the police while they conducted some kind of operation). It's the least challenged amendment

BenniAugust 18, 2014 8:37 AM

Ah, these are the "Chinese" and "Russian" hackers that always are accused of stealing company secrets...

This is just insidious. When they start all their attacks from, say, chinese ORB's then all companies point out that they are getting robbed by chinese, and this then can be used to prevent US companies from investing there...

I am not saying that the chinese do not do hacking. They are doing this, and copy everything they can...

But still I would like to know the names of the countries that NSA are using most often as their ORB base...

paulAugust 18, 2014 8:43 AM

Gibson was right. Or maybe he's the new operations manual, superseding 1984. And IP has become pervasive enough that even sticking to nominally local transactions won't help you.

Name (required)August 18, 2014 8:51 AM

Pardon the despairing/whining tone here, but WhereTF does one go for solutions to this stuff, instead of just a long (long long long) and lengthening list of problem?

Please note that this is a sincere question (even though it lightly hints at the suspected possibility that all the whitehat geniuses in the world are TOTALLY stumped, or don't even care that much - better explanations shall be considered!). I mean: is there a problem, or not? Usually if I want to know whether a certain problem exists in the world, all I have to do is look for signs of people trying to FIX said problem, or at least discussing such notions. Well over a year after Snowden's [heroic] act, I am not seeing much of that being reported anywhere.

The way it looks to me, the entire internet needs to be torn down, and maybe NOT rebuilt from scratch, or even at all. Snowden says technology is the world's most effective equalizer [recent WIRED interview]. To which I am tempted to reply, "Really? Have you ever heard of Ed Snowden, Ed Snowden?"

I want at least a free online book, written by publicly-known ppl such as Bruce Schneier and his ilk, on how individuals & small enterprises can protect themselves. If such protection is not feasible, then a short book that bloody well says so in black and white. If the problem is one of sheer complexity - well: now guess why I asked for a whole book!

It's getting to the point where it looks like the whites are as coy about their "secrets" as the blacks. That will not do, imo.

nonameAugust 18, 2014 10:21 AM

I'm relieved to have this finally black on white. But is it enough for the world to realize that the internet has never been designed to be a safe place? Hopefully this makes clear that some who have influence on the internet (i.e. governments and their secret services) are quite interested in insecure systems because this enables them to turn the web into their ultimate weapon.

anonAugust 18, 2014 11:06 AM

@Name (required):

There are no technological solutions for a $10 billion agency run by people who imagine the world as stage for them to live out their spy thriller fantasies.

Carlo GrazianiAugust 18, 2014 11:40 AM

Hm. I wonder who blanked out the list of 27 countries on slide 2. It seems unlikely that C'T
Magazin did so, when they're busy blowing the lid off this sewer. Perhaps the new leaker is being "responsible".

I wonder whether their malware has wound up in any honeypots. It seems to me that a non-Five-Eye-based pot could pin the stuff down, take it apart, and develop provenance. The legal and political consequences could be very entertaining, especially if, say, Germany, or Italy, or Belgium, found themselves with a few tens of thousands of innocent citizens with PCs hijacked by their supposed allies.

tedAugust 18, 2014 11:47 AM

Could AV, Firewall or IPS vendors be legally compelled(NSL) to not interfere with this malware if it were detected on a customer device?

Nick PAugust 18, 2014 12:08 PM

@ Name (required)

In short, there's nothing commercially available that's secure against attackers such as the NSA. Further, protecting against such attackers requires high assurance engineering at every layer and component. I posted my framework for high assurance systems here in a code vs system discussion. A vendor must apply strong techniques to everything in my list. So far, they don't. So, nothing is secure except certain custom work that you won't be able to acquire or even afford. It might get cheaper if it goes high volume, but market never paid for solutions so people stopped building them.

That said, there are shortcuts if you're talking about protecting a business's I.P., accounting information, etc. The easiest route is to split it between two different systems. The critical stuff is on one isolated, locked down network and set of hardware. The Internet-connected side has only the untrustworthy stuff. There is a guard or one-way link between the two networks. One-way links mean you can pull stuff off the net, then send it over to the other network. The guards let you do two-way interaction while performing many security checks and generally being hard to hack. The trusted systems should have no external interfaces (USB, microphones, etc) and be backed up regularly. It also helps to use something obscure for them such as PowerPC Mac's, Linux PC's, Amiga's, etc.

Just using PPC Mac's (after the Intel switch) behind a guard stopped all malware and hacker problems for a number of people. The network isolation, esp one-way, helps even more. Btw, a separate guard can be used for stuff leaving that network. It might have USB, CD-R's, networking, etc. It's booted up, self checked, connected to trusted network, receives/checks the data, unplugged from that network, puts data onto media, and then it's done. Such a minimal system can be protected quite a bit.

There's also special purpose, robust solutions for specific functions that can be used on either network. Sentinel's HYDRA firewall, Secure64's SourceT OS with DNSSEC, BAE's XTS-400 guard, and Turaya Desktop are good examples. What they have in common is they're engineered ground up with security in mind and minimal attack surface. They cost more money than the stuff thrown together with no security. That they're low volume further increases cost. They're unlikely to be hacked, though.

keithpeterAugust 18, 2014 1:34 PM

"HACIENDA is a GCHQ program to port-scan entire countries, looking for vulnerable computers to attack."

Now, I'm wondering if this programme was named by people in their late 40s early 50s. Manchester. UK, Factory Records, the Hacienda was an important night club. Double plus irony given the lyrics and political allegiances common then...

redmnicAugust 18, 2014 1:45 PM

To me this reads: "Few or no backdoors installed in major operating systems."

Don't get me wrong, I can believe that there is substantial effort going into introducing backdoors to off-the-shelf software -- also some of it successful (see Bruce's link to the analysis of DEITYBOUNCE, for example). However, if these agencies feel the need to port-scan entire countries to find vulnerable targets that means they cannot or will not use such vulnerabilities. Maybe they don't want to blow their cover and risk "valuable" zero-days for low-value operations, but if they had an abundance of such exploits, they would be less careful. The other option is of course that they cannot exploit them so easily --without open ports and vulnerable userland software, for example. But that's also a good thing. In general, this means that if you do secure your machine, you raise the stakes which, ultimately, costs them resources and money. It's just like crypto: in the end you might not be able to protect yourself, but you can make it ever so expensive to be a target.

Steve KinneyAugust 18, 2014 4:54 PM

This program is fully consistent with my favorite attack model against TOR, i2p and other remix networks: Use thousands of widely dispersed computers around the world as transparent proxies, relaying traffic to and from a cloud server running thousands of (customized) instances of the remix router software. On this cloud server, all traffic in thousands of relays can be observed - and manipulated per automated rules - to analyze and de-anonymize most of the traffic, most of the time. Sudden spikes already observed in the number of new, persistent routers in the TOR and i2p networks may indicate that this monitoring is already in place. Users who rely on these networks where life saftey issues are involves should certanly assume so, and adopt an additional layer of physical security to compensate.

All remix networks are vulnerable to this attack - they require a large majority of "honest" routers to function as intended and mask user identities. Low latency networks like TOR and i2p are especially vulnerable to adversaries who can "observe" a large proportion of the nodes in their networks. In the attack described above, an adversary owns and controls a very large number of these nodes, each at a seemingly innocent IP address not traceable to any hostile actor.

Clive RobinsonAugust 18, 2014 6:06 PM

@ Redmnic,

To me this reads: "Few or no backdoors installed in major operating systems."

Don't make the mistake of thinking they don't have the capability, need, desire or ability to put back doors in they do.

It's more a question of two things,

1, Economics.
2, Smoke and Mirrors.

Implanting back doors is either expensive or risky, using existing faults when found carries little risk and just the cost of finding them.

Another advantage to finding as opposed to creating is deniability and misdirection. Let's assume you have a team that on average finds a usable zero day a month. If you are careful you can use these zero days untill somebody else finds them, and that's the rub, zero days have unknown but real shelf lives no matter how careful you are using them.

Thus a team finding zero days is facing the issue of expected life time, thus I would expect them to have a priority system where older zero days are relagated for "general use" when a certain number of similar zero days are found. Also consider they can look at the traffic to any of the software houses etc and see when somebody alerts the house of an attack vector that needs fixing this gives them around sixty days of usage befor a patch etc gets out, in that time they can exploit it for general use with little fear it will "blow back" on them.

Any one who finds this scanning untill now would have put it down to "cyber-crime" on the principle of "If it walks like a duck and quacks like a duck and looks like a duck, then it's a duck, and not realise it's actually a goose". Thus they had good deniability when people are working back up the chain from effect to cause (which they don't have since this release).

Clive RobinsonAugust 18, 2014 7:41 PM

Whilst the lowest level of scaning done by these IC agencies is "random" to some algorithmic meaning of the word, I expect higher or more directed levels to be less so, which means they could be spotted.

The reason for this is simple, if you are an IC agency looking for potential ORBs to put in a database then "any and ALL candidates" will need to be entered. However before any system can be considered for use as an ORB further inspection will need to be carried out to determin not just the usefullness but also if it's a baited hook of a researcher or not.

For instance a user might well be "green" or "fire concious" and turn their system off when not actually using it. Such a machine would not be a lot of use as an ORB. Likewise others may boot into different OSs from time to time to say do online banking etc. This needs to be "known" prior to use.

But there is another reason and that's looking for the "baited hooks" of malware researchers and similar with their tarpits and honeypots.

Due to the fact that such tarpit or honeynet systems often use VM technology or don't run with realistic user loading they can with care be detected.

Obviously an IC agency want's to remain undetected as much as possible, and the last thing they would want is their activities caught "like a fly in amber" in a tarpit or honeypot shortly to be revealed to the world by a researcher with a "name to make". So detecting such systems would be desirable from an IC agency perspective.

One way to do this is to find a signal from the targets that can be easily tested to indicate either a VM machine or a machine with no user load. But importantly it should not be easily identifiable by the researcher as a search for such a signal.

There are two basic ways to do this. The first is to use a method that is realisticaly undetectable by a researcher. The second is to use one that the researcher will see but discount as something else. Whilst the first is difficult the latter is actually a lot simpler.

What sort of signal would an IC agency look for, well one such is "mixed signals" that is where most of the signals say it's running one OS with appropriate apps but one or two low level signals say it's running a different OS. That is say the base network stack responds like a *nix whilst higher level signals say MS OS. But this sort of signal detection only gets you so far, as good researchers will be aware of the mixed signal issue and take steps to remove it (including rewriting the *nix base network stack).

Another way is to look at TCP/IP time stamps or similar time base signals from low down in the OS. These are usually derived from the CPU clock signal or similar at the hardware level and thus common to all software running on the system even if it's a different CPU or CPU core. Being able to cross refrence the time stamps enables a VM system to be identified such that all the timestamps in a honey net show up as being in "lock step". A more complicated series of cross refrencing will also be able to determin if a system is under "user load" or not.

From a researchers point of view if you are aware of this sort of measurment by an attacker then you can detect it by similar corelation techniques but you will be looking for signals down in the noise of other signals.

Hopefully the researchers are going to be more on the ball about this now they have a very long over due "heads up", and a wider community has had the same "heads up" and will be keen to hear about tracking down IC agency activities, thus giving researchers a real incentive to "find them and out them" to make a name for themselves as a "David".

AndrewJAugust 18, 2014 8:43 PM

Here in Australia, the domestic spy agency ASIO is seeking the power to hack domestic 3rd party computers - am assuming ASD (NSA/GCHQ equivalent in Australia) already have this power with relation to O/S 3rd party computers or utilise their US/UK relationships in this regard.

http://www.computerworld.com.au/article/552604/new_asio_powers_risk_security_third_party_systems_efa/

Electronic Frontiers Australia says that this has "potential significant insecurity for third parties in terms of technical backdoors and security vulnerabilities that may remain in place well beyond any operation.." which is something I concur with.

DBAugust 18, 2014 9:41 PM

Right now in the news there is this big story about the Chinese stealing millions of hospital records.... Here's the question: Since the NSA has hacked into thousands of innocent Chinese (among others) computers from which to launch attacks, how do we know that that wasn't really the NSA doing the hospital record breakin? We don't. That is the very problem with giving an executive unlimited unaccountable power to do whatever it wants electronically.

TIMAugust 19, 2014 2:44 AM

If they have so many ORBs they could scan the targets with 65535 ORBs each for only one port and collect the result. In this case no IDS should recognise this portscan or am I wrong?

Clive RobinsonAugust 19, 2014 3:42 AM

@ Tim,

Whilst an IDS should see the individual scans, it won't recognise a pattern unless it is programed to do so.

So if you programe an IDS to use IP addresses as it's main pattern recognition component then no it's not going to recognise the pattern.

If however you program it to recognise events in time irrespective of IP address then yes it could recognise the attack via a time signiture.

However such recognition would require what is in effect a fourier analysis of the event time line trying to pull out the signal it creates.

The downside for the defender is that for some types of signal the attacker can exchange time for sequence making the detection very much more difficult.

TIMAugust 19, 2014 4:29 AM

@ Clive Robinson

Thank you for this explanation.

I didn't knew, that the attacker is able to manipulate the time within the sequence. An analysis should use the system-time of the IDS system written to the log-files.

If I would run a public server it wouldn't be interesting if someone portscan my serverports. A closed (or stealth) port is a closed so I see no way to do harm. I think portscans are acutal very normal for public systems and in no case I would be able to identify the real intention or knowledge of the attacker. I think I would use the extra time to harden my server, hold it patched and monitor the open ports that only the right persons use it and respectively they use it the right way.

Ole JuulAugust 19, 2014 4:47 AM

So if the NSA is infecting home computers, wouldn't that be classified as a home invasion?

Scott "SFITCS" FergusonAugust 19, 2014 7:30 AM

@Clive Robinson

@ Tim, Whilst an IDS should see the individual scans, it won't recognise a pattern unless it is programed to do so. So if you programe an IDS to use IP addresses as it's main pattern recognition component then no it's not going to recognise the pattern. If however you program it to recognise events in time irrespective of IP address then yes it could recognise the attack via a time signiture. However such recognition would require what is in effect a fourier analysis of the event time line trying to pull out the signal it creates. The downside for the defender is that for some types of signal the attacker can exchange time for sequence making the detection very much more difficult.

Agreed on all those points - except the timing, which I don't understand well enough to have an opinion on.

With reference to SNORT, the main problem is not being unable to use pattern recognition (or behaviour analysis) to detect these sorts of attacks - as it most certainly can. It's dealing with the large number of false alarms, and, SNORT's ignorance of the network itself. One approach to dealing with these problems (and their are others) is to feed the results to NEFCLASS and JRIP.


Nothing to do with any assertions you've made Clive, but others, sometimes, refer to "stealthed" ports... with the greatest respect to Steve Gibson, stealthed ports provide no real security. They offer the illusion of security by obscurity, and that obscurity is pure illusion.
If you want to secure ports - close them. If you want to limit access to certain ports (i.e. ssh) use portknocking in combination with fail2ban. Sure - it could be used against you for DDOS, but the alternative is to allow unlimited attack attempts.

TIMAugust 19, 2014 7:57 AM

Wouldn't it be much faster for NSA & others to use 2 Systems for portscaning (one target) in the way, that the first systeme initiates the handshake with a manipulated header so that the second systems receives the respond from the target system?

It's just an idea that came up, so maybe it's just stupid.

Gerard van VoorenAugust 19, 2014 8:14 AM

Yesterday I saw the documentary "Why we fight" from 2005 again.

All I can say is that this kind of technology, the malware, and active abuse on a massive scale, without accountability, fits the picture.

Please watch this documentary and if you watched it in the past, watch it again. The zeitgeist is freaking. The comments of Dan Rather and Senator McCain are crystal clear.

People like G.W.Bush, Rumsfeld and Cheney belong behind bars. They lied and lied and lied again. Dick Cheney himself became a multimillionaire thanks to governmental contracts. Congress failed. There was no debate at all.

Boo, boo, boo.

Serious guys, there is legal corruption going on at a massive scale.

General Alexander plays the game of becoming rich after public service too.

The recent drone strikes in North Iraq against IS also fit right in.

So although the documentary is from 2005 this is not a thing of the past. As long as people like G.W.Bush are free men I think it will continue. There is no accountability at all.

dilbertAugust 19, 2014 11:15 AM

@Gweihir

Sadly, it's only illegal if they say it's illegal. They'll just change the laws to let themselves do this "for National Security"

Nick PAugust 19, 2014 12:07 PM

@ Gerard

I've shown that documentary to quite a few people. It shows the imperialism for what it is and does it well.

GrauhutAugust 19, 2014 3:22 PM

@Scot

Locking out a host based on fw logs of dropped tcp syns is a bad idea, its more elegant to have two simple honey deamons on ports above and below an active port that do the locking after a completed three way tcp handshake. And dont forget a whitelist. :)

Sancho_PAugust 19, 2014 6:13 PM

I’m afraid we are barking up the wrong tree: Portscanning.
But probably I’m wrong?

a)
- Port scanning is perfectly legal.
- Port scanning is morally OK.
- Port scanning is sometimes necessary.
So we could probably complain if IP.X.Y.Z does it twice a day to our server.

b)
Port knocking, as mentioned here, will help against the bad boyz but not against a national player like NSA.
They just look up their intercepted traffic database for any traffic and how it was established (and from whom and why and how often and …).
The database will also reveal details like advertised versions and so on.

Port knocking (even knockknock) to a server will be their first interesting finding,
long before injecting their data into your connection.

- However, the bad thing is vulnerability [1].

I still don’t get it how “play that youtube-video” can lead to any other action as to
play that damned video” (I could accept to play a different content, though …)
or
error while receiving stream”.

Back to the (Bruce’s) topic,
the hidden / secret use of third party equipment is immoral, an offense and dangerous.
We must not accept that to be “the law”.
It does not matter whether it’s US or foreign property, morals don’t have borders.

If it’s done with the owner’s consent I would accept it, “secret ” is my trigger:

If the cops want to install a camera in my house to watch my neighbor (allegedly a drug dealer) I may agree.
But if someone kills my kids and later I find out about the secretly hidden camera …

[1] http://www.thoughtcrime.org/software/knockknock/

A.UserAugust 19, 2014 8:35 PM

There's still an error in the line:

The slides never say how many of the "potential ORBs" CESG discovers or the computers that register positive in GCHQ's

Don't think you mean CESG should it be CSEC again?

name.withheld.for.obvious.reasonsAugust 20, 2014 1:13 AM

Okay Bruce, the topic and title do little to contextualize the problem of the NSA cyber warfare mission. Though not well know to the public, the inappropriately co-mingled cyber warfare mission of the NSA is a most unsettling issue. Little information exists describing the basis for offensive operations, any kinetic action/decision, the authorization chain, or types and responses in the case of collateral damage is know by those responsible for securing potentially "in-the-line-of-fire" systems--let alone critical infrastructure managers.

I'm afraid that their is a need to move quickly in understanding what I call the "DoD Def-con Cyber X" warfare strategic plan. There are so many holes here that I am afraid that understanding or realizing that a infected or "captured" system is an asset of war or a victim--let alone if it is an agent of some kinetic strike. I could imagine an individual system (alone or in tandem) being part of a targeted attack where a missile or bomb is launched based on these "innocents".

But what really speaks volumes to the problem that is an agency lost in hubris, having the self defined objective and assertion that assess ALL DATA is relevant to a/the potential threat or use in a cyberwar scenario. To a degree so reprehensible that it should only ever be entertained in a SciFi movie. This preemptive posture that subjugates us all, is pure fascism.


To connect the dots...

Names of the mechanisms by which the NSA carries out its offensive CO/CW/EW operations is scant at this point. From PPD 20 I would assume that the MONSTERMIND program has/is part of an integrated C/EW system. It is easy to imagine that based on parametric targeting criteria and computed location data, an automated system (say a configured drone) is tasked with any number of kinetic scenarios. MONSTERMIND may just be a adjunct OP that is performed in parallel or asynchronously with another program...I could conceive of a scenario where the automatic infection is deliberate, causing cycles in the field of the opponent to be consumed such that there is no attention/notice of the kinetic event that is in queue.

Scott "SFITCS" FergusonAugust 20, 2014 3:55 AM

@Sancho_P


I’m afraid we are barking up the wrong tree: Portscanning.
But probably I’m wrong?

That depends on the legal jurisdiction. In some cases, yes.


a)
- Port scanning is perfectly legal.

No.

- Port scanning is morally OK.

Perhaps in some circumstances - but not on my servers without permission.

- Port scanning is sometimes necessary.

Yes. Emphasis on sometimes.

So we could probably complain if IP.X.Y.Z does it twice a day to our server.

Absolutely. But.... depending on your legal jurisdiction it may not be a crime (though there may be civil remedies) - and even if it is illegal, there's no guarantees that you will get action (how much weight does your company carry?).

b)
Port knocking, as mentioned here, will help against the bad boyz but not against a national player like NSA.
They just look up their intercepted traffic database for any traffic and how it was established (and from whom and why and how often and …).
The database will also reveal details like advertised versions and so on.

Perhaps you should read Moxies documentation (the link you posted)? It contradicts your statement.

Note that it's not the only portknock system designed to prevent "playback" attacks.


Port knocking (even knockknock) to a server will be their first interesting finding,
long before injecting their data into your connection.

Please read my previous comment. There are several flaws in your logic.

I still don’t get it how “play that youtube-video” can lead to any other action as to
“play that damned video” (I could accept to play a different content, though …) or “error while receiving stream”.

  • Your version of x is too old to view this video. Download the update here (link to trojan)
  • Exploit auto-update of flash/silverlight
  • Exploit Flash/Silverlight/webm(?) vulnerabilities


Back to the (Bruce’s) topic,
the hidden / secret use of third party equipment is immoral, an offense and dangerous.
We must not accept that to be “the law”.
It does not matter whether it’s US or foreign property, morals don’t have borders.

Apropos of little - morals have no weight or measure.

The problem is that morality has very little realistic influence on legislation (as opposed to justification for legislation). Money does. Bad for business is likely a more powerful incentive for change.

[1] http://www.thoughtcrime.org/software/knockknock/
Perhaps you conflated the problem (see quote below) Moxie saw, with his solution?
"The problem with the original(emphasis mine) concept was that if your port sequence was observed by passive eavesdropping, it was easily replayable. The obvious solution was to develop a port knocking system that did not allow for replay attacks. Such a solution suggests the use of cryptography."
Also:-

Kind regards

ChrisAugust 20, 2014 3:15 PM

Hi havent been here for awhile, busy with life kindof stuff. Anyways
The page today looks funny, and I am not going to activate java or anyother things just to be able to write here
so eather this is a temporary mistake or I am out from here.

Allthough that wasnt the reason I stopped bye, its been some intresting weeks that has past and
reading throuugh all the messages has been very nice since its the best blog I know of right now.

I dont have alot of solutions to the problems that everyone is affected to but if we stick to
the PC world and forget about the phones for a second, which i have doomed to be unsolvable.

PC World then:
All and all I am not going to touch the encryption but I am talking about the endpoint security
while on internet, not interdicted hopefully and pc is behind locks (presumed) no physical intervention ...

I have worked quite alot with trojans and worms and viruses, infact i collected them and had alot of
active stuff just to learn how they worked, this was around 1990-2000 so longtime ago.
Then came Internet and something called astalavista that was prior to Piratebay, you could bet
that no matter what you downloaded from there it was infected. So some tricks
-Old Harddrive where you keep the active stuff should have 2 harddrives
One that is Physically nonwritable (Cut cable) easy as hell. second drive you have your active viruses etc to do testings

This was before Hypervisors
OK so with hypervisors its differsnt but similar
create non-persistant drives and use them as your safe havens
If you are really anal about it use Qubic OS as Hypervisor

What more ok yes windows operating system, this is something that you cant almost find anywhere in literature
etc and its almost a secret: here goes
Put all the temp environments to say c:\temp and now remove executive rights from c:\temp
thats it, you cant get infected even if you try

What more have fun
//Chris

Sancho_PAugust 20, 2014 3:15 PM

@ Scott:

Thanks for your reply.
I’m not IT insider, please apologize if I’m misunderstanding, I’d appreciate clarification anyway.

I’m not aware of any legal restriction explicitly to port scanning in my jurisdiction (EU) until there is some prove of severe damage or “bad intent” (very blurry jurisdiction right now, they want to fix it of course …).

For the port knocking itself I’m not talking about the intent of playback attacks. I think silently watching the traffic would reveal everything?
Say I’m interested in the activity of a news agency (e.g. Al Jazeera) and their server (ports), the question to the database would be “timeline of connection attempts with data volume by port (except 80…), sorted by “dissident” IP’s (= connecting also to NYT on strange ports)”.
Spooks will have better ideas, but everything is already there in their “collection”, there is no data transmission without connection.
Now they set up a rule for an automated action.

So Moxie (… sorry for that :-) ) may later cryptographically knock, authenticate and open that (other) port for transmission but then they (their automated system) will use it (inject their exploit) because of their better networking connection / position,
- or would that be impossible?
- Could they even pretend to have M’s sending IP address, or is this a no-no?

Seems I do not understand why one needs a secure port knocking request to open an insecure / vulnerable port?

”… An observer watching packets is not given any indication that the SYN packet transmitted by 'knockknock' is a port knocking request, but even if they knew, there would be no way for them to determine which port was requested to open.” (Moxie Marlinspike)

Is this correct also in case of querying a (e.g. NSA) traffic database?

Regarding the video:
Your first point seems to be the category “social attack” which I’d probably fall into at my home PC.
At the company’s server I may see that “Download the update” and click it, but then I could prepare two coffees because one of our IT guys will show up within five minutes, together with my boss (no coffee for my boss in this situation).

So remain the vulnerabilities.
That’s a sad chapter, as I’d see the sense of national security in securing the national assets.

Note: I am absolutely opposed to national thinking. Nation states are global enemies.

[ At vulnerabilities ... There is also the issue with what is called the “OS”:
I think an Operating System should have a close look to what’s happening inside the machine. Applications must remain below the OS, closely watched in their behavior.
I’m afraid there is no such OS available today - probably never will be. ]

”The problem is that morality has very little realistic influence on legislation (as opposed to justification for legislation). Money does. Bad for business is likely a more powerful incentive for change.” (Scott)
+1.
This is why the outcome will be bad.

Thanks for the links (I’ve read the articles but I’m not convinced - however, I’ll try again - seems to be too much at once for me)

… and thanks for reading this lengthy post :-)

ChrisAugust 20, 2014 3:35 PM

I forgot to mention Sandboxie, that is the ONLY antivirus thingy I use
Read about it understand it and use it

All and all that wont keep you safe but.. you will be safer than before trust me
The problems are ofcourse if the active stuff gets passed the temp to an environment
that isnt controlled by you (With a hypervisor possible but very unlikely)
however the videoram etc rams that exists can today be used as writable media
and called, and you have little defense towards it
However saying that I feel safe and I am fine with that and I am perhaps naive but it has worked for me
and still does cheers
//Chris

Nick PAugust 20, 2014 6:06 PM

@ Chris

I often recommended Sandboxie over VM solutions because they work even if user is kind of lazy. I set a few people up with DefenseWall + Sandboxie + Firefox + Security Plugins + a backup program. Worked pretty well. I threw in a LiveCD for online banking and anything extra critical.

Although, the people I put on PowerPC Macs with hardening are still malware free, still getting app updates, and still have cheap parts on eBay. Works great if you're not targetted and don't need modern amenities like Flash. MorphOS is another possibility if behind NAT.

Nick PAugust 20, 2014 6:59 PM

@ Scott

Let's not forget the most awesome port knocking work (that I know of): SilentKnock.

Abstract: " Port knocking is a technique first introduced in the blackhat and trade literature to prevent attackers from discovering and exploiting potentially vulnerable services on a network host, while allowing authenticated users to access these services. Despite being based on some sound principles and being a potentially useful tool, most work in this area suffers from a lack of a clear threat model or motivation. We introduce a formal security model for port knocking that addresses these issues, show how previous schemes fail to meet our definition, and give a provably secure scheme that uses steganographic embedding of pseudorandom message authentication codes. We also describe the design and analysis of SILENTKNOCK, an implementation of this protocol for the Linux 2.6 operating system, that is provably secure, under the assumption that AES and a modified version of MD4 are pseudorandom functions, and integrates seamlessly with any existing application, with no need to recompile. Experiments indicate that the overhead due to running SILENTKNOCK on a server is minimal – on the order of 150 us per TCP connection initiation."

Scott "SFITCS" FergusonAugust 21, 2014 4:24 AM

@Nick P

@ Scott
Let's not forget the most awesome port knocking work (that I know of): SilentKnock.

Agreed. SilentKnock is one of several secure portknock schemes I didn't mention. In my defence, it was a hasty reply to a complex problem.

There is a belief that the only defence against the NSA (and others) spying on communications is to use secret channels. i.e. if the boogeyman can "see" an ssh connection it's somehow game over. That leads to the false logic that obscurity is the only defence. I believe sunlight is a better proving ground for security than darkness (but then, I'm not much on pure faith, or a fan of the idea that optimism should triumph over experience).

Kind regards

Scott "SFITCS" FergusonAugust 21, 2014 5:46 AM

@Sancho_P

Apologies to the whose lips get sore reading long posts. All truths are simple so if the length of this bothers you, you can safely regard it as information free.

@ Scott:

Thanks for your reply.

Thanks for the interesting post.

[snipped]

I’m not aware of any legal restriction explicitly to port scanning in my jurisdiction (EU) until there is some prove of severe damage or “bad intent” (very blurry jurisdiction right now, they want to fix it of course …).

You may wish to reassess that opinion after reading the following. NOTE: IANAL (standard disclaimer meme). Don't forget - "ignorance is not grounds for mitigation (unless you are a member of the bar)".

Links to internation laws on portscanning:-


And that's just the first few results ;)

For the port knocking itself I’m not talking about the intent of playback attacks. I think silently watching the traffic would reveal everything?
No. All it will reveal is a stream of data. Data without context is not information (it's encrypted).
Say I’m interested in the activity of a news agency (e.g. Al Jazeera) and their server (ports), the question to the database would be “timeline of connection attempts with data volume by port (except 80…), sorted by “dissident” IP’s (= connecting also to NYT on strange ports)”. Spooks will have better ideas, but everything is already there in their “collection”, there is no data transmission without connection. Now they set up a rule for an automated action.

That entails a number of presumptions:-


  • that connections from "dissidents" are direct to the Al Jazeera server

  • that "dissidents" can be identified

  • that the origin of the "dissidents" connection can be identified - and that that origin is useful (e.g. not a cron trigger connection from an innocent third-parties internet connection)

  • that useful information can be gleaned from the transmission (information not data)

Simply being able to unencrypt the data at some time in the future may be of historical value only. Without specifying what the "automated action" is the question is analogous to "what will we do when Martians invade?".

So Moxie (… sorry for that :-) ) may later cryptographically knock, authenticate and open that (other) port for transmission but then they (their automated system) will use it (inject their exploit) because of their better networking connection / position,

If the opponents of privacy have the means of doing that - then much of their catalogued abilities are redundant. I think you can safely presume they don't have that ability.

[snipped]

Seems I do not understand why one needs a secure port knocking request to open an insecure / vulnerable port?

Firstly, I have a problem with the assumption that those, unspecified, ports are insecure/vulnerable.
Secondly, perhaps a crude analogy may help explain:-


  • Without portknocking - you have a door, it's not hidden, nor is it's "knocker". To open the door you knock and identify yourself, either with a password if your security settings are, um, poor, or cryptographically if you follow BMP (man sshkeygen, man ssh-copy-id). If you follow BMP then your approach to that door is done wearing dark sunglasses, a beret, and a George Bush party mask (scares children, curdles milk). (man ssh_config see settings for "all" and how to enable encryption by default, I use blowfish, there are other choices).
    As far as we know that process is secure - however it has weaknesses - repeated attempts to "guess" that password if password access has been foolishly enabled can result in DDOS, or, eventually, (on a poorly configured system) access. (Please consider using fail2ban. Should you fail to encrypt your connection then you "identification" (password or key) could be captured and "replayed" (much as you can with radio controlled car or garage locks that don't properly implement rolling codes).

  • Now consider the same scenario except that the door is hidden until you perform a prearranged knock sequence. Those knock sequences are "one-time".


  • ”… An observer watching packets is not given any indication that the SYN packet transmitted by 'knockknock' is a port knocking request, but even if they knew, there would be no way for them to determine which port was requested to open.” (Moxie Marlinspike)

    Is this correct also in case of querying a (e.g. NSA) traffic database?

    Who knows? Certainly I have no understanding of the "NSA traffic database". Would their information be any more useful than that of my ISP?

    Regarding the video:

    Video? I must of missed that meeting :)

    Your first point seems to be the category “social attack” which I’d probably fall into at my home PC.
    At the company’s server I may see that “Download the update” and click it, but then I could prepare two coffees because one of our IT guys will show up within five minutes, together with my boss (no coffee for my boss in this situation).

    It doesn't have to involve social engineering. NOTE: we are postulating from an information poor position - it has it's limitations.
    I doubt your network or system administrator is going to notice. Do you keep MS Updates from automatically running? It's very unlikely your antivirus system will notice any malware (dig through these forum postings to see why). If you run any version of Windows I can think of several methods of bypassing your security without social engineering (no, I'm not posting those methods here). Aside from that - there is a high probability that if I can access your home computer - or any of your private accounts (e.g. email) I could (as an attacker) gain access to your work place. I could also guess that your workplace is statistically likely to have several failing in security (does your network administrator believe NAT is some kind of security? do you have networked printers? etc). Your weakest link is your biggest problem.

    So remain the vulnerabilities.
    That’s a sad chapter, as I’d see the sense of national security in securing the national assets.

    I see the biggest revelation from Snowden is what the NSA has very effectively removed from any discussions - all this information (not data, information) is being gathered and processed by third parties. e.g. what security measures do you believe the NSA has in place to prevent Dell from using that information to their business advantage?.

    Note: I am absolutely opposed to national thinking. Nation states are global enemies.

    I strongly believe Oscar Wilde was wrong - patriotism is not the last refuge of scoundrels - nationalism is.

    [ At vulnerabilities ... There is also the issue with what is called the “OS”:
    I think an Operating System should have a close look to what’s happening inside the machine. Applications must remain below the OS, closely watched in their behavior.
    I’m afraid there is no such OS available today - probably never will be. ]

    The solution you seek would seem, from my non-expert view, impossible - userland below kernel. Microkernels, application whitelisting, and an integrity shell - coupled with careful separation of risk (not one connection, one encryption key pair, and one OS for everything) is a possible alternative solution.
    [snipped]

Interesting stuff. Please regard my posts are opinion only - only time will tell how useful that opinion is. I've never had a server or workstation compromised - I do my best to keep them properly secured but I still know my security is little more than a cup of spit and a few twigs. If the world was software it's be destroyed in the first mild breeze. Proper risk management accounts for that - the vast majority of what people wish to secure falls under the risk management category of, um, dangerously naive and highly unlikely. But the psychology behind it is not dissimilar with that of those that buy lottery tickets - or drive hybrid cars for the sake of their health (.22 is healthier than .50 only if you confuse migitation with solution).

Kind regards

Sancho_PAugust 21, 2014 4:28 PM

@ Scott:

Legality of port scanning:
I know about some “events” that are copied from one opinion to the other but it seems to me that there is neither knowledge nor a strict law. As always when money / bribery / lawyer + court are involved our faith is in God’s hand.
Here (in Spain) this is at least as valid as in other (EU) countries. No one would care when you’d ring at millions of doorbells, it is common practice - but don’t touch the wrong one.

If it’s clearly against the law then HACIENDA clearly is a violation of law, I guess there’d be some lawyers waiting.
(Both of your “official” links lead to 403 from my system, and I think they don’t have any “hard facts” regarding port scanning, probably to protect the spies)

#
Regarding my “watching the traffic reveals everything”:
”No. All it will reveal is a stream of data. Data without context is not information (it's encrypted).”

Sorry, I couldn’t disagree more, because it’s not “data without context”.
The traffic (who, how, when, how much, how often, from where, …) is the real information = the data,
the “content” is nearly unimportant (mind: at least at a first glance or to send you drones):

- It could be encrypted (therefore useless, but suspicious, this is at least true today),
(but I’m with you regarding “historical value only”, there is no court, they don’t need it).
- It could be deception / misleading by intention
- It could be misunderstood [1]

When I see my friend repeatedly dating someone I do not need to know what they are talking exactly. The location, frequency and time tells enough to raise serious suspicion.

When I send birthday greetings to my grandma,
- bean-counters would be interested in the content (“How many virtual roses did he send, seven, - really?”),
- but the spies would be alarmed because my grandma died several years ago.

Metadata translates to “more than data”, it is the only truth (if you don’t make mistakes at collecting them).

#
Regarding redundant abilities:
As this topic is about NSA/GCHQ/CSEC we must assume they have and use redundancies.
”I think you can safely presume they don't have that ability.”
Let’s hope the best and assume the worst.

#
vulnerable ports:
”Firstly, I have a problem with the assumption that those, unspecified, ports are insecure/vulnerable.”
So you are more confident than others, glad to hear that, but the topic of this thread seems to indicate the opposite?
However, with “unspecified” I agree, but probably “dissidents” would not use SSH (no, I’m not thinking about a cave man but the average Joe Greenwood).
The man pages made a good reading and a little more understanding, thanks.

#
Internet traffic database
”Who knows? Certainly I have no understanding of the "NSA traffic database". Would their information be any more useful than that of my ISP?”
But you know what a database is and that “they” would not collect nonsense?
I don’t know if your ISP has global access to Internet eXchange Points?

#
Regarding the video (it was: How could “play that youtube video” be an issue to my system)
Yes, in my company there are no MS auto updates and I can not install any SW as the machines draw a system image on boot or new network access (laptop), connected computers are periodically checked (annoying!). I think they fear a Mi$o “kill switch”. These IT guys are my “friends” but I do not want to ask too many questions there …

#
”I see the biggest revelation from Snowden is what the NSA has very effectively removed from any discussions - all this information (not data, information) is being gathered and processed by third parties. e.g. what security measures do you believe the NSA has in place to prevent Dell from using that information to their business advantage?”

Um, you think outsourcing goes that far? That would be … unbelievable but logical,
good point, indeed.

Makes me even more thinking.

My biggest concern is that we know how unpredictable SW is in case of any error.
What they do is playing with the launch button of “the” global crisis.
Tit for tat could escalate in milliseconds.

Thanks and have a good day, anyway!

[1] A friend from Germany sent me this story regarding their “Gründlichkeit”, but it is so mad I can’t believe it’s true:
http://tinyurl.com/Gruendlichkeit (sorry, only Google translate?)
They seem to scan all the (also paper ? ) payment orders and to electronically check the “reason for transaction” for “suspicious tags”, so never make a joke containing “bin laden” when you send money to a friend!

Scott "SFITCS" FergusonAugust 22, 2014 4:03 AM

@Sancho_P

If I've snipped some of your comments it's because I neither disagree or have anything to add

@ Scott:
Legality of port scanning: I know about some “events” that are copied from one opinion to the other but it seems to me that there is neither knowledge nor a strict law. As always when money / bribery / lawyer + court are involved our faith is in God’s hand.

My concern would be not whether I'd eventually win in court, but whether I'd wind up there in the first place. In Australia civil action alone (accusing me of having cost a company money by port scanning) is not something I'd want to deal with. My "guess" is that the accusation alone might mean suspension of security clearance.

[snipped]

If it’s clearly against the law then HACIENDA clearly is a violation of law, I guess there’d be some lawyers waiting.

IANAL :) But... there is lots of discussion on this site about the gap between perceived illegality (by legal amateurs?) and enforced law.

(Both of your “official” links lead to 403 from my system, and I think they don’t have any “hard facts” regarding port scanning, probably to protect the spies)

My apologies. I don't know about the protecting spies reason. But try these links instead:-
here
and
here.

Regarding my “watching the traffic reveals everything”:
”No. All it will reveal is a stream of data. Data without context is not information (it's encrypted).”
Sorry, I couldn’t disagree more, because it’s not “data without context”. The traffic (who, how, when, how much, how often, from where, …) is the real information = the data, the “content” is nearly unimportant (mind: at least at a first glance or to send you drones):

I suspect you've bought into the official, sophist, "it's only meta data" lie. I very much doubt that the data is not collected also - and there's considerable construction to support that belief.

We'll have to disagree about the difference between information, data, and the relevance of the context in this instance. Best not argue over pedantic semantics, it may lead to the conflation of semiotics and facts.

[snipped]

When I see my friend repeatedly dating someone I do not need to know what they are talking exactly. The location, frequency and time tells enough to raise serious suspicion.

I believe I understand what your saying - and I'm alarmed at the number of assumptions you've built on that "metadata". I will not let you date my daughter ;)

When I send birthday greetings to my grandma, - bean-counters would be interested in the content (“How many virtual roses did he send, seven, - really?”), - but the spies would be alarmed because my grandma died several years ago.

Why should that information be considered "private"? I oppose breaking into my home or work without warrant (probably cause). I oppose spying on my (commercial) business. Most of what is not my home or place of business is not "mine". I don't propose that "I" have "rights" to privacy/secrecy outside my home or place of business. Nor do I believe I have a "right" to use the architecture and resources of others in secrecy (my "rights" don't trample on theirs) - not only would it be wrong, and bad for business, it's an unworkable proposition (economically unfeasible). By no means does that mean the store that sells those digital roses shouldn't be able to protect their computers/business from warrant-less intrusion. Unless the data that moves between you and that shop are in the same legal jurisdiction, and until we have uniform international cyberlaw you can expect that data to be insecure (against foreign governments) unless you actively employ secure measures supported by the digital rose shop. As a commercial transaction you might want to consider the laws (and reasons for them) that require that transaction to be logged? (no need to sniff the net - ask the bank or the tax office)

Metadata translates to “more than data”, it is the only truth (if you don’t make mistakes at collecting them).

Osama Bin Laden did visit the US. I can give you the dates and location. There's your "only truth" - it's worth little. You can make a silk purse from a pig's ring - but you'll need to patch it with a lot of silk.

[snipped]

vulnerable ports:
”Firstly, I have a problem with the assumption that those, unspecified, ports are insecure/vulnerable.”
So you are more confident than others, glad to hear that, but the topic of this thread seems to indicate the opposite?

Seems? See my earlier comment about "a cup of spit and some twigs". ;)
Agreed - plan for failure, aim for success. Keep the mind open - but not so far the brains fall out. I've seen no evidence that the "possibility" is more than just that.

However, with “unspecified” I agree, but probably “dissidents” would not use SSH (no, I’m not thinking about a cave man but the average Joe Greenwood).

I'm not sure what deductive process you used to reach that opinion, and it's difficult to respond to given the unknown definition of "dissidents".

[snipped]

Internet traffic database
”Who knows? Certainly I have no understanding of the "NSA traffic database". Would their information be any more useful than that of my ISP?”
But you know what a database is and that “they” would not collect nonsense?
Unintended sophism? (I note that English may not be your primary language, and that I can be a bit thick) Yes, I know what a database is, as to the rest of the sentence... no, I don't know that (I have no opinion, the statement is too vague).
I don’t know if your ISP has global access to Internet eXchange Points?
Relevance? How many of those "traffic databases" can dance on the head of a pin? (consider that my ISP knows the point of origin - it's of primary importance, metadata or not). More importantly, what is it that you expect? That the internet be redesigned so that all data transfers are anonymous? Who will fund this new internet? Why would business use it? What miraculous event would be required for all parties involved to arrive at a timely consensus? I'm Australian (and a cynic) - other that .org.au we still futz around delaying DNSSEC for the rest of the gTLDs, how many businesses do you know that have yet to implement digital signatures for email? (I even see Security Experts who don't have DNSSEC set up for their site).

[snipped]

Um, you think outsourcing goes that far?[snipped]
Then I've made my point. In all that you've read of Snowden did you never notice who he worked for (not his employer)[*1]? Or how many companies the NSA uses to process that (meta?)data? Consider the possibility that the rest of Five Eyes also outsource (perhaps Clive might venture an opinion?)

[snipped]


[1] A friend from Germany sent me this story regarding their “Gründlichkeit”, but it is so mad I can’t believe it’s true:

Not so unbelievable for two reasons: I've met some of the salespeople[*2] from the major companies that flog surveillance, pattern recognition, data matching and data warehousing to government and big business so I know how hard they flog the "total information" "thar's gold in those hills" line; the fear of loss (missing out on power and knowledge) is a major human bias.

[snipped]

so never make a joke containing “bin laden” when you send money to a friend!
Back when some of our ancestors were goat herders inventing myths to control their "herd" (children, relatives and women) fear of the different made sense. As civilization developed so did the need for diversity - and the acceptance (embrace) of difference. If we want to go back to herding sheep and growing desert then we should all attempt to act alike and hide our differences. I won't embrace or support that Chill Factor.

[*1] Dell
[*2] they have "inforgraphics", spreadsheets, and shiny brochures!

Kind regards

Clive RobinsonAugust 22, 2014 7:16 AM

@ Scott, Sancho,

The outsourcing question is actually quite difficult to answer for a variety of reasons.

But in the UK the trend is to outsource as much as possible as quickly as possible and hang the cost on the tax payer. For the ideological nonsense that drives one of our major political parties, the naked greed of the backers of the other not so major political party and as for the third I don't think they've "talked it to death" yet so their opinion is not yet formed or the cash not yet counted not sure which.

The UK has over the past few decades been a total disaster for national ICT projects, they have all been grandiose and based on the false assumption they will "cut the cost of Government", which is a total nonsense.

The current thinking is that we were being milked/bilked by the likes of IBM and Ross Perot's companies old and new and the four big accountancy firms, when ICT development was carried out "In house" by "external consultants" on around 5000USD equivalent a day with more than two thousand of them wandering around doing "makework".

So the current idea is to make the companies do it at their own risk...

Thus these companies get not only all the IP the UK tax payer should own but the UK citizens personal records etc. But that's OK as the UK political parties get their "donations etc" and the tax payer still gets bilked for ever increasing extras etc etc etc. Which means more civil servants for empire building. Or more correctly minimum wage temps that due to "clearence rules" are those most likely not to have found work else where in the six month process which frankly does not make me think they are likely to be anything close to above average employees. Which brings into question their ability to do things well or securely with unreliable and insecure systems the companies supply for them to work on...

As for the companies they are free to mine the data as much as they like, but if they sell it they are supposed to kick a percentage back to the UK Treasury, but we know from past experience this just won't happen due to "hidden" development costs etc etc.

The important take away to note is the "Political Party Donations", these happen in two ways Direct Contributions which are supposadly maters of public record and by purchasing or supplying "goods and services" from/to the parties or politicos or other party seniors or ministerial offices. This latter way is very opaque at best and is of major concern as it drives the thinking behind what the parties in power do in the way of legislation, especialy tax legislation thought up by the big four accountancy firms staff on secondment FOC...

As for the "data" well as noted it gets in effect "gifted" to the outsource companies to do with as they please privately what they do with it publicaly likewise has few constraints as long as it's not going to cause visible embarrassment to the politicos over the next cycle or two of government...

Then there is co-operative ventures, do you remember those two Chinese telecomms companies the US Gov said were in effect "Satans spawn" and not to be used? Well in the UK one of them has a co-operative "security" venture with part of GCHQ which is the UK's equivalent of the NSA... Oh and the venture also means they get good access to the UK telecomms infrastructure "nice work if you can get it..."

So what else is going on in the UK is anybodies guess...

As Benni has pointed out it looks like there is a fair amount of "revolving door" and other even less desirable activities going on in Germany much to the embarrassment of "Mummy Merkle" and the Government. Over in NZ it's an "Open Secret" that their signals inteligence is not controlled by the NZ elected politicos or the civil servents but out of either the NSA or GCHQ who have senior representatives there, at one point in the past in an office directly adjoining the Directors office... Canada appears to have similar issues as for Australia I'll leave that to Scott to look into but rumours suggest it's similar to Canada.

If you look at another part of the UK IC run by the Metropolitan Police, you will find shocking stories about illegal colection and dissemination of PPI much of which has ended up in the hands of private companies who have then used it against innocent citizens in court action to stop them lawfully protesting. Then there are the cases of "sleeping with the enemy" where police undercover officers have cohabited with suspected protestors and in the process apear to have produced totaly fictitious intelligence and caused other considerable harm.

The simple fact is that nearly all the IC organisations of the majority of western countries see themselves as "above Government and the law" and they have greater loyalties to other members of the IC than they do to either their elected politicians or civil service. What they get upto collectively from the few glimpses we have seen are frankly quite frightening when you consider they feed our politicos and civil servents with information used to make decisions which criticaly effect us the citizens.

Sancho_PAugust 22, 2014 3:32 PM

@ Scott:

Thanks for the corrected links, very valuable, much more than “opinions”.
Interesting to see how morals are written down probably into “law” at taxpayers expense, sometimes by shills. Politicos just have to accept the paper (and money ?).

So we tend to agree and disagree at the same time at some points, therefore I will fast forward to what may be open (oh, and yes, I tend to be cynical, too, no worries):

#
”Why should that information be considered "private"? I oppose breaking into my home or work without warrant (probably cause). I oppose spying on my (commercial) business. Most of what is not my home or place of business is not "mine". I don't propose that "I" have "rights" to privacy/secrecy outside my home or place of business.”

Hmm, here’s my problem:
What is our “home or place of business” in the immaterial / not physical world of information?
Where is the border exactly, thinking about an email to a business friend in Tunisia, which paragraph / sentence would be public or “without rights” and which part would be protected?
Should I write two messages, one from my work and the other from my - ups, private - home?
And the “metadata” of both, are they protected (not to think about my friend’s privacy)? Are we all supposed to have private and business accounts and identities?

Because of the (Tunisian) recipient both my messages will be flagged, the processing is probably outsourced to the single competitor I have in that business and country???
Oh, it is necessary to control bribery and unlawful advantage? I see.

The roses may be for my grandma or someone else, but there are only two entities to know that, me and the shop, neither the competitor of the shop nor anyone else. The tax office has to know about the transaction, and if there is an official tax investigation the shop has to inform me, the sender, but never reveal the recipient without an open court order.

What I urge is both, segregation and reliability. They may log and store the transactions as required by law but can not share or lose them without severe consequences.
This needs a law.
Security needs incentives = money.

#
Internet traffic database / unintended sophism?
Sorry, the reason will by my English together with the short “synchronization” of our mindset due to compressed written conversation.

However, your ”Would their information be any more useful than that of my ISP?” made my perplex.

Granted, we have little knowledge about “their” database. So I (Joe Average) can only fantasize what I would expect from a several billion dollar project driven by hundreds of professionals. Your ISP will know “the [single] point of origin” but this is less than one single pixel in the picture, they can’t answer the question “who is behind that point, the social background, whereabouts of last two years, friends, business and international contacts, how relevant is this endpoint, whom will this person meet next week, mindset, where is the weakest spot, …”.
Think about big international business, military supply, food processing, pharmaceuticals, financial market, insurance, IMF, whatever. Your ISP ???

@ Scott & Clive:
You did enough for my Chill Factor, thanks!
On the other hand, personally the “Joe Average” has nothing to fear so far.

Scott "SFITCS" FergusonAugust 22, 2014 6:31 PM

@Sancho_P


Hmm, here’s my problem:
What is our “home or place of business” in the immaterial / not physical world of information?
Where is the border exactly, thinking about an email to a business friend in Tunisia, which paragraph / sentence would be public or “without rights” and which part would be protected?
Should I write two messages, one from my work and the other from my - ups, private - home?
And the “metadata” of both, are they protected (not to think about my friend’s privacy)? Are we all supposed to have private and business accounts and identities?

Home and work (your business, not the business of your employer) is a physical location. Why make a new set of rules for a circumstance that is just a variation on an existing circumstance (not some paradigm)? In engineering it's generally accepted that if you have a system that 90% "works" that the most likely way to successfully "make it work" 100% is to improve it - and that trying to redesign the system from scratch is unlikely to result in a 100% working solution.
We expect that our postal and telecommunications system has controls on who can intercept the information being moved across it. We accept that the courier can exert some control over the contents, and inspect the information being transferred to insure that we comply with the rules. e.g. that post be inspected to ensure it doesn't contain explosives or toxic chemicals. We expect that the postal system doesn't allow others willy-nilly access to our post. But we know postal staff are human - so do we stop sending mail because we can't guarantee the transit of mail without people other than the intended recipient reading it? Or do we employ encryption?
The 3rd type of surveillance that Bruce describes is the problem that needs to be solved - how do we stop the NSA from preventing us from employing encryption when sending and receiving information? I'm not talking about preventing legal authorities from doing their job any more than the ability to own a safe, or create your own code for keeping your diary does - just preventing the situation that is bad for business. Why "bad for business" rather than bad for the individual? For the full answer read Adam Smith, the short answer is that all individual rights derive from free trade, the division of labour, and the pursuit of self-interest. Any restriction on those things restricts individual rights. What's good for a few business is not good for individuals, what's good for many businesses, is. Fascism and dictatorship do best with fewer and larger business - that can only occur when the business of the many is constrained. Not a popular point of view - a multitude of small business doesn't employ as many lobbyists as a few large ones.

Because of the (Tunisian) recipient both my messages will be flagged, the processing is probably outsourced to the single competitor I have in that business and country???

cough*Cisco*cough(??)

[snipped]


However, your ”Would their information be any more useful than that of my ISP?” made my perplex.

Granted, we have little knowledge about “their” database. So I (Joe Average) can only fantasize what I would expect from a several billion dollar project driven by hundreds of professionals. Your ISP will know “the [single] point of origin” but this is less than one single pixel in the picture, they can’t answer the question “who is behind that point, the social background, whereabouts of last two years, friends, business and international contacts, how relevant is this endpoint, whom will this person meet next week, mindset, where is the weakest spot, …”.

Then we don't need unique keys for database tables? ;p IANAIA

Kind regards

"The pure and simple truth is that the truth is rarely pure and never simple"
~ some dead guy

"Science is the great antidote to the poison of enthusiasm and superstition"
~ Adam Smith, The Wealth of Nations: An Inquiry into the Nature & Causes of the Wealth of Nations

Sancho_PAugust 23, 2014 4:04 PM

@ Scott:

”… But we know postal staff are human - so do we stop sending mail because … ?”

Your analogy is not true anymore. Seems you wrote about the good old times where humans made the sorting and so. They had a very small view of the process, nearly no chance to get any idea regarding the whole picture. They’d have to carefully open one (which?) of thousand envelopes, copy the content probably by handwriting / drawing …
The’d risk their honor and lifelong safe harbor. Yes, they were humans, but there was trust -
also from them in their employer!

Today there are machines, slaves and droids (= authoritarian followers).
[ Yes, also some frustrated humans, more or less carefully avoiding trouble ]
“Lawful” inspection is a snap (email + credit card + money order, all together), as is “collecting intelligence” (= theft) in a global scope, not just in my village / city / country.

COMSEC is important, no doubt, but to securely encrypt on tamperproof computers is neither enough for my personal security and well-being, nor for my kids to grow up in an open society with respect for foreign peoples [1].

I have no problems with my postman knowing I got mail from someone in the UAE (he used to ask me for the stamps), but I can’t stand the feeling that several people, including Mossad and MOIS, make a living from dutifully noting “Sancho got perfectly encrypted data from Ibrahim”.
And knowing what terrific consequences can result from brainless processing database “knowledge” (which DB doesn’t include errors?) brings my blood to the boil.

Perfect technics is never the answer for mankind’s issues.
But this takes us far OT and I think we shouldn’t further stress Bruce’s hospitality ;-)

Thanks for “Adam Smith”, I love what he wrote in book V “Of War and Public Debts”.
Good he couldn’t write about the real costs of modern war and who supports it.

Best regards

[1] Also off topic: See the (mostly US) computer games.

Scott "SFITCS" FergusonAugust 24, 2014 12:14 AM

@Sancho_P

@ Scott:
”… But we know postal staff are human - so do we stop sending mail because … ?”

Your analogy is not true anymore.

Times have changed, and so have the methods used to inspect mail (freon spray, optical scanners, and pattern recognition software) - but the analogy still stands. You are still going to be disappointed if you expect your mail cannot/will not be inspected. And you can still employ encryption to safeguard it's content.

[snipped]

Yes, they were humans, but there was trust - also from them in their employer!

I know nothing of your postal systems history. AusPost has postal inspectors since the PMG days. Even in the times of the Black Penny stamp there were postal deliverers who pilfered, purloined and read mail - and postal inspectors to catch them and/or inspect the mail. Likewise government departments and other interests (including private) that secretly intercepted mail to view or change the contents.

[snipped]


I have no problems with my postman knowing I got mail from someone in the UAE (he used to ask me for the stamps), but I can’t stand the feeling that several people, including Mossad and MOIS, make a living from dutifully noting “Sancho got perfectly encrypted data from Ibrahim”.
And knowing what terrific consequences can result from brainless processing database “knowledge” (which DB doesn’t include errors?) brings my blood to the boil.

Misunderstandings we all have to learn to live with. Worrying about it is counter-productive, it's just one of the many things that appear unfair if you have unrealistic expectations.

Perfect technics is never the answer for mankind’s issues.

I'm not suggesting it is. Rather it's the perfect operation of perfect "technics". Too many people ask what tool will make me an expert? - which, effectively, is the question they are asking when they say "what should I use to do "it"?

But this takes us far OT and I think we shouldn’t further stress Bruce’s hospitality ;-)

I don't know. I think we've more than covered the subject - which has been extensively covered before for those willing to search. Be assured the moderator will let us know.

Thanks for “Adam Smith”, I love what he wrote in book V “Of War and Public Debts”. Good he couldn’t write about the real costs of modern war and who supports it.

It's a book that took me many reading and much thought to begin to comprehend. I didn't find it lacking in an explanation of the current situation.
War is the mercantilists’ best excuse for curtailing imports and limiting foreign debt
Perhaps you failed to adjust the geopolitical boundaries to account for international business interests e.g. American business in China, Chinese business and investment in America. He had a great deal to say about credit and fiat economies - did you factor that in?

Kind regards

The sovereign, for example,” wrote Smith, “with all the officers both of justice and war... the whole army and navy, are unproductive labourers.... The protection, security, and defence of the commonwealth, the effect of their labour this year, will not purchase its protection, security, and defence for the year to come.” In other words government is a service, and it should never be mistaken for a factory that furnishes us with all our jobs, homes, and discount blood pressure pills. Whenever a politician is heard to say that government spending is “an investment,” he should be told to get a job.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.