## Friday Squid Blogging: 200-Pound Squid Found in Gulf of Mexico

A 200-pound dead giant squid was found near the coast of Matagorda, Texas. This is only the third giant squid ever found in the Gulf of Mexico.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Jonathan Wilson September 12, 2014 5:42 PM

I suspect its unlikely that the government could have actually fined anyone for not handing over data under PRISM since in order to fine them they would need to reveal the existence of PRISM in the first place.

@Jonathan Wilson

I do not know about that, I would expect intelligence to be very knowledgeable on creative accounting methods… but I know nothing about such things, and even less about corporate wheelings and dealings like that.

But, a lot of people have argued Yahoo should have fought this and taken it in the chin, then the forced confrontation on the matter would have been very bad for the government. Some have also plausibly pointed out that because Yahoo gave in, later corporations may have as well.

At least one poster on another forum (ARS), pointed out that the money was not so much compared to Yahoo’s revenue that year.

My thoughts on the Yahoo/PRISM/Extortion racket case, where I covered stuff I had not seen others come to the conclusion of, and largely focused at defenders:

https://www.schneier.com/blog/archives/2014/09/friday_squid_bl_440.html#c6678477

and below, reposted from another account of mine, some irrelevant snipping:

My points will be directed at potential defenders from their perspective:

1. Just as the systems in place to push this true were opaque and secret, likewise the systems using this data are opaque and secret. You do not know who is going to be using these systems, nor for what reasons.
2. Snowden, as he often likes to point out, is proof that the controls being trusted on for security are woefully inadequate.
3. The controls are not only inadequate, but there has been little to nothing done to ensure the controls are made adequate in the Snowden wake. While many such actions would remain secret, the visible actions which should have been performed were not performed. For instance, the heads of these divisions were not fired because of their incompetence under their command.
4. If an intelligence agency does not have the capacity to secretly surveil data from popular systems, they should not be in business. They widely shared the information of their program across these companies. That is blatant and dangerous incompetence.

Consider: How would intelligence and law enforcement ensure security of these programs at these companies they went to? Put them under twenty four seven surveillance? Unlikely. Force them to adhere to lie detector tests? (Which are fallible, case in point, Snowden… or say, Aldrich Ames. Besides countless homicide investigations.)

They do not know who, then, would have access to these systems at these companies, nor even would they have the capacity to know much, if anything, about them.
5. Corporate controls on these systems are not going to be guaranteed. These backdoor systems could be used by potentially anyone, from anywhere, even outside the government.
6. PRISM, like the metadata program, and some others are inherently deeply dangerous from a data standpoint. The data could be used to extort, and otherwise control, anyone. Other dangerous considerations is it can also be used to map out connections between anyone who might want to investigate abuse of the program, if they are lawfully enabled to do so (eg, counterintelligence). They can map out the connections of anyone who has a cover identity. They can map out connections of any member of any organization or agency.
7. Any defender saying “just trust everyone” is, by default, incorrect. Trusting people is the very anti-thesis of counterintelligence work. Security work. So such statements while seeming maybe cheerleading “the team” or “being a patriot” is the anti-thesis of this.
8. The revelation of these programs caused severe damage to the integrity of the United States and the companies of the United States. It caused severe economic damage. Now, I mention this not because Snowden exposed these systems, as they like to keep the conversation stopped there. That is meaningless. The fact is that not only should they never have started such a program in the first place, further they were by no means responsible in carrying the program out and keeping diligent secrecy requirements.

@ BoppingAround
Thanks for the link. This is rather depressing.
It saddens me that the general populace doesn’t make this outragous governmental behaviour a high priority election campaign issue.

sena kavote September 13, 2014 1:00 AM

Software based method for protecting USB live distros from writing by malware

USB sticks with write protection switches are hard to find, but some ways around that are possible with just software.

One trick could be to load the whole operating system to volatile RAM memory before doing anything other than maybe logging in, and then remove the usb stick once the OS has loaded. OS in that mode should remind the user to remove the stick before OS can be used.

Most new computers begin to have 8 or 16 gigabytes of RAM. Tails and opensuse 13.1 kde live are about 1000 megabytes, Knoppix 4 GB, so they could fit in RAM. Biggest downside is that boot up would take more time, especially without fast USB 3.0. But with tails for example, the loading could continue simultaneously while the setting selections and logging-in are being done.

Once the boot is finished, all software launching works faster than with USB, so that is other upside besides security.

In some earlier squid post I pondered about using either sha512/sha256 hashes or exact copies of the data to check if the USB stick has been altered. That would need a pair of sticks or usb stick for checking and OS in internal hard disk.

@sena kavote
Why not simply remove or somehow make the write pin of a LiveUSB unusable ? One probable TLA method would be on the BIOS layer where a plugged in LiveUSB when reading data to load the entire LiveOS (it is going to take sometime to load) it can somehow do a write onto the LiveUSB as well while the reading of the LiveOS takes place. Anyway if we presume that the LiveUSB would only be storing the LiveOS, then it would be one time write and then read for the rest.

Spiegel has something new:

http://www.spiegel.de/netzwelt/netzpolitik/israel-infiltriert-soziale-medien-mit-werkzeug-von-iai-a-989692.html

Israel monitors cloud services and it operates in social networks with sockpuppets. According to Israel,

“people must understand that they have to give up a part of their privacy. The question is just how big that part should be. About this, a public debate currently takes place. The question is how such a discussion should be held, if the important information has to be kept secret. It is not important that the population understands everything, or that they know all details of the secret operations. They just have to thrust the government”

Israel further says that the german internet provider Deutsche Telekom has its Innovation Laboratories “T-Labs” in in Tel Aviv and Be’er Sheva. “the entire field of cyber security in Israel came out of this project”….

Helping IDF in their attacks, a fine new hobby of BND…….

Meanwhile, the german army has plans to upgrade its monitoring of social networks:

We have trusted governments with high frequency but looking back at the history of humanity, we have actually been fighting numerous battles with each other because the small elite minority decides what gets done. Always reiterating the same mistakes we have made for centuries…

Maybe we can put it this way whereby “Cyber Security” is necessary in the eyes of the elite so that it prevents escalation of problems occurring in the majority to spread to the elite minority. How much true and real ITSec do the elites promote ? Very little. We have to develop our own Crypto community and our own ITSec standards whereas they usually kept quiet unless a FOIA comes in.

@Benni

I would be surprised, however, if the BND was not using such activity to spy on Israel. First world nations rely heavily on information from spies who use official cover, and it can be difficult to get them in there without such partnerships. Exactly as the US has done so with the BND…

Embassy employees are always going to be watched like hawks.

Nick P September 13, 2014 10:59 AM

@ Thoth

The elites mostly do their own thing with occasional meetings for shared objectives. Any actual planning seems to be done face to face under high security (eg Bilderberg). The execution of it can be done over untrusted communication mediums by merely referencing knowledge shared a priori. Also, they keep politicians funded and most of what they do is legal. So, it seems they don’t need INFOSEC as much as OPSEC. They simply don’t trust computers to keep secrets. Smart people.

Note: They also promote surveillance state for stability, among other things. High assurance INFOSEC enables individuals instead. Might lead them to oppose it for public at large.

@Thoth

“Maybe we can put it this way whereby “Cyber Security” is necessary in the eyes of the elite so that it prevents escalation of problems occurring in the majority to spread to the elite minority. How much true and real ITSec do the elites promote ? Very little. We have to develop our own Crypto community and our own ITSec standards whereas they usually kept quiet unless a FOIA comes in.”

The “elites”, is hard to define: you have people with money, people with money & power, and people with not so much money but a lot of power. In the middle case, for instance, you have the elites in defense contractor firms who run generals as if they are their agents. In the later case you have many governmental workers. And it can be noted that where they have power, but little pay… the obvious tendency there is for corruption. So they can use their power to get money. And the cycle continues. The government becomes increasingly corrupted and everyone in the party protects the corruption.

Further, the trend towards state sponsored espionage against not only their own people, but also foreigners who by no means any sort of legitimate foreign intelligence target is only bound to increase.

The many elites out there with money, but little to no power, basically are sheep just waiting for the wolves to take their money from them.

Further, companies are controlled by their government. They are often funded by them, and the government often is their biggest customer. Corrupt intel and law enforcement usually have a strong say over any contracts: they control regulations, inspection, and enforcement. They claim they want security, and they do to a degree, but it really is just an extortion racket to ensure that they have control over corporations directions.

Therefore, it is not at all in their best interest for serious startups to compete with the companies already under their control. And there is enormous amount of capability they have there to squash competitors.

These things said… there is a huge market demand for products which provide real security, security guaranteed to protect corporate and personal consumers against governmental control. But, where are these companies supplying these services and products? They are enemies of the state. Even the opensource ones. So, they get squashed.

News from Spiegel:

http://www.spiegel.de/netzwelt/netzpolitik/deutschen-telekom-nsa-und-gchq-haben-offenbar-zugang-a-991419.html

NSA has gained real time access to germany’s largest provider Deutsche Telekom by criminal means.

In an undated Document, the German providers Telekom and Netcologne are mentioned and visualized by a red dot. In an explanation to this picture, the document explains what the red dot means: Namely that within the network of these providers, there are access points for the technical surveillance.

The newly disclosed program Treasure map has the goal to map the entire internet. Not only on large internet fibers, but also on other parts of the internet, the NSA analysts can visualize single routers, and end point devices, like computers, smartphones, and tablets, in real time, if they are connected to the internet.

The goal is to monitor every device, everytime, according to a presentation that Spiegel publishes.

The program is a kind of google earth for the internet, and is used to plan computer attacks and for network espionage.

With Deutsche Telecom and the provider Netcologne, the internet providers Stellar, Cetel and Ibag are marked with red dits.

Confronted with the documents, Stellar IT head Ali Fares said they would contain company secrets and sensible information. In fact, a GCHQ document lists not only a line of employees as targets but it also contains passwords for servers from stellar clients. The Ceo Christian Steffen Says: “Such an attack is a crime according to german law”

Spiegel confronted Deutsche Telekom and Netcologne with presentations of the Snowden Slides. Both Companies have done investigations but did not find any suspect devices or network flows. “The access of a foreign secret service to our network would be completely unacceptable, says Deutsche Telekom security head Thomas Tschersich. We will investigate possible manipulations. Additionally, they have called germany’s federal police.

device September 13, 2014 1:36 PM

Bodhi Linux has died*

Stepping Down from Bodhi Linux Lead
Friday, September 12, 2014

• Not a security distro, but a popular one

device September 13, 2014 1:36 PM

Bodhi Linux RIP*

Stepping Down from Bodhi Linux Lead
Friday, September 12, 2014

• Not a security distro, but a popular one

Nick P September 13, 2014 1:48 PM

@ name.withheld
re this discussion

I see what you’re trying to do. Makes more sense now. Stay away from GPU’s though as too much complexity and patent issues. The hardware might be easier than you think for 10Gbps, though. This I.P. is small enough that you can fit 5 on the smallest Virtex6 FPGA, with closer to 40 (extrapolation) on a high end Virtex 6. And that’s two generations behind in FPGA tech. Shows you can drive plenty of ports with one FPGA or ASIC although I’m can’t say how many A.T.M. eASIC’s FPGA’s can be converted to Structured ASIC’s, too, to cut cost & power use later. My original router/switch designs were like yours a bit with a master chip directing little chips per board. Now, hardware is so powerful I’d just consolidate several on one chip, with the hardwiring still providing protection & separation.

The cool thing is you might use the same exact chip for all chips. You just do a one-time, irreversible configuration at the factory to tell it which functions to enable. You’d connect stuff to different pins, etc. Would mean non-logic-related verifications and mask-making would be done once instead of 2-4 times for different chips. It’s a trick I learned from RobertT. He says vendors do it all the time to keep costs down & it’s main reason for undocumented functions in chips: the products were all the same damned chip with a different label haha.

name.withheld.for.obvious.reasons September 13, 2014 2:18 PM

@ Nick P

If you look at my first post, then the second it gets a little clearer–you’ve done your own extrapolating I presume?

What I plan to do is rough up a draft that makes it clear–there is much to build both the NAP level and customer level switching nets. And, the telcos are running away from frame rely/switched voice line hardware as fast as possible–deploying all packet switch nets. I don’t agree with this for regulatory reasons (TDD/Low Income) and they want to be on the same loose footing as the cable, wireless, and fiber pukes. Instead of elevating the environment it is devolving…

WellWhatDoYouKnow? September 13, 2014 3:42 PM

The Future According To Stanislaw Lem

http://entertainment.slashdot.org/story/14/09/13/1713218/the-future-according-to-stanislaw-lem

“The Paris Review has an article about SF author Stanislaw Lem, explaining Lem’s outlook on the future and his expectations for technological advancement. Lem tended toward a view that technology would infect and eventually supplant biological evolution. But he also suggested an interesting explanation for why we haven’t detected alien civilizations: “Perhaps … they are so taken up with perfecting their own organisms that they’ve abandoned space exploration entirely. According to a similar hypothesis, such beings are invisible because technological ease has resulted in a ‘Second Stone Age’ of ‘universal illiteracy and idleness.’ When everyone’s needs are perfectly met, it ‘would be hard, indeed, to find one individual who would choose as his life’s work the signaling, on a cosmic scale, of how he was getting along.’ Rather than constructing Dyson Spheres, Lem suggests, advanced civilizations are more likely to spend their time getting high.””

Ordinary Agent Sachtleben September 13, 2014 4:22 PM

So FBI goons caught Dread Pirate Roberts when they noticed a leaky capcha. So far, so easy.

https://ia700603.us.archive.org/21/items/gov.uscourts.nysd.422824/gov.uscourts.nysd.422824.57.0.pdf

Then once they found his site, the government used it to try and scare everybody away from privacy services. They sent out extortion threats featuring choice FBI kiddie porn from the Donald Sachtleben collection to frighten away potential tormail users. They also hoked up a script to scare users (it didn’t nail me, or anyone else with a 3-digit IQ, it was just performance art.) “Half of all tor sites compromised,” remember that? Good times.

The US government doesn’t mind drugs. Drug sales fund CIA (ask federal judge R.S. Vance… oops, you can’t, he’s dead) The US government doesn’t mind pedophilia – it couldn’t survive without pedophile blackmail (google Lawrence King and Franklin scandal.) The only thing the US government interdicts is your right to privacy.

Americans never stormed their Stasi. They still grovel to it.

BoppingAround September 13, 2014 5:13 PM

Nick P,

re: Switzerland

Their baseline for privacy is also far higher than the U.S. It’s even built into their Constitution and culture.

Nick P September 13, 2014 8:54 PM

@ name.withheld

“What I plan to do is rough up a draft that makes it clear–there is much to build both the NAP level and customer level switching nets. And, the telcos are running away from frame rely/switched voice line hardware as fast as possible–deploying all packet switch nets.”

You building this stuff for them or for others to connect through their stuff? I doubt we will change their mind regardless of tech superiority. Go ahead and draft it up, though, as it could be useful in Intranets or metropolitan area networks even if telco’s don’t accept it.

@ BoppingAround

I don’t have something thorough for you. United States has issues like NSA collection, laws like the Patriot Act, FBI seizing stuff without charges, IRS freezing accounts, diminishing quality of much of commercial sector, race issues, etc with most citizens shrugging it off or even trying to justify issues. Switzerland is more like this. This is a country where people don’t ask about each other’s incomes, have expressions like “fences make good neighbors,” and reinforce it by voting it into their Constitution (which their courts actually enforce).

So, there seems to be some advantages. No guarantees they might not cooperate or even try stuff themselves. Just seems to provide a better baseline for personnel and legal security.

@Nick P

Go ahead and draft it up, though, as it could be useful in Intranets or metropolitan area networks even if telco’s don’t accept it.

Yeah… Like the telcos are will continue to be relevant in this new age of individual communications! 😛 Hilarious!

@Ordinary Agent Sachtleben

The only thing the US government interdicts is your right to privacy.

There are far more serious issues implicated in an industrial institution of interdiction (obviously left as an exercise for the reader) than mere privacy concerns…

No matter if you’re in Afghanistan, Albania, America, Argentina, Armenia, Australia, Austria, Azerbaijan, Bahamas, Belarus, Belgium, Belize, Bolivia, Brazil, Bulgaria, Canada, Chile, China, Columbia, Congo, Croatia, Cuba, Czechoslovakia, Denmark, Ecuador, Egypt, Estonia, France, Georgia, Germany, Greece, Guatemala, Hong Kong, Hungary, Iceland, India, Iran, Iraq, Israel, Italy, Japan, Jordan, Kenya, Kazakhstan, Laos, Latvia, Liberia, Lithuania, Luxembourg, Mexico, Moldavia, Netherlands, New Zealand, Nigeria, North Korea, North Vietnam, Norway, Pakistan, Panama, Paraguay, Philippines, Poland, Portugal, Romania, Russia, Scotland, Serbia, Sierra Leone, Somalia, South Africa, South Korea, South Vietnam, Spain, Switzerland, Syria, Venezuela, Taiwan, Turkey, Uganda, U.K., Ukraine, Uzbekistan, Uruguay, Yugoslavia, Zaire, or any others…

Please be aware of how you are treated by those who control your narratives!

P.S.: Libya’s not a ‘thing’ anymore, right..?

@Buck,
I like the country sample list 🙂 reminds me of:
AAAAAA…A: American, Australian…., Anti accronym And Abbreviation Abuse Association 🙂

@Wael

And there I was, bloviating about my own premature retirement…

Yet I could never admit that you haven’t been missed!

What can I say..? I suppose it’s an addiction of a sort! 😉

nobodyspecial September 13, 2014 11:27 PM

@BoppingAround

So you would like to open a bank account to deposit some gold?
I see it’s all in the form of gold teeth – no problem we won’t tell anyone.

@Buck,
Oh no! I am not retiring! I’m in my prime — Doc Holiday.
Was just enjoying the show. The subjects being discussed lately are not compatible with my style 😉 Besides, I have a bunch of things to “deliver” and it won’t look too good if I miss them and claim I have no time and then get caught with a lot of activity elsewhere 😉

Thanks for the kind words, almost brought a tear to my crocodile eyes 🙂

sena kavote September 14, 2014 12:50 AM

Making cybercriminals handle cryogenics

This is a small measure against small criminals operating with the internet. This is similar to having a really good stamp or printing papers with a rare kind of retro printer like IBM selectric.

Bigger web servicers, banks and agencies could prove that they are big enough by demonstrating ability to compute serial computations really fast with a processor that has so high clock speed that it needs really really cold liquids for cooling. Highest processor speed is about 8 gigahertz and it needed liquid helium.

The computation needs to be such that clock speed and serial speed can not be emulated by having huge parallel processing. How much time the computation should take depends on the distance and therefore ping between client and server. 2 seconds should be enough even from Europe to Australia or New Zealand.

If any person related to a relevant kind of cybercrime investigation has cryogenically cooled processor, it is a strong clue and possibly circumstantial evidence.

TLAs would have a reason to procure / make those ultrafast clock speed computers for their attacks, to be installed on buildings all around the world. That could be visible in public contract announcements and job ads seeking cryogenics technicians. Also, it is possible that helium leaks could be detected outside. If any NSA helium handlers leak to the press that they work there, it is clear for what kinds of attacks they are there.

@Thoth

Re: Protecting USB live distros from writing

What write pins?! I don’t think those exist in USB…

Is it possible to alter BIOS from OS software if “bios flash protection” is enabled in bios? Is this issue a reason to get freedom respecting BIOS?

Finding malware from Virtualbox execution state

Anyone know how to search the execution state saving files of Virtualbox for malware that does not try to put itself in non-volatile memory? Also, since the virtual machine process for guest OS seems to consist mostly of shared memory (when seen in a system monitor process list in the host OS), it seems that it would be easy to study from outside also when the VM is running. I think the easiest way to find malware in RAM of VM is to compare known clean execution state to new execution states with same software and files loaded. Differing memory segments can be sent to malware researches for further study. Is there any software for this that is suitable for layman virtualbox user?

@sena kavote
You can simply trust your BIOS and programs and hope they don’t have TLAs or you can verify something trustworthy. Generally the problem is with unaccountable writes than reads. If someone could quietly inject something without you knowing, it’s pretty much over.

Ordinary Agent Sachtleben September 14, 2014 8:02 AM

@Buck, Did not understand your comment, which sounds very helpful. Cannot complete the exercise: Is the point that so-called interdiction is actually always control? (e.g. CIA methods such as protecting specific narcotics traffickers in return for intel and a cut, or using domesticated pedophiles to set up honey traps for coercive recruitment?) Or something else? Kindly explain.

However, privacy is not mere. Destruction of privacy is a prerequisite for effective repression.

Here is the original long Spiegel article in english on NSA’s hack of large providers worldwide, with its project to map every computer, tablet, smartphone on the net in realtime.

Article comes with slides:

http://www.spiegel.de/international/world/snowden-documents-indicate-nsa-has-breached-deutsche-telekom-a-991503.html

“SPIEGEL also contacted 11 non-German providers marked in the documents to request comment. Four answered, all saying they examined their systems and were unable to find any irregularities. “We would be extremely concerned if a foreign government were to seek unauthorized access to our global networks and infrastructure,” said a spokesperson for the Australian telecommunications company Telstra.”

“The classified documents also indicate that other data from Germany contributes to keeping the global treasure map current. Of the 13 servers the NSA operates around the world in order to track current data flows on the open Internet, one is located somewhere in Germany.

Like the other servers, this one, which feeds data into the secret NSA network is “covered” in a data center.”

Here is a video showing how german engineers react after hearing they are targeted by NSA:

http://www.spiegel.de/video/nsa-und-gchq-hoeren-telekommunikationsunternehmen-ab-video-1521456.html

and here are the slides (I can not find anything on Telekom in the treasure map slides, but perhaps Telekom does not want that to get public):

I find it disgusting that they have a “Cooperative association for Data Analysis” with the University of California, San Diego

@Ordinary Agent Sachtleben

You can’t ‘complete’ the exercise… Any evil acts that you think of have probably already been considered by someone else. But those are a couple possibilities!

Re:Comcast

## I have no idea of what Comcast is but was first sceptical abt it, thought someone was running a Exit Node, however seems not to be the case.

Then I found this excellent remark on Reddit, still laughing.
“I don’t fucking know what TOR is but I’m sure as hell they are doing something right if Comcast hates them.”

Cheers

Nick P September 14, 2014 12:00 PM

@ Clive Robinson

I appreciate the link given that I’m a Comcast user that was about to be playing with TAILS LiveCD again. You might have spared me a fight with their very dedicated (to them) customer service reps.

I think this treasure map slides are funny with NSA saying
“The bad guys are everywhere, the good guys are somewhere” or
“The whole is more than the parts”
“Continual generation of global internet map. Its huge”
“Commercially purchased Data Sources: Akmai, Socialstamp, Seasideferry”
“Jollyroger: Provides metadata that describes networking of TAO implanted Windows PC’s
“IPGeoTrap” Provides geolocation for IP adresses/ranges”
“Cisco discovery protocol”
“Individual adresses related by a common attribute: Tor routers, Hide IP proxy servers, Infected Hosts, sources: Currently tor router advertisements”

Jim Hawkins September 14, 2014 1:01 PM

Operation Treasure Map provides an additional motivation to buy an air-gapped computer that never touches the internet.

A growing pool of air-gapped computers could then be linked into a collection of slow shadow networks by using DVD’s to carry data through the mail to participating nodes. For example, family members sharing vacation videos.

My parents don’t have an air-gapped machine yet, but by this time next year they might.

name.withheld.for.obvious.reasons September 14, 2014 1:09 PM

SUNDAY COMMENTARY ON EO 12333

From the office of the President, George W. Bush, is a set of rules that assert the authorities of the Executive and define the methods to carry out obligations in law and statue. What one can extrapolate, from even a cursory analysis, is the scope of the EO’s self authorized surveillance and the number of layers and mufti-point data collection (the siphon). In other words, the two dozen executive departments and agencies are all charged with collection AND retention of data that touches their doors irrespective of their role in intelligence gathering.

I only commented on portions of the EO, I leave it to the reader to “interpret” or “understand” where
the problem(s) lay.

From the title and section 1:
…Executive Order 12333 PART 1 Goals, Directions, Duties, and Responsibilities with Respect to United States Intelligence Efforts

This statement dances around the concept of DERIVED AUTHORITY.

(b) The United States Government has a solemn obligation, and shall continue in the conduct of intelligence activities under this order, to protect fully the legal rights of all United States persons, including freedoms, civil liberties, and privacy rights guaranteed by Federal law.

This clause is orthogonal to the structure of U.S. law, the Constitution is structured by “ENUMERATED” rights and not interpretations of the governments role in “ENFORCING” rights. The word “freedoms” in this clause is over the top–liberty is inherint by birth–liberaties are not derived or authorized by any role or sanction given government. The government is not to infringe on our liberties–don’t tread on me.

1.6 Heads of Elements of the Intelligence Community. The heads of elements of the Intelligence Community shall:
(a) Provide the Director access to all information andintelligence relevant to the national security or that otherwise is required for the performance of the Director’s duties, to include administrative and other appropriate management information, except such information excluded by law, by the President, or by the Attorney General acting under this order at the direction of the President;

Additionally, the subsequetn clause sets restrictions by “negative statutory” law–this is pernishish in government today–standing in direct contradiction to the basis of constitutional law. THIS IS SELF DERIVED AUTHORITY

(b) Report to the Attorney General possible violations of Federal criminal laws by employees and of specified Federal criminal laws by any other person as provided in procedures agreed upon by the Attorney General and the head of the department, agency, or establishment concerned, in a manner consistent with the protection of intelligence sources and methods, as specified in those procedures;

(c) Report to the Intelligence Oversight Board, consistent with Executive Order 13462 of February 29, 2008, and provide copies of all such reports to the Director, concerning any intelligence activities of their elements that they have reason to believe may be unlawful or contrary to executive order or presidential directive;

(d) Protect intelligence and intelligence sources, methods, and activities from unauthorized disclosure in accordance with guidance from the Director;

(e) Facilitate, as appropriate, the sharing of information or intelligence, as directed by law or the President, to State, local, tribal, and private sector entities;

(f) Disseminate information or intelligence to foreign governments and international organizations under intelligence or counterintelligence arrangements or agreements established in accordance with section 1.3(b)(4) of this order;

(g) Participate in the development of procedures approved by the Attorney General governing production and dissemination of information or intelligence resulting from criminal drug intelligence activities abroad if they have intelligence responsibilities for foreign or domestic criminal drug production and trafficking; and

(h) Ensure that the inspectors general, general counsels, and agency officials responsible for privacy or civil liberties protection for their respective organizations have access to any information or intelligence necessary to perform their official duties.

1.7 Intelligence Community Elements. Each element of the Intelligence Community shall have the duties and responsibilities specified below, in addition to those specified by law or elsewhere in this order. Intelligence Community elements within executive departments shall serve the information and intelligence needs of their respective heads of departments and also shall operate as part of an integrated Intelligence Community, as provided in law or this order.

THE BUREAU OF INTELLIGENCE AND RESEARCH, DEPARTMENT OF STATE; THE OFFICE OF INTELLIGENCE AND ANALYSIS, DEPARTMENT OF THE TREASURY; THE OFFICE OF NATIONAL SECURITY INTELLIGENCE, DRUG ENFORCEMENT ADMINISTRATION; THE OFFICE OF INTELLIGENCE AND ANALYSIS, DEPARTMENT OF HOMELAND SECURITY; AND THE OFFICE OF INTELLIGENCE AND COUNTERINTELLIGENCE, DEPARTMENT OF ENERGY.

The heads of the Bureau of Intelligence and Research, Department of State; the Office of Intelligence and Analysis, Department of the Treasury; the Office of National Security Intelligence, Drug Enforcement Administration; the Office of Intelligence and Analysis, Department of Homeland Security; and the Office of Intelligence and Counterintelligence, Department of Energy shall:

(1) Collect (overtly or through publicly available sources), analyze, produce, and disseminate information, intelligence, and counterintelligence to support national and departmental missions; and
(2) Conduct and participate in analytic or information exchanges with foreign partners and international organizations in accordance with sections 1.3(b)(4) and 1.7(a)(6) of this order.

Slime Mold with Mustard September 14, 2014 1:14 PM

Clive’s link (Re: Comcast) is infuriating!

I live in a little town where Comcast is the only high speed provider. My other options are dial-up or satellite. I use TOR. I have not been contacted. Actually, if I see “Comcast” on my caller ID, I don’t pick up the phone – my household is the target of endless telemarketers – and having a ‘prior business relationship’ allows them to try to sell me all their other crap.

I pay $85 a month for the privilege of having them snoop on me. The terms of service, which I find draconian, http://www.comcast.com/Corporate/Customers/Policies/HighSpeedInternetAUP.html (Defamatory? “The governor is a crook” in my state, it’s a given – and obscene? They’re blocking porn now?) have changed since I signed up. The way they get away with this, is of course, by paying off the local politicians when we first had cable TV strung twenty years ago. I’m certain they have moved up to K Street in Washington, and being cozy with Fort Meade. I’m going to keep using TOR, and I will raise holy hell if they (Comcast) say a word. I’m involved in local/regional politics – I don’t have pay-off money, but I do have favors to be called in. On p. 15 of http://www.spiegel.de/media/media-34756.pdf , GCHQ say that they are spying on the german company Siemens. Like Snowden suggested earlier in an interview:”If Siemens has information that are useful for the national interests of the united states, but which do not have anything to do with national security, then they take this information nevertheless”. http://www.sueddeutsche.de/politik/edward-snowden-im-ard-interview-snowden-beschuldigt-usa-deutsche-firmen-auszuspionieren-1.1872619 Additionally, the file mentions on p. 26 that they spy on the Munich internet provider M-net and the german internet provider Versatel. Versatel operates a fiber network in germany. But this is a domestic provider. M-net is even smaller. The company just operates in the Munich area…. I live in this area. It is the most secure city in germany. No terrorists there, as far as I know. But there are lots and lots of companie. And there are vast research institutions. Many engineers and scientists to spy on. BoppingAround September 14, 2014 2:05 PM Benni, It is the most secure city in germany Is it secure as we here mean it or is it a security theatre? What measures are being undertaken to ensure that security? “Is it secure as we here mean it or is it a security theatre? What measures are being undertaken to ensure that security?” This statement was regarding to the occurrence of criminal activities. A person living in Munich has the lowest probability that he/she is victim of a crime. http://www.n-tv.de/panorama/Muenchen-ist-am-sichersten-article10630566.html So NSA can absolutely not justify spying on domestic internet providers in Munich by invoking arguments like “there would be a large Muslim community with connections to Al-Quaida or the IS”. In other parts of Germany, in cities like Bonn, this argument would work. According to germany’s domestic intelligence, in North Rhine-Westphalia, there live 1800 extremists of an Islamic sect that often sends its members to Syria, with most people of this sect living around Bonn: http://www.fr-online.de/syrien/deutsche-islamisten-kaempfen-in-syrien-wild-aufs-toeten,24136514,27299710.html According to police criminal statistics, people living in Bonn have the highest probability to become victim of a crime. All this is not the case in Munich. We do not have terrorists there. Instead, Munich is full of business people, engineers, and scientists. For example, there is a neutron source operating in Munich. It is working with enriched Uranium, exactly the kind of reactor that Iran wants to build… Spying on terrorists is no excuse for the NSA to target the domestic internet providers of the area around Munich, the city with the lowest crime rate in entire Germany…. Anonymousse September 14, 2014 3:24 PM @Slime Mold with Mustard (and others): I wonder if my always-on, router-based VPN will get me one of those phone calls from Comcast. Will contact the EFF if/when it does. Regarding spam phone calls, I recently turned on https://www.nomorobo.com/ It’s basically a free, crowd-sourced anti-telemarketing service — which ironically blocks Comcast’s sales calls even if you use their VoIp. Caveats: • It’s FTC-approved • I don’t know who’s funding it. The creator’s site is one (non)page, with no phone number. http://telephonescience.com/ • Their privacy policy is typically vague, e.g. “We implement a variety of security measures . . .” • I’m granting NoMoRobo permission to see all of my incoming calls to evaluate them, but… even given all of that, the way I see it tel service providers (and LEAs) already have all my metadata and then some, so there is no additional harm in using it against telemarketers. Others’ more informed opinions on the service are requested. Please educate me if I’m missing something. Wesley Parish September 14, 2014 9:27 PM Some Israelis with a conscience: ‘Any Palestinian is exposed to monitoring by the Israeli Big Brother’ Testimonies from people who worked in the Israeli Intelligence Corps tell of a system where there were no boundaries http://www.theguardian.com/world/2014/sep/12/israeli-intelligence-unit-testimonies Israeli intelligence veterans’ letter to Netanyahu and military chiefs – in full Read the letter from 34 reserve soldiers who have served in Unit 8200 explaining why they refuse to serve in Palestinian territories http://www.theguardian.com/world/2014/sep/12/israeli-intelligence-veterans-letter-netanyahu-military-chiefs Israeli intelligence veterans refuse to serve in Palestinian territories Innocent people under military rule exposed to surveillance by Israel, say 43 ex-members of Unit 8200, including reservists http://www.theguardian.com/world/2014/sep/12/israeli-intelligence-reservists-refuse-serve-palestinian-territories And some without: IDF spokesperson: Discipline of Unit 8200 refuseniks will be sharp and clear Army spokesperson responds to letter of conscientious objection sent by 43 mid-rank soldiers and officers, says no room for refusal in IDF. http://www.haaretz.com/news/diplomacy-defense/1.615674 I concluded around about the mid-nineties that a society that held the powers of life and death over a population that could not contest that through some contestable court of some sort, was not a democracy, no matter how much it boasted of its institutions. It resulted from a prolonged study of colonialism resulting from imperial expansion. True of African-Americans under Jim Crow, Australian Aboriginals under various Protectorates in Australia before granting of citizenship, South African Bantu under Apartheid, religious communities under Soviet Communism, Palestinians under Israeli occupation … Nick P September 14, 2014 9:42 PM @ Gerard It was an interesting link and approach. It also linked to a series of posts on Ocaml TLS. I found their ASN.1 post interesting. @All Comcast victims The best way to halt Comcast dead in it’s tracks is to simply hop services en-mass 🙂 . They need to learn what is good customer relationship and integrity of their work. @Nick P, Clive Robinson, Cryptographers & Security researchers Besides using custom non-TLA’ed hardwares and thermite rigged traps, would it add to transport layer security if some form of oblivious and cryptographically secure covert channel KEX and COMSEC protocol tunnel that can be hidden in common protocols ? Most protocols would have it’s header plain open where a sniff would detect the protocol’s existence but if it is hidden in common protocols, it will be much easier to hide the existence of the use of a protocol. Most cryptographic protocols are pretty much cryptographically secure but their existence are easy to detect since no one made an effort to hide their existence and it can be dangerous to reveal existence of the attempt or actual use of secure channels in a hostile environment. The usual setup for a cryptographically secure oblivious covert channel would negotiate for a key exchange using covert and oblivious flag that cannot be replicated again in the event the requester comes from a malicious party in an attempt to reveal the existence of such channels using the same tools. The service initialization would include key exchange which would happen over a set of oblivious and covert flags that must be proven in a cryptographically secure manner instead of simply parroting flags all over the place. After a key exchange, a set of hopping tables would be exchanged that would allow swapping of channels and also ports (just like the military manpack set). This initialization would have overheads and would be a little more tedious but once the keys have been shared and the hopping tables secured, users would be allowed to fall back onto their favourite secure protocols but with a modification that would support the oblivious and covert channel function (Tor without the usual Tor header but with oblivious properties and done over covert channels with hopping functions and so on). Currently there are no such protocols and the need is in high demand. paranoia destroys ya September 15, 2014 12:35 AM One cost of security theater. How much has the NSA (and similar agencies by other countries) spying on the general public in the name of fighting terrorism diverted resources away from being aware of the current situation in the Middle East earlier? Gerard van Vooren September 15, 2014 3:26 AM @ Nick P From what they write about the OCaml TLS implementation you have to conclude it is serious. They have convincing arguments (such as LOC and security). I have to admit however that I don’t know OCaml and have problems understanding the code samples. Returning to reSSL and specific goreSSL (without talking about the Go code), what I like about this approach is three parts: 1. The API has only 26 functions and two data types, which are only declared in one single header file (ressl.h). This simple interface (32 LOC!) is the only thing the enduser gets to see when using reSSL or goreSSL. So it is a piece of cake for the end user. The safe by default settings helps avoiding messing up too. 2. goreSSL looks a bit like a microkernel approach. Since the backend is an executable running in a separate process (thumbs up) and the communication is with pipes, replacing the backend is easy too. 3. This approach, when extending a bit, could end up with a set of state machines that are doing one thing only and doing it well. As I said before, I like it! name.withheld.for.obvious.reasons September 15, 2014 3:50 AM @ Thoth would it add to transport layer security if some form of oblivious and cryptographically secure covert channel KEX and COMSEC protocol tunnel that can be hidden in common protocols ? No and Yes, Encapsulation at the transport layer would likely be discoverable just by traffic examination and to have a chance of staying “under the radar” the point to point data rates would need to be throttled. Routed traffic under this scheme is the most vulnerable to discover. Now if a two stage approach, kind of a layer two VPN with invocation protection scheme, this could address some of the weakness to this approach. Edge provides like an ISP or telco will not likely embrace a secure trunk/link/station at say a colocation. Buf, if what you are trying to do is provide a bastion (or a Tor like) service to your buds, coworkers, or colleages I offer the following: Back the late 90’s I came across a “blue light” special. A client workstation invokes a sessionless connection to a remote server, the auth/handshake consists of challenge/response (method not important) and passes a session key in a cookie via the browser. The negotiated encapsulation (could be any number of key-based methods) is managed at the application layer when the kernel on the server invokes a secured service (the kernel app exec loader, modified to invoke proc space/code using a cryptographically generated exec stub as part of the session instantiation) and client talks to that service using HTTP. I’ve seen a whole network layer encapsulated in this manner–and the story behind that one–it’s priceless. The only issue is how well either end point is managed–but–typically only the breached host (one side) is compromised. There is little in the way of extrapolating the other session end by way of code penetration. Here is an example of how it worked (using PGP for a generalised approach that many can understand). This is oversimplified but it makes the point I think (remember, part of the process I am summarising included modified kernels for exec loaded as an for a local in core binary with an encrypted exec header): 1. Client generates a key pair and publishes (PUBKEY) it to the remote connection server. Client is also passed the servers public key. 2. Client initiates conversation via a browser (here’s the weakest link) and negotiates a secured session using KEYMAT from step one in much the same way PGP non-repudiation and data exchange is done, only in this case the app layer, the encrypted data is for session/transport layer data. 3. The two end points the negotiate a protocol (could be sessionless and even multiple transport types) and optionally use a randomly selected well known protocol. 4. Again, using the KEYMAT from step one, the two end points encrypt the in transit data; on send is use the other end’s pub to send and vis-a-versa. The problem with this type of approach is it would likely fail as a transport replacement for all since adoption would probably require proxys to service clients for general use cases–kinda of like a TLS/ESMTP email transaction going from server to server. Andrew_K September 15, 2014 4:03 AM @Jim Hawkings, regarding the idea of a slow-communication network Sounds like a very interesting idea to me, I would really like to participate in an experiment on such a matter. Doing this large-scale will get really interesing. If persons frequently traveling the country (commuters, train/bus personnel, truckers) join the project… Yee-Ha, we’re reinventing the Pony Express. Unfortunately, once established its just a matter of time until it will be used to transfer incriminating files (child porn would be a classic) and everyone related to the project will face prosecution. @Benni, regarding the treasuremap operators Altough I understand the tempting urge to show faces of those engaged in this kind of operation, I don’t think pilloring operators (altough providing sweet relief) changes anything in depth. It’s not as if someone revealed the identity of a perpetrator who can now be brought to justice. And please, pretty please, Internet community: Do not try to take revenge on them by relevating as much as possible on their lives. It will lead to nothing aside from ruining some peoples lifes. If privacy shall be respected, it must be respected for everyone, as hard as it is. That’s the deal with constitutional acting. There is a probably reason, Snowden did not leak lists of NSA employees or -agents, altough he might have had access to such information. Responsibility. After all, Snowden did not intent to hurt the US in the first place. Also keep in mind: Theese people are not the ones deciding anything. I’m most sure that they will face disciplinary punishment for disclosing this piece of information. Heck, theese posts examplify the kind of carelessness that costs lifes in military operations. Aside and very interesing thing: One of them also lists Wireshark. I have a survey question, after reading the Post of Nova: If Microsoft, Google, Facebook, YouTube, Skype, AOL, and Apple would move completely to e.g. Germany and would trade their shares on Germany stock exchange, would this increase privacy of their customers (e.g. because they wouldn’t need to comply to National Security Letters and other laws in Germany)? Andrew_K September 15, 2014 6:22 AM @T!M: Only on the surface, I’m afraid. Yes, there would be an enormous amount of regulation regarding information security in some countries, e.g. in Germany. But that would work exactly until they get coersed. Either NSA & Co will coerse the persons working at the companies. Or they will ask the other country’s services for brotherly help. Tell me, which intelligence won’t take the chance to have a favor to call in at NSA? And subsequential to that, I don’t know a country without a law allowing intelligence to access everything in communication somehow. I leave aside how well that serves some of these companies’ business models. @name.withheld.for.obvious.reasons I think the method I mentioned above could be used to locate some form of covert hosting server(s). Probably some kind of index nodes of sorts and then after that switch channel to main secure traffic. As you said, for sustained communications, web traffic must look really convincing otherwise it can be detected. My idea is to use a common protocol like HTTP/S to find some form of covert index of hidden services and channels and once exchanged, to switch to other encrypted communications. The oblivious part would be only for a short burst to get the list of hopping tables and shared keys. Maybe an example is a hidden index server running on a modified stock Apache and under the index it has some other hidden secure node based network like Tor but it does not require starting headers between the nodes to communicate. The main point is to try and remove headers in encrypted communication between nodes so that malicious router can only see random bitstreams whereas in oblivious index servers the malicious router can see the HTTP/whatever protocol and it has to be as hidden as possible. Once the malicious router sees random bitstream flowing around with no headers, it will be hard to decipher other than observe and do measurements on the random looking bitstream. Of course this is not fool proof as the malicious router can be one of the untrusted nodes and realize the HTTP/whatever protocol before that might be an oblivious signal but there is nothing to proof it is an oblivious index server. Probably the traffic between the malicious/benign client accessing the malicious/benign index server might include rounds of route and message flow obfuscation by randomly accessing pages, delays and all that to try and delink potential client to index server to hidden nodes access. Some very crude oblivious communications I attempted but without substantial algorithm yet as I have not decided much. Just some high level structure flow. https://www.schneier.com/blog/archives/2014/08/the_security_of_9.html#c6676957 Things like node discovery and so on have not been thought through in greater details yet. It is all still rather rough around the edges. @ Andrew_K You are right and the German BND worked (and still works) together with the NSA for “brotherly help”. And that the NSA and GCHQ hacked the main telecommunication systems in Germany (e.g. TAT-14) long time ago is publicly known, too. Any player of this game would take the chance to play on the winners side, but I still think that the German goverment isn’t ready for extreme orders (like the US goverment did in the past and maybe Mr. Obama would today). Maybe I’m just naive enough to believe, that the German Government and security related institutions (like the BSI) are really interested in helping the German industry and citizens not to be spied on. Actual there has formed a big new community called “Allianz für Cybersicherheit” (=alliance for cybersecurity) and any company can participate and has access to interesting documents and advanced training (for free!) to improve the own company security. Without the higher security awareness of the goverment this alliance wouldn’t exist. I have chosen my words with care and used “increase privacy” instead of maximum (or 100%) privacy, because I am not naive enough to think, that NSA wouldn’t be able to get access. My thought was, that it would be harder in some way. If they would coerce the right employee they would get what they want, but maybe it’s no real-time information anymore and this would be a success from my perspective. Thank you for sharing your opinion. Pretty Easy Privacy – A front-end for PGP/GPG and different email clients. Clive Robinson September 15, 2014 8:24 AM @ Thoth, … would it add to transport layer security if some form of oblivious and cryptographically secure covert channel KEX and COMSEC protocol tunnel that can be hidden in common protocols ? They miare, but they are at way to higher abstraction level to say, there are without knowing the strength of what they are reliant upon… There are three problem areas that we need to address first, 1, Entropy – gathering and usage. 2, Leakage – of information / KeyMat. 3, KeyMat – generation, storage, distribution, destruction, audit. Each of these are masive problem areas that we have not even started to think about resolving in any meaningfull manner. I could go produce a massive list of issues, but it would be pointless because we don’t know enough to know if it would be either anywhere near compleate, or does not open other issues… However, consider KeyMat generation requires a “reliable” –what ever that means– source of entropy. Let’s assume you decide to use dice-ware to find a key and seed for a crypto algorithm in CTR mode. How do you know the dice are not loaded, or you are not under serveillance when you roll them, or the method you use to convert the die values to binary values are not biased etc? What about the cipher in CTR mode implementation, how do you know it does not leak either the counter value or key value? Further consider what you would need to do to prevent any of these and many others issues. Then there is the issue of getting initial KeyMat between two parties. How do you prevent man in the middle, or other impersonation issues? It’s a very real “down the rabbit hole” issue. But an interesting question that few people ask is, “How do two people that are assumed to be being watched, get to initiate communications in a secure way, without leaking the fact they have had contact?”. Compared to these issues higher level protocols for established issues are comparatively easy to resolve. name.wiithheld.for.obvious.reasons September 15, 2014 9:10 AM A simple example demonstrating the “unlawful” use of legislation (under the color of legislative authority) is the unconstitutional authority granted by congress to use the instruments of war WITHOUT declaring war. First, all authority held be the legislature, executive, and court(s) is enshrined by constitutional law. Statutes are inferior to constitutional law and statutes cannot infer any authorities not held/enumerated constitutionally. No legislative body, President, or Supreme Court judge can grant itself or any other branch new authorities. Congress however has more than once granted authorities outside the context of constitutional authority. The War Powers Act is a perfect example. Constitutional law rests the authority to declare war (no mention of AUMF) to congress–PERIOD. Congress passing by statute the authority to the President of war is a breach of constitutional authority. The congress cannot for example empower the courts to collect or make tax laws because the constitution vests that authority with the congress. In other words, authorities are explicit–not implicit and/or transferable. The tenth amendment makes ANY authority not enshrined in the constitution UNLAWFUL. No statute can render this authority lawful. If the authority for any branch does not exist, it cannot inherently accord that authority to its self or any other branch. In the AUMF, congress has given itself and the executive explicit authorities that are not authorized constitutionally. Based on the argument that since congress has the power to declare war, then it has the authority to give the authority to use military force. 1.) Congress authorized to Declare War 2.) Congress has authorized the executive, a new authority, to use military force 3.) AUMF is not equivalent to the Declaration of War 4.) Based on aforementioned and the authority self ascribed by congress–the logic could be extended allowing congress to AUTHORIZE THE USE OF RASBERRY PIE. 5. Constitutional law does not allow abstraction regarding authorities–the 10th amendment explicit clamps the hands of legislatures from granting authorities without amending the constitution. taxes.withheld.per.the.Santiago.Declaration September 15, 2014 12:00 PM “Constitutional law rests the authority to declare war (no mention of AUMF) to congress–PERIOD,” COMMA, and, by Article VI, authority for use or threat of force, war or no war, is reserved to the UNSC under this supreme law of the land, https://www.un.org/en/documents/charter/chapter7.shtml which US government security parasites spend their lives evading. When they lose the next big war we shall hold them to account for the crime of aggression with Ceaușescu-style recourse to the method. That’s what it’s going to take. mike~acker September 15, 2014 12:42 PM Amazon Shopping Cart Hack ? Today, ordering an item on Amazon I found an item in my shopping cart that Ihad not looked at nor would ever be interested in. naturally: immediate password change. the Win/7 computer i was using was up to date on the latest msft patches and protected with Norton/360. I suspect sql injection or script injection was applied against one or more of the sellers amazon partners with. Googling for “amazon shopping cart hack” found some similar stories. Clive Robinson September 15, 2014 2:12 PM OFF Topic : Is Micosoft just greedy or are they after your younger childrens communications for one reason or another, http://recode.net/2014/09/15/after-selling-out-to-microsoft-minecraft-and-its-founder-write-the-worlds-best-press-releases/ For those that don’t know Minecraft, is inordinately atractive to those of a creative mindset, and it has been touted as “making CAD fun for kids”. As has been suggested by one or two cynics 2.5Billion is cheap for access to all those children… The question no doubt will be how the sum is comprised and if all cash where Micro$haft got the cash from…

BoppingAround September 15, 2014 2:28 PM

mike~acker,

I recall some sort of marketing dodge where Amazon would add ‘recommended’ products to your purchase selection based on the product you’ve chosen. Any chances this is the case?

Tony H. September 15, 2014 2:37 PM

@Jonathan Wilson
“I suspect its unlikely that the government could have actually fined anyone for not handing over data under PRISM since in order to fine them they would need to reveal the existence of PRISM in the first place.”

That kind of assumes you can’t have a secret trial with secret charges, secret evidence and secret punishment. All of which you can have in the UK.

Was telling the nice broken attwifi support guy my Mac address when asked, a dumb thing to do? And should he have been willing to tell me what the problem was, beyond “a lag” and “it’s proprietary”, when I asked what problem he had found?

Clive Robinson September 15, 2014 5:07 PM

OFF Topic :

As we know facial recognition software is improving, but just like humans it can see faces that are not there, such as in the clouds,

http://ssbkyh.com/works/cloud_face/

I’m not sure if this is good or bad news, either way it indicates that the software can be deceived which opens up posabilities 😉

If you were in an internet bubble, online, how could you know it?

juippi September 15, 2014 6:37 PM

Not sure if these are the authentic binaries though(?)…anyway below page has following files for downloaD:
– FinFisher Relay v4.30
– FinSpy Proxy v2.10
– FinSpy Master v2.10

absinthe September 15, 2014 6:44 PM

Those FinFisher binaries could be useful for checking if your AV recognizes them (or not)…

…assuming they are the real deal…

Ventures such as this may prove fruitful for those who care & are so artistically inclined:

Hieroglyph: Stories & Visions for a Better Future

This anthology unites twenty of today’s leading thinkers, writers, and visionaries — among them Cory Doctorow, Gregory Benford, Elizabeth Bear, Bruce Sterling, and Neal Stephenson — to contribute works of “techno-optimism” that challenge us to dream and do Big Stuff. Engaging, mind-bending, provocative, and imaginative, Hieroglyph offers a forward-thinking approach to the intersection of art and technology that has the power to change our world.

http://hieroglyph.asu.edu/book/hieroglyph/

Happy dreamin’!

sena kavote September 16, 2014 3:39 AM

RE: Big sneakernet

@Jim Hawkings

There is a reason maybe more significant than privacy and security. (Having other reasons for security improving things increases security) Many people have slow internet or just mobile internet with small transfer limits. One tiny microSD card holds 32GB, and one postal letter, or one carrier pigeon or one quadcopter or one hand launched drone can hold plenty of those tiny objects. Just one carrier pigeon can be calculated to have huge bandwidth / transfer rate within 100Km.

Fixed wing drone has better range and speed than a same size quadcopter, but can’t land and then takeoff automatically in most places, unless there is a suitable straight, flat and paved mini runway. That kind of drone could instead transmit data by short range super high speed transmission like wifi 2.4, 5, and 60Ghz wgig radio and free space optical while circling around the receiver. Combining these could give 10Gb/s speed. If the free space optical data transmission works by having LEDs flicker on as many wavelenght bands from blue light to near-infrared as there is optical filters, then the data drone is also usable as illumination device.

Carrier pigeon has at least one advantage compared to drones: No regulation anywhere, or the regulation relates to keeping animals, which is completely different part of government that is not poisoned by same influences that poison infosec.

If large numbers of people send and receive many microSD cards, it has similarities with recycling bottles. The receiver becomes temporary owner of the vessel holding the data. When that “databottle” is sent forward, there should be some light guarantee of getting the price back. But bottles are easier to inspect than chips, and writing degrades flash eeprom, and I don’t know that there are any SD cards that track how much they are written to. If such use-tracking flash chips come, there is infosec questions about forgery of the write numbers.

Also, a massive peer to peer mesh network sneakernet needs a software that allows to just connect 3 or more storage media to a computer and then, based on metadata, the pieces of data get automatically allocated / routed to correct media that get sent to different places. Also, some data gets to hard disk, some can jump to internet and some can jump to a local mesh network.

WhatDidTheyKnowThen? September 16, 2014 11:15 AM

To quote a friend:

“How many times must Houdini prove himself?”

in reference to this

http://www.newyorker.com/news/daily-comment/twenty-eight-pages

which contains:

|”There’s nothing in it about national security,” Walter
| Jones, a Republican congressman from North Carolina who has
| Administration and its relationship with the Saudis.”
| Stephen Lynch, a Massachusetts Democrat, told me that the
| document is “stunning in its clarity,” and that it offers
| direct evidence of complicity on the part of certain Saudi
| individuals and entities in Al Qaeda’s attack on America.
| “Those twenty-eight pages tell a story that has been
| completely removed from the 9/11 Report,” Lynch maintains.
| Another congressman who has read the document said that the
| evidence of Saudi government support for the 9/11 hijacking
| is “very disturbing,” and that “the real question is
| whether it was sanctioned at the royal-family level or
| beneath that, and whether these leads were followed
| through.” Now, in a rare example of bipartisanship, Jones
| and Lynch have co-sponsored a resolution requesting that
| the Obama Administration declassify the pages.

sena kavote September 16, 2014 1:38 PM

Re: camouflage / display

@vas pup

If I were told about that tech only from a physics / chemistry point of view without mentioning anything about uses, I would have guessed that it is for some e-reader or outdoor still picture ad display.

There is something wrong with that focus on possible military use. As if most of government is banned from inventing anything civilian, and they have to give excuses about war use if they do so. I don’t know how to interpret this.

DVD-RW rewritable DVD is kind of active camouflage if a tank is covered with that material and then a laser beam from other tank “paints” a temporary pattern on that. If there is material with better contrast than what is needed for the very special demands with DVD-RW, this kind of laser painting might work with extreme low framerate displays.

Clive Robinson September 16, 2014 4:40 PM

@ vas pup,

The problem with the system as described is it runs at a temprature well away from ambient, which means it wil be easy to spot with a standard thermal imager.

All “invisability” or “cloak” technology I’ve seen sofar suffers from easily spotable defects. Such as it only works in a narrow spectral bandwidth, it radiates energy, or it’s transmission and/or reflection values give it away. Further a lot of systems cannot solve the viewing angle or edge issues.

But camouflage is not actually about making something invisable, it’s about changing the objectscharecteristics such as the old “Shape, Shadow, Shine, Silhouette, etc” soldiers get told about in basic training, such that whilst the presence of an object is detectable little or no information about it makes it show up as an object of interest, thus it is either overlooked or ignored.

In practice making something “invisable” is as near to a pointless endever as you can get. The object you are trying to conceal has a physical presence that is different to the “transmission channel” it is in. That is it has a different dialectric or conduction charecteristic across the entire channel bandwidth. Such a difference will be detectable by the way it effects an EM signal, which means it’s presence can be detected rather more easily…

In the UK the did try a “fiber optic billboard” system which in essence was two flat panels that held the fiber optic cable ends, and the cable bundles went from one panel to the other, and you could put a truck or tank in-between the two panels. Whilst it showed a small amount of promise it had to many insurmountable isses, just like the “Tank force field” system which used electro statics to deflect the plasma of burning explosives…

the german government wanted to make all contractors sign a no spy agreement that forbids the companies to give information about their projects to NSA:

https://netzpolitik.org/2014/ist-der-no-spy-erlass-von-bund-und-laendern-rechtswidrig/

Now some company as sued the german government because of this. Result: The new german law contradicts European european law and is therefore null and void (Unfortunately, the name of that company which eagerly wants to feed NSA with german data is not disclosed….)

Since 2008, NSA has found a new hobby: Hacking the german state police department LKA.

At least LKA complained 2008 that they could have been hacked through a police database software that an NSA front company sold to them https://netzpolitik.org/2014/syborg-informationssysteme-lausch-systeme-von-der-saar-fuer-die-welt/

Selling software to police departments is not new for these agencies. BND tried to sell its own package to europol years ago; http://www.heise.de/ct/artikel/Die-Bayern-Belgien-Connection-284812.html

WhereDidThisAllGoWrong? September 16, 2014 8:55 PM

Why Is It Taking So Long To Secure Internet Routing?

http://tech.slashdot.org/story/14/09/17/0016241/why-is-it-taking-so-long-to-secure-internet-routing

From the post:

“…Why is it taking so long to secure BGP?”

Because the spy agencies are probably standing between the current broken implementation and the fix for the problem. They have been screwing up random numbers and cryptography for years, intercepting product shipments to apply compromised components, and in general, been untruthful about their activies, so why shouldn’t they stand in the way of fixing a problem that has allowed them to compromise the internet. They are starting to challenge the cyber-criminals as the worst that humanity can put forth (if the title isn’t already theirs).

Regarding tor:

I think this comment is interesting:
https://www.schneier.com/blog/archives/2014/09/two_new_snowden.html#c6678732

It says that upon creation of any office document, microsoft stores the MAC address of the pc in the file.

NSA is authorized to intercept the cleartext of tor communications.

So you are wrong if you think you are anonymous if you were using tor during the time you have created an email address at some freemailer and mailed your top secret MS office document to your friend.

NSA will then intercept the office document, read it in clear text, and thereby, NSA will get the mac address of the pc that created the document.

Andrew_K September 17, 2014 4:45 AM

@ T!M:
Reading the follow-up-comments, I found a reason to move to Germany, tough.

There are no secret courts, no secret evidence, no secret police. Heck, you can even ignore BND (that is, until they make themselves in-ignorable).

@ oort:
You can collect evidence, but proof is hard. Do you see unpleasant and unexprected things on the net? Things new and surprising? Things that cannot be deduced from your (or your known associates’) behavior? Things that do not fit your profile? How contradicting is what you are suggested to read on the net? If it’s pure chaos, that’s a good sign.

Proving anything, however, is quite hard, since you have no chance to do anything but observe application behavior. In a recent article (behind Paywall) in IEEE Computer, the term “Application Transparency” was used to describe what’s missing to figure that out — you don’t know what the Internet around you knows and which influences are causing which reactions. On all layers.

In three words: You don’t know.

sena kavote September 17, 2014 7:33 AM

Phone malware detector by rudimentary physical means

This is to the radio experts here.

As you may have noticed, leaving cell phone lying near a loudspeaker cable when a call comes, causes sounds. Could we make a more sensitive radio energy detector by using microphone cable, possibly by separating the sub-cables and bending them to some specific shape? The output from that microphone line is then looked in audacity or with something like
cat /dev/microphone > myaudiolinelog.bin, when myaudiolinelog.bin is later looked with a hex editor or opened in GIMP as raw binary file with “indexed color” (grayscale) setting.

I don’t know if any unix actually has any “/dev/microphone” or something that works like that.

We need this sort of rough improvised methods since most people do not have a soldering iron let alone some sort of software defined radio.

@Juippi
RE:Finfisher URL
-Thanks man!
//Chris

And in other news…

The FBI’s All-Powerful Facial Recognition Program Is Fully Operational
http://news.yahoo.com/fbis-powerful-facial-recognition-program-fully-operational-202531765.html

NGI, which was launched in 2011, is now fully operational the FBI said Monday. Part of the new technology, the Interstate Photo System (IPS), lets law enforcement search through FBI databases of images and locate for various criminal identities. The image searching system will eventually replace the FBI’s fingerprinting system as well as provide the agency with many kinds of “new services and capabilities.”

Figureitout September 17, 2014 11:32 AM

sena kavote
–Try it and see what happens. One thing that just sent my mind for a loop is wifi signals being received just on the tiny tip of an antenna connector…recently went to a talk on antennas and even our space shuttles had barely any tempest testing…Our cars electronics were better shielded…

On the spectrum analyser front, I’ll be posting shortly a very cheap solution involving an old rooted android, an app, and the cheap rtl-sdr dongles/antenna. I want to add some code to it though. No soldering iron needed.

Invisible.im leveraging on Ricochet IM to produce an anonymous and serverless IM.

Design docs of Ricochet IM: https://github.com/ricochet-im/ricochet

Net Protocol of Ricochet IM: https://github.com/ricochet-im/ricochet/blob/master/doc/protocol.txt

Of course most people forget that the key problem with most communications in the first place is that their devices are not trustworthy at all. The very start point of any security should always begin on a hardware and firmware level but the difficulty of finding something readily available and trusted has always been the problem.

http://www.sueddeutsche.de/politik/berichte-des-ukrainischen-praesidenten-putin-soll-europa-massiv-gedroht-haben-1.2134168

According to a summary of a talk from the foreign service of the european union, which was obtained by Sueddeutsche, the Ukrainian president Poroshenko told the president of the EU comission, Jose Manuel Barroso last friday during his meeding in Kiew from threads made by Putin. Putin told Poroshenko the following words:

“If I wanted, russian troops could not only reach kiev in 2 days but also Riga, Vilnius, Tallinn, Warshaw or Bukarest”

This would only be possible with the use of nuclear weapons.

I think its time to get decent minuteman missiles and the stealth bomber fleet, and tornado aeroplanes ready. Just to be ready if the guy in russia tries something…

I would not find it sad if an unmarked drone of an unknown origin delivers a nice warning in his home. Perhaps NSA can make that IS gets the blame…

Edward Snowden should probably publically endorse the following initiative…

Reject USA Freedom Act, a Fake Congressional Fix to Spying (September 15, 2014)

We’re not saying that anyone’s interpretations are wrong, just that this bill can be interpreted in numerous different ways, which has previously proven to be a major problem. So, the problem is not just that the bill fails to stop many kind of abuses, but that it can be interpreted as actually authorizing more aggressive spying on us than before. If civil liberties groups disagree on the interpretation of this bill, imagine what the NSA’s interpretations will look like.

http://www.offnow.org/reject_usa_freedom_act_fake_fix_nsa_spying

Otherwise, people may start to wonder whether or not he really thinks that it isn’t acceptable “for the government to invoke and sort of scandalize our memories, to sort of exploit the national trauma that we all suffered together and worked so hard to come through to justify programs that have never been shown to keep us safe but cost us liberties and freedoms that we don’t need to give up and our Constitution says we should not give up…”

Though, then again, this whole story has always been intended to incite public debate only about all the phone metadata collection programs, right..?

Wow, the LEAP / WiFi bug fixed in iOS 8 is quite a big deal surely.

It means that someone could walk into our office, impersonating the corporate wifi and only offering LEAP authentication, and all the employee’s ios 7 devices would reply with a breakable hash of their windows passwords, since that’s how our office wifi authentication works.

ouch

Random Al September 18, 2014 8:57 AM

Physics team uses pixel sensitivity of smartphone as a random generator for encryption
http://phys.org/news/2014-09-physics-team-pixel-sensitivity-smartphone.html

A team of physicists led by Bruno Sanguinetti of the University of Geneva has found a way to use an ordinary smartphone as a true random number generator to provide secure communications. In their paper uploaded to the arXiv preprint server (soon to be published in Physical Review X), the team describes how they used the photon sensitivity of a Nokia N9 smartphone camera lens to generate truly random numbers that could be used in encryption schemes.

Debian Security Advisory – DSA-3025-1 apt – security update

##

https://www.debian.org/security/2014/dsa-3025

“It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490).”

BAZINGA! September 18, 2014 3:42 PM

quietnet: Simple chat program using inaudible sounds

##

Simple chat program using near ultrasonic frequencies. Works without Wifi or Bluetooth and won’t show up in a pcap.

Note: If you can clearly hear the send script working then your speakers may not be high quality enough to produce sounds in the near ultrasonic range.

https://github.com/Katee/quietnet

##

• Installation

Quietnet is dependant on pyaudio[1] and Numpy[2].

##

Better Projects

Quietnet is just a toy! Take a look at minimodem[3] or gnuradio[4] if you need something robust.

Nick P September 18, 2014 6:58 PM

re thermite discussion that started here in DPR thread

@ Thoth

“When emergency appears, activate the thermite which would burn up both Pis in the vault at the same time.”

You have a few possibilities here:

1. Tamper sensor activates it. Better have triple modular redundancy, battery backup, etc on those jokers because it’s easy to loose your system in a glitch.
2. You send an authenticated command to the Tor node, it’s passed to the HSM node, that’s passed to the embedded systems controlling the thermite, and they activate it if validation.
3. The system destroys itself by default if an authenticated “stay-alive” signal isn’t sent within a certain time period. I’ve used this method extensively in designs as it counters the threat that they block the signal from 2. You need a reliable connection if the timing window is small. You might have onboard radio, dialup (more reliable), a trunk line, and/or broadband. The signal can come in on any of them. Radio increases risk of remote, esoteric attacks so I try to avoid it where possible.

Far as a contained or datacenter solution, I previously linked to Skunkwork’s presentation on a thermite blend & setup designed specifically for that. Get with him on details. You learn anything good, share it here.

@ Figureitout

You say…

“Nick P won’t know much about thermite solutions, it’s Clive who’s said he actually made one,”

…then link to a page where I describe using thermite boxes, describe why I stopped using them, and then discuss the subject further with Clive & others. Funny stuff.

@ Clive Robinson

I disagree on not needing a thermite solution until you’ve worked everything else out. Just having stuff on an airgapped machine in a safe with a thermite activator inside is quite beneficial. One can also make tamper sensors more easily than they can secure all aspects of their operation. Then, there’s the benefit of getting used to working with thermite & destroying sensitive systems. This can be used in a non-emergency situation when one is done with a machine.

My original design wasn’t electronic: it was a button I pushed for a simple, recreational device that activated the thermite. I had to position it just right, make sure wind wouldn’t be an issue, and the machine was physically contained enough to not be a problem. Very simple compared to most hobbyist projects I see on diyhacks & youtube. If it was law enforcement serving a warrant, I’d probably not activate the thing: whatever they were interested in isn’t on the machine & I’m not about to get hit with evidence destruction. 😉

@ Anoni

I agree that it’s a huge criminal risk to get caught destroying stuff right in front of a police officer. Of course, you did focus narrowly on the situation where the discussion would fail the most. You didn’t mention aspects of the discussion where the destruction was invisible to them, the evidence could be flushed, or it’s part of a physical security system they trip. These methods have potential & similar low tech methods have worked for a lot of people in the past. It’s definitely off-topic, though, which is why I’m replying here to try to move it.

@Anoni, Nick P, Clive Robinson
Multiple destruction switches can be in place. The reason for me to add a HSM into the design is that if the use of thermite is not possible (evidence destruction in front of legal entities) then the next switch is zeroize HSM module key which is as good as destroying the setup. As Nick P have pointed out, the circumstances is important when using the different tripwire mechanisms and if entities force into hosting environment without your notice and you are not allow to facilitate and prevent tripping of the thermite trap, it would likely be their own responsibility to have tripped it in the first place although it sounds like pushing the blame to entry entities entering the setup when you are around.

The setup is hosted in a physical vault so no one can see what is inside (not a plastic vault !).

Of course I do recommend thermite as one of the main traps but due to the inaccessibility of thermite in the place I am (not well stocked hardware stores), the zeroize HSM module key would be a better option for me if I were to set it up. Not to forget that the Tor crypto should be setup to use the provider of the HSM instead of it’s own native crypto so that zeroizing the module key on the HSM would be effective.

@ Nick P and Clive Robinson
Do you know of any fragile ceramics or materials capable of storing small quantities of data that can be destroyed through the application of higher voltage of electricity (like using a current to shatter it to powder) which would make a good self-destructing master key storage chip.

Nick P September 18, 2014 9:06 PM

@ Thoth

Don’t use electricity. RobertT gave us a thorough education on why it’s unreliable in the link Figureitout posted. There’s so many ways chips can block or dim its effect. He says it mostly fries the I/O pins & logic. The rest is still there. Thermite with a proper blend is known to melt through anything. Then, there’s surgically removing the chips with storage of any kind & destroying them. This happened at the Guardian. RobertT’s solution totally dissolves the chip by applying three different acids, with different acids working on different stuff. He noted they’re extremely dangerous & it’s important to remove the outer coating of the chip to get to the silicon. A recent concept of mine is using a plasma cutter but thermite is cheaper. There’s grinding it to powder & throwing it in a river.

The common denominator is that you want to totally destroy the chip in a way where it’s physically visible that you’ve warped & destroyed it. Then, ensure the pieces are hard to put back together when getting rid of the waste. Of course, if you did the first part well the second part is easy.

Figureitout September 18, 2014 10:57 PM

Nick P
–Bah, didn’t read it (again) and didn’t recall you having a thermite system. Never thought you to be much of a chemist. BUT, you did decide to not use it due to risks that I’m saying, risks of accident far outweigh break-in and stealing work/IP. Unless you use an extended SATA cable for your HDD[s], you want a beyond safe distance if you go that route.

This can be used in a non-emergency situation when one is done with a machine….There’s grinding it to powder & throwing it in a river.
–Frickin’ no. Stop polluting waterways. Our water has enough chemicals and intestinal bacteria. Send it my way, I always want more computers and storage for file-swapping.

Way OT
–Earlier this week, stumbled upon a nice little “feechur” that some brilliant mind at…not just my car company, but many more…thought it’d be just swell to include a feature to roll down all your windows if you hold down the unlock button on a wireless key. I’d never even remotely heard of this before, it’s stated purpose is to “let hot air out of the car on a hot day” but as someone who does not like hidden radio features in his products, screw this. Frickin’ scared me when I didn’t know what was happening too. Thought someone messing w/ me again.

I initially thought it was due to holding down the unlock button and the window buttons, but no. Just tested yet again, I can just stand, hold unlock, and all windows go down. Burglary would easy w/ the right key. Some people even added motors so you could remotely put the windows back up…great, cover up the evidence. Too many holes.

http://www.cnet.com/how-to/how-to-instantly-lower-your-car-windows-with-the-key-remote/

Even More OT
–Thought it was funny that both my parents received warnings about their debit cards likely compromised just today, but no warning for me after I notice money missing from my checking account. Just something to thing about, people…Secret Service, FBI, banks, etc., they all work together.

As you all probably know, it’s hard to order parts, like say some Z80 chips, cables, batteries, boards, etc. online in cash, you need to put up a credit card number (w/ the “secret code”). Once that info is gotten, anyone can charge the card.

Hi has anyone else been playing around with the Finfisher trojans released by Wikileaks, I cant really at this point see that anything happens actively, thought it might have to do with the fact that there is an expiration date set in the code after some specific date?

The only thing I can see is that it infects the MBR and its also been detected by most of the antivirus stuff I have thrown on it. I will try some more this weekend but the preliminary reports sofar is that.

0.) I cant see it does anything for what ever reason ?Date?
1.) Infects MBR
2.) Doesnt survive a poweroff in Virtualmachines using Immutable / Nonpersistent Drives
3.) Easily detectable with a tool that compares MBR with a baseline checksum similar to this:

c:\scripts\mbrfix /drive 0 savembr c:\scripts\infected01.bin
fc c:\scripts\ref.bin c:\scripts\infected01.bin

Havent had time to test other protection strategiec as of yet since I dont want to mess around too much during weeks.

Well it doesnt tell much but would be intresting to hear if any of you have done some thorough testings and if there is some fingerprinting techniques available to spot the Proxy Servers etc…

//Chris

Clive Robinson September 19, 2014 5:38 AM

@ Nick P,

With regards,

I disagree on not needing a thermite solution until you’ve worked everything else out.

The problem with going straight to thermite, is many fold, not least because thermite is by no means a safe or certain solution.

Specificaly the larger the object you try to melt down / burn up the less likely you are to achive even part of your objective. That is if you take a mini tower system and put three sand bags full of thermite around it and set it off, most of the thermite will run through the first hole burnt in the case, miss the hard drives etc and puddle in the bottom of the case before burning a hole there and droping through.

It’s the same sort of problem that Dr Sidney Althrop identified with the simple statment of “In small quantities explosives make excelent cutting and other tools, in large quantities, just a large mess of bits all over the place”. The release of large amounts of energy is uncontrollably “disruptive” not “destructive”. It’s why a detonator will make a block of explosive go high order, but a directional charge will blow the detonator out of the block without the block going high order, it’s an effect bomb disposal officers use very frequently.

To see this problem with thermite in action hunt out the Mythbusters episode where they try to cut a car in half with very large quantities of thermite. The result was quite underwellming, I’ve seen more damage caused to a car by an accidental fire in the fuel system, which caused it to burn it’s self a good inch or two into the road surface and melted the chasis and body work so it was sagging and twisted.

Thus one has to assume unless you go for the compleate “overkill” in a very constrained environment then quite a few parts of the system will remain in sufficiently good condition for forensic examination and thus data recovery or use as evidence in a prosecution.

Going through the process I out lined will take the forensic risk from most of the system down to a very small part potentialy as little as a smart card or SIM. Thus if thermite is deemed necessary a lot less needs to be used on a very much smaller component and the likelyhood of success is therefore much higher and the risks of dangerous secondary effects much reduced. Oh and a lot less pollution which will make a lot more people than @Figureitout happy.

Further the replacment cost if the system is accidently triggered is very small in comparison to that of the sandbags of thermite option, which might not cool for a week or three, a lesson not lost on the NSA…

Also as we have discussed in the past a system can be designed such that it has parts in different jurisdictions, where KeyMat is controld in one and data storage / processing in another, and those in the storage/processing part can show beyond doubt –and duress– that they don’t have access to, nor ever did, the encryption keys the data is protected by. Whilst not a “get out of jail free card” on it’s own, it significantly reduces the “legal” options available to a TLA attacker even with “secret court” orders and NSLs.

@ Thoth,

If you can get the part that needs destruction down to a SIM or Smart Card, mounting it between a couple of high tensile strength punch / drill parts that can be brought together with high rotational presure will render it useless.

Think of a half inch hole, part drilled into a steel block, with the SIM mounted at the bottom. If the drill is then “drilled” down into the hole, the chip is unlikely to survive. Use a reaming drill instead where the chip can only get up the swarf cleaning flutes as dust, then destruction beyond use is going to be by far the most probable outcome if allowed to run for sufficient time for friction heat to reach dull red. The problem is you will need about a one eighth or greater horse power motor with it’s own UPS, and a workshop to do the tooling.

@Clive Robinson
The Pi uses SD cards so microSD would be more than enough to solve the problem. What I meant is not careless pouring thermite all over the vault but more controlled targetted attack on the HSM’s microSD since that’s where the keys are stored if thermite is needed. I guess I need to spell my intentions in very fine grain detail out otherwise misinterpretation can be rather tricky.

I think if you want to shred the entire microSD of the HSM Pi to somewhere far off to dump into a dumpster or a rubbish handling plant, it would even escape the notice of attackers considering the relative small size of a microSD card. It is like finding a needle in a haystack if you are to dig an entire rubbish processing plant just for a microSD card in a heap of probably a lot of discarded electronics.

For higher assurance use a drill to destroy the microSD and for even higher assurance, controlled thermite usage.

Nick P September 19, 2014 11:27 AM

@ Thoth

In case you missed it, I replied to your Tor design considerations here. It was on topic so it went in that thread.

@ Clive

Your thoughts on that writeup? Requirements, threat profile, design, etc.

Hi all,

Regarding your Thermite thoughts, not exactly sure for what purpose, but if you are into destroying data which I assume you are, then I would perhaps try a variation of static electricity and magnetic fields. Perhaps some random “modulation” used with it. Perhaps it could be booby trapped.

Another aproach to all this is to use a flashboot from ethernet that programs the computer from the network and loads an operating system and then in that image the operating system loaded will be configured so that all data is saved at another unknown location over an anon network.

Then all of the data that needs to be destroyed at the computing end would be static electricity device perhaps boobytrapped.

Thermite sounds kindof non-usable in a society where you get punished for destroying data, however a stungun device might do the trick and/or a huge electronic magnet that could be “hidden” so it wont be obvious that data has been tried to be destroyed on purpose. Intresting thoughts though even that I cant see any reallife usage.

//Chris

Correction
Then all of the data that needs to be destroyed at the computing end would be static electricity device

Then all of the data that needs to be destroyed are within the components of the computing end and should be able to be destroyed using a “stungun” device
//Chris

Observer September 19, 2014 3:29 PM

Re: Thermite, Server Destruction and Ulbrich

Thermite is nonsense. Explain fuming vault or burning household to LE0. Guaranteed prison of time some duration.

Ulbrich was not professional criminal. All of you are not professional criminal. To run a professional criminal venture, why are you all looking to yourselves as feasible designers of criminal business models?

Laughable. Copy professionals.

What did RBN/misc RU DDoSers do when British criminal investgator was one vault door away from their server? Dumb-waiter it out when local fire department began cutting down vault door.

Modus operandi of criminal cyber business: locate data & hardware in unco-operative jurisdiction and bribe everyone.

The day someone come knocking, the payed-off people remove data and hardware.

Remember, criminal operation are supposed to be profitable. You must factor in security into your cost. Bribery and expediency are cost.

Observer September 19, 2014 3:49 PM

Most of you are too technical. Code pipe dreams. Crypto wet dreams.

Cash bought burner laptop and burner mobile dongle
/ Debian Host OS with laundered BTC bought RU VPN for DNS leaks
// sudo hostname your_new_name
// Virtual Box
/// Windows Guest OS
//// Tor chained to laundered BTC bought Socks 5 proxies
//// HDD serial # changer
//// Change computer ID
//// Change PC time and date
//// Change Firefox user agent
//// Have persona scans: utility bills/CC/driving license etc
Cash bought burner phones

Move around. Conduct business in open spaces. Change most variables every operation. Burn burners every few weeks.

I believe that is untouchable by anyone.

How break past Socks 5 > Tor Exit Node > Tor Node 2 > Tor Entry Node > Mobile Dongle IP in middle of field > You?

Nick P September 19, 2014 6:15 PM

@ Observer

Re thermite

If you’re smart, you don’t have to explain shit to them. They have no idea where the machine phtsically is or that it exists. So long as they see nothing leading to it, esp if not on your property, then you’re good. If you’re running physical security, they trip a switch kicking door in, and they see it burning then they caused the destruction. From that point, you just need a reason to justify the level of security before a judge. Having encrypted backups of something to turn over to illustrate it also helps.

Note: thermite use can be disguised by hiding compartment connected to a fireplace (with fire on) or inside a pile of previously burned wood (bonfire). Ignition is kept invisible and smoke is written off as uninteresting. Coincidentally, I had a lot of bonfire parties at my place.

This is all just fun and games for me though (minus bonfire maybe…). I’ve already agreed that mobility and blending are the best way to avoid this. Of course, Thoth is in a surveillance state of massive proportions & might stick out like a sore thumb.

Local solution is to have the main computer hidden very well, with only a small opening for a cord to a monitor (or laptop). Needs to be easily disconnected (not VGA). A dog or door alarm lets you know they’re coming (if they don’t knock). Then you hit a command to nuke it, unplug, slide cord in hidden opening, plug up legit box, and the cops make it in enough time to see a confused guy browsing something controversial (but not illegal). Case closed unless a very thorough search.

And The Big Book of Hiding Places and similar books will help one think of good places for the PC. It should also be a miniature one without fans or wireless.

@Nick P

@Observer and Nick P
We are talking about high assurance security. High assurance security is just a tool, like a knife you can use it to save or hurt depending on your intention. In the end you have to answer for your own actions as Nick P have said. You just need explanations if something happens and hauled before some powerful entities who could decide a good portion of your life.

High assurance security is defined in my terms as security with high awareness and encompass a more wholesome approach. Most people think that simply putting crypto onto something works magic which is wrong. Crypto is always the last line of defense that falls easily if your first line is badly done.

If you ever consider high assurance measures illegitimate then how about key destruction and data destruction measures would all be illegitimate and in the same way all crypto and security is illegitimate and illegal because they make it more difficult for powerful entities from doing what they want to you due to security and thus all things security in nature is illegal ?

Of course using extreme measures like thermite has to be done with proper judgement and preparation and not simply deployed carelessly or thinking it is a silver bullet or panacea. If you use thermite wrongly as many have already said, you cause a big mess. If you use it correctly and skillfully, you achieve high assurance secure destruction by means of removing the physical component(s).

I have customers whom I have deployed HSMs for them before and some of my customers are well known Certificate Authority providers (I will not name). Almost all of them do not use Guard or Diodes and they run on stock Linux OSes. Talk about high security assurance for CAs. The generic setup are mostly HSMs protecting App Servers running CA software on well known server Linux like CentOS/RHEL, Ubuntu Servers … and even Windows Servers. Their security mostly hinge on firewalls (hardware and software), routers and HSMs. In regards to key management, I cannot talk about them due to my profession but I must say I am not even satisfied with how things are done. If it’s rated in Nick P’s or Clive Robinson’s high assurance rating, it would have been very low on the chart. So, have a good time with your SSL certs 🙂 . If Nick P were in my place doing the deployments, he might have ranted badly at them (just guessing).

Is this all crypto wet dreams and code pipe dreams if Ubuntu, RHEL, CentOS and Windows servers running on probably USA TLA’ed HP machines with supposedly high security software protected by HSMs, routers and firewalls protecting sensitive secrets like root CA private keys, signed SSL certs and so on and sticking keys inside hard disk instead of more assured key transportation and storage methods good enough ? Imagine you are a Government CA or an important CA under Government commission protecting ePassports and eIDs with this kind of setup ….

If you are deployed to a hostile environment for work and to stay there for a while and your job is highly sensitive in nature, thermite maybe a valid option to the most critical portion in controlled use of course and if it is easily obtainable. It is really dependent on many factors. This practice will justify if you have an enterprise that have a fix location. If it concerns portable devices, zerorizing will be the best option unless you bring the device back ‘home’ at a safe location and destroy it with sufficient time.

Notice carefully that thermite should not be carelessly use due to it’s destructive nature and must be thought out properly before hand. The use of extreme measures requires good justifications for it’s use. Destroying a whole server with huge loads of thermite is extremely dangerous so target only the most critical areas under very controlled circumstances.

Figureitout September 19, 2014 10:08 PM

Observer
–You could probably do w/o the flame-bait, and just state your security scheme and be on your merry way. But since you think you can come in here and disrespect people you know nothing about, guess you’ll have to be put in your place.

Nobody said Ulbrich was a professional criminal (highly questionable term), he was just willing to take risks and push the limits, which criminals can and will do, and get away w/ it for some time.

Hmm…bribery. Yeah law enforcement never runs bribery stings lol. What kind of recon did you run before bribing? None? Risk.

RE: being too technical
–Really? I’m mostly just shooting the sh*t for fun w/ people I’ve met on the site. Not very “technical”, if you think it is, I’m sorry.

RE: your cute little scheme lacking way too many details
–Talk about a wet dream. Cash bought PC, did either the store or the checkout line have timestamped cameras? Do you know if that item is scanned, does it trigger a timestamped picture?

Where does your original internet connection originate from? What kind of sites did you visit and what kind of research did you do to trigger an automated marking on you? Questions and details not answered. Most of the rest is easy (and bypassable w/ the malware I’m seeing) but the “persona scans”. That’s probably a crime you know? You might as well change your name entirely. Getting a fake ID, while easy back in the day, is harder now. Moving around all the time, again “NO DURR” and easier said than done. You’ll have like 3 people tops who are willing to carry out that OPSEC. Which is actually a blessing in disguise b/c that tiny tight-knit group is what you need if you feel like “being a criminal”.

All of which brings us back to the original point…How are you making money doing this? You also need a sizable stash of cash to even get started.

So good job. You’d last, I’d say 2-3 months. After which you get identified, meet some “new acquaintances” (they have more whores working for them than you know), and they just breached your network and just injected malware in your PC while your sleeping.

Peace out, hope you don’t find out the rumored origin of “sagging pants”.

Clive Robinson September 20, 2014 4:57 AM

@ Chris,

With respect to,

Then all of the data that needs to be destroyed are within the components of the computing end and should be able to be destroyed using a “stungun” device

Sorry it’s unlikely to work the way you think it will.

A stungun in general uses a diode capacitor ladder voltage multiplier. The rise time on such devices –hundreds of milldeconds– is glacial in comparison to the speed of the protection diodes –nanosecs or less– on the chip. All you are likely to do is melt the gold wire bridges from the chip to the external pins. Whilst to you the device looks trashed, to a state level TLA it’s a fairly simple matter to remove the chip pacaging and mount it in a jig with micro probs back to the chip and read the data out. Likewise if you did manage to blow the IO blocks they can use similar techniques to bridge over those.

Even assuming you used RAM chips, and they did not freeze them, unless you took care to prevent “data burn in” then they could still read out much of the data.

It is this latter problem that has been suggested the Chinese tried on a downd US aircraft, to recover a considerable amount of secret information. What ever the method they used they certainly got their hands on highly classified information.

To help stop the burn in have a look back on this blog for discussions, searching for “Rober T” with “Lorenze attractor” will get you one searching for “Clive” and “snake eating it’s tail” willget you a much earlier one.

@All

The method of protection you use is as I said very dependent on who your adversary is and it’s why you need to go repeatedly through the “What, Why, How” loop.

Nick P September 20, 2014 11:34 AM

@ Thoth

The definition of high assurance is extremely high confidence that it will do what it claims to do. In safety, a high assurance design should meet certain properties with either zero or almost zero failures in the field. In software, a mainframe or NonStop system is a good example where the overall system reliability has run 30+ years in some cases despite components failing or getting replaced. In security, high assurance means that the system will only do what’s permissible by the security policy and shouldn’t be breached by known techniques. The easiest way, for me, to assess whether something is high assurance is to ask “would I trust my life to it?”

The government has other terms. The original was Low, Medium, and High assurance. Low was the COTS market in general (up to EAL4). It means it might stop “casual or inadvertant attempts to breach security.” Medium-high or High (EAL6-7) is for sophisticated, well-funded, hostile individuals with time on their hands. Cygnacom has a great breakdown of what each EAL means technically & for customer. Today, they’ve revamped it a bit into Low, Medium, and High Robustness. That’s basically the old assurance ratings with extra requirements added on. In any case, per NSA, the only systems that can stop a TLA attacker on the network must be EAL6-7 in strength with the correct feature set (eg protection profile). So, my simple test is “was the TCB of this designed to EAL6-7? No? Insecure…”

“So, have a good time with your SSL certs 🙂 . If Nick P were in my place doing the deployments, he might have ranted badly at them (just guessing).”

Oh, I’d have certainly ranted about them using garbage like that. I’d have hacked them and showed them my alternate solution on a site using fake certs from them. Then I’d point out that I actually spend very little time hacking. “Gotta wonder what those organized criminals and nation states are going to do to your operation with their better resources.” Then I’d offer them an alternative setup that was similar, lower, or only slightly higher cost. I’d give them several with different levels of assurance/risk, all with great recovery options. Then, I’d let them choose.

Of course, it’s more likely that people running such a shoddy operation would’ve never hired me. My reputation would proceed me, including a certain intolerance for bullshit.

@ Clive Robinson

“Specificaly the larger the object you try to melt down / burn up the less likely you are to achive even part of your objective. That is if you take a mini tower system and put three sand bags full of thermite around it and set it off, most of the thermite will run through the first hole burnt in the case, miss the hard drives etc and puddle in the bottom of the case before burning a hole there and droping through.”

That’s definitely not how you do it. The route I used (and Skunkworks used) is to put it in servers that lay flat. You enclose the servers with material it doesn’t eat to keep the stuff from going every where. You put it directly above (and beside) the chips you want gone. When activated, it will try to explode in all directions, but it’s container forces it in one (down). It lands right on the critical chips. From that point, it just has to burn them long enough. Most blends will. The Skunkworks link I keep using perfected both containing the mixture and the right blend to use.

@Buck,

Yet I could never admit that you haven’t been missed!

I can admit that you have been missed. I have tears in my crocodile eyes, see!

And there I was, bloviating about my own premature retirement…

Sidebar photo of Bruce Schneier by Joe MacInnis.