Months after it was found in August, scientists have dissected a colossal squid. There’s even video.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
T!M • September 19, 2014 5:14 PM
Great, your squid post 🙂
@ all
With the NSA documents in mind, what would be hardware old enough to be used for accessing the web, sending/receiving mails, make phonecalls without leaving more traces neccessary. Even if Apple increases security and even if google, microsoft, amazon, oracle, sap, etc. do the same, the NSA and all other agencies are just building bigger digital weapons, implants and whatever (from their perspective) is needed to rule the world.
If I just want to be a smaller target for spam, trojans, phishing, worms, etc. people use to get access to my computers, privacy, money, etc. what would be the hardware to choose, without get completely away from the digital world?
I love computers and networks, as kid I collected viruses and trojans to study them and understand how they work. I love networks as they are and I love to find software bugs (not at the level the most visitors of this blog are able to act, I think) and I love to think around the corner, but the digital world is too buggy I think. It’s much too complex and fixing one bug is almost nothing because there are so many bugs left and sometimes I open some new holes by fixing others.
I love cryptography and I don’t challenge the strength of the algorithm if I read somewhere that data has been hacked even though they were encrypted, because from my perspective in most cases the implementation is bad, not the algorithm used.
It’s a little bit like being Neo with one difference, we can’t choose between the red and blue pill without turning away from social live, computers and newsletters.
I think it’s good to have things like tor, truecrypt, gnupg, simsme, metager anonymizer, hardened linux distros, etc. but I lost trust in technology and see no reason to believe, that Apple & co. will be trustful in future, even they really want to give a bit more privacy.
Maybe I should buy an iPod touch and use skype for encrypted calls (yes, I know that this isn’t secure as well) but there is no trace by mobile networks and if I turn wlan and bluetooth just on if needed and as less information on the device as needed without specific personal data, I think this would heavily reduce my metadata and traces. What do you think? Any other hints?
0bs3rv3r • September 19, 2014 5:25 PM
Cyber Criminal Modus Operandi
Ulbricht failed not because he didn’t cover his server with thermite. He failed because he failed fundemental 1st line (personal) OPSEC. 2nd line OPSEC (servers) should have been in unco-operative jurisdiction where everyone is bribed.
1st line OPSEC:
Cash bought burner laptop and burner mobile dongle
/ Debian Host OS with laundered BTC bought RU VPN for DNS leaks
// sudo hostname your_new_name
// Virtual Box
/// Windows Guest OS
//// Tor chained to laundered BTC bought Socks 5 proxies
//// Mac address changer
//// HDD serial # changer
//// Change computer ID
//// Change PC time and date
//// Change Firefox user agent
//// Have persona scans: utility bills/CC/driving license etc
Cash bought burner phones
Move around. Conduct business in open spaces. Burn burners every few weeks.
No 1 Rule: Change most variables every operation.
I believe that is untouchable by anyone. Nsa. Gchq. Fsb. ???
How break past Socks 5 > Tor Exit Node > Tor Node 2 > Tor Entry Node > Mobile Dongle IP in middle of field > You?
Burton • September 19, 2014 5:40 PM
CloudFlare’s New Keyless SSL Could Unlock Cloud For Financial Institutions
http://techcrunch.com/2014/09/18/cloudflares-new-keyless-ssl-could-open-cloud-to-financial-institutions/
What they realized was that the SSL process was a series of steps and there was only one step where the SSL key was exposed. They reckoned if they could find a way to hide the SSL key during that step, they could solve the problem, but of course figuring out how to do that was not a simple matter.
The solution eventually involved splitting the SSL protocol into two parts. Prince explained the first is known as key negotiation which involves using software running within that financial institution’s datacenter to make a temporary key from the organization’s private key. This is all carried out within the organization’s control and limits key access to a single user.
The second step involves transporting and encrypting the data traffic between the end-user browser and CloudFlare using the temporary per-user key. The institution maintains control and can cut off CloudFlare access from its end at any time, but the important part is that the key travels over a special encrypted channel and is never exposed to the open internet. That’s because when a visitor makes an SSL key request, CloudFlare makes a connection back to the keyless server that is running on financial institution site and that site is only up for a time period specified by the institution itself.
Anton • September 19, 2014 5:51 PM
Re: 0bs3rv3r
Perhaps travel to foreign jurisdiction to commit ill deeds with that setup? Air travel is relatively cheap.
Employ foreign freelancer to act as a foil?
Nick P • September 19, 2014 5:54 PM
@ Obs3rv3r
I agree such setups are better than using Tor if FBI and NSA are specifically the opponent. I posted one here years ago with main diff rences being LiveCD instead of VM, a cantenna for range, and Backtrack for… wireless networking. 😉 There’s still targeted attacks with automation potential. A variation of FBI’s browser exploit to local IP would help.
The first trick I see FBI using is trying to get your main IP at numerous locations. Then they hope those locations have cameras or you have same phone on you. The get phone records for each location to see if same number keeps popping up. Then, they stay close to it until one of your accounts activate and pay you a visit. The evidence they need you will be carrying around, possibly with ID if you were driving.
Good news is that, long as you have digital OPSEC, the scheme will probably work fine if you keep batteries out of phone and keep good security practice on laptop. My usage of this was a netbook, Ubuntu LiveCD, and SSL proxies because they all look bland. No Tor cuz it screams “look at me!” I quickly learned the main risk: local cops getting called to investigate suspicious activity. So, have an excuse or be in an invisible spot (eg woods near wifi).
Obs3rv3r • September 19, 2014 6:12 PM
Thank for both replying.
@ Nick P
Cantenna, Backtrack/Kali … hacking. Another criminal offence to add to stack. IMO, no need.
Directional antenna on house: perfect circle of hacked wifi lol
Big antenna. In van? On house? On person? Big give away.
Beat Javascript Tor attack with NoScript, I believe.
How FBI get mobile dongle IP? Need to find Socks 5 node. A botnet node. FBI discover infected PC used by dozens of cybercriminals. Search probably ends right there. At first node. If persistent, they find Tor exit node. Need to beat all Tor nodes. 3 jurisdictions. Incredible amount of time and money.
Phone never kept on person or on. 1st rule of mobile phone OPSEC: kill it till needed. Faraday cage.
Live CD as host OS is best idea. Thin client, yes? Linux OS with Virtual Box only. Stripped down bare. Which Linux distro best for this?
I appreciate your help. Whilst I am not a cyber criminal, privacy is a desirable commodity. Shame I have to adopt criminal like behavor to achieve it 🙁
Will • September 19, 2014 6:14 PM
@NickP
Fascinating! You talk like you actually do it, for real.
I’m just prying because I’m curious, and not playing the “if you have nothing to hide” card, so … what was your motivation?
NPR • September 19, 2014 6:16 PM
About government surveillance of climate activists :
http://wypr.org/post/government-surveillance-environmental-activists
Benni • September 19, 2014 7:04 PM
Probably, they are lying:
http://www.politico.com/story/2014/09/cia-stops-europe-spying-111147.html
AP: CIA halts spying in Europe
“The current stand-down was part of the fallout from the July 2 arrest of a 31-year-old employee of the German intelligence service. ”
Several months ago, the foreign ministry of germany has asked all foreign embassies to give a list of all their secret service personnel;
http://www.spiegel.de/politik/deutschland/spionage-bundesregierung-aufdeckung-aller-agenten-in-deutschland-a-985199.html
CIA now saying that it “has halted all its operations in germany” is probably CIA’s way to evade having to give the germans a list of their spies….
nobody@localhost • September 19, 2014 7:22 PM
Obs3rv3r said:
Whilst I am not a cyber criminal, privacy is a desirable commodity. Shame I have to adopt criminal like behavor to achieve it 🙁
This.
As default page served in http from tor exit node says, “criminals” already have the best privacy.
If your purpose is things called “criminal”, then you build botnet, or buy access to one using stolen money. You buy everything you need with stolen credit cards. You bribe employee at some company to wire jackbox at hidden corner, with great internet access. Etc. Really if you are (say) dealing drugs, you have no incentive not to. In relative terms, its not even that much more risk.
If you just want privacy, you probably do not want risk of multiple felonies and potentially hurting other people. I could list many practical reasons to want (or life-or-death need) privacy, but should not: You do not need a reason to want privacy!
It your right like air and sunshine, to quietly discuss with people without others overhearing… to read, learn, write, publish, create… to travel like the wind, to keep sacred your connections with others, to open yourself only to those you choose… When somebody has right to take from you fresh air and sunshine, then they have right to forbid you privacy.
But borrowing old saw, “when privacy is outlawed, only outlaws have privacy.” So everybody who has principles, must in principle become a “criminal”. Be proud of it, don’t apologize, and let your own conscience be your only guide in how far you will go.
(P.S., anybody replying to “up the ante” is either agent provocateur or stupid. Either way, just ignore (but remember the post’s nym). I do not advocate any wrongdoing. I declare, the law should be given the respect that law deserves! But when privacy is viewed with automatic suspicion, you must become “criminal” in spirit at the very least. And anyway for now, you don’t need to be real “criminal”… just use Tor and let every stupid people assume you are. 😉
Jeff • September 19, 2014 7:51 PM
Apple is offering two-factor authentication (they call it “two-step”):
Frequently asked questions about two-step verification for Apple ID
<a href="http://support.apple.com/kb/ht5570">http://support.apple.com/kb/ht5570</a>
Their scheme clearly protects me from somebody guessing my password and completely hijacking my account by changing the password. However, it doesn’t protect me from somebody guessing my password and logging in from a new device, nor does it protect against that person reading or deleting all my emails. I doubt most people realize that Apple’s TFA only offers limited protection. Or, am I missing something?
Jeff
nobody@localhost • September 19, 2014 8:11 PM
on the topic of “real criminals“, I have suggestion for study by anybody with ready access of U.S. primary leagal sources.
As Snowden revelations continue being published, I think we need big running counter with estimate of how many years in prison the NSA could be sentenced to for hacking charges, if NSA were held to same rules as hoi polloi.
Calculate it with the mindset of overcharging prosecutor, of course. Fair is fair. Doll it up like “national debt clock”, “atomic doomsday clock”, etc. and make a fancy website. Make big headline clock (like Justice Dept press release) with “UP TO x YEARS” max sentence in big bold digits, and smaller digits of number per sentencing guidelines. For serious legal scholar, run statistics on plea bargains and make another subclock of how long NSA would get with average plea bargain terms.
United States law is most important, to show the hypocrisy. But companion clocks may also be created for how big punishments NSA could accrue in other countries where it hacked, cracked, and sometimes destroyed systems, stole sensitive informations, etc.
Every time a new classified document is released, check statutes, sentencing guidelines, etc. and update the clocks. Any document about TAO is expected to cause huge jump, as is recent released “Treasure Map” material.
Anybody want to place bets on current order of magnitude? I’ll start low, order of 10^6 years (for nontechnical audience: “millions of years”). I do think it is way too low, so I not make money bet. Remember, in U.S. you can be charged for “up to” 50 years in prison for downloading too many scientific journal articles. Calculate the NSA’s potential sentence per that standard!
Anybody want to whisper this in the ear of some EFF activist etc. who might have legal scholarship resources to do a good job of this? The “NSA Prison Sentence Clock” would look good as a widget in corner of EFF.org homepage–or your homepage. But to do a good job, needs very serious legal research of U.S. Federal and state laws (not my dept.).
I am serious about this. Now please somebody, steal this idea.
Trip • September 19, 2014 8:30 PM
T!M, the problem is that we just can’t trust any software or device that we haven’t personally built or vetted. Apple says that that can’t recover encrypted traffic on their phones. Do you believe them? I don’t. The Tor browser bundle says that it helps protect your anonymity. Do you believe them? I don’t. Your Android phone just completed an update from a server using a digitally signed certificate. Do you believe the server was owned by who it presented itself as? I don’t.
I believe that your only option for private personal communication is local encryption using something like gpg. This still exposes metadata unless you migrate your host, either by physically traveling around or by using VPNs, but even when using a commercial VPN (and I do use them), do you really trust the VPN operator? I don’t.
For voice communication I think that there are very few options. A burner phone bought with cash, I suppose, but even that will generate records that will geolocate the phone, and enough of those will establish a pattern. VoIP across a VPN might not be a bad solution…my habit is to place Facetime audio calls through a VPN server that I built from open source software running on my own network.
I’ve been thinking a lot about air-gapping my bank accounts with a prepaid Visa bought with cash to provide a layer of privacy on my transactions, though there still would be a record of cash withdrawals on my accounts.
I understand the desire to communicate and browse without leaving too much of a trace, but honestly we don’t stand a chance against a well-funded government. If your adversary is a TLA you need extreme measures beyond what is practical for the concerned citizen. That doesn’t mean that we should give up…I utilize as many security and privacy protocols as I practically can, some of them just for practice in case they ever become -really- necessary. But I always understand that I’m an amateur and that the real players are playing for keeps. Heck, even this reply is long enough to apply some style analysis against to match it to other posts I’ve written under non-pseudonyms.
Good luck, and don’t give up!
Benni • September 19, 2014 8:34 PM
Russia has two new funny projects:
1) Their government wants the ability to plug off the russian internet in case of “protests or in case of a war”.
http://www.theguardian.com/world/2014/sep/19/vladimir-putin-plan-unplug-russia-internet-emergency-kremlin-moscow
2) The government wants control over the selling of russian domain names.
https://netzpolitik.org/2014/ausschalter-fuer-auslaendisches-internet-in-russland-geplant-zum-schutz-vor-eu-und-usa/
meanwhile, the russian airforce flies its fighter aircrafts into Swedish aerospace
and fsb agents try to creep themselves into Latvia, distributing letters that Latgale should form a union with russia:
http://www.theguardian.com/world/2014/sep/18/baltic-states-wary-russia-strident-estonia-latvia-lithuania-nato
In 2012, Moscow has built 5000 shelters against a nuclear attack:
http://rt.com/news/prime-time/moscow-bomb-shelters-outskirts/
ismar • September 19, 2014 8:56 PM
Bruce
Would it be too much to ask for a link to downloadable archive of these blogs?
nobody@localhost • September 19, 2014 9:16 PM
@Benni, usually I appreciate your very informative posts. But why the blind spot where American over reach concerns Russia? After the first two links, your “meanwhile” part has unambiguous political implications by dint of omission.
I remember saying in Western Europe 30-40 years ago and more, “The purpose of NATO is to keep the Americans in, the Russians out, and the Germans down.” The more things change, the more they remain same. Frahnkly at present, I am worried about Russian nuclear arsenal because of NATO–an organization operates roughly as American-dominated “guns, tanks, and nukes” teeth and claws to match the American-run Five Eyes spy club.
Parenthetically, I also think BND might fall down to size and get a proper mission, without support and influence from its paymasters in the American intelligence agencies.
I say this with appropriate respect, not to start argument–I really don’t want to start political argument here. I’m just puzzled how 95% of your posts concentrate information about the NSA-GCHQ-BND-etc. axis of evil, but some few lately cherry pick Russian military preparedness responses without mentioning NATO provocation.
Thoth • September 19, 2014 9:44 PM
@Benni
Russia and the West back into the old days of the Great Game trying to gather back it’s past glory. The Great Game has never died but simply evolved.
Talking about controlling Russian ISPs to shutdown the Russian Internet access, that can be bypassed by using the network of neighbouring countries. Unless the Russians decide to rival the Great Wall of China to make a Great Wall of Russia ringing it with fortifications and layered with faraday’s cage to prevent tapping signals from the atmosphere.
ronnie • September 19, 2014 10:14 PM
A security comic – Cornered September 15/2014
N4 • September 19, 2014 10:15 PM
@nobody@localh 9:16, just for you, instant fairness doctrine
http://williamblum.org/aer/read/132
https://www.youtube.com/watch?v=OygG10gaHTg
Benni knows all this to be sure but in the US periodic reminders are useful to counter continual Security-Security-Security brainwashing.
nobody@localhost • September 19, 2014 11:24 PM
@N4
Oh, I could give lecture on this general topic. Only I go back just tiny bit further in the history than most of “American Empire” commentators–I think most miss real point (hint: interwar years, stuff the schoolbooks chucked down the memory hole nowadays, midlevel backroom contacts between various Great Powers much bigger than America in those times, then chain reaction toplevel backstabbing starts… America reaps windfall, while Stalin laughs and pockets all of eastern Europe… Polish government-in-exile, we pretended to support you and thank you for your crypto wizardry etc., but now please don’t inconvenience Mr. Stalin kthxbye… oh and by the way, only certain train tracks are magically protected while all the other German logistical infrastructure freely bombed to rubble… gee thanks, you knights in shining armour). I’m simply stick to generalities with some mild counterbalance of comparatively mild Russia-sniping; this is simply not the place.
@Thoth
The difference is, 50 years ago Russia and America were mutual aggressors against each other. (Let’s drop “the West”; all “the West” was only American proxies and puppets after WWII, just like Eastern Bloc was on strings of Russia after WWII. Pretending that UK or France or (West) Germany was and/or are independent of America, is as stupid as pretending Poland or East Germany or Czechoslovakia was independent of Russia during Cold War.)
This past 20 years, Russia is only on defensive. Whereas moving NATO (i.e. American) hardware into e.g. Ukraine would be just the inverse of a hypothetical Russia stationing nukes in, say, Cuba… oh wait.
The “security” tie in is, how to build a home shelter against bottled sunshine. Yes it gets hotter than thermite! 😉
As to the Internet, don’t forget, 99% of people will never go to the lengths you imply to get around a shutdown. By comparison, in America, count how many people can avoid surrendering to the Empire of Zuckerberg. That’s much easier than evading a shutdown of the country’s net.
Thoth • September 20, 2014 1:32 AM
@nobody@localhost
Nobody is innocent when it comes to politics. Russia has agenda and so does the West. Russia had a set back during Cold War when the Soviets lost power which gave the West some good catching up game. Russia’s intentions are obvious and so is the West. Latvia, Lithuania, Ukraine, Georgia and so on are in the Russian Empire’s crosshair and has always been. These poor former Soviet bloc countries wanted to have a taste of better life by allying to the West because the promises of the Soviet did not deliver. In turn, the West used these bordering states near Russia to their own advantages and Russia did not like the proximity of these countries (I wrote about something to do with geography and politics in another post). Russia wanted to expand to it’s former size as well but is weaker than last time to do so properly. Putin is said to be hording resources for such an enterprise to regain lost lands in it’s point of view.
Put it in simple, poor countries want to have a taste of Western rich lifestyle via having the West as friends but the West and Russia squeeze and make use of them 🙂 . No one is innocent in politics. It’s either you get eaten or you eat others.
Regarding Internet shutdown, it’s just suggestions. They have a less connected and slower pace of life which would see lesser dependency of the Internet and technology. If the Internet is gone or electricity goes out, they simply use horses or walk by foot.
T!M • September 20, 2014 2:43 AM
@ Trip
Thank you for your reply. It’s frustrating, but I won’t give up.
Chris • September 20, 2014 7:12 AM
@Clive
Hi well I assume you are correct in this, it was quite late last night when I thought of it and the first thing that popped in my mind was to separate the Data and the Computing end,then I thought of Ethernetboot to achieve that, which ofcourse might have other issues as well.
So dont have any answers to that its a peculiar problem.
//Chris
K-Veikko • September 20, 2014 11:24 AM
GPS-signal
If I was evil minded and owned the GPS satellites, I surely would force data users / gps-chip manufacturers to use my closed-source-code to be able to use the signal.
Of course the satellite data signal would include parts that trigger certain activities in the chip.
BoppingAround • September 20, 2014 11:44 AM
Thoth,
that can be bypassed by using the network of neighbouring countries.
I think they have covered this by some sort of ISP levelling. I recall a law or something. As if there are federal ISPs, then there are lower grade ISP who may make links (?) only to federal ones. And the federal ones would be the only ones allowed to link with foreign networks.
I don’t remember the real status of this though. Maybe it was just a proposal.
M • September 20, 2014 4:47 PM
About recent posts on fake cell towers, imsi catcher and these threats..
An Italian newspaper speak about a “tap-proof” phone.
Reading article thus searching some further info, theorically an android app that monitors baseband activity and warn about suspect activity (“gsm firewall”).
Not clear:
-hardware requirement (only samsung galaxy s3? if yes why?),
-if is the sw in cryptophone or a different project/sw.
“… It’s called ‘Darshak’, and is basically an application for all Android smartphones. The researcher has developed a Berlin of Indian origin, Ravishankar Borgaonkar, a security expert who works at the Department of Telecommunications at the Technical University of Berlin. It will tell if the phone is tapped and at the same time to turn off the ability to pick up his communications. The technology developed is able to detect any system that captures Communications..”
reasearcher paper (black hat 2014 slide):https://www.isti.tu-berlin.de/fileadmin/fg214/ravi/Darshak-bh14.pdf
reasercher home page:https://www.isti.tu-berlin.de/security_in_telecommunications/menue/people/senior_researchers_postdocs/ravishankar_borgaonkar/
Question • September 20, 2014 5:09 PM
Any thoughts on Virtru for email encryption? They were featured in the nytines several weeks ago.
Nobody • September 20, 2014 6:49 PM
@Question
Under no circumstances would I recommend the use of Virtru for email encryption. The most important reason for not trusting it is that it is not free and open source software so it’s impossible to tell whether or not the implementation is sound. Also, should the software become popular it would lock many people into a proprietary communication protocol that may not remain trustworthy in the future. Finally, I would shy away from any system whose trusted components execute inside a web browser.
Besides, why would you want to use Virtru when we already have a perfectly good, well researched and free-as-in-freedom email encryption system?
Question • September 20, 2014 10:35 PM
@Nobody
Virtru’s much simpler user interface.
Thoth • September 20, 2014 11:11 PM
@Question
Simpler user experience may not give proper security. Security and simple usability should be combined but for Virtru, it maybe easy to use but it does not prove itself to be secure yet unless it releases it’s source codes.
Nick P • September 20, 2014 11:16 PM
@ Question
None of them are secure from the likes of the NSA or FBI. What they’ll do is attack the phone, desktop, whatever that runs it with one of their targeted or automated kits. Then, they get the stuff as you type it, they get the keys, or some other combination. It takes certain very rigorous design choices to beat a government (without any guarantees of that either). Under international security standards (Common Criteria), it takes at least an EAL6 system (from hardware up) to have a chance of stopping those kind of attackers.
Guess how many of these apps were designed and certified to that standard? I’ll give you a hint: it’s a multiple of 0. 😉 So, at best, they’re stopping vanilla hackers while letting good hackers and government hackers get your data. Keeping governments out of it isn’t easy. One of the few I endorse that uses methods similar to mine is Tinfoil Chat. The guy behind it is smart and makes a good attempt. Of course, it uses one time pads instead of something more convenient but it’s got the lowest chance of code injection that I’ve seen. It just makes it physically impossible for that to be a problem without them targeting you specifically, maybe physically. Only concern I have is covert channels in the protocol but that’s vastly better than the risks of other clients.
Nick P • September 20, 2014 11:36 PM
@ Will
My motivation was that I was the exact type of guy the administration of the time might target. People had already started closing shop, disappearing, committing suicide before trials, etc. There was even more going on that set off alarm bells. Here I was a critic of the Administration, a Constitutional-rights activist, a privacy activist, and a designer of privacy/anonymity technology that NSA didn’t seem to be capable of beating with easy methods. I guess at least the latter was productive because a combo of misdirection & good techniques seemed to work pretty well: no evidence main aliases were traced. I can’t even remember them as I always wrote it on paper and burned it later.
Of course, I only gave my stuff to very small numbers of people or businesses under NDA and trade secret law. No patents, no publicity, etc. Worked better that way as I got benefits of obfuscation plus good security engineering. Also, made me a small threat so I could just close shop when shit happened, build myself some insurance, and then just post lessons I’ve learned to the next generation on a widely read forum. I’ve been doing that for years with few results. I still do it though.
And now I live in near poverty at a low paying job without previous references posting cutting edge security engineering for free on blogs and to project leaders hoping to influence them into doing it right for once. (shrugs) Life is what it is. Maybe I should’ve taken a job at Goldman instead. But I am that I am.
Nick P • September 20, 2014 11:55 PM
@ Observer
“Cantenna, Backtrack/Kali … hacking. Another criminal offence to add to stack. IMO, no need.”
You do it from the woods or a place where you’re not scene. Cantennas on houses with the right equipment can interact with even open wireless networks over a long distance. The speed drops considerably but what the hell will anyone know without the right talent doing a site survey? If you’re mobile, keep the main gear in the trunk barely open & close it (casually) if you think a cop is coming & might mess with you. (Don’t ask how to know because I’m not making a HOWTO for crooks.) The fact is you can say you don’t consent to searches & have the stuff thrown out in court. You will loose your gear, though, in high probability. And if you recorded the conversation even better.
“Directional antenna on house: perfect circle of hacked wifi lol”
That’s one thing I did.
“Beat Javascript Tor attack with NoScript, I believe.”
Not a straight browser attack, though. Good news is that they’re less in number than before. But, the recent person hacking Chrome with 4-6 bugs strung together shows how easy it still is. Even people without much experience are pulling it off. One should assume the big TLA’s might be doing the same by hiring such people. Mainstream browsers’ attack surface is just ridiculously huge. It’s one of reasons I’m against Web and for Internet technology instead.
“How FBI get mobile dongle IP?”
They take over your system with whatever it loads and it tells them. The fact that you use VirtualBox might help as it might have privileged access to your Ethernet card. I remember some kind of attack where they loaded pcap or something onto the system to mess with raw Ethernet. These wouldn’t have been available if it was just an app accessing a networking API, esp with interface checks. So, virtualization’s privileged status might make your endpoint less secure as it’s more code to attack & at a lower level. Less code, less bugs & less trusted code, less vulnerabilities… Bernstein used to say.
“Live CD as host OS is best idea. Thin client, yes? Linux OS with Virtual Box only. Stripped down bare. Which Linux distro best for this?”
When they hack the endpoint, they can probably tell if they’re in a virtual machine. So, I just used a Windows or Linux OS with a way to get it to a clean state before each boot. They have BIOS, peripheral firmware, etc attacks. You didn’t mention them hacking your hard disk or ethernet controller, then using it to ID your machine. NSA’s TAO and their partners (20+?) can do that per leaked TAO catalog (plus academic work). So, you might not be safe if they target you. If they don’t target your alias, then these advanced methods might not be used & you might be safe if you blocked the browser attacks.
Btw, is Observer a Fringe reference or totally unrelated?
Chris • September 20, 2014 11:56 PM
@M
Re Darshak
Hi this looks similar to another project called AIMSCD “Android IMSI Catcher Detector which you might want to have a look at since it works on all Androids not just Samsung S3.
Havent heard of this one before, maybe he/they should go together and share information and do one good product. I like the idea of showing the encryption but not sure if it works since showing the encryption can be disabled in the SIM card with a flag.
Which brings me actually to a question on Android, I would assume it makes at least certain types of IMSI catchers life harder to disable 2G completely and as far as I know its possible to do by dialing ##INFO## and from the MENY where it says “Set Preferred network type: set the value to “WCDMA Only”
If the INFO page doesnt work there is a downloadable software on F-Droid called NETWORK that does the same thing, its a shortcut to the Hidden Android INFO page.
So any thoughts of disabling 2G and what implications it would have for IMSI Catchers
//Chris
Adjuvant • September 21, 2014 1:51 AM
@nobody@localhost: “Pretending that UK or France or (West) Germany was and/or are independent of America, is as stupid as pretending Poland or East Germany or Czechoslovakia was independent of Russia during Cold War.)”
Specifically in relation to Germany: I’ve recently stumbled upon some very explosive claims about Germany legal status that I haven’t seen raised here to date. Given that they appear to come from highly credible sources and that they appear to provide crucial background to current events, forgive me for taking the liberty of quoting at length.
GenMaj (Ret.) Gerd-Helmut Komossa, the former head of Germany’s MAD (Military Intelligence), came out in 2007 with a book entitled DIE DEUTSCHE KARTE. Das verdeckte Spiel der geheimen Dienste. (Graz: Ares-Verlag, 2007). alleging in essence that Germany’s sovereignty has never been fully restored following the Allied occupation.
There seems to have been very little discussion of the book or its claims in English, and perhaps unsurprisingly, all the media coverage seem to be by Russians: e.g.
http://rt.com/usa/germany-us-pact-komossa-978/
http://www.iraq-war.ru/tiki-print_article.php?articleId=164827
I’ll quote the second of those reviews at length, omitting some of the more grating elements:
Ex-head of MAD reveals shocking details of the 1949 US-German secret treaty
The book is focused on contradictions between the United States and Germany, sometimes very strong but not supposed to be discussed in public. It was published in Austria, and its distribution in Germany may encounter certain difficulties today. Still, the very fact of its appearance indicates that the German intelligence community is increasingly dissatisfied with the role of a vassal of the United States (the definition applied to Europe by Zbigniew Brzezinski), imposed on Western Germany after World War II.
Gerd-Helmut Komossa reveals the uncomfortable truth about the post-war conditions, dictated by the US and its allies. The state treaty, dated May 21, 1949 and classified by BND as top secret, suggests restrictions of state sovereignty of the Federal Republic of Germany, introduced for a period until 2099. These restrictions include the provision that the winning coalition exercise complete control over Germany’s mass media and communications; that every Federal Chancellor is to sign the so-called Chancellor Act; that the gold reserve of Germany is kept under arrest.
Partial corroboration of these assertions comes from Prof. Josef Foschepoth (U. of Freiburg), author of Überwachtes Deutschland. Post- und Telefonüberwachung in der alten Bundesrepublik (Vandenhoeck & Ruprecht, Göttingen, 2012) as interviewed by Deutsche Welle last year on NSA spying:
http://www.dw.de/nsa-permission-to-spy-in-germany/a-16981062
NSA: permission to spy in Germany
Germany has been under surveillance by the United States for decades, and German leaders have been fully aware of it, says historian Josef Foschepoth. The reason? Secret post-war accords.…
[Foschepoth:]The so-called General Treaty, which regulated ties between Germany and the three allied powers, went into effect in 1955. The Federal Republic was to have the full powers of sovereignty over its domestic and foreign affairs. What did that mean for the surveillance strategy of the Americans?
These formulations, of course, are always very nice and are meant for the public, more than anything. Ten years after the end of World War Two, the Germans felt the fundamental urge to be a sovereign state once again. But that was not the case at all because in the treaties from 1955 – it was volumes of treaties – were secret supplemental agreements which guaranteed key rights for the Western allied forces; among them, the right to monitor telephone and postal communications.
[DW:] What was the motivation for the German side behind all this?
[Foschepoth:] The Americans exerted massive pressure. They did not want to give up this territory, which was geostrategically important for its surveillance operations. German leaders, of course, wanted to be able to say that we now had a bit more sovereignty; in other words, a few strokes for the reawakening national psyche. Of course, what they didn’t say was we had to accept the same circumstances we had in the past under the occupation in the future as well, due to the international treaties and secret agreements. And these agreements are still valid and binding for every German government, even today.
[DW:] How could these agreements survive all these years?
[Foschepoth:] They were secret. The US had build a little America with its bases, in which the German government could not govern. When then-chancellor Helmut Kohl worked to clinch German reunification, he realized that this issue was a little difficult and controversial, so he said let’s just ignore it, and so, there were no negotiations over America’s special status rights. Therefore, these supplemental agreements are still in effect.
Absolutely explosive stuff, on the face of it! Again, most of the serious discussion appears to be in German and is therefore largely inaccessible to me. Perhaps some commenters here might have superior insight and be able to shed some light onto the nature and extent of the national debate in Germany surrounding the appearance of these books.
Chris • September 21, 2014 2:25 AM
Hi adjuvant. Very intresting stuff! Thanjs //Chris
Brandon S. • September 21, 2014 5:28 AM
Well just happened Saturday, but Kim Kardashian, Vanessa Hudgens, Kaley Cuoco Among Seven Other Celebrities Hacked Nude Photos Leaked Online: http://freedomhacker.net/kim-kardashian-among-other-celebrities-hacked-nude-photos-leaked-online/
Thoth • September 21, 2014 6:22 AM
Breaking the spine of SSL/TLS…
Put it simply, you share your session key (symmetric session key) with Cloudflare (Content Providers/Your Content Friends) and that’s how you push your problem to someone to solve. Now someone can easily inspect HTTPS session data since the session keys are in their hands.
1.) Can you trust them to sniff your HTTPS data ?
2.) Do you trust their new hype technique ?
I just heard the spine of SSL/TLS getting wrenched and twisted backwards by another couple degrees.
When is SSL/TLS going to snap from misuse ?
Skeptical • September 21, 2014 2:11 PM
The CIA recently posted hundreds of declassified articles to its website as part of an effort to settle a lawsuit brought by a former employee.
Two that may be of interest:
The Evolution of US Government Restrictions on Using and Exporting Encryption Technologies appears to be a late-90s snapshot of the state of affairs, with an interesting historical perspective on events to that date.
Yardley Revisited is a colorful account of the life of Herbert Yardley, with special attention obviously to his work in cryptography and intelligence.
Adjuvant • September 21, 2014 4:08 PM
@Skeptical
My favorite would have to be the “Bestiary of Intelligence Writing.” Its public release obviously reflects its repurposing and redeployment as a soft power asset 😉
http://www.foia.cia.gov/sites/default/files/DOC_0000619161.pdf
nobody@localhost • September 21, 2014 11:01 PM
[Apologies to all who thoughtfully replied to this mailbox; I am currently triaging messages in the absence of sufficient time.]
@Nick P
…and then just post lessons I’ve learned to the next generation on a widely read forum. I’ve been doing that for years with few results. I still do it though.
And now I live in near poverty at a low paying job without previous references posting cutting edge security engineering for free to blogs and to project leaders hoping to influence them into doing it right for once. (shrugs) Life is what it is. Maybe I should’ve taken a job at Goldman instead. But I am that I am.
No, no, no, Mr. P! You should’ve taken a job at JPM.
***p
Characteristically, the “nobody” uid runs an unprivileged process for network-facing activity on behalf of other processes, plural. From the limited data within my memory space, and speaking for my own non-self, I infer there are projects hidden away in dark corners of the net with the purpose of “doing it right for once”.
“TL;DR” top-line question: What practical and efficacious risk minimization approaches are available to those of limited resources (“near poverty” or in actual poverty; fragmentary or highly partitioned support network) and specialized competence (writing of correct code, yes; construction of EM shielded thermite-self-destruct vaults, no) to get things done without being done for?
The principal objectives of this exercise are to publish words, code, and practical knowledge. But if the pen is more dangerous than the sword, the “who/what/why” must be evaluated accordingly. Drug dealers and gun runners risk prison; effective authors, coders, and publishers risk slipping on a banana peel, or becoming incompetent drivers, or hanging themselves without leaving a note. Most authors, coders, and publishers are safe because they are reasonably ineffective, or can be neutralized by softer means—e.g. a flattering magazine spread, a government grant, or (for the truly competent) that job at Goldman. What a weapon!
***q
Principal observations I have made or seen made:
***np
Anybody else @localhost either can’t or won’t step forward, for whatever reason (don’t ask/don’t tell). I myself have a fairly solid grasp of C and Unix, but no experience with “High Assurance” systems; and I certainly do not have the resources to do more than dream about some of the setups you and Clive describe. The best I could do within my knowledge is to throw up a sometimes-available Tor hidden service on hardware I don’t even particularly trust, play some rather creative and obsessive sysadmin chicanery, and hope that strange car occasionally parked down the street isn’t what a paranoiac might assume.
Now excuse the hyperbole, but the need for a thermite containment chamber in an underground bunker results in paralysis—just another form of threat neutralization, although admittedly far better for me than other potential ways to skin this cat. I should emphasize that nothing in the aforesaid objectives is technically illegal—yet either (a) I grossly overestimate the potential impact of those at localhost, or (b) my risk is worse than it would be if I wanted to sell heroin. If my purpose is to be effective, I should not stake my safety on my and my comrades’ grandiose incompetence. What say you?
Andrew_K • September 22, 2014 2:55 AM
@ T!M
Regarding your security.
Depending on your situation, there are two options.
If you have any clue that you are specifically on someones radar, do what is said in so many comments and raise your INFO- and OPSEC.
But to avoid being selected for such further investigation, you may decide to stay within “normal” behavior in the first place, preserving a small footprint.
If you have posted here from an IP assigned to you, it may already be too late.
Otherwise, attack the algorithms which are skimming the databases. If all your observed emissions are normal, you are normal (yes, this is a classic error in science). Mass surveillance probably is just outlier detection. Thus: Act average.
Of course, you can have a private digital life. But it then should be so private that it cannot be connected to your public digital life. And this is where all of the privacy enhancing algorithms mentioned in other postings kick in. Or just do not live your private life online (and yes, telephone may count to online by now).
Oh and yes, one careless friend or relative who knows both “lifes” can completely ruin it by linking them. So, you will have to decide whom to let into which life. Oh, and those two social speheres better do not meet to talk about you. Consequently, your private life peers have to be briefed that there is a disjunct public life.
Such a behavior may work, however, it is well known. It’s roughly how spies act. And that’s the major drawback: You will have the signature of a spy. Not that good, either (depending on the country you live in). Especially if your private life is secured so well that no one can tell whether you just communicated with a mate or whether you were selling uranium to terrorist groups.
So you have to choose the signature that will pop up if someone decides to take a closer look at you: Normal, security-aware normal, paranoid normal, careless criminal, paranoid criminal, state-grade criminal. Add your own label here.
It’s a sad game. It’s not a game. It has become SNAFU.
@ ismar, Bruce
I would like such an archive of blogs and comments, too.
@ Nick P
I don’t think, you need reassurance from me. But I highly respect such decisions and I know how hard it can be to sell seemingly bad decisions to family and friends. Also, I am thankful for the insights your posts offer.
Dave • September 22, 2014 2:58 AM
@nobody@locahost
You seem insane. I really hope your post was intended as satire.
Nate • September 22, 2014 4:59 PM
Here’s a funny thing.
Anyone looked at the NIST Cloud Standards Roadmap from 2013? http://www.nist.gov/itl/cloud/upload/NIST_SP-500-291_Version-2_2013_June18_FINAL.pdf
On page 53, it lists FIPS 185, Escrowed Encryption Standard, as a current ‘approved standard with market acceptance’ for ‘confidentiality’. Right next to AES.
FIPS 185 is the 1994 Clinton-era Clipper chip, isn’t it? I seem to recall that one having a few, uh, difficulties achieving commercial traction.
Is there any particular reason why FIPS 185 would still be considered a live, applicable crypto standard in a 2013 document describing the foundations of America’s shiniest new approach to computing for the forseeable future?
Thoth • September 22, 2014 9:02 PM
@Nate
A bad reason is compatibility which may not make whole lot of sense but it’s an option next to AES. If, within the USG (US Govt Cloud) they want to do EES to track their employees in the USG, that may make some sense but that method has already been broken by the crypto community long time ago and there are many ways to store employees keys in central key management repo (HSMs) for management.
The inclusion in EES raises eyebrows and this is yet another of those FIPS standards use only for official standards. In a bad sense, you have AES next to it and everyone’s gonna be using AES and not Skipjack/EES as one of the acceptable crypto standards.
Here’s a little funny thing most people don’t know about Thales nCipher HSMs. Thales nCipher HSMs during the generation of administration crypto keys and module key would recommend users not to turn on FIPS because the on-screen comment is that it wouldn’t provide much additional security anyway (warrant canary from Thales ??).
Let’s just put it this way, much of the FIPS are use for interaction with official businesses and nothing more. When it comes to actual security, forget the FIPS and do the high assurance stuff otherwise, FIPS standards can be cumbersome and may not always be proven helpful.
In summary, the addition of EES in the bunch of acceptable crypto algos raises serious eyebrows. Look at the list of authors as well. It might give you a clue on what they are up to.
Is this standard going to end up as one of the Dual_EC_DBRG type standards that will sound off more alarms on how much NIST is willing to change over after the Dual_EC_DBRG incident ?
Nate • September 22, 2014 9:31 PM
@Thoth: I figured there was maybe some weird legacy defense-contractor appliance out there somewhere that actually uses EES, and it’s for backward compatibility. Alternatively, I was wondering if modern key escrow systems (like for example Windows’ BitLocker) implemement EES in some form. But it seems like such a broken, nonstarter protocol, that after the Snowden revelations about NSA/NIST shenanigans, my eyebrows did rise.
Of course, I’m kind of bearish on cloud ‘security’ to start with. If your attacker controls the hypervisor, they can trivially scrape private keys from your RAM silently and in bulk. Take Amazon AWS, for instance. They run a heavily customised Xen hypervisor (which means AWS users cannot judge the behaviour of the hypervisor from the published Xen sources). NSA is a contributor to the Xen project, which means that NSA has the necessary understanding of how to modify it in interesting ways. Amazon has has also just signed a $600 million deal to run a SCI-rated Intelligence Community private cloud for the CIA. That means all AWS instances now run in an environment controlled by a major US defense contractor with Top Secret clearance. Amazon talk a lot about their strict personnel controls to meet clearance obligations; that also means that most Amazon sysadmins are not going to be in a position to know what the AWS hypervisor is actually doing, because they’ll be restricted from accessing such a sensitive component.
Putting these together, if I were the CIA/NSA I would think I would be remiss in my job obligations if I weren’t making sure that the AWS hypervisor (at least on some instances) is quietly extracting anything that looks like crypto material and sending it to a secure location. They’d be dumb not to. Terrorists are probably alrady running AWS instances, right? They’re cheap (often free) to launch, they’ve got guaranteed bandwidth, you can host arbitrary software, they get erased automatically on exit… what’s not to love? So there’s got to be law enforcement / national security processes in place, surely. Except any such process could easily be scaled up for bulk collection, because at cloudscale it’s all automated. You don’t do manual intervention in the cloud; it costs too much.
I’m intrigued though by what security HSMs would add in the cloud compute context. Amazon advertise that they have physically tamper-proof HSMs which seem to send key material via SSL over IP to your VM instance. Sounds great! Except… once it’s inside your VM’s RAM, it’s fully visible in the clear to the hypervisor, isn’t it? So how can there be any guarantee of security for key material in a cloud data center?
I’d love to know if there’s any answer to this. Is it even theoretically possible to create some kind of cloud where the hypervisor has guaranteed ignorance of the VM’s RAM, and this is verifiable by the users?
Jacob • September 22, 2014 10:19 PM
Have the East Coast District Attorneys gone insane? Or this abuse of power is necessary in order to get promoted in the Federal “Justice” system?
We have read about the extreme aggressiveness and the outragous “long arm” policy of the NY DA on various accounts, but now the State’s Attorney General of NJ is a contender in the Citizen Abuse competition:
4 MIT students are under investigation for writing a proof-of-concept program (still in alpha)that let users support their favorite web site by electing to mine bitcoins for it in lieu of watching online ads:
“(they) were hit with subpoenas from the New
Division of Consumer Affairs just weeks after winning the award (for their code).
The state’s attorney general claims Rubin and his classmates violated New Jersey computer crime laws and demanded they hand over source code for their creation and any documentation related to the tool… The authorities also demanded the names and addresses of any Bitcoin wallets used in association with Tidbit, the names of anyone whose computer was used for mining in the project and a list of web sites that may have run the code.”
P.S. I wish Skeptical would shed a light on any positive aspect of this.
Nick P • September 22, 2014 10:25 PM
@ Nate
“I’d love to know if there’s any answer to this. Is it even theoretically possible to create some kind of cloud where the hypervisor has guaranteed ignorance of the VM’s RAM, and this is verifiable by the users?”
Air Force researchers’ HAVEN project comes to mind. It uses Xen and FPGA’s I think. They do protected memory and I/O for virtual machines. Other projects do hardware attestation and boot authentication. Yet other projects and products focus on verification and tamper resistance. Such work could be combined into what you describe.
The trick is there might be subversion or regular vulnerabilities in many levels of this. The tech is often there: politicians, militaries, and companies motivation just leads them in a totally different direction.
Figureitout • September 22, 2014 10:29 PM
Nick P RE: response to Will
no evidence main aliases were traced
–Have personally had some trouble in that regard (shouldn’t surprise you) albeit there are some holes which you probably know about. Bravo.
However…RE: And now I live in near poverty at a low paying job without previous references…
–This is total bullsht. There’s no reason someone w/ your talents should be living paycheck-to-paycheck. Get ahold of yourself. Yeah, you should’ve taken that job at goldman; suck some of that money back those octopus-vampires and spend it on actual security solutions. Sign an NDA, then fck ’em and “whoopsie” their internal procedures are on the ‘net. They breed contempt by screwing everyone, literally everyone in the world in some way.
I would say contact me and we can talk, but you already know what you need to do. Stop f*cking around and get back on your feet, get a job you’re proud of, etc.
I learned a lesson in highschool, had a teacher who I hated so much during the class; she pushed the class above and beyond all the other classes, and did it w/ a smugness about her. Towards the end, the personal growth was evident as I was better off than others. Still burned all the papers from her class and made a burn-hole in the yard that lasted a year; but I was grateful for having her.
Point-being, I’m going to be that a-hole getting on your case and forcing you to at least think about getting ahold of your life (just by typing, if I have to get in your face, then I would). You can’t post security solutions for free on blogs living in a cardboard box.
Nick P • September 22, 2014 10:48 PM
@ Jacob
That story is bizarre. I have no idea what to think of it. I also doubt pulling Skeptical in on such a story is a good idea as a smart debater can really weaken your position on something that’s so open to speculation. 100 people reading this might have 100 different views on whats going on. People wanting to promote any side should focus on evidence that strongly indicates its position is true. This ain’t it.
@ Figureitout
” There’s no reason someone w/ your talents should be living paycheck-to-paycheck. Get ahold of yourself.”
You’re not the only one that’s told me that… It’s probably true. I have been putting more effort and brains into it recently. The problems I’m battling are quite considerable, though, and I only have so much mental resources. Still have managed to put together a few options that might show up in a year or so.
“You can’t post security solutions for free on blogs living in a cardboard box.”
You can if the likely alternative is living in a cell with water given to you in inhumane ways because you supported people who gave up their freedom voluntarily. Such potential existed for years. I’d just really like to see a better national result for such sacrifices. Anyway, I do quite a bit even as I scrape by. More than most Americans or even what anyone could demand of me personally. So, I could certainly be better but could’ve been much worse.
A positive note: I recently invented a security solution that could (a) make most SIGINT go dark without much effort or (b) make hackers’ efforts go dark while allowing lawful (even if hated) surveillance. Option b might go over better in Five Eyes territory, among others. The solution can leverage existing hardware, costs little to add if it doesn’t, has little to no performance overhead, beats all known code injection attacks + many unknowns, can be formally verified if desired, works across architectures, and is functionally good enough for at least servers/appliances. Thinking carefully for now about how to approach getting it to market in a way that balancing all parties’ needs.
Figureitout • September 22, 2014 11:14 PM
Nick P
–What problems?! Frickin’ say it or give me a channel to say. Stop making excuses. I can do that too and be lazy and not honest w/ myself.
I heard jails give you internet access; I’d better be given at least my books I want and a pencil and paper for the most epic post ever once I’m done serving lol. Being homeless, you’d have to steal an iPhone6 or Samsung S5 and root it after a while, which wouldn’t be hard as some people leave their phones out way too willy-nilly.
RE: positive note
–You better either keep your mouth shut if you have such a solution and SELL it and make some $$$ or release it freely and become famous that way if it truly is what you say it is.
Thoth • September 22, 2014 11:55 PM
@Nate
HSM is NOT SUPPOSE to send key mats outside itself (especially in FIPS 140-2 Level 3 and above mode). The only time it does send key mats outside is when you explicitly run the HSM command to export in plain mats but that must comply to FIPS mode checking, internal HSM policy checking (HSMs have ACLs and policies) and you must present the “Security Officer” key or in simple present admin keys (K/N quorum maybe required to recreate admin keys) to process the request.
How HSM work is you store/generate a HSM protected key and you send plaintext to HSM and HSM does the crypto for you. In the case you don’t want HSM to do crypto, you create a DEK (Data Encryption Key) and you use the HSM to protect your DEK with it’s own HSM generated KEK (Key Encryption Key). When your app starts, the HSM releases your DEK when you authorize and authenticate to your HSM. You then use your DEK to decrypt data with your own algo/crypto provider. What you describe is not a HSM at all…
There are studies of ORAM (Obvious RAM) computation and so on but they are just studies after all. One note is that why should Amazon provide ORAM/Strong Crypto/HSM support to users ? They are compelled by Governments and it is not their business model to secure you but to secure themselves (by compiling to NSLs, TLAs ..etc..) so that they can run their business in peace with China, Russia, US …
@Nick P
Start with something gentle to get back on your feet first. I wanted everything but I may end up with nothing if I don’t start with something easy. I knew that I wanted to propose and study more into security setup but I need to be self sufficient first so I have to do stuff that may not be relatively comfortable to my conscience. In my job, I would say I have seen things done against my conscience and I have to do stuff along that path as well. I try to even it out abit… I try to give hints if I am asked to do things against my conscience. Once I am free, I usually try to promote methods to remediate it. Once you have gotten a hold, some ground to stand on, you can start to pursue your ideology. Well wishes.
Nate • September 23, 2014 1:16 AM
@Thoth: Thanks, that makes sense. So an HSM is a dedicated hardware crypto engine.
I was going by the Amazon docs here: http://aws.amazon.com/cloudhsm/details/ , which say ‘You use standard Amazon VPC security mechanisms to control access to your CloudHSMs. Your applications connect to the CloudHSM using a mutually authenticated SSL channel established by the HSM client software.’ and also say that the AWS user must manage the generation of their own keys.
Obviously an AWS user doesn’t have physical access to the AWS cloud, so I figured key material has to get onto the CloudHSM through an attached Amazon EC2 instance. But I guess you don’t have to send the keys to it from an EC2 instance – you could send them through an SSL link from a physical machine on your corporate network, so that’s not so bad.
I’m sure EC2 instances still expose decrypted plaintext to the hypervisor. Just not your actual keys if you use a CloudHSM, and if you can trust that the IP address you’re talking to actually is a CloudHSM (are there ways to verify in software that it’s not been tampered with?)
This is available for the global AWS network, so it’s not military spec security – GovCloud and IC Cloud presumably have higher security hardware available.
Nate • September 23, 2014 1:20 AM
@Thoth Also, reading the FAQ, the SafeNet Luna SA (the HSM Amazon use) is not FIPS 140-2 Level 3 compliant. It’s Level 1 and Level 2 only. http://aws.amazon.com/cloudhsm/faqs/
Thoth • September 23, 2014 3:00 AM
@Nate
If the HSM is set not to FIPS level 3, the keys can be exported and exposed along the line. Luna HSM has a FIPS level 3 mode but in the instance of Amazon, they only enabled FIPS level 2 mode. If I remember correctly, Luna HSM stores the keys inside the HSM physical module (a key storage compartment in the physical HSM device). According to the page it say FIPS 140-2 which is the FIPS document designation. It does not specify the FIPS 140-2 levels (it has 4 levels). Luna SA is ceritified to Level 3 of the FIPS 140-2 standard.
Luna HSM comes with a tamper checking command (need to search) that you can run to display if tamper has occur but I am very skeptical.
Going to the part on the SSL between HSM client and HSM, Luna chooses to use that as the communication tunnel. Keys will usually not leave the HSM another HSM is installed (load balancing) then the encrypted key materials would be replicated from one HSM to another HSM. The usual traffic between the HSM client would be to send operation jobs to HSM to execute which for most part it would be encryption/decryption work.
From the AWS charts, it seems the keys are not leaked outside the HSM services. The only thing that probably can be leaked is the message plaintext (encrypted/decrypted) from the applications instead of the keys.
Normal FIPS 140-2 Level 3 HSMs are not suitable for military grade (but maybe suitable for non-critical Government stuff). You need to look at the EAL levels as well. Most HSMs are at EAL 4+ and rarely any of them ever exit EAL 5 and above. As Nick P has always spoken about EAL levels, the level 6 – 7+ ranges of EAL stuff are the ones that military will look for during contracting as these are the stuff that has the actual capability to stop state level threats. If the HSMs are for financial use and non-critical stuff, they would usually ask for FIPS 140-2 Level 2/3 with EAL4+ as the baseline.
I don’t think the EC2 instance has anything to do with key materials because in the design of the Luna SA, your keys sit inside the physical HSM itself. You will only get idle keys if you generate or import keys or keys are created without the use of the HSM as the crypto provider (e.g. HSM’s PKCS11 module). Once you import your own generated keys (non-HSM governed keys) into the HSM, you need to wipe them (shred).
How you usually call your keys are via key handles/references which are simply ID strings assigned to keys. You call a load key command with the ID of the key which can be placed outside the secure zone of the HSM. Afterwards, you feed in your plaintext to the HSM and it spills our ciphertext back at you (you may need to authenticate).
Key transfer via load balancing or migration is either done by KMIP protocol, SSL links with proprietary protocols or full proprietary protocols. KMIP is used for inter-HSM communications and an open standard to transfer non-FIPS 140-2 Level 3 and above keys. Once FIPS 140-2 Level 3 is switched on, you cannot transfer them (typically not allowed but in some HSM cases you can transfer between a FIPS Level 3 to another FIPS Level 3).
TRX • September 23, 2014 7:07 AM
Several months ago, the foreign ministry of germany
has asked all foreign embassies to give a list of all
their secret service personnel;
If I was the security chief at the embassy, I’d give them the names of every American stationed at the embassy, a supplemental list of German employees, and a list of “known associates”… local vendors, service people, and any foreign or German government staff we regularly interacted with.
Thoth • September 23, 2014 7:45 AM
@TRX
Your idea is good. I wonder why the Foreign Ministry of Germany never thought of that. Are they just going through the motions to pretend to be worried about spying or do they already know the spies and already have dealings with the NSA/FBI/CIA…etc… but are doing it just to cover their tracks and say they have no such dealings and pretend to be outraged at the American spying on Germany ?
Incredulous • September 23, 2014 10:11 AM
Re Skeptical
The evolution of government restrictions article is interesting. It ends in the 90s with a mandatory key recovery/key escrow system. What ever happened to that? Is it in effect any more in any sense?
@Nick P
I have had a similar trajectory to lesser paying work. But it was largely voluntary. I led a few terrific projects in the corporate world, but with years of boredom in between. Really there is no amount of money that can buy your wasted time back. So I went to freelance, sporadic work, no yearly bonus. I decided to enjoy time and freedom and satisfying work rather than trying to compensate for lack of time and lack of freedom and lack of satisfying work with money. Cutting out the middle man…
This led me to move offshore to a place where a near poverty income in the US buys a near upper middle class lifestyle. A poorer country with less money for pervasive surveillance. A place where you can have a positive impact starting schools, building hospitals, aiding local cooperatives.
There is plenty of remote work available with a little searching. The companies that want you in person are often the same ones that want to run your life anyhow. Freedom buys a lot more life than money does.
Re OpSec
I am beginning to wonder whether all this hiding is necessary. Probably the NSA knows who we all are. But the fact is: We are not criminals, we are not terrorists, we are only people who still believe in the vision of civil rights and democracy we learned in school: Freedom from arbitrary search and seizure, privacy, freedom of speech, freedom of travel, freedom to petition for redress of grievances, freedom to elect people who represent our interests. Do we need to hide? Should we hide in any case?
I am about to put out a small-scale open source encryption system. Carefully written using established algorithms, all open source. I do not claim to be an expert, just a student. I would love to get the list’s feedback. But it is also a demo of my coding that will hopefully draw follow on work. So I don’t really want to obscure my identity. Do I need to? Is there any point? Should we agree to live in the shadows?
Nick P • September 23, 2014 10:47 AM
@ Thoth
Nice breakdown on Luna. I’ll add that the company works closely with the NSA (eg here), is certified by government with implicit NSA authorization, gets contracts from government, and uses their patented ECC algorithms. Five Eye’s likely has a backdoor in them. That said, if Five Eye’s is outside threat model, their more highly assured HSM’s (esp used in Type 1) are likely more secure than most stuff on the market. Even if not high assurance, that the key doesn’t leave the device, their engineers can meet NSA standards, and that they put in effort above commercial practices are a good thing. I like the ProtectServer HSM as it allows custom software in the device.
There might still be hardware attacks that bypass tamper resistance, firmware attacks many don’t watch out for, and EMSEC issues that could leak keys. The Type 1 devices will cover EMSEC, but commercial one’s usually don’t. (Smartcards are an exception.) And Russians surely know how to take advantage of that. Not sure how many others can as well.
My solution I posted here a long time ago was just to put a bunch of smartcards into a box, put a load balancer in them, and now you have your own highly assured crypto offloading. 😉
Thoth • September 23, 2014 10:55 AM
@Incredulous
As long as history have known, Governments have not been very kind to people who are free to voice out. I do so most of us here really have nothing much to hide but we respect our precious “freedom” greatly. We have lost most of the “freedom” we have and we are trying to cling onto what’s left behind. We just don’t like to be used by the powers that be to make good examples in front of the public in some ways for their propaganda machine. We have nothing to hide but we know that the people we care so much about around us whom maybe targets of Government agendas might fall prey because of our carelessness on securing ourselves (that’s what’s exactly happening to everyone).
It’s not just the Governments we are trying to protect our rights from. We are also trying to protect ourselves from being harassed and manipulated by the wills of others like the Corporations and Organisations, hacker groups, hacktivists and so on and so forth.
We just want what remains … our remaining piece of paradise if you will … stripped much from us for the selfish enterprise of others.
It may sound all grand, but ask yourself… what do you envision of the future ? Are you going to use what you have now to try and push that vision of paradise into reality or just sink to the bottom of the ocean and lay quietly forever and move with the currents and waves ? In simple, what do you really want from your heart ?
There are some people here who work for the benefit of others or just themselves, and some who are here to spite others and create tensions and also some here to observe.
The main idea is not to live in the shadow. The main idea is to try and secure your boundaries for the benefit of others that you would be not be a stepping stone that would cost others their freedom.
It all sounds unbelievably good, but what’s our own intentions ? Who knows …
T!M • September 23, 2014 11:12 AM
@ Andrew_K
Many thanks for your long reply.
I don’t think that I am on someones radar (beside the global surveillance watchlist we all are onto) and I think my interests in information security can be classified as normal. I am interested in producing less traces and I think I found some nice ways to reduce them, but maybe this let me look a bit abnormal to the filters in the digital world. I don’t know and the NSA wouldn’t answer me, if I would ask.
“If you have posted here from an IP assigned to you, it may already be too late.
I don’t, but I think there is always a way to find it out, if money and time isn’t the problem.
Example:
If I would sit in my car next to a cafe with open wlan, accessing with a stolen notebook, using VPN plus Tor plus a hacked server somewhere in asia and only accessing this blog to post answers, I am sure there would be a trace, too.
Traces I think of in this example:
If I would be NSA and wanted to know who T!M is, maybe because I use Tor in this example, I would start with my Posting. What everyone can see is the date and time I posted it (time of the server, my time can be different).
Posting leaves metadata on the webserver, but also on the provider-systems routing my connection to the webserver. I think the NSA is able to get my source-ip for this posting on that way and follow it back to the hacked server in asia.
If there is a server in asia so stupid configured, that even I can abuse it for relaying my request, then it should be no problem to find out the source-ip of the tor-exit-node. Now I have to suppose that the NSA runs many exit-nodes by itself to get more details about the accessing systems or has manipulated the existing node or did whatever needed to trace my communication back to the vpn-server I would have been connected to.
Viewing to the list of vulnerables on all hard- and software-levels and the implants for having an backdoor, the VPN-Server shouldn’t be a show-stopper to reveal my origial ip-adress given by the internet cafe.
The internet cafe is no moving target, so the coordinates would be found out very fast. It’s crowded with many people armed with smartphones publishing their exact gps-position and full of the wonderful abusable features to take pictures from the area to use face-recognition to identify all the people there and in a 50m radius (plus the cars numberplates, too).
Maybe they wouldn’t catch me instantly, but if I would use this cafe often and they would be very interested to stop me, I think the cafe would have one or more guests more the following weeks, watching out for persons who are there when T!M is posting something.
Sure, this is a theoretically constructed example and maybe locating me is harder or easier than I think, but to be honest, this would be too much effort for me. If I would plan something very illegal I would invest more time to find a better solution than the example above not the get caught (more than in the illegal plans itself, just to avoid going into jail:-)
So, what was my intial question again … oh, yes, If I just want to be a smaller target for spam, trojans, phishing, worms, etc. people use to get access to my computers, privacy, money, etc. what would be the hardware to choose, without get completely away from the digital world?
I thank Mr. Snowden for leaking the informations to clear things up, but it costs all of the trust I have had in the past in companies and systems. Now, I have only the chance to reduce the informations my digital-profile is made of. Yes, it is a sad game.
name.withheld.for.obvious.reasons • September 23, 2014 1:53 PM
@ Nick P
You can if the likely alternative is living in a cell with water given to you in inhumane ways because you supported people who gave up their freedom voluntarily. Such potential existed for years. I’d just *really* like to see a better national result for such sacrifices.
I share much with you Nick. My own efforts have been hobbled by an overtly hostile environment where corporations and governments are actively engaged in subverting competition or dissent. We live in most troubling times and I find it more difficult to hold out hope that people (much of what you endeavor to do is an exercise that amounts to whistling in the wind) will step up and do what’s necessary and not what’s easy.
I’ve emptied my pockets to address, directly and indirectly, to answer what I see as the success of idiots being cheered in by the crowd of idiots. Reason has given way to asinine behavior, strategies, and thinking. Until we can pry power from the reins held by the stupid we will all suffer. And, many have commented that the horse has already left the barn. That indeed “we” are whistling in the wind.
name.withheld.for.obvious.reasons • September 23, 2014 3:16 PM
@ Incredulous
I am beginning to wonder whether all this hiding is necessary. Probably the NSA knows who we all are. But the fact is: We are not criminals, we are not terrorists, we are only people who still believe in the vision of civil rights and democracy we learned in school: Freedom from arbitrary search and seizure, privacy, freedom of speech, freedom of travel, freedom to petition for redress of grievances, freedom to elect people who represent our interests.
Well said! I have been lamenting the fact that the Army Field Manual FM 3-38, section 3-46, has defined hackers, not crackers, as enemy combatants and has okayed the use of deadly force to defeat hackers.
Having been a ham hobbyist in the early 70’s and a hacker in the late 70’s (a label that held prestige) now represents a real threat to my own personal security because of someone else’s perspective of what constitutes a threat. I have provided information to industry and government in the past that helped reduce overall threats from black hats. Being a “gray” hat (a white hat by law, black hat by skill) is a lonely place. Gray hats make white hats look like idiots (thus are treated with disdain) and black hats hate gray hats for giving away their “secrets”. So today, by virtue of an incorrect and inane use of the term hacker, I must look into the sky for threats to my own physical being. Because of idiots I can not only be persecuted–I can be summarily executed. WTF!!!
Nick P • September 23, 2014 10:51 PM
@ Andrew_K
Appreciate the support. 🙂
@ Figureitout
“What problems?! Frickin’ say it”
Can’t do that unfortunately. Must simply endure and try to push through it.
“You better either keep your mouth shut if you have such a solution and SELL it and make some $$$ or release it freely and become famous that way if it truly is what you say it is.”
I plan to. Got to find the right investor for the setup I’m doing.
@ Thoth
Sounds like a decent plan. Appreciate the comment.
@ Incredulous
“This led me to move offshore to a place where a near poverty income in the US buys a near upper middle class lifestyle. ”
I actually considered that. Just not sure which of those countries I’d like to live in. Preferrably, decent legal system, lower American influence, quality of life, and plenty of good Internet connections. Any suggestions?
” Probably the NSA knows who we all are. ”
Only those who use what it watches: electronic devices. The less are in your private life, the less they know about you. The rural, Amish, and other groups that use less technology are almost certainly giving the NSA headaches.
“I am about to put out a small-scale open source encryption system. Carefully written using established algorithms, all open source.”
Start with NaCl as they have a good, easy-to-use library. Then use books like Practical Cryptography and taxonomies of known vulnerabilities in crypto use.
“Do I need to? Is there any point? Should we agree to live in the shadows?”
Depends on how much you value your freedom, life, or property. And your success level. If it’s not adopted or polished much, then you’re probably fine. Otherwise, who knows what they’ll do. They’re not consistent.
@ name.withheld
“I share much with you Nick.”
This I know. 😉
“I’ve emptied my pockets to address, directly and indirectly, to answer what I see as the success of idiots being cheered in by the crowd of idiots. Reason has given way to asinine behavior, strategies, and thinking. Until we can pry power from the reins held by the stupid we will all suffer. And, many have commented that the horse has already left the barn. That indeed “we” are whistling in the wind.”
If I do get back in the game, I’ve considered just taking up work in foreign countries in eg Europe where citizens value privacy and mass espionage is kept to a minimum. Switzerland is a top consideration as it’s woven into their culture and laws. In any case, if I do stuff here, I’ll have to build in intercept and do it carefully to maximize my users’ privacy. I posted an update to my ideas on that here. What do you think about its design meeting requirements?
Thoth • September 23, 2014 11:13 PM
@Nick P
I would say the revamped high assurance phone intercept with compromise on both ends sounds interesting but the problem I can think of is simply human nature. The powerful will always want to be more powerful, the greedy more greedy and the jealous more jealous. If it takes off, those in power might want to propose something to increase their presence and a balance has always been difficult in this era of fear, uncertainity and doubt. We are living in an era our technology is far more superior and advancing in leaps and bounds but our human mind, morality and ethics (includes our laws) cannot keep up. We are still running off our base desires and instincts. I guess the end result would be a reversal to yet another phone intercept with the high assurance stuff removed.
I adopt a more hardline approach to the problem. If the powers that be cannot behave, we cannot give them chances to worm around. An absolutely high assurance with no compromise approach in my opinion would have the best results. The Jackpair device (previous posts) is a good example at people who are trying to snatch back privacy. It is not high assurance rated yet but makes a good effort. Push out a blank device with no crypto firmware and make users download a verified copy of the firmware and make the flashing of the device easy. That way, selling the blank device is not considered a violation of export control. The device turns into a controlled item (in certain countries) once the crypto/high-assurance firmware gets flashed into the open and blank hardware.
Living in the Perfect North Korea (Singapore) where every single conversation can get you behind bars at the whims of those whom decide your fate, security and assurance should be a boolean.. either yes (enabled full security and assurance) or no (allow intercept).
Thoth • September 23, 2014 11:24 PM
@Nick P
By the way, security is something pretty much esoteric to many other people. If they see that a product has a mechanism for CALEA, it will trigger the natural defensive mindset in-built into human mind and it might not get a good reaction. The “feel secure” factor must be in place as well. Not to forget the complexity of such a CALEA enabled yet secure system might be hard to build and the sheer complexitiy would definitely have tonnes of problems. A purely secure and highly assured with no compromise setup would be much simpler. If it is a password protected form of high assurance no compromise setup, the LEO must find a way to squeeze that password out or get nothing. They will need to rely on their human interaction to get things to work.
name.withheld.for.obvious.reasons • September 24, 2014 1:17 AM
@ Nick P
On a first and quick pass at your requirements I see much I like. I am especially excited to see you embrace Wirth and explicitly reject JIT. The idea of a physically fixed base architecture (and we discussed before), I am not opposed to a socketed of “bussed” firmware interface…my preference is starting with a design that is correct and provable (I didn’t say perfect).
I know you’re a fan and am just expressing for the others that are interested. And I mentioned a two layer ASIC approach that could have an abstracted computional layer (kind of like separation kernel(s) in hardware). I believe we, last we “spoke”, were on the verge of flushing out a workable solution.
Must of my reservations at this point are supply chain based (atmel, microsemi, Xilinx, etc ) and tool chain. I believe a pure VHDL Implementation could be verified if mask controls are absolute (mapped versus scanned gates and CLPD/LUT’s) for ASIC AND FPGA implementations. No shadow cells!!!
As for a place to live, I am reconsidering everything–including taking up landscaping in the Sahara desert or some such “away from all the bullshit” environment.
Andrew_K • September 24, 2014 2:23 AM
@ Thoth, TRX, Benni
Regarding the spy-list germany requested.
I’d say this is nothing else than a PSYOP directed at the German population. To those familiar with Intelligence, there were no news. But to the public, it was news that there are spies working in Germany. Thus, the public needs some reassurance that the Government acts in its interest. This is what we see.
I don’t think that these lists will have any consequence. I don’t even think that foreign powers are expected to answer truthful.
@ Thoth
Regarding the rather philosophical questions on what the future may become.
German writer Erich Kästner said that “Freedom [of speech] must be used before it’s called treason” (the quote may not be 100% correct, apologies, but you get the idea). Every time I find myself thinking whether I should submit a comment and make myself visible to open source intelligence, I remember this quote. And that’s the chilling effect of what the five eyes are doing: Altough perfectly normal and absolutely legal, I start restricting myself from communicating. That’s the future. No one will need to stop us. We just stop us ourselves.
@ T!M
You’re welcome 🙂
Aside, your scenario is way more complex to unroll than my hiding would be. I’d just use a rather huge companie’s network belonging to a company engaged in IT security anyway — thus, activity on this blog from their outgoing NAT as well as an incoming tunnel (just like homeoffice guys use them) may be in range of standard derivation. Of course a problem in case agencies have access to the network. But then, again, this is not treason, yet.
I muse about a service or a blog plugin to delay comments, maybe publishing them as bulk every day at the same time, destroying the correlation between a person being online and a comment being published…
@ name.withheld.for.obvious.reasons
“I have been lamenting the fact that the Army Field Manual FM 3-38, section 3-46, has defined hackers, not crackers, as enemy combatants and has okayed the use of deadly force to defeat hackers.”
A very very bad reminder of how witchhunts started, assuming the average GIs ability to differentiate white, gray, and black hats. “He does things I don’t understand, he must be an evil hacker!”.
Clive Robinson • September 24, 2014 3:15 AM
@ Name.withheld.for.obvious.reasons
As for a place to live, I am reconsidering everything–including taking up landscaping in the Sahara desert or some such “away from all the bullshit” environment.
To live effectivly off grid the two things you must have in a secure and unabusable way by others is supplies of energy and water. Without that no chance.
From ancient times “water wars” have happend because the holding or releasing of water to others could be used as a tool of compliance to control others. The modern version of a “water war” is the availability of energy as “a tool of coercion” by the likes of the US and Russia and Saudi Arabia, another is raw resources such as rare earth metals which the likes of China have a near monopoly on [1].
The difference these days and why you need to secure your energy supply first, is that due to history we have built a lot of technology into securing not just water but it’s purity, from sources that were not available or unviable just a few years ago, but many need energy in quite large quantities, as well as chemicals.
Remember you also need to stop your waste products from energy production/utilization, water production/purification, and other existance activities being a nuisance not just to your self but others, otherwise they will come knocking with serious intent to stop you.
Then there is food production storage etc to consider, if you have any time left after securing energy and water, but you have to be able to maintain things which means sourcing materials and tool making etc.
There are reasons why man is a social creature, and one of the primary ones is it is more efficient for individuals to specialize and produce quantities to meet society needs, not the individuals needs (this is due to recurent setup and teardown costs).
As I’ve mentioned in the past I have hobbies that appear to many as “self sufficiency”, how ever they are very far from that. Take food preservation such as jam/preserve making, growing the fruit is easy –but has issues such as bees– compared to gathering and preparing. But you need sugar and jars which you can not produce by yourself, they are easy to obtain from society but effectivly impossible on your own…
Thus “living in splendid issolation” is not realy possible for the individual as not only are there not enough hours in the day, there are not the required resources available. Thus the best most can do is live on the fringe of society.
Similar problems exist for small societies, likewise large societies and even large nations. The bigger our societies get the more reliant we become on technology, and this in turn makes us reliant on the good graces of those in ever more distant places… and it’s just one of the fundemental prices we have to pay for our freedoms such as they are. And it does not help when “short termist thinking” by politicos and large corporates follow policies that are guaranteed to upset those we are reliant on in the long term…
[1] Saudi Arabia is in a –temporary– unique position to control most of the worlds economies. It has sufficient very cheaply accessable oil reserves such that they can set the price per barrel of oil as they see fit. Whilst there are many other sources of oil such as tar sands, it is not cheap to obtain the oil. Thus trillions of dollars in investments is required which needs a higher oil price to show even a very long term return. Thus the viability of such investments hang on what the Saudi’s do to the oil price. If they bring it just a little lower than it currently is then it will not be profitable to extract oil from tar sands so the current investment will be lost. Which means it is unlikely reinvestment will take place in the future, which would hand even greater control to the Saudi’s… So just remember from a current energy security point of view, what Saudi wants, Saudi gets, which is going to become more and more clear as the events in the Middle East continue the way they are going. Whilst many US citizens may think their President is the most powerfull man in the world, well currently he’s not, that job currently falls to the man who controls the oil price and his interests almost certainly don’t align with those of the US. Which only leaves the questions of how far he is prepared to push things and why.
steve37 • September 24, 2014 4:16 AM
An other NSA monitoring station was found in Vienna.
Petter • September 24, 2014 10:04 AM
Snowden together with Guardian was to receive the Right Livelihood price, called The Alternative Nobel Price.
But after the ceremony taking place at the Ministry of Foreign Affairs, it will no longer be held there.
The minister of FA Carl Bildt is shutting them out with the explanation it’s due to the press rooms new security class. But reports say that Carl Bildt was upset (read pissed off) when it was revealed that Edward Snowden was one of the winners.
http://www.svt.se/nyheter/sverige/alternativa-nobelpriset-portas-fran-ud
name.withheld.for.obvious.reasons • September 24, 2014 11:33 AM
@ Andrew_K
A very very bad reminder of how witchhunts started, assuming the average GIs ability to differentiate white, gray, and black hats. “He does things I don’t understand, he must be an evil hacker!
Yes, it is both weird and disturbing all at the same time.
Like the no-fly list and other state police (Nazi) tactics that generate secret indictments it makes clear the oppressive nature of the current government. First the came for the family down the street, then my neighbor, and now they’re coming for me/you.
Not that I wasn’t aware or actively calling for the general population to WAKE THE F’ UP, the lack of push back since 9/11 (the herd is trading liberty for a FALSE SENSE of security) is very disappointing. And having put my own life and treasure on the line, I see little that says this will be of any benefit to anyone.
History will judge this time very unkindly and expose the soft underbelly of the public, government, corporations, and the military and their duplicity in the establishment of an authoritarian state. A historic reflection will likely not reflect the overt fascism as seen in Nazi germany–but–it will no less carry the same weight, trajectory, and tradegy that the 1930/40’s represented.
BoppingAround • September 24, 2014 1:01 PM
Incredulous,
A poorer country with less money for pervasive surveillance.
I wouldn’t be too sure about that though. Even poor countries these days seem to be rocking A-class surveillance gear.
But the fact is: We are not criminals, we are not terrorists
Mind that this fact is debatable: definitions of ‘criminal’ and ‘terrorist’ are quite vague.
name.withheld.for.obvious.reasons,
Depends on who’s going to write the history.
name.withheld.for.obvious.reasons • September 24, 2014 2:20 PM
@ BoppingAround
Depends on who’s going to write the history.
As you are probably well aware, the vanquished rarely put to pen near term histories. The good new is that in the long term, from an anthropology perspective, the truth finds it way to paper. Which is another topic altogether that I term “Information Fidelity”.
name.withheld.for.obvious.reasons • September 24, 2014 4:32 PM
Well the UN Security Council has given the president of the U.S. the necessary political cover by cowardly agreeing to an agreement dated 14 September. Thus an unlawful use of war powers (notice I didn’t say use of military force as I understand this is not lawful or constitutional) is covered by unlawful post facto law. Guess I’m going to go out and bomb some people today and get the UN to provide me legal cover tomorrow. So much for civilized society–freakin warmongers.
Now I call for a WORLDWIDE BOYCOTT OF OIL AND GAS!!!
Nick P • September 24, 2014 5:11 PM
A few select reads from recently declassified CIA documents
Evolution of US government restrictions on using and exporting encryption technologies
http://www.foia.cia.gov/sites/default/files/DOC_0006122418.pdf
Skeptical ironically gets the credit (and thanks!) on this one. This could be the missing link between general government policy and NSA secret programs. It indicates there is a secret (or not that public) activity in play to escrow the keys in encryption systems for law enforcement, managed by at least one third party. This was supported by most national companies, with RSA a big player. That’s consistent over time…
The “Players” section was telling in that it was only concerned with LEO’s, intelligence collection, the money certain companies were making, & the researchers challenging it. The public’s private interests, personal or business, are excluded. They didn’t care about us or risk to us at all. Taken together with a secret escrow requirement, it shows U.S. is a very bad place if you are a private party wanting to maintain privacy.
The next point I can’t make until I give this quote in full:
“The US Government, and NSA in particular, would like to return to the Cold War era of complete government control over strong cryptography and skillful manipulation of the research and corporate communities… it would also have crippled US software encryption companies trying to compete with overseas companies not shackled by restrictive regulations. And… other nations are just as likely to create strong codes.” (CIA)
Even in the 1990’s, the CIA tells us the NSA wanted to strip us all of strong crypto, subvert our research processes, etc. They considered it and anyone using it to be a threat. In the same document, NSA and Booz Allen rep claim the “free and private speech” argument is a “disingenuous” cover to just sell security software. Because freedom of speech and privacy have no inherent value of course… The NSA’s current views and activities per Snowden leaks are consistent with this.
So, NSA is clearly not to be trusted with protecting Americans’ security or privacy if they think anyone wanting that is an opponent, con man, criminal, etc. It’s a really warped view on top of their conflict of interest. They should be stripped of all power to certify or regulate security of anything in the government. That should be moved into a dedicated agency with a good budget, a charter to fight subversion, prison for those caught doing it, and accountable to GAO.
More docs
Declassified doc on Richard Helms as CIA Director
http://www.foia.cia.gov/sites/default/files/DOC_0000622838.pdf
This makes for interesting reading as it shows a certain propaganda or brainwashing effect within the CIA. The picture they paint of Helms, Johnson, and Nixon are the kind people might sympathize with plenty. Helms and Johnson you’d think are pretty good guys, with Helms taking a passive & proper role as director. Anyone can see through it if they knew about all CIA dirty activities (eg. MKULTRA), Johnson + Gulf of Tonkin, and Pentagon Paper’s revealing long-term activity in Vietnam with plenty of disinformation. Probably the worst thing they show is being silent on civilian casualties, but that was far from worst thing at the time. I’d have mentioned Helm’s MKULTRA program using drugs, implants, and basically torture on unwitting Americans (including kids) to be a lot worse. Good that he’s just around to support the President with objective information & avoid undue influence. 😉
The Defense Courier Service
http://www.foia.cia.gov/sites/default/files/DOC_0006122436.pdf
This is a nice group that gets little credit. They can move critical COMSEC equipment, highly sensitive information, etc. They’re the reason plenty of equipment has some assurance of not being tampered with. Good to see them get a mention.
The Imperative of Criticism
http://www.foia.cia.gov/sites/default/files/DOC_0000624307.pdf
This is a great report on Israel’s Review group and process. It’s the first official document I’ve read on it since reading about it in the novel World War Z. It goes into detail regarding qualifications, potential errors, the importance of equal access to leadership, and so on. Worth copying if we haven’t already.
The Psychology of Espionage
http://www.foia.cia.gov/sites/default/files/DOC_0001407031.pdf
Goes into the various psychological profiles that may or may not lead to people becoming spies. Makes recommendations on preventing that. Pages 14-20 are particularly enlightening, I hear.
Nick P • September 24, 2014 5:17 PM
EDIT: “to escrow keys for law enforcement” should’ve said for “law enforcement, intelligence agencies, and others secretly authorized for this information.” I’ll add that it originally said warranted, but Patriot Act etc remove such restrictions. You combine this kind of legal policy with massive post 9/11 expansion and you give NSA quite a legal footing for the demands it makes to subvert US companies’ security.
Skeptical • September 24, 2014 5:52 PM
@Nick: I thought of our discussion as soon as I saw the article. Was happy to link to it when I saw it.
@nobody@localhost.com: The difference is, 50 years ago Russia and America were mutual aggressors against each other. (Let’s drop “the West”; all “the West” was only American proxies and puppets after WWII, just like Eastern Bloc was on strings of Russia after WWII. Pretending that UK or France or (West) Germany was and/or are independent of America, is as stupid as pretending Poland or East Germany or Czechoslovakia was independent of Russia during Cold War.)
You’ve actually put your finger on an enormous difference between the US and Soviet approach to Europe after WW2. The US saw, and sees, democratic self-governance by European nations as vital to its interests. Remember that there were actual elections in Western European countries, in contrast to Eastern European countries, where Stalin’s need for control took priority.
This past 20 years, Russia is only on defensive. Whereas moving NATO (i.e. American) hardware into e.g. Ukraine would be just the inverse of a hypothetical Russia stationing nukes in, say, Cuba… oh wait.
I am sympathetic to Russia’s security interests (though I strongly disagree with the analogy you’ve drawn between a Ukrainian entrance to NATO and Soviet missiles in Cuba).
However, those interests do not justify its actions in Ukraine. They have added nothing to Russia’s military or economic security, and in fact have likely detracted from both.
President Putin has achieved immense power and wealth, and clearly is fervently patriotic. But he has come to the crossroads many great leaders in history have encountered: will he build for the future, in a way that strengthens national institutions and democratic rule of law while reducing corruption, even at the cost of some of his own power and fortune – or will he continue these poor lines of play, that must be familiar to him but which also fail to prepare his country for the future? He has a choice to make between true greatness, and mere personal power.
@Clive: Saudi Arabia has a large and restless population, many in abject poverty, in a region where fanantical terrorism and revolution spark all too easily. It cannot afford to play the kind of game you describe, even if it had the excess capacity to do so. Nor would its attempt stop the huge flows of oil and natural gas let loose by advances in horizontal drilling and hydraulic fracturing. Large energy companies are not stupid, and make capital investments for extraction with the long view in mind.
Saudi Arabia’s chief concern is stability. And while it has made good progress as a nation towards controlling its own extremists, and combating terrorist/extremist financing, both it, and more so the region, have a long way to go.
bash bug • September 24, 2014 8:26 PM
Bug in Bash shell creates big security hole on anything with *nix in it
The bash patch seems incomplete to me, function parsing is still brittle. e.g. $ env X='() { (a)=>\’ sh -c “echo date”; cat echo
Figureitout • September 24, 2014 8:48 PM
bash bug
–Was just about to post that. Being compared to Heartbleed…My personal PC’s are vulnerable as well as one of my school’s networked supercomputers…fck what a stupid bug. Fck bugs.
http://seclists.org/oss-sec/2014/q3/650
http://www.reddit.com/r/programming/comments/2hc1w3/cve20146271_remote_code_execution_through_bash/
Figureitout • September 24, 2014 9:19 PM
Top link at /r/netsec: http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/
Another massive patching up coming.
Figureitout • September 24, 2014 9:29 PM
Apparently patch can be bypassed…Mother-F: http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/ckro7be
Gerard van Vooren • September 25, 2014 12:50 AM
@ Figureitout
About the Bash bug:
I recently said (quoting myself…) :
As for operating systems, I have given up Linux. I trust OpenBSD and MINIX3 much more. That is not for their focus on security or reliability, but more for their focus on code correctness. It is just too easy to mess with C and too hard to get it right. Focusing on code correctness, or correctness in general (that includes the cloud), is the right thing to do. That is if you care about privacy.
It wouldn’t surprise me at all when the Bash bug is C related.
Thoth • September 25, 2014 1:01 AM
@Figureitout
Linux was never made with security in mind. It is just yet another *nix system built in a FOSS context. Surprisingly, many secure applications leverage on the high availability and open source nature of Linux for their secure high assurance programs.
A few brands of HSMs internally run a modified form of Linux and consider it secure (but not high assurance or probably not even secure) and same for many “secure” products too.
Another problem would be the PKCS#11 which is usually a C based library interface. A high assurance security program would likely avoid C based programs and libraries and it really raises an eyebrow.
Put it in simple, the root of the problem is assumptions and legacy/inheritance. Old stuff are still being used with assumptions. It’s about time to break clean and build high assurance security from the ground up with little assumptions.
Andrew_K • September 25, 2014 1:53 AM
@ Nick P
Regarding the selected reads and their implications, I’d like to offer a long-term-bet:
One of the upcoming Snowden revelations will cover the NSA adding everyone exchanging encrypted email to a special watchlist.
No wages, of course.
Nate • September 25, 2014 2:09 AM
@Thoth: I agree re C. Was shocked to read recently about new ‘provably correct’ C compiler research, as I’d thought that compilers for a 40-year-old language – if anything – surely must be trustworthy, but nope.
Any suggestions for how we could approach the ‘high assurance’ problem? Languages, toolsets? Myself, I tend to think that smaller is better for languages, and that C was a big mistake and C++ even worse. But there aren’t many small languages these days. Forth – maybe – and, um. Not really even Scheme.
I really don’t want to think that in a 100 years time we’ll still be running the Web on C++ and Javascript. That would not be a fun place to live.
Nate • September 25, 2014 2:15 AM
And when I say ‘trustworthy’ I literally mean ‘the computer can add two numbers together and the third number actually is the sum’. I took 1+1=2 for granted but in the C compiler world, ‘lol nope’. These people are working on solving that problem, and it took a whole lot of Coq code to get to THAT point. http://compcert.inria.fr/doc/
Thoth • September 25, 2014 2:45 AM
@Nate
I have no idea if there is a good language these days. Nick P did suggest Ada, OCaml and strong typed languages which I agree. If you have languages without strong types, that’s the first common mistake.
I was observing the binaries of numerous commercial security programs and HSM client software and I noticed a lot of them uses Python language very heavily and I am very surprise they don’t use other more well established languages.
Maybe Nick P or someone could shine a light why famous HSM clients like Thales nCipher HSMs and probably even Safenet HSM clients use Python. I know other commerical security programs that I help to deploy (I only simply deploy and it’s not my job to say this is bad or that is bad) as per ordered and many of them uses Python.
If you want a secure and highly assured program, put in feature that you absolutely need. Put in codes that you will use. Make the program rigid so that it only goes down one single path or it fails entirely in a safe manner (boolean state of operation). this will result in your program being very rigid and very small and that’s probably the hallmark of a highly assured security system. Any ambiguity or lax in logic flows would be devastating which will allow injection of codes.
Andrew_K • September 25, 2014 2:59 AM
I would also suggest considering functional languages such as Haskell for critical crypto operations (not the whole application but core functions) which are near enough to maths as they can be proven. Unfortunately, Haskell has to be compiled or interpreted by something that may be written in a less safe language.
Nate • September 25, 2014 5:08 AM
@Andrew_K I like the idea of Haskell but my brain keeps bouncing off the actual thing. When a type system seems to have evolved into a secondary programming language that’s as complicated as the primary language (and nearly Turing-complete in its own right) something doesn’t sit right with me. It feels like simplicity and elegance is slipping away, rather than coming closer. That there should somewhere be a functional language a lot smaller than Haskell that one could write Haskell (or at least the type system) in.
CallMeLateForSupper • September 25, 2014 10:32 AM
@Andrew_K
“I’d like to offer a long-term-bet: One of the upcoming Snowden revelations will cover the NSA adding everyone exchanging encrypted email to a special watchlist.”
Plausable, I think. Would seem to be a natural extension of their snarf-up-all-things-encrypted policy, which policy has really, really chapped my butt ever since it was revealed. Because I encrypt some communications and because I am further removed from terrorists than the DNI himself.
Synonymous • September 25, 2014 12:31 PM
NASA confirms ‘impossible’ thruster actually works, could revolutionize space travel
http://www.digitaltrends.com/cool-tech/nasa-confirms-impossible-space-drive-actually-works-revolutionize-space-travel/
Shawyer’s engine provides thrust by “bouncing microwaves around in a closed chamber.” That’s it. There’s no need for a propellant of any kind like rocket fuel. When filled with resonating microwaves, the conical chamber of the thruster experiences a net thrust toward the wide end. These microwaves can be generated using electricity, which can be provided by solar energy. In theory, this means that the thruster can work forever, or at least until its hardware fails.
Petter • September 25, 2014 3:11 PM
Nikons WiFi featured cameras allow anyone to connect to it and download photos from it without the camera owners knowledge.
By using the Nikon iOS/Android app anyone can connect to it without the confirmation from the camera owner.
http://www.amateurphotographer.co.uk/photo-news/nikon-d750-wi-fi-app-security-risk-surfaces-35292
Benni • September 25, 2014 5:21 PM
News from BND
http://www.spiegel.de/politik/deutschland/bnd-leiter-von-lauschanlage-bestreitet-massenerfassung-a-993773.html
“Yes, we are using xkeyscore. It often helps when germans are abducted in Afghanistan.”
“No, xkeyscore is no mass surveillance”
50 times, the BND spook used is right to say nothing before the parlamentarian NSA comission.
But germany has a data protection officer. And he questioned BND. At first they asked whether he had the clearance. After they came to the conclusion that the data protection officer had clearance, they gave him files. And he could visit Bad Aibling:
Now the government changed the data protection law in order to forbid the data protection officer to answer to the NSA investigation comission…
But “some source” says that from Bad Aibling, BND collects
https://netzpolitik.org/2014/geheime-informationen-wie-die-ueberwachung-von-bnd-und-nsa-in-bad-aibling-funktioniert/
Information on navigation and communication sattelites. So if you use gps, your BND friends are with you.
And they catch phone calls, internet communication, email. NSA delivers the hard and software for this and even the service is done by NSA. Additionally, data from many other sigint stations arrive at Bad Aibling. Everyday, BND collects 1,3 mio metadata from Afghanistan alone by its gsm surveillance there.
After some crude filtering, this is given to NSA. Then BND and NSA use xkeyscore. Here are some selectors that they use often: https://netzpolitik.org/wp-upload/nsa-selector.png after that, BND agents select the communication manually, and deliver them to Pullach, BND’s headquater, where they are being read, translated, or listened. Then reports are written or network graphs created.
Meanwhile, BND argues that it can not give many files to the german NSA investigation comission, since BND thinks it has to ask NSA first whether they can give this information to their parliament:
http://www.zeit.de/politik/deutschland/2014-09/nsa-bnd-akten-geheim-konsultation
The BND spook says:
http://www.heise.de/newsticker/meldung/BND-Agent-im-NSA-Ausschuss-Wir-sind-keine-Zweigstelle-der-NSA-2403859.html
“We are not a part of the NSA” “Our data are too imprecise for drone attacks” “There are no 20 million metadata arriving daily” “With xkeyscore, we can find, whether a message contains content that is interesting for us”, “but xkeyscore does not have many intelligent functions. Ohe has to think hard before using it” “Messages are analyzed with Mira4 and VeraS. These were developed together with german companies” “From NSA we get three or four times each day a set with selectors for the data””No, an exchange of Data with NSA does not happen”
Now the parlamentarians want to sue the german governemt. For not giving them appropriate information, and for forcing the government to bring snowden to german ground: http://www.heise.de/newsticker/meldung/Opposition-will-vor-Bundesverfassungsgericht-Snowden-Vernehmung-erzwingen-2403385.html
Here is a photo of the NSA listening station in vienna, showing how close that is to the UN building: https://netzpolitik.org/2014/fotoserie-zu-vienna-annex-nsa-posten-in-oesterreich/ and if you want to observe real NSA spooks you have to wait at the back entrance. That is where the spooks enter: https://netzpolitik.org/2014/fotoserie-zu-vienna-annex-nsa-posten-in-oesterreich/ so get to the IZD-Tower in vienna and point your cameras to the back entrance. Don’t forget to post photos of the spooks on the net…
name.withheld.for.obvious.reasons • September 25, 2014 6:55 PM
Wow. The Brookings Institute today held an “Internet Policy” forum. Never have I seen such a collection of ignorant and uneducated panelists. They, especially the director of the Defense Group – Center for Intelligence Research & Analysis, demonstrated a real disdain for privacy and liberty. Not only was the director clueless as to the current environment and integrity of public or private systems but openly embraced a dystopia of some sort saying; “Give me convenience or give me death”. He wasn’t being funny. He believed that the markets (the rich would take privacy vacations) would solve this. Okay, sounds like “liberty for some, no liberty for you”.
The Nazi’s also said the fatherland would solve Germany’s problems. It seems anyone with more than one neurosynaptic connection isn’t allowed on these panels.
Nick P • September 25, 2014 7:52 PM
@ Gerard
They both use UNIX tools, with Minix relying on NetBSD userland. They’ll still be vulnerable to bugs in UNIX architecture, toolset, and API. OpenBSD and NetBSD are less vulnerable because the former hunt bugs well, while the latter applies many fixes in their own system. There’s extra risk for NetBSD layer of Minix 3 because it wasn’t designed for Minix 3, possibly causing new bugs in the interactions. This happened when QNX RTOS incorporated NetBSD networking: hackers found a root exploit in it in no time.
So, they go in better directions but they’re still UNIXey.
@ Thoth
Before I try to answer that, what’s the Python used for specifically in the HSM or client software? It might be justifiable. I know many tools use Python because it’s reliable, readable, extendable, strongly typed on inside [I think…], and low defect (0.05/kloc per Coverity). It’s also got a strong community making all kinds of cool stuff. Google used a security-enhanced version for their AppEngine with plenty of good results & few problems. And there’s also JIT’s, AOT’s, IDE’s, and more. It’s also might lower training cost for clients as people can pick up the basics in a few hours.
I’ve seriously thought about doing a EAL5+ implementation of Python in Ada or something. I’m sure I’ve posted that here before. Plugins would be written in the safer language, with the whole thing compiled for safety/security-critical runtime.
EDIT to add: Just noticed the post mentioning clients. Yeah, that actually makes more sense. I agree the more rigid, predictable, minimal stuff is better for security. I bet money the market demand led them to do it. And good news is that, in production, the system will still at least protect the keys unless the Python application has a command to release them.
@ Andrew_K
re NSA
They have a “keep everything encrypted for 5 years” policy. They’d keep the identities along with it. So, by implication, everyone that does that is on a list. Other leaks show they have specific filters for specific applications. That means using something like OTR probably gets you on a narrower list. Long story short, good call: the two of us are probably on a number of lists. 😉
re Haskell
House implemented an OS in Haskell. Pragmattica and HASP projects are doing even more. Galois uses it for formal, security verification with a number of products. NICTA used it for seL4/OKL4.Verified: Haskell for abstract system model, C code for microkernel, and Isabelle models connecting them. There’s also plenty of commercial activity. On a related note, Jane Street uses Ocaml w/ modified library for financial applications with great success. They open sourced the library. And DO-178B certified SCADE code generator was coded in Ocaml. They claimed its well-designed compiler made source to object code verification much easier.
So, functional programming can help plenty. We just need to do more work on knowing security risks of its internal representations, compilation, runtimes, and 3rd party interactions. Most work on FP has been on correctness, expressiveness and performance. Not so much on securing the language & platform itself. Need more work before I’d trust them for the final code of security critical stuff. Could use them as an executable spec, though, coupled to code generation similar to SCADE or Perfect Developer.
“I would also suggest considering functional languages such as Haskell for critical crypto operations”
Good call again: Galois already did this with CRYPTOL, with autogeneration of C or VHDL.
name.withheld.for.obvious.reasons • September 25, 2014 7:58 PM
Another fun one today that I title “The Clueless leading the Clueless” was the DoD briefing by REAR Admiral Kirby. The press asking inane operational questions and Kirby replying with laughable responses.
Thoth • September 25, 2014 10:14 PM
@Nick P
It is probably some signalling or mechanics stuff. Not sure what’s inside but I seed python installed onto HSM client software. I noticed some enterprise password managers also have python installed. Not surprised that a mix of Python and C++ exist inside the HSM client software binaries when inspecting them and also I suspect it’s mostly use to handle user interaction from the client input as well (just guessing from structure). Usually the C would be at the core of the critical operations and the Python simply just touches the functions which this idea would be a very nice one.
If a secure and tighy language can be implemented just to handle the critical stuff without the cumbersome operations of C/C++ like key management, crypto, control flows for critical logic and use this critical stuff as the core (no GUI/CLI and probably use as the engine code) with the ability to allow other programs to interface it like Python, Java, C … without these insecure layer doing the critical stuff but simply just passing interactions from users, it would be much better. Also, it should make writing crypto function much easier than the usual C-style syntax for moving bytes and bits in cumbersome manners.
Cryptol looks like an interesting language.
Figureitout • September 26, 2014 1:16 AM
Gerard van Vooren
–Don’t see anything wrong w/ that, OpenBSD and Minix3 are some of the best in the world now (that’s even free!) in terms of an actually useful OS and not something I have in mind which is hex codes on LED’s on perf board for your “computer”. I still enjoy Bash a lot, very useful, and a handful of Linux distros; they’re fun. If you told everyone right now, no more Bash, no more shell, no more PGP, no more email, no more Truecrypt, no more OpenSSL, no more USB, etc…they and I would say “U fckin’ wut m8?!” Still going to use it. Same w/ C. Problem is CRAPPY coding and people not knowing how to code. Blaming the tools for doing what they’re told to do, is your *our problem.
One thing I’ve personally reduced to the point of near irrelevance, is basic algebra errors in my math. I would time and again get tests back w/ simple errors and get B instead of A. Got so angry over time, I’ve now changed my brain (I think) where I slowly check my operations every single time; those errors have been drastically reduced for me. If I get a B or worse it’s due to me not understanding the concept, not stupid errors.
If someone is smart & determined enough to start over completely from binary (and you better highly document, don’t want to “lose your spot”) and build step-by-step the logic up to what we have in a fingersnap today in terms of massive logic just assumed; have at it.
Thoth
–Would you consider anything today made “w/ security in mind”? If so, what? Are there any fatal holes in the entire process? Making an actual usable OS and what we’d consider a functioning computer that is “secure” is so hard; then you have to watch out for corrupted files. Even after all that work, and then you send out corrupted files…
Alright, I can’t change that. Here’s what I can (and will attempt) to do. This is my (high-level) plan for contributing a bit. I do this in the spare free-time I get for fun (wish I could do it all the time, but can’t). Also getting slightly sidetracked w/ making a tiny SDR/Spectrum analyzer w/ old Android phones, b/c I can’t resist and I need at least a cheap one at home. Also I’m checking out existing opensource SDR projects and they look very cool and definitely do-able for me (as in making one all the way).
Continuing research into assembly (it’s as low as I’m going for now, in terms of programming), and using existing dis/assemblers and even potentially newer compilers for getting high quality assembly code. Right now I’m still leaning towards Z80, but MPLAB and PIC’s are really tempting; as well as Atmel, Freescale, and all their dev boards even or full on FPGA’s. But that’s still not good enough and full operation can’t be realized in the human mind. Will the chips have hidden radio functions and other crud I don’t want? Highly likely, all I can do is shield and program it…Using my current machines which are highly questionable as practice and for prototypes; then switching and purging completely when I “go live” and actually put the end product out for people to use. Not looking forward to the purge, it will be complete. But not only that, getting new computers and materials for flashing is yet another highly uncomfortable experience for me as I learn what crap useless features have been added and what new embedded radios are inside chips I can’t get to w/o destroying.
Ongoing research into ROM’s, initially PROM’s and EPROM’s; ideally I’d want a fuse-based ROM protected by some heavy duty shields and inverters. Once that ROM’s burned, it’d be extremely hard to subvert and just not worth it to the attacker. Getting that ROM how I want will be something I won’t be pushing too hard for, but that’s an end goal for me; getting a truly evaluated and trusted ROM. Backing it up and copying it into paper and carving stone for backups.
Keyboard, I may go towards completely custom keys and homebrew keyboard. Or PS/2. Mouse I’m still not sure of yet, but probably an old trackball system; maybe no mouse for this though.
Case is shielded as best as I can and w/in somewhat reason. Want AC-powered operation, as well as battery, but want 3-4 large Li-ion batteries in parallel for long battery life.
That’s the gist of it. That’s the best I could do for now. Been thinking on it and preparing for a long time. Some modules I make may be purely hex codes on LED’s for the best verification I can think of and do myself. But having a nifty LCD screen will be highly desirable. Want encryption working on it, and storing files.
Realistic expected time to the “open market”: 5-8 years. Long time for me. That’s assuming no more major disasters for me. Also no girlfriend that sucks up my time and money.
Looking forward to what else everyone else brings “to market”. We already have a bunch to build on and unknown projects coming.
name.withheld.for.obvious.reasons RE: thanking me
–I was beat here (still shellshocked), and didn’t find the initial exploit; so don’t see much of a need to “thank me”. But I’ll take it anyway lol. I’m a dude by the way lol; thought that was clear.
RE: my name
–Christ, just spell it right lol; simple as that. Or you’re talking to someone else. And we can just shut up about it. :p
Andrew_K • September 26, 2014 1:26 AM
@ name.withheld.for.obvious.reasons
Regarding “hackers” being combatants.
I got into thinking whether hackers being treated as combatants is a completely bad thing after all. Being shot for typing on a console is bad, granted.
But combatants are privileged under Third Geneva Convention. If they do not resist, they must be captured, not shot.
It implies several further privileges to prisoners of war, today perhaps most important the right to be treated with respect for their persons and their honor and not to be compelled to give any information except for age, name, rank, and serivce number (altough the last two might be complicated for hackers that never served in the military). I just wonder what it needs to be not qualified as unlawful combatant. Do I need an IP address registered to military? Do I have to wear fatigues when programming?
And yes, this comment is absurd.
Just as absurd as the belief anybody cares about Third Geneva Convention.
In reality I will be called “unlawful combatant” and … well, game over, either nothing happens or I’m dead or I won a super special surpise vacation. If I’m really lucky.
name.withheld.for.obvious.reasons • September 26, 2014 1:44 AM
@ Andrew_K
I laughed, :>) and I cried ;>(.
Laughing at your overall comment, but the fact that the Geneva Convention hardly means squat to the “Hellfire from a drone” crowd; leaving me in a Shakespearian malase.
Thoth • September 26, 2014 3:58 AM
@Figureitout
Would I consider anything made in this era without security in mind ? My answer is mostly yes. There are products that have security built right in as the foundation but sadly most of them are not. Your beloved iPhone and Androids are not. So what if iPhone have FDE and crypto chip inside. Who knows what’s in there really. The reason this trend happens is because security is a troublesome thing that burns more resource and time to get right than simply just releasing a standard chipboard without security as the base design. The basis of computing is the hardware as it’s physical vehicle and the software as it’s logic brain. Most of our hardware are pretty dubious and may not have clear origins and proper audit of manufacturing processes. How about the firmware and software ? Many of them are closed source so how do you know if there’s a backdoor ? there are open source versions but it’s back to the integrity of the hardware. Programming styles favouring faster time to market are business oriented (not security oriented). They are willing to sacrifice security just to make those big bucks for most of the cases.
The process is human driven and humans have desires. The majority of the desire in the industry is to make it big … not make it secure.
There are certain things we cannot change which includes turning all home desktops into a high assurance secure environment in mass numbers but what we can do is create secure technologies for users to carry out their secure computing. An example is the password manager. We have been storing passwords in software format (encrypted password files) with all the other applications we use in our daily lives and till this date, no one have successfully rolled out password management devices. There are attempts to do so but failed due to funding issues. Every year we are seeing the multiple releases of commercial entertainment devices and the latest consumer technologies for mass adoption but we dont see consumer mass security devices for their personal protection against mass surveillance. I guess low demands and probable propaganda among state actors to discourage people from preserving their own privacy and security are one of the major causes of what’s happened to us all.
M • September 26, 2014 4:48 AM
@Chris
Re “Re Darkshark” https://www.schneier.com/blog/archives/2014/09/friday_squid_bl_442.html#c6679112
The AIMSCD “Android IMSI Catcher Detector” project seems very intersting and also well documented/explained .
If I’ve correctly understood there is some interest around s3 (also for this project, though it’s not restricted to it) only for a knowledge avalaibility of the (at) baseband interface.
If I’ve correctly understood your doubt “question/though” may be so summarized:
“well, in practice all these threats come on my mobile via 2g signal (also forcing the downgrading, via jammering, of the other networks, or super-powering 2g), if I disable my 2g mobile capability via these “two tricks” (app from f-droiod, and an “android code”*) shouldn’t I stay safe.”
I think this approach should be ok, cutting problems at root.
My doubts came out because, after all, we trust on some expected mobile behaviours (both for “2g disable solution” but also for “2g firewall approach”) but implentation isn’t free .. .
So if in fact mobile device send some data also when 2g is disabled for some reason.
However without sources, I think is possible refine this trust enhancing the studies/tests of mobile devices with 2g network disabled.
an example: http://security.osmocom.org/trac/wiki/WillMyPhoneShowAnUnencryptetConnection?
I’ve not found app on f-droid (via web serach), and also non understood very well how/what is the code *#INFO#
Gerard van Vooren • September 26, 2014 7:38 AM
@ Thoth
“If a secure and tighy language can be implemented just to handle the critical stuff without the cumbersome operations of C/C++ like key management, crypto, control flows for critical logic and use this critical stuff as the core (no GUI/CLI and probably use as the engine code) with the ability to allow other programs to interface it like Python, Java, C … without these insecure layer doing the critical stuff but simply just passing interactions from users, it would be much better.”
Look at goreSSL. That’s how you do it.
@ Figureitout
“Same w/ C. Problem is CRAPPY coding and people not knowing how to code. Blaming the tools for doing what they’re told to do, is your our problem.”
O, but I do blame C.
The problem is the scale of the internet. Plain and simple. You need a secure programming language to mitigate that threat. You just cannot expect that each programmer is at the same level as you are and even with 1000 eyes you don´t see everything when you program in C.
Chris • September 26, 2014 8:28 AM
@M
https://github.com/scheich/Network has it if you are unable to locate the app on F-droid. However it is there! The code with INFO is a shortcut to the same hidden application. Just open your phonedialer punch in the code and press call button this will then invoke the shortcut you can ofcourse enter 4360 which equals INFO instead.
M • September 26, 2014 9:37 AM
@Chris
Sorry , you had told correct, “network” app is on f-droid.
Understood also the “info” code “trick”.
I hadn’t found it, because querying “NETWORK” at f-droid website, results appear in an alphabetical order (then it’s listed on page 2)
https://f-droid.org/repository/browse/?fdfilter=NETWORK.
p.s.
maybe I wrote doing some mistakes 😐 : sincerely sorry, English isn’t my first language.
Nick P • September 26, 2014 11:22 AM
Recent Article on NSA Technology Licensing
http://www.dailydot.com/politics/nsa-technology-transfer-program-national-security-agency-ttp/
Plenty of comments by Bruce, mostly him shit-talking NSA. Always nice to see that in the media. Haha. The real value of the article, though, is the mention of TechLink. I didn’t know about that one. Their web site is linked below:
Nick P • September 26, 2014 11:38 AM
Briefly looked at some of the TechLink patents before I stumbled onto this:
They basically patented a form of Intel’s NX bit technology… in 2011. Intel was doing this for years before that patent was filed. Hackers were already bypassing such tech, as well. Great work, DOD! (sarcasm)
So, like Bruce said, the alleged value of their INFOSEC is probably “bullshit.”
Benni • September 26, 2014 1:12 PM
News from DER SPIEGEL:
NSA illegally collects from internet providers in 13 countries.
http://www.spiegel.de/netzwelt/netzpolitik/nsa-treasuremap-provider-in-13-laendern-betroffen-a-993223.html
For example, NSA broke into providers from:
Netherlands, Belgia, Sweden, Great Britain, Italia, Turkey, Cyprus, Hongkong, Singapur, Malaysia, Kuawit, Pakistan and
USA…..
Yep, they are placing covert surveillance bugs into US network providers….
And here is the full protocol from the BND Bad Aibling spy before the NSA investigation comission of the german parliament:
Everytime he says “NÖ”, (which is german slang for means no) he indicates that he does not want to say anything publicly.
For example, the spook is asked:
“Which procedures do you have for deleting surveillance data?”
Answer: “Deleting surveillance data?…..
Or he is questioned about the largest internet hub in the world, de-cix.
“Do you only give data to the US that you have collected yourself?”
“In Bad Aibling only data from Bad Aibling”
“Not from Afghanistan?”
“NÖ”
“But the german government talked about 500 million metadata”
“These went over Bad Aibling”
“You collected 500 million metadata from Afghanistan in december 2012”
“NÖ”
“Do you get any data from internet hubs like de-cix in germany?”
“NÖ”
“NÖ” I can not say this publicly”
“Why not”
“Because I have no approval”
“Did you give de-cix data to NSA”
“I arrived at BND in 2010. This has not happened in my perception. I only know this from the newspapers”
“You have heard from that”
“NÖ”
“Well, your boss answered this question, why are you not allowed to answer?”
“I do not know that he has answered this”
“This does not matter”
“I do not have any approval to answer that”
“You can not say what the german government already admitted?”
“My approval does not contain that. I did not create it”
“Then I am asking the government, how can that be”
“This is classified, He can not say that”
“Are there lectures, where NSA and BND people are taught together?”
“Yes”
“Where?”
“Different. Forth Meade, Bad Aibling”
“Wharpdrive should be a joint project from three partners. Can you say anything on that”
“NÖ”
“If I am writing Mr Wolf an email over an us service which travels over the ocean, can you say that it does not intercepted in Bad Aibling”
“NÖ”
“That data from germans were massively intercepted, did you know that?”
“No”
“Do you know that BND gives data to five eyes countries”
“I do not know anything specific”
“You are leading this station since 4,5 years and use xkeyscore. And you did not know that?”
“I do not know what the americans are doing. I know what we are doing in Bad Aibling. There, the americans get filtered data from us”
“We can repair the computers with xkeyscore on our own, the updates come from the americans”
“Is it possible to triangulate locations with your data?”
“Don’t know what that is”
“Can you say anything on tapping fibers”.
“Since I am there, we do not tap fibers from Bad Aibling”
“But where do the data from the fibers come from?”
“De-cix did not happen during my time”
“And before?”
“I can not answer that”
“You discriminate between tapped satellites and directional radio. How much is this in percent? Do you have any information about tapping fivers”
“Directional radio is not tapped from within germany”
“Is this the case for the last ten years or just now”
“a moment please, You know I am fighting with my approval what I am allowed to say”
“Clear you do not tap directional radio in bavaria, but in somalia, jemen and afghanistan?”
“NÖ”
“You are saying the data are valuable for the americans. What happens with the data”
“our values are content data, concrete telefonie data, and emails. This is valuable and usable”
“How many NSA employees are in Bad Aibling”
“10”
“I get the impression, Bad Aibling is a sub-company of NSA. Is this wrong?”
“We are not a subcompany of NSA. We do not have any raw access to NSA data, and they do not have any raw access to our systems. We only get selectors.
“The americans moved from Bad Aibling for financial reasons. I do not know whether they have gotten enough data from us, but we continue to work together.”
“Do drones have IMSI catchers”
“I do not know what drones have”
“You are insisting that you never have talked with us personnel in Bad Aibling about the information in the Snowden documents?”
“I never have asked them whether it is true what is published in DER SPIEGEL”
“You said that you know the documents, not only those from Spiegel”
“No, I meant only those from SPIEGEL”
“We have more documents. You have not read them”
“No”
“Would it have been simpler if I had asked you directly: “From which location came the data about Hillary and Kerry?”
“I only know this from the press. They did not come from Bad Aibling”
And then, this is interesting:
“”What are the applications Mira4 and VeraS”
“These are secret systems. With one, you can listen to phone calls. The other can visualize metadata and show who phoned with whom”
“Are these your own developments”
“I am not sure if they are own developments or whether they came from another company. But surely they did not come not from US””
He is not sure whether these are own developments or from a company.
Well, there is exactly one system, where one would have difficulties to say that. Namely the database software polygon that was developed by a german company for the german police.
I noted before that BND agents have stolen the software of this company, including the sourcecode: http://www.heise.de/ct/artikel/Die-Bayern-Belgien-Connection-284812.html Perhaps BND was using stolen software all the time and has given this to NSA…
Buck • September 26, 2014 3:08 PM
@NickP RE: http://techlinkcenter.org/
No doubt, I’d probably buy a High-Stress Collapsible Water Bag, Self-Erecting Tent & Bednet, and Tactical Folding Knife!
At least these two in particular sound (to me anyways) totally revolutionary in their possibilities for helping a lot of people: Multifunctional Blood Substitute & Tunable Energy Harvesting Devices and Sensors.
One of the few on the list I wouldn’t like to see pursued at all is a ‘military-grade’ spam email ‘marketing’ system: Email Based Content Delivery and Marketing… But no worries, it’s all PHP, and therefore will certainly never be subverted by nefarious entities!
William • February 6, 2017 12:25 AM
Thank you
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
. • September 19, 2014 5:14 PM
CipherShed a fork of TrueCrypt has just recently been announced
http://it.slashdot.org/story/14/09/19/1620240/truecrypt-gets-a-new-life-new-name
https://ciphershed.org/