Friday Squid Blogging: Flash-Fried Squid Recipe

Recipe from Tom Douglas.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on October 10, 2014 at 4:13 PM • 161 Comments

Comments

LessThanObviousOctober 10, 2014 4:48 PM

There is a good article on Wired.com today by Kim Zetter titled:
"US Spy Programs May Break the Internet if Not Reformed, Google Leader Says"

http://www.wired.com/2014/10/us-spy-programs-may-break-internet-reformed-google-leader-says/

Microsoft General Counsel Brad Smith basically states that we have rights to our data no matter where it lives. In my view a point that should never have been questioned and should have been obvious to anyone without a vested interest in undermining everyone's basic civil liberties.

Red alertOctober 10, 2014 6:48 PM

Great catch by ΦΒΙ. The government wants to know, Are you with us or against us in the global war on disenchanted idealists? The army, evidently, is convinced you can't go wrong with cretinous dipshits.

Chris AbbottOctober 10, 2014 7:20 PM

Total Disaster:

http://arstechnica.com/security/2014/10/snapchat-images-stolen-from-third-party-web-app-using-hacked-api/


The combination of security through obscurity (the proprietary code apparently using a single key for everything, reverse engineering) and people trusting the third-party apps!

I'd say Snapchat needs a do-over. A hard coded key??? Are you kidding me??? Why not let the user pick a key for their device and do a DH-PFS key exchange for the transmission? Obviously other various issues likely exist...

Chris AbbottOctober 10, 2014 7:25 PM

@Myself:

And of course, I would say make it so that the only way data could be transmitted is through the app itself, i.e. all pictures or what not can only be taken or generated within the app, leaving third-party apps out of the picture.

SoWhatDidYouExpect?October 10, 2014 7:58 PM

The End Of The FBI?

FBI Says It Will Hire No One Who Lies About Illegal Downloading

http://yro.slashdot.org/story/14/10/10/2248251/fbi-says-it-will-hire-no-one-who-lies-about-illegal-downloading

Where are they going to find candidates in the next 20-30 years? Oh, never mind, they won't need any.

How about if the FBI lies? How many existing FBI members will answer truthfully.

Supposition: maybe they aren't interested in whether or not you performed illegal downloads, but whether you lied about it.

Markus OttelaOctober 10, 2014 10:46 PM

Updated Tinfoil Chat to 0.4.10
https://github.com/maqp/tfc

The installer now features an option that will install local version of TFC: you can try the application without any additional hardware. The installer generates insecure keys using /dev/urandom for any size testing group, downloads the TFC suite for everyone and configures each application for local use.

Replaced OTP encrypted Keccak MACs with unconditionally secure authentication (one-time MAC, calculated modulo M521).

Some UI elements scale according to terminal size.

Separate injection tool for pentesting.

Initial file transmission feature. Files are sent inside messages in base64 encoded format. Very slow, proper OPSEC warnings are displayed after file has been saved (Issues discussed earlier in https://www.schneier.com/blog/archives/2014/08/friday_squid_bl_438.html).

Group creation and management commands for multicasting messages and files to multiple XMPP addresses.

Also, fixed many stability issues, bugs, improved style, removed colors that were causing issues with string lengths and moved print strings back to code for better clarity. Paper and manual were updated according to changes. No alternative ciphers, yet.

ThothOctober 10, 2014 10:48 PM

@Chris Abbot
People who truely want their privacy should simply stop using these programs. They are not made for privacy anyway. I don't mean totally disappearing from the radar just in case some of you might think i meant that. What I mean is use something proper (TextSecure / Redphone / Signal suites). Those are developed by security people who knows what they are talking about and are open sourced.

I guess the previous legal action case against Snapchat never really woke it up.

A final cease and desist on Snapchat as a program or corporation might be abit heavy handed but might benefit everyone in the long run (yes it's too cruel but the damage they do might warrant it).

Snapchat tried to shut down Snaphax library (reverse engineered protocol of Snapchat API) but was unsuccessful.

It reminds me of a snake oil company selling snake oil and someone figured that out and the snake oil company tries to silence anyone in it's way by any means (not pointing to anyone in specifics in this context).

Do excuse the outrightly heavy handed means I propose as I feel what they did is disgusting (personal opinion).

ThothOctober 10, 2014 11:31 PM

@Dnaiel
Phone wiping is not 100% anyway. If you leave a function open for everyone to use, expect them to be used. Adding special access fields can be dangerous if it falls into the wrong hands. Similarly, it is best everyone have a wipe access than a selective set of users with wipe access.

ThothOctober 10, 2014 11:53 PM

@sidd
Good to know our suspicion that USA have subverted/collaborated with foreign partners to make security more insecure.

Time for widespread of OpenRISC chips with open designs, implementations, tests and other procedures that are designed specifically to thwart their attempts at a CC EAL 7/7+ level with no special access fields.

A practical first step:
- Hardened RPi or some other currently available open hardware via a more secure OS and firmwares.
- Next step, replace the ARM chips with OpenRISC.
- Design a secure casing for it. The usual plastic casings are useless against physical access.

JacobOctober 11, 2014 12:55 AM

@ Clive

I toyed with an idea to legally circumvent the RIPA part that demands from a person to hand over his password to police in order to decrypt his files or drives. I wonder if you think that this is feasible (for high value material):

1. You generate a long and complex pseudorandom password. You use that password to encrypt your stuff. Then you split the PW into 2 halfs. No way to memorise either half.

2. You write down/save half-1 - it is yours.

3. you send half-2 to an off-shore web service that keeps people's halfs, and then delete it from your system/email.

4. The service shows you half-2 on demand provided that you produce an signed affidavit, attested by a pre-designated individual that you ask for your half-2 by your free will, no coercion, no official/officer has been requesting you to produce your password, and that you are not currently under any kind of investigation under RIPA.

5. I assume that the courts would not force people to lie and demands that the pre-designated individual will fake an affidavit. You can give the police your half-1, you tell them that you use that off-shore service, but it will be of no help to them.

Certainly you can also ask a trusted family member to send Half-2 for you, and hint that he can write it down and keep it in a secure place, but for all it matters the police only knows that you used that off-shore service...

ThothOctober 11, 2014 2:28 AM

@Jacob
That is to assume you can trust the off-shore service provider and there are no agents there. Assumptions of trust is usually not looking very nice because agents do work in these offshore organizations and most trust can be easily misplaced.

We have come to an age where our Governments will use anything and are very desperate lot of people. They will not reserve any efforts... including falsifying or forcing court orders or changing legal structures and so on.

Let's hope the random password generator does not contain malware though.

The arms of the powers that be have stretched deeply into a lot of cracks.

GrauhutOctober 11, 2014 3:10 AM

@sidd thx, "The CIA is known to use agents masquerading as businessmen, and it has used shell companies in the U.S. to disguise its activities."(intercept)

One of the most funny questions is: How many security infrastructure firms do they own? How many certification authorities are owned by the agencies? How many security consultatnts open your networks to the agencies?

How big and deep ist the security simulation matrix?

Clive RobinsonOctober 11, 2014 4:45 AM

@ Grauhut,

How big and deep ist the security simulation matrix?

Simple answer "Ask Alice", after all she did go down the rabbit hole.

@ Jacob,

Simple question,

"Why just two parts?"

If you look back to when this blog was discussing "border crossing" the subject of MofN threshold keys came up, it also discussed using a set of key parts in different jurisdictions.

Provided you put certain other safeguards in place such systems will work even against the very valid issues Thoth raised.

CuriousOctober 11, 2014 4:48 AM

I saw a news item with a link to this on slashdot today:
http://randomascii.wordpress.com/2014/10/09/intel-underestimates-error-bounds-by-1-3-quintillion/

I won't pretend to understand the importance of that article, but I couldn't help but wonder if computer security somehow might be affected. The article seem to be about how Intel cpus are less accurate for one type of mathematical operation, or somesuch.

"Intel’s manuals for their x86/x64 processor clearly state that the fsin instruction (calculating the trigonometric sine) has a maximum error, in round-to-nearest mode, of one unit in the last place. This is not true. It’s not even close."

Playing an armchair scientist, I can sort of imagine that elliptic curve crypto tech might perhaps be impacted by this, but ofc I don't really know what I am talking about here. :|

Clive RobinsonOctober 11, 2014 5:15 AM

ON Topic :-)

With regards the flour dredge for flash frying the squid, I use the same 50/50 rice/corn flour mixture I use for tempura but obviously with out the fizzy water. I also add a small amount of either powdered English mustard (Colemans) or a deeply smoked cayen peper powder. If I want the realy hot spice taste, what I do is put dried chilly seeds in a dry frying pan and roast them off befor droping them on whole with salt, or just grinding a few in and dusting.

You can use ready made chinese plum or Hosin as a dipping sauce

As a compleatly off the wall dish Jamaican style "Squid Bread". Find a recipy for a really unctious and thick squid stew, and while it's cooling make a decent strong white bread flour dough but add some powdered spices to give colour and a little heat. When the bread has first proved, knock it back and make a flat with about six ounces or 170g of dough and holding it as a cup shape put a good measure of the hand cool stew into the center then carefully fold and seal the flat around it, let rise a second time on a floured tray with a few others then bake as normal. Best eaten warm but be carefull the stew can still be very hot inside.

JacobOctober 11, 2014 5:25 AM

Very interesting (and short) NSA document:

https://s3.amazonaws.com/s3.documentcloud.org/documents/1312021/whipgenie-classification-guide25jan05.pdf

This will lay to rest one of the 2 strong claims made by Skeptical: that the USG can not and will not coerce a commercial company to subvert its products.
(The other one was that the NSA has not been involved in economic/competitive intelligence to benefit a specific US company).

From the document: "...FBI provides assistance with compelled and cooperative partnership associated with WHIPGENIE", the details of which are classified above Top-Secret - and the actual partnership terms are even held from the 5-Eyes.

JacobOctober 11, 2014 6:17 AM

@ Clive,

Thanks for the pointer.

However, I am interested to know if this scheme circumvents RIPA in practical terms, meaning that the judge will accept your claim and not find against you for "tricking the system", or say "I don't care what you have to do in order to hand over the PW - just do it."

ThothOctober 11, 2014 7:54 AM

@Clive Robinson
Never thought that not only is Clive good at security and tech, he's well versus in cooking as well :D . Will look into your recipe if I have the time.

Just a thing or two about the K/N (or M/N) scheme, I like it and use it very frequently but the condition is you have to ensure no one monopolizes the scheme otherwise it is meaningless. The scheme dealer (card dealer) must ensure that it is fair and open and the card dealer must also be authenticated that he proofs that the scheme is fair.

First way, proof zero knowledge of the original key used (password) and then split it into K/N quorum. Ensure fair distribution of quorum and hope for the best :) .

GrauhutOctober 11, 2014 8:38 AM

@Clive Robinson "How big and deep ist the security simulation matrix?" - "Simple answer "Ask Alice", after all she did go down the rabbit hole."

No Clive, i ask the readers here, better chance to get an answer that makes a little more sense. LSD is a bad advisor in security related areas.

What is "common practice" out there, remember Trustwave?

"...a respectable certificate authority has enabled third parties to issue arbitrary SSL server certificates for monitoring purposes. Trustwave claims, however, that this is common practice among other root CAs."

CallMeLateForSupperOctober 11, 2014 9:30 AM

@Grauhut
"LSD is a bad advisor in security related areas."

I would agree with you on that point.
However, I must point out that Alice tripped on 'shrooms (psilocybin), not LSD.

Sancho_POctober 11, 2014 9:52 AM

@ Jacob:

In court and on the open sea your fait is in the hand of God, whether you believe in or not.

With encryption, whatever you (not) do - you (and probably your friends) are doomed.
Check the legal fine print of the appropriate country for the cost.
I.e. start here: https://en.wikipedia.org/wiki/Key_disclosure_law

@ Grauhut: A "funny" question deserves a funny answer ;-)

.
Re: https://firstlook.org/theintercept/2014/10/10/core-secrets/

The only problem I have with this kind of "revelations" is that most Americans won’t read them because there are no ad breaks in between.
So America won’t change, and no change is the beginning of a serious decline.

Not-Americans will read that in full length.
Not-Five-Eyes will change.

Clive RobinsonOctober 11, 2014 11:06 AM

@ Grauhut,

LSD is a bad advisor in security related areas.

It took me a while to work out what you were talking about.

I was refering to the original story, that was written by an English philosopher and logicial, not 1960s alternative culture...

And I was indirectly refrecing that it could be as large or as little as you wished depending on your perspective and what you are prepared to swallow by way of written information.

Nick POctober 11, 2014 11:35 AM

@ Markus Ottela

Thanks for the updates. Good work. Keep it up.

@ Jacob

I posted about the same scheme here in discussions Clive was referring to. Of course, the FBI and courts already have precedents where they think they can legally force you to lie about whether data has been compromised. So, that scheme won't work here and no excuses you make change that. So, the best method is the one where there's nothing you can do to give in. I call these the torture-proof methods.

A simple one is to send an encrypted version of the data over ahead of time on a HD, SD card, etc. You get through customs. If they check your computer, it's got basic stuff on it and they let you through. Upon arrival, you download the decryption program and use it on the hard disk. You might even do the work from a VM on that hard disk so all the traces of application activity are contained in it. Once you're done, re-encrypt under a new key, ship it back home, and repeat the process.

Note: You do shipping because it's one of the fastest ways to move hundreds of GB's or TB's of data. Many companies and labs move HD's through the mail for this reason. So, it might not even raise an alarm. If it's MB's to a few GB, you can just move it over the Internet or a dedicated line.

Modification of above keeps the data on a secure, domestic network. The data is only available if you SSH (or other VPN) into it from a certain (foreign) machine/network and have a password (yours). So, your PC will have common remote access tools but nothing past that. An expansion on this is for you to use one of the high end thin clients over such a tunnel so the whole desktop stays over there. I said high end because some are hardware accelerated to reduce latency & improve eg multimedia.

What if they subvert your PC at customs? That concern led many of us to advocate a strategy of "travel with no PC and just buy a local one." Repeat one of the above strategies. Then sell the local PC on your way out. You can always rent it, too. This works with phones too esp if you have phone cards for air port, a service that redirects your calls from a central number, and can do most stuff through the Internet anyway. Just be sure to pick the rental stores randomly if you think they'll target you. If I were them, I'd subvert every PC at the nearest shop or even own it for that purpose. Hitting tourists, businessmen, and spooks right out the airport the day they arrive. ;)

EDIT: Funny I say that last line then read Grauhut's comment about CIA's fake businessmen and shell companies. See, I know how they think haha.

@ Jacob

re NSA file

Thanks for that! Yes, Skeptical's argument is smashed by this one line:

"details of FBI assistance with compelled and cooperative partnerships associated with WHIPGENIE"

The WHIPGENIE program subverts the whole service to give them all traffic. So, this document indicates the FBI & NSA jointly compel companies into cooperation if they don't do it willingly. I bet those companies are more bitter than average that they had to do it anyway without making the $30+ million the co-conspirators got. :O

@ Sancho_P

Thanks for the link! Confirms what I told Skeptical that the high end capabilities, abuses, etc would be compartmented into SAP's. It says that (minus the word 'abuses') right in the document. I also indicated they'd use HUMINT for coercion. Skep said they don't have saboteurs. I pointed out they do have a joint partnership with CIA for that sort of thing. Now, this doc does one better:

"TS//SI Fact that NSA/CSS employs its own HUMINT assets (Target Exploitation TAREX) to support SIGINT operations."

So, we have admission that they compel companies with FBI (different doc), use HUMINT on other non-cooperatives (different doc), and have their own HUMINT team that they don't acknowledge even to people with regular TS clearances.

Additionally, this even more classified (ECI, black program) tidbit says:

"(TS//SI//ECI SOL) Facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C)."

"(TS//SI//ECI SOL) Fact that NSA/CSS works with specific named US commercial entities (A/B/C) and operational details (devices/products) to make them exploitable for SIGINT."

"(TS//SI//ECI SOL) Fact that NSA/CSS works with specific foreign partners (X/Y/Z) and foreign commercial industry entities (M/N/O) and operational details (devices/products) to make them exploitable for SIGINT."

So, yes, NSA is weakening stuff all over the place and has undercover spies in specific organizations.

SkepticalOctober 11, 2014 12:30 PM


@Jacob: This will lay to rest one of the 2 strong claims made by Skeptical: that the USG can not and will not coerce a commercial company to subvert its products.

From the document: "...FBI provides assistance with compelled and cooperative partnership associated with WHIPGENIE", the details of which are classified above Top-Secret - and the actual partnership terms are even held from the 5-Eyes.

The US Government cannot compel the manufacturer of a product to modify its products (with the qualification, which I've repeatedly made, that CALEA comes close to this in affecting what equipment telecommunications providers use) to enable eavesdropping.

That remains true. You can build software and hardware to be as secure as you can make it, and the government cannot force you to weaken that security. Moreover your protection as an individual and as a company against government compulsion is as strong or stronger in the US, due to the deliberately divided nature of its political structure (specifically, the independent judiciary and the adversarial nature of its legal system) and the low level of corruption, than it is anywhere else.

For that reason, among others, for purposes of security I would prefer products made in the United States, by US companies, when those companies provide certain assurances that have legal effect and when they have a sufficiently large business interest in adhering to those assurances (and assuming there are not technical reasons for preferring a different product). This is especially the case if my concern is commercial espionage.

However, the US Government can compel a company to provide information. So, for example, the FBI might compel a telecommunications company to provide certain information. At the same time, the FBI might ask that the telecommunications company provide cooperation, voluntarily, with a given investigation.

Because most communications occur via private companies, via private equipment, the legal ability of the government to compel access to certain information is crucial to various criminal investigations and counterintelligence operations. The voluntary cooperation of private companies with the US Government may also be of great importance to a given investigation or operation.

For that reason, the names of companies that are either under a lawful order to provide certain information, or that have cooperated voluntarily in some way, are strongly protected. Hence the classification you see in the document you reference.

SkeevticalOctober 11, 2014 1:06 PM

Here's how stupid skeptical thinks you are:

"The US Government cannot compel the manufacturer of a product to modify its products"

He thinks you forgot about Joe Nacchio. He thinks you forgot about US government physical and mental torture.

The USG SS can compel anyone to do anything. What the civilized world considers torture, DoJ considers compulsion. This is publicly-articulated US government policy.

There is no vestige of decency in skep. If Doktor Mengele hired skep to sew gypsy twins together, he would be explaining how he did it for the rest of his life.

SkepticalOctober 11, 2014 1:23 PM


@Nick: Confirms what I told Skeptical that the high end capabilities, abuses, etc would be compartmented into SAP's. It says that (minus the word 'abuses') right in the document.

Your memory is a bit selective here.

We were discussing the lack of evidence in the Snowden documents relating to commercial espionage conducted by the NSA. I said that the lack of evidence is, in itself, evidence that the NSA does not do so. You argued that commercial espionage programs might simply not have accessible by Snowden. I responded that while one might always argue that there's just one more compartment we don't know about which contains commercial espionage programs, the fact that nothing has been seen so far increases the probability that the NSA does not conduct commercial espionage.

These documents actually make me even more confident that the NSA does not conduct commercial espionage. For while the description of the ECI compartments notes items including the exploitation of ciphers used by hostile intelligence services, it does not contain one word about commercial espionage.

Conclusive to the point of absolute certainty? Of course not. Raises the probability that the NSA does not conduct commercial espionage? Absolutely.

I also indicated they'd use HUMINT for coercion. Skep said they don't have saboteurs. I pointed out they do have a joint partnership with CIA for that sort of thing.

This is also selective. I noted that the NSA does not, reportedly, have a HUMINT capability, and that other organizations, again as reported, work jointly with NSA in operations requiring capabilities outside NSA's expertise. These documents note joint programs with organizations that do have HUMINT capabilities.

"TS//SI Fact that NSA/CSS employs its own HUMINT assets (Target Exploitation TAREX) to support SIGINT operations."

Read the document describing TAREX. It is a joint program, and it notes which organization is primarily responsible for HUMINT.

So, we have admission that they compel companies with FBI (different doc),

Yes, these TS tools of compulsion are called warrants and subpoenas.

use HUMINT on other non-cooperatives (different doc),

Yes, the US Government uses human intelligence sources.

and have their own HUMINT team that they don't acknowledge even to people with regular TS clearances.

Again, read the TAREX document.

GrauhutOctober 11, 2014 1:35 PM

@Clive Robinson "And I was indirectly refrecing that it could be as large or as little as you wished depending on your perspective and what you are prepared to swallow by way of written information."

Come on, the world is not subjective in its core and the moon still exists if nobody stares at it. I always take the red pill and i dont think that i have a swalloing limit when it comes to written information.

We know from the Trustwave case that there are working fake CA copy certificates out there. Lets have a look at Cloudflare, are the ssl proxies of the US agencies bigger, smaller or same size? Does it make sense to cry heartbleedingly if this doesnt really matter, because even if ssl software were perfect it would be rendered useless by fake certs?

Is the usage of ssl mitm proxies not an attack anymore but an integral part of the internet infrastructure?

Whats the new normal? Whats actual security reality? What does still work, what doesnt?

GrauhutOctober 11, 2014 1:49 PM

@Skeptical "These documents actually make me even more confident that the NSA does not conduct commercial espionage."

The NSA does full scale espionage, catching all data they can get, and it is the job of Intelligence Advisors in the Office of Executive Support (OES) in the Department of Commerce to process the data they get from their collegues.

www.icjointduty.gov/vacancies/nt50-13-0001u.htm

"An Intelligence Advisor works to enhance senior officials’ situational awareness, knowledge and understanding on matters involving international economics, finance, leadership, political, technological developments and security concerns of interest to the Department, as well as for the functional areas of economic development; international trade; export control, enforcement and treaty compliance; cyber security; technological and scientific advancement; patent, trademarks and intellectual property rights protection; etc. This entails performing duties across the spectrum of the intelligence cycle, including intelligence planning and direction, requirements management, collection, analysis and production, dissemination, use and evaluation in collaboration with senior managers and staff personnel across the Intelligence Community."

SoWhatDidYouExpect?October 11, 2014 2:14 PM

Only 100 Cybercrime Brains Worldwide, Says Europol Boss

http://yro.slashdot.org/story/14/10/11/1538206/only-100-cybercrime-brains-worldwide-says-europol-boss

Why from "...the Russian-speaking world, he said."?

After the U.S.S.R. crumbled, what else could those former KGB agents (or those trained by same) do to make a living? When our regine crumbles, we will have "former" spook agency agents (or those they trained) pick it up and do the same.

I suspect that, like borders, policing, and rules of the past, the network will change to become something different. Our spooks want the network for spying on everybody, but they can't understand why everyone else uses the same techniques - some of which our own spooks developed - to spy on us and steal from us.

We are arrogant, egotistical, and narrow minded, thinking others can't adjust to what is happening. Yes, we can adjust (some of the time) but don't accept the fact that others adjust (all of the time).

not even a name, and a blank email field to bootOctober 11, 2014 2:41 PM

I'd like to suggest to the well-informed folks who gather here that they hold CitizenFour parties for all their family, friends and acquaintances, and watch the doc together, over light snacks or whatever. How could that be boring? The video gets its "wider release" on October 24. Let's do our part to ensure "wider" equals "wide".

Look on the bright side: if you're employed in IT, you would probably benefit from a world trying desperately to fix itself. If you work in IT for the NSA, same thing still applies (only the NSA can disband the NSA). PAAAAAART-EEEEEE!

GrauhutOctober 11, 2014 3:13 PM

@SoWhatDidYouExpect? "When our regine crumbles, we will have "former" spook agency agents (or those they trained) pick it up and do the same."

Deepen that thought. Maybe the whole NSA spy the world program is already a job creation scheme. How many rocket scientists does it take to drive high frequency trading? What do we do with the talented rest in order to keep them off hacking street, so they do not harm the already crumbling economy? :)

Bob S.October 11, 2014 3:43 PM

"Edward Snowden documentary reveals SECOND NSA whistleblower who 'outranks' even him"

"Citizenfour is a fly-on-the-wall documentary that gives a new insight on Edward Snowden and how he leaked thousands of government documents
In one scene he is told of a second whistleblower inside the National Security Agency that is sharing secrets with journalists...

Link-Daily Mail, UK

Wow!

Just WOW!!!

JacobOctober 11, 2014 5:09 PM

A doc released last month by the CIA under FOIA about the evolution of restrictions and regulations of usage and export of encryption technologies by the USG,
http://www.foia.cia.gov/sites/default/files/DOC_0006231614.pdf

On page 23 there is a redaction:
"Their (RSA Data Security) biggest controversy came 1n 1991, when they tried to market their program to Microsoft, who wanted to integrate the code into its programs marketed at home and abroad -REDACTED- RSA landed the contract with Microsoft."

We will know that the export version of Windows had 40 bit security in the 90's. Any speculation what is behind the redaction? What did the NSA demand in order to give the go ahead for the business deal?

septiculOctober 11, 2014 5:32 PM

Septical is hilarious.

> You can build software and hardware to be as secure as you can
> make it, and the government cannot force you to weaken that
> security.

Lavabit?
Baddaboom baddabang hehe. K thxbay

GrauhutOctober 11, 2014 5:40 PM

@Jacob "What did the NSA demand in order to give the go ahead for the business deal?"

The _NSAKEY.

Nick POctober 11, 2014 5:52 PM

@ Jacob

The answer is in the document: the Executive Order allows strong crypto so long as an escrow method is built in. As in, they backdoor it somehow. So, if it's American product, assume Five Eyes can get the data. That's why foreign companies are right to boycott US goods and try to get stuff from less subversive sources.

Of course, that's just as challenging, ain't it? ;)

Nick POctober 11, 2014 5:57 PM

@ Grauhut

Nice one lol. Might even be right. The CIA document certainly sheds some light on the old debate about that.

Nick POctober 11, 2014 6:07 PM

Re NSAKEY

Actually, CIA document is our smoking gun on that when combined with this Microsoft statement:

"Microsoft said that the key's symbol was "_NSAKEY" because the NSA is the technical review authority for U.S. export controls, and the key ensures compliance with U.S. export laws."

It's for export compliance. Key escrow was a rule for compliance per CIA. And the simplest, safe escrow method I came up with long ago was sending a copy of the key to NSA's EKMS via a public key they supply. EKMS already does this for FIREFLY and NSAKEY is a public key.

So, close to open and shut as one can get. The law required a backdoor for approval. Common method was public key. They got approved, had a secondary public key for compliance, and its name was NSA. The last part doesn't surprise me given Microsoft programmer quality (read: no quality) in that time period.

timOctober 11, 2014 6:08 PM

Why hasn't Bruce mentioned that SSL usage doubled from 2 to 4 million in a 48 hour period due to Cloudflare?

GrauhutOctober 11, 2014 7:08 PM

Is it possible to send the NSA a DMCA takedown notice, because they infringe my copyrights on my emails and online posts by including them into their search indices, a production of a derivative work that violates my rights out of §§102(a),106(a) Copyright Act of 1976? :)

JacobOctober 11, 2014 7:56 PM

@ Grauhut , Nick P:

The _NSAKEY indeed makes a perfect sense. IIRC it was discovered by mistakenly releasing a test Windows build with debug symbols on.

So I guess it is safe to assume that today's NSA key in Windows has a more mundane name.
This, however, still leaves open the question if a discussion about Bitlocker algorithms (and Windows Crypto API in general) robustness and security is moot or not.

ThothOctober 11, 2014 8:01 PM

@Grahut
I am very curious if NSA/CIA/TLAs has the ability to assassinate / coerce / manipulate / setup ... any judicial system in the way as they move along. E.g. an officer found something and decides not to cooperate, send in Black Ops and finish him off quietly (something along that line) and falsify his ending. If that is possible, they pretend to exist within the boundary of a box, but they actually do not care about the box and do anything they want. If they see a DMCA, they make sure the judge(s) or panel(s) of them all either reject the request or they would simply replace them.

Let's put it this way, the administrative branch make decisions but the power resides in the executive branch since they are directly handling the power. This is why Thailand always face military coups because the executive branch simply have too much power and control to the point when the administrative branch wants to do anything, the executive branch takes a gun to their head and they shudder in cold sweat. Similarly in the US, the executive branch have too much power. Legal action ? No more...

----------

A One-Time Use DMZ Facing Access Point
======================================
The idea is to setup a DMZ facing hardened server that only contains the necessary data it needs to deliver to you when you request it. The idea is to go computer-less through a border zone into a hostile territory (to do presentations or give a talk) and you need access to your slides or materials and you only want to have a one-time access feature. You have to write your own server side script to achieve the functions and operations below.

- Configure a lightweight open source webserver (nginx) on a limited machine with a secure OS (hardened).

- Block off all network ports except the one you specify for the web server. You may select a non-standard port to surprise intruders or apply a cryptographic port knocking to discover the access port.

- The files you want to access should be zipped to make it easier to access all in one go.

- Generate a short random url if you want some surprises (e.g.) not want anyone to simply walk into your system to know what to look for (of course you need to secure your web server as well).

- Generate a short random login password for one time use. Remember it.

- You might want to set the program to only allow connection at specific times of a day.

- The server to hold the encrypted data and to be decrypted into memory when server is started and running by a key you enter before you depart physically to your physical destination (PBE-based crypto or something along that line). Do note that if the server crashes, good luck.

- You request for the file via a secure or insecure computer (regardless) when you arrive before you do a presentation and after the one login, the server forgets the decrypted data in memory and removes access for that login.

- If coerced to login again, it should not be do-able again.

- Probably why not after that one time login, the entire server formats and wipes itself. Might be even better.

Nick POctober 12, 2014 12:15 AM

Working through claims of several documents to illustrate activities and layers of truth/lies (part 1)

I appreciate the reference to the TAREX documents. I'm going from this one:

http://cryptome.org/2014/10/nsa-tarex-the-intercept-14-1010.pdf

It's classified at SECRET//SI//NOFORN. So, naturally any Top Secret, codeword, or especially ECI stuff is removed from this document. That's why it doesn't reference the TAREX activities from the Top Secret or recent ECI/SAP-related documents: the recipients don't have clearance to know they exist. So, at best, it provides a limited view into the activities of the TAREX group. The importance of this is illustrated in the very first section: unclassified official use only people are told that TAREX only conducts overt surveillance, while SECRET clearance holders are told they conduct clandestine surveillance. The layers of the onion hide so many truths with so many lies and denials.

Analysis of TAREX Group from this SECRET-level perspective.

The group works with INSCOM, the parent of the Army ISA. That tells me what I need to know right away. A lesser known TLA when I learned of them, I found they have in recent times a decent Wikipedia page. Very versatile operators who do everything from SIGINT to black bag jobs, do fieldwork with likes of Delta/SEAL6, and got positive mention in Richard Marcinko's books for talent at black bag jobs.

Next fact is that collection is classified in a typical SIGINT way. But, the details of how they did the collection is up to INSCOM. If INSCOM's clandestine operators do it, especially at SCI/SAP level, then neither Snowden nor NSA would even have the docs on it unless INSCOM shared specifics of it in a TS/SCI document.

Next fact is that, although S.B.U. release says they do overt collection, the B.3 section tells SECRET personnel that 'the TAREX program does not conduct overt SIGINT collection.' Clearly shows how willing they are to lie to those at lower rungs of classification levels. That they do it with claims only pages apart in the same document is hilarious. That people trust their claims in the TS documents knowing about this pattern & existence of higher levels is not hilarious.

Next fact is that TAREX focuses on physical subversion including "close access-enabling, exploitation, or operations; off net-enabling, exploitation, or operations; supply chain-enabling, exploitation, or intervention operations; and/or hardware implant-enabling." Combined with their ISA or SOCOM partners, this represents one hell of a clandestine capability for forcing SIGINT collection into unwitting or unknowing organizations. They also have a presence in Washington and embassies, which I assumed.

Final fact is they have personnel "integrated into the HUMINT operations at CIA, DIA/DOD, and/or FBI." Interesting enough, these are the three organizations that opponents (or targets) of NSA programs keep getting hit by. The CIA runs covert and clandestine operations, plus the extraordinary rendition program that can be used against U.S. citizens. FBI has a pattern of doing awful shit without real consequence and can do indefinite detention. The DIA has similar clandestine capabilities to CIA and focuses on anything DOD considers enemy weapons ("cyber"weapons?). Integration with these organizations might be how parallel construction and other highly sensitive sharing take place.

So, if TAREX targets American companies to force compliance, they'd probably succeed in their goal. Especially if TAREX had more capabilities or purview than in this document. Let's hope that's not the case. So, now lets go to the SENTRY EAGLE document to find out.

I'll start by saying that, in the first 7 points, the different impressions a SECRET and TOPSECRET clearance holder receives is quite significant. Matter of fact, I'm going to focus on these differences as I look through it. Let's start with SENTRY OWL.

In SENTRY OWL, the public is told NSA works with industry as technical advisors on its products. Implies they're helping us be safe. TS/SI level knows that NSA does SIGINT enabling operations in U.S. industry, that this involves HUMINT agencies, it also has FISA operations with industry (imply separate things), and works with foreign partners. So, the public things one thing is going on while TS/SI group finds out opposite is true. Then, TS/ECI finds out we have specific partnerships to make U.S. devices vulnerable, partnerships to make foreign devices vulnerable, undercover NSA people, and "human asset(s) cooperating with NSA" in U.S. or foreign companies.

In SENTRY RAVEN, the public is told NSA works to break foreign ciphers. All up to TS/SI community are told the same. The TS/SI/ECI group is given more detail on that which matches main claim. However, they're also told that "NSA/CSS works with specific U.S. commercial entities to modify U.S. manufactured encryption systems to make them exploitable for SIGINT." Quite a difference between "we break foreign ciphers" and "we make U.S. made equipment vulnerable so we can maybe hit it later." Quite the difference.

In SENTRY HAWK, the public and S.B.U. communities are told NSA works with FBI and CIA on the SIGINT side. SECRET/SI are told that NSA gets up close and personnel (eg TAREX) on everything from computers to networks. TS/SI gets more knowledge of the specific weaknesses they exploit. TS/SI/ECI SHK get more specific details of exploits/operations, the knowledge that NSA works with foreign/commercial entities, and information on clandestine access to world-wide fiber optic cables.

In SENTRY OSPREY, the public gets to know the NSA/CSS works with CIA's National Clandestine Service, which can do covert (deniable) operations. S.B.U. are told it's SIGINT support. TOPSECRET/SI/NF learns it's for high priority target internal foreign communications. TS/SI learns NSA has its own internal HUMINT (TAREX) assets for this. TS//SI//NF//ECI learn specific targets and details of NCS operations. So far, this document doesn't indicate that TAREX group targets American companies: just foreign. However, as we see above, it can't be used to prove they don't hit domestic companies as that could be another codeword or ECI program. Just foreign... so far.

Alright, now let's look at the WHIPGENIE document at TS/SI/NOFORN. This involves relationships with "U.S. partners." It's distinct from, probably working with, the above program that does this.

The public can hear the codeword alone. S.B.U. knows it involves corporations. CONFIDENTIAL knows its SIGINT-related and unconventional in its methods. TS/COMINT knows WHIPGENIE is about domestic wire access or US transiting communication. TS/COMINT know it's a combination of NSA and private sector that includes domestic access and FBI assists with *compelled* partnerships. Note that "parternships" suddenly includes non-cooperative parties & remember this in other documents. Only TS/COMINT-ECI WPG people get to know how FBI gets the cooperation or forces them. This is telling because the existence of the basic warrants and orders Skeptical references certainly aren't ECI. The methods NSA and FBI are using to get "domestic" companies to do SIGINT enabling *are* ECI. The evil stuff is likely in there.

Being tired from a long day, I'll leave it at this raw data for now. An analysis might come next.

BelieverOctober 12, 2014 12:41 AM

I wonder if it's time to make a killing at selling scale military action figures, the computer-savvy troops edition.

name.withheld.for.obvious.reasonsOctober 12, 2014 4:58 AM

@ Nick P

That people trust their claims in the TS documents knowing about this pattern & existence of higher levels is not hilarious.

Agreed, this speaks volumes to the institutional disfunction that plagues not only the internal culture but masks as serious problem between institutional objectives and the means or method(s) to achieve them. My characterization based on all I've read would suggest or cast the NSA as the Black Knight from the movie The Holy Grail

Irrespective of the damage to themselves or others, they are unable and unwilling to fix what is the "Cult of Containment". Because the organization has such a poor process model, multiple efforts are made to mask programs that clearly exceed any authority granted it by the sovereign. Another article on the Intercept by Binney points directly to the statement I've made.

Binney's internal struggles along with the DOJ to make right a problem is a classic example of a failure in mission. Covering your ass to protect yourself from external scrutiny regarding any activity could be solved simply. Engage in programs and activities that are valid, lawful, and serve the security concerns of the sovereign of this nation would be a greaf start.

The NSA being accused and charged by the DOJ with what could be capital crimes, it continues to act as Binney has commented. You can tell from his statements that he, others, and Executive departments suffered many ills due to lack of accountability at the NSA. It has promoted a culture where it is more important to CYA then to provide our nation with the proper amount of NS. When you internal mission exceeds your organization mission/mandate you file for bankruptcy--oh wait, NSA doesn't have to provide a "valued" service (either by market/performance measurement or by shareholder sentiment).

HOW MIGHT NSA LOOK USING A FEE FOR SERVICE MODEL?

GrauhutOctober 12, 2014 8:44 AM

@Thoth We had a case in Germany in 1998 that smell a little. Tron was working on a cheap crypto phone. en.wikipedia.org/wiki/Tron_%28hacker%29

Your on time server: If you want to play with this concept, give docker containers a try. They a famous for having forgotten everything when restarted! In your case this would be a feature. :D

sena kavoteOctober 12, 2014 9:05 AM

Adobe spying on e-book readers

The most innocent explanation for that spying is a plan to use the reading behavior stats to improve revised editions of books. Explain better something where readers paused longest. This kind of use would need cooperation from authors. If lots of people read "Practical cryptography" by Bruce Schneier on that Adobe reader, then Bruce would get some kind of datasheet about how people have read that book.

Jamming side channels

It seems to me that one very simple program could jam side channels, for example, on power lines. Make a program that computes some dummy computation for random duration, then waits some random duration and continues this cycle until terminated.

What should be the range of random durations? What minimum and what maximum? Where to get that randomness? Does it matter what kind of dummy computation is used? Something that uses CPU, or fills memory or maybe even burdens GPU?

Different version halts some actual computation on random intervals. Maybe have one c function or c++ class that can be easily inserted to inner loops so that they can get halted (for those who compile from source)? Or use a separate program that uses the halting mechanisms that OS provides?


Could NSA tell the world about statistics gained by their interception?

NSA has best possibility to know the actual percentage of internet connected Linux users / installations in the world. This has huge margin of error and is the worst known "market" stat in IT. Linux usage numbers are shrouded in mystery. Some claim to know that it is 2% , but their method is very inaccurate.

To get good knowledge about off-line-only use of Linux and BSD, there needs to be some real sociology in the way Kinsey did it when he researched sexuality in the 1940s, or in the way opinion pollsters try to predict elections.

Flu epidemics are visible in NSA stats (if they do stats).

NSA drone WLAN and cell "tower" in rescue

NSA did put WLAN in drone, with such power and sensitivity that it reaches kilometers away. Now that they no longer feel the need to keep that secret, because it's public, they should use that for rescuing people with WLAN devices from remote areas and in disaster areas, and publish their intention to do so, so that people know to turn their WLAN on. Same thing with fake cell towers and imsi cathers. They could be attached on small Cessna planes just like NSA's flying WLAN devices could, if drones are deemed to be too dumb to fly in white people's airspace.

A BluntOctober 12, 2014 9:38 AM

Rhythmic clapping in unison for Nick P's explanation of how classification and compartments let the permanent state deceive its own officials. This is how the US government arranges large-scale complicity in serious crimes.

Nick P is indeed the man who knew too much. There must be a rebuttable presumption that he was once a G-man, but one is inclined to give him the benefit of the doubt and hope that he has gone off the reservation to effect the forcible overthrow of his criminal rogue state.

SmokingHotOctober 12, 2014 9:58 AM

@name.withheld.for.obvious.reason


On the incompetence of the NSA and how it hurts the nation -- I strongly agree.


It is hard to step anywhere in modern, important US policies without finding one's shoes stuck in some cow shit. While I hear many speaking of culprits, and there very well may be, what I see is left is sheer incompetence. And a "culture of containment", a CYA ('Cover Your Ass') instead of a CIA, or any other three letter agency.

Taking, for instance, Snowden from an angle of "they really screwed up", also spells this out. Consider all that we can surmise Snowden did *not* post, globally. While we can not possibly know what that is, we can get an idea it was probably an enormous amount of critical secret data. Point being, Snowden almost surely did this by his own self as a twenty seven year old, so what could moles do. What have moles been doing?

Everything should be considered compromised, and I feel very sorry for nations that continue to trust the US to keep their mouths shuts in secret activity.


But. Iraq. It is really very hard to go very far while considering the capacities and competence of the US government in regards to intelligence and not step right into the middle of that mess.

No nation, great or small, has ever made a mistake worse then that. If a person did this, they would be in jail and globally humiliated.

How many allies died in that war? How many are yet to die? How many Iraqis died? How many had family members who died? Did such a volatile region need anymore volatility to it?


Problem with all of this is: they are not idiots. These are smart people. So, is it truly just bias, or is there something much more sinister going on? There is evidence going either way. But, from the evidence they give us, it is gross, endemic incompetence, incompetence they refuse to fix. It is, instead, like some drug addict who mutters "I am sorry" when what anyone wants is just for them to stop using their drugs.


Does this matter for the rest of the world? Obviously, it does. Your economy is dependent on the decisions of the US.

Clive RobinsonOctober 12, 2014 11:22 AM

@ Jacob,

However, I am interested to know if this scheme circumvents RIPA in practical terms.

I think the simple answer is if you find yourself in court over RIPA, you are in way to much trouble to get out on a mathmatical proof. That part of the RIPA legislation is designed as a fail safe device to ensure you go to jail on suspicion not proof of guilt, and as such it's been worded to make you do the impossible task of proving a negative, that is you are carrying encrypted data but don't have access to the key that encrypted it...

Whilst our legal bretherin are smart in some ways, the more senior judiciary members in the UK appear to mostly confirm the "streched band of mental capability model" we more normaly associate with "absent minded proffesors" if press reports are to be believed. The model is simply that the area under the elipse of the band remains constant for any individual, the consiquence of which is the more you stretch it in one direction the less there area covered in any other direction, hence specialism gives rise to a lack of that rare commodity "common sense".

Thus any such judge is more likely to believe the prosecution that you are deliberatly hidding the key, than they are the defence with a rock solid mathmatical proof that you are not, nore could you be carrying the key.

Thus a person using the idea should likewise use it as a final solution fail safe. You should therefore have multiple protective layers above that act as a cover story.

At the end of the day, the only reason they let Mr Greenwalds partner finnaly leave Heathrow Airport, was that he was clearly a Courier not a Conspiritor, thus unlikely to have ever seen let alone had the key in his possession and even the most specialised of judges would be capable of seeing that.

Which is why the "give them something" model sounds so attractive, that is where one key unlocks a set of files that supports your "legend" whilst a different key gives the real files. In practice such systems have way to many pitfalls to make them even close to safe for the average user.

@ Grauhut,

Your original question was,

"How big and deep ist the security simulation matrix?"

The answer is not possible to know for a variety of reasons, secrecy being just one of many. The answer will always be one of lifes "Unknown unknowns".

Which means you have to look at other peoples estimates and evaluate them for trustworthyness and then try to see how they fit with other peoples views and estimates to come up with your own viewpoint. Thus an unreliable process at best.

From a security asspect it is better to assume that all commonly used processes are compromised at least partialy untill you can demonstrate otherwise. The question then is do you evade or mitigate any method you have not demonstrated to be safe. Evading would be sensible untill you realise you would have to give up all modern trchnology, thus methods of mitigation are the way to go.

Nick POctober 12, 2014 12:13 PM

@ name.withheld

I'm not sure I'd call it a failure in mission. It's mission is to try to spy as much as possible on SIGINT to get intelligence for other TLA's. It's been doing that plenty. It's only been failing if we assume their goal is information on terrorists rather than so many other targets of interest. Far as what Binney saw, that's typical of DOD organizations in having bad character and being more about money flowing around than anything else. That's systemic in our system with Congress being a part of it too, esp benefiting from DOD waste.

So, they need their criminal immunity removed, accountability increased, and mission scope narrowed.

re NSA on a fee basis

They'd probably look like a combination of Cygnacom, Matasano, and Hacking Team.

@ A Blunt

Lmao. Nah I don't work for U.S.G. although I've often been accused of knowing too much for my own safety. Of course, if I did black program work, I'd be required to lie about it and deliver a cover story. So, I guess everyone will continue to wonder while I laugh at the various guesses. I will say, though, that it's doubtful NSA would sacrifice their SIGINT capabilities just to develop a double. And anyone following what I've posted here could destroy most of their SIGINT capabilities.

Hopefully, if the Revolution happens, that will be in my favor if I'm put under scrutiny. ;)

@ Grauhut

I didn't know about Tron. His work sounded very smart, esp how he kept costs down. Too bad he died before finishing it. Least we have some smart solutions on the way. I'm funding JackPair as I think it's the best concept & similar to recommendation of blog's old hardware guru, RobertT. He ended up being right about best approach, at least for short term. I plan to beat him in the end by delivering a secure, general-purpose, mobile TCB.

name.withheld.for.obvious.reasonsOctober 12, 2014 12:37 PM

Wanted to quickly share a thought, it is we--as a community--failing to engage each other at any level that represents a risk, challenge, work, or the possibility that we could be wrong about something. It is systemic in our society; work places are bastions of "proper behavior" that I like to call "Go along to get along", don't make waves, or the worst--you'll never change it/this/whatever. If this were true; people other than Anglo/Europeans would still be enslaved, women couldn't vote, hold positions of responsibility, or ride in a space launch vehicle, Only well to do, white, male, European aristocrats, would be substantive participants in civil society. I'm afraid we invent the ways and means to keep certain people out and let others in--it's a form of group interdependency. It is related to how animal herds use the power of the group to mitigate risk (Zebra herd in large masses reducing individual risk). But what is problematic about the means and rational that we employ to create these sub-adhoc social clicks (herd does not really apply here) is the often arbitrary and capricious "emotional, prejudicial, or learned" responses to behavior external to our familiar civic engagements. In other words, change is not good.

For example; I used to attend most of the city hall meetings in the town I resided or called home--most of the time the city hall was populated by 3 to 10 people. Every year, in late fall, when the city re-negotiated the right of way and licensing of the local cable television service an amazing thing happened. City hall attendance spilled out to the streets with loudspeakers on so people outside could here the proceedings. Funny thing, the press attended but as rarely as the citizenry/townfolk.

Churches are a large part of civic engagement but are not friends of change either. It is difficulty to have a maturing society when the structures and strictures are designed to resist change irrespective of the benefit or risk to the individual or community at large. I mention this to let you know that I understand the "formalism" that Church attendance may demand--I'm not making a value judgement, I just saying that the dynamics between members of two inter-dependent groups (say the church and city government) share little in strategy, thinking, vision, or a way to communicate that isn't about maintaining their own groups fidelity first. This blinds both groups to what could be a mutual interest that benefits multiple groups. It's kind of like the Three Musketeers went something like this; "None for One, and One for One."

I understand that the topic I am covering here is not well understood. When the Catholic Church WAS the government, there was little doubt as to where you stood regarding any number of social issues--in a sense Catholicism is a form of socialism from a political theory perspective, not from a theological or modern anthropological viewpoint, Why am I spending time on this thesis/sermon/opinion/rant--because to a great degree it can describe many of the inter-societal and international conflicts and struggles. At the social level we "correct" gays, smokers, drinkers (and I don't mean alcoholics), introverts, the meek and mild mannered, the butterfly chaser, the autistic, sketch artists, the unemployed, immigrants, and on and on...

At the inter-social level we separate people with various mechanisms; don't trust anyone from Pennsylvania, or Texans shoot first and ask questions later. And, you know how that scales upwards--the British really bother me because ____..fill in the blank.

But at the most fundamental level I see a general failure in imagination, creativity, reasoning, deliberation and thoughtful engagement; across the complete sphere of societal mechanisms (family, neighbor, city, work, state, world). So much in the world really has changed--but we haven't. And the real question(s) is; what should the future look like? As we move from a formerly agrarian, communal, highly localized social structure to an inter-planetary, inter-Continental social system were anyone from anywhere can talk to anyone at any time (this was never possible before, it also means we can kill anyone, anytime, anywhere) there are some implications that we don't understand--let alone argued as to what risk/benefit it all has.

Our inability to responsibly recognize our failure(s) and come to grips with our "operational capacity" and "moral/ethical/societal" responses is troubling. For example; using the instrument of war as a general tool to answer large and complex issues strikes me as completely simplex view of the problem(s) and really is a stupid method to employ as a either a tactical response but even worse as a "strategy".

Gerard van VoorenOctober 12, 2014 12:56 PM

The NY Times reports about the 1954 Oppenheimer hearings that are now released.

Of course, the real truth is not the one "they" told us. History books are gonna be rewritten.

name.withheld.for.obvious.reasonsOctober 12, 2014 1:20 PM

@ Nick P

I'm not sure I'd call it a failure in mission. It's mission is to try to spy as much as possible on SIGINT to get intelligence for other TLA's. It's been doing that plenty. It's only been failing if we assume their goal is information on terrorists rather than so many other targets of interest. Far as what Binney saw, that's typical of DOD organizations in having bad character and being more about money flowing around than anything else. That's systemic in our system with Congress being a part of it too, esp benefiting from DOD waste.
I respectfully disagree--and--it is rare that my "opinion" or understanding/resuscitation of the facts is at odds with yours...

Its mission is to provide policy makers (elites) with the information and capabilities to maintain the state hegemony (the well to do).

Whats in a NameOctober 12, 2014 2:43 PM

The day NSA answers to money and profit, that's the day it is all over for us. The US Gov shouldn't be "they", it is "we."

65535October 12, 2014 2:54 PM

This article brings up the question of how the multitudes of NSA back-door implants come about.

1. Does the implant happen at the design level - both hardware and software? A NSA mole in software department? A NSA mole in the micro-controller or BIOS department.

2. Does the implant happen at the factory level. A NSA mole on the assembly line?

3. Does the implant happen at postal/shipping level? A NSA mole in the USPS or private shipper?

4. Does the implant happen at the data center level? A NSA mole in the data center?

We know the NSA is implanting/exploiting at the backbone level. The worst thought would be NSA mole(s)in all of the above.

Sancho_POctober 12, 2014 3:49 PM

@ Clive Robinson (@ Jacob):

“Which is why the "give them something" model sounds so attractive, that is where one key unlocks a set of files that supports your "legend" whilst a different key gives the real files. In practice such systems have way to many pitfalls to make them even close to safe for the average user.”


Clive, would you please hint to the most obviously pitfalls, as this is often used and very likely I’d be the first to botch that otherwise nice looking set up?

The scenario would be: A 8GB SD card, encrypted with a hidden TC volume.
The outer volume contains personal documents (about 1GB), pwd is “Sancho”, the hidden rest contains confidential business data.
Similar cards are used for the camera and as a safety to boot the netbook from.

.
The problem at the airport / custom would be they’d copy everything you have, thus they can work “forever” on the full content after they let you go [1].

At the BadUSB - thread there was the question of write protected USB devices,
but in contrast,
I’d vote for a read protection so one can neither read nor duplicate the content without having the appropriate key (= physical access).
At best he’d see an error message asking to format the “damaged” drive,
but now I’d like to avoid the pitfalls you’ve mentioned ;-)

[1]
In case of D. Miranda they were certainly interested what the NSA could have collected regarding GHCQ internals or the UK elite, because they were not aware of being spied on from their own partner. That leaving them behind with the challenge to decrypt it without help from their bigger brother.
They were only interested in copying the data and venting their frustration, they knew that L.P. would have never given the key to the homing pigeon.

Clive RobinsonOctober 12, 2014 3:50 PM

@ 65535,

A while prior to the Ed Snowden revelations the various asspects of this had been discussed by Nick P, Robert T, myself and one or two others, at the quiet ends of several vaguely relevent threds.

Put simply we concluded that below the assembler level and one or two basic control structures such as Memory Managment Units there was no security below the CPU level. Further that the programer or system owner could not see below the CPU level either without specialised equipment (think of an In Circuit Emulator, specialised Logic Analysers and other highly specialised equipment). Thus an attack below the CPU especialy one that leaked data in a passive way was essentialy invisable and imposible to stop from software.

Further that as all these attacks essentialy bubbled up protection mechanisms below the CPU level were required, but they themselves ould be vulnerable to attacks from further down the stack. The cost of such attacks would be inversely proportional to how far down the stack they were but the fact that there are so very few fabrication plants at the smaller transistor scale the potential spred / devistation had a very high ROI.

The ideal area to attack at low level was not the CPU but an almost as ubiquitous I/O device common to all platforms, such as Network controllers, Video/graphics controllers, HD controllers and other I/O controlers with DMA. Oddly perhaps we did not consider the bridge devices because they were to close to the CPU, nor the sound sub system --untill much later-- because it only had low bandwidth connectivity compared to the other channels.

As it turns out we should have thought more about bridge devices and sound subsystems as these both currently have ways of exfiltrating data over distance ( GSM system in bridge, and ultrasonics in sound sub systems on laptops).

Whilst the perverted bald eagle of the NSA might have it's talons in a number of key places for PC chip sets it probably does not have it in many other places, which means there are mitigation stratagies via non main stream parts.

As for the how of it starting that probably goes back long before the Clipper Chip debacle, but Bill Clinton dumping clipper under public preasure was probably the main spur pushing such activities forwards. And they have evolved as time and technology have allowed. If you think about it outside of network routers they only have to worry about two basic CPU architectures Intel's and ARM's the rest are now history as far as general "human usable" computing is concerned. Whilst "old iron" mainframe systems still exist almost invariably they connect via network routers to Intel or ARM based PCs for displaying and entering data and code.

It's one of the reasons as I've said in the past there are advantages to using microcontroler development boards and old fashioned RS232 style serial networks for making "pumps and sluices" that work slowely enough for you as an individual to keep your eye on via affordable equipment such as serial analysers and low end logic analysers and oscilloscopes, and hand built data analysers. Also old 486 and early Pentium systems.

Clive RobinsonOctober 12, 2014 5:01 PM

@ Sancho P,

The main problem is raw data storage.

We have known for some time there are issues with Flash memory systems due to "wear leveling" etc that was in effect "hidden" behind the micro controlers in the flash drive interfaces. Knowing the algorithms used and the fact they can get at the actual memory chips either by reprograming the controller or by decasing the board and probe the PCB tracks means they can build a history of which parts of the memory have been altered and in what order.

After you hand over your "user key" they can tell by the how of read access if the files you have in that part of the TC volume are accessed or not. If there is disparity then you can be certain they are going to dig further one way or another.

For boarder crossings this is fairly easily mitigated to a certain extent by using a brand new flash drive and storing the secret data in amongst old system and user data then adding new user data, ensuring that file times etc are correct for the write order etc.

The simple fact is that "used sectors" in most single user file systems have very very predictable usage not just on flash but HDs as well and good forensic examination will show up anomalous usage that might suggest there is more there than meets the eye.

It's one of the reasons I still use FAT for moving data from system to system, it's relativly simple structure and reduced metadata make it easier to "build a clean archive" which can then be DD'd across to the new clean "one time use" transportation device. I also prefer where possible to use old style optical media such as CD or DVD for similar reasons.

The transportation device is likewise only used to DD the data off onto another drive via a sluice and diode and the transportation device then nuked. This is incase "customs" have decided to give a gift of some kind, be it in the data or hidden in the transportation device microcontroller memory.

Of course this solution only works for One Time Use transportation devices, not for every day "working" devices such as your day to day USB thumb drive...

Which is why I never put my "personal" working drive in the machines I use for confidential and above work. Not that it contains much other than various PDFs downloaded via the Internet such as research papers and books and manuals and fairly innocuous text / rtf files relating to the pdfs and personal reminders and hobby stuff etc (oh and drafts for a book I started last century that I will someday get around to finishing, and code intended for Freeware).

The important aspect that many people miss is the mental discipline to keep clear boundries between what they have on their "user" and "secret" partitions. All to often a document or metadata source in the "user" area will give sufficient meta evidence to indicate there is a "secret" area and thus cause a more indepth and potentialy painful probing analysis over hours days or if removed from judicially visable circulation months or even a life time.

SkepticalOctober 12, 2014 6:19 PM


This is from the NSA and Foreign Companies thread, but since it doesn't squarely relate, and I couldn't resist responding, I brought it over here:

@Benni: (yes, the Eurofighter from EADS is a better airplane than the F-22 from the US. The eurofigher is faster, more agile, can load more weapons, and it is cheaper.

"Better at dogfighting" != "better airplane."

To quote a German pilot who flew the Eurofighter in exercises against the F-22:

Two other German officers, Col. Andreas Pfeiffer and Maj. Marco Gumbrecht, noted in the same report that the F-22′s capabilities are “overwhelming” when it comes to modern, long-range combat as the stealth fighter is designed to engage multiple enemies well-beyond the pilot’s natural field of vision — mostly while the F-22 is still out of the other plane’s range. Grumbrecht said that even if his planes did everything right, they weren’t able to get within 20 miles of the next-generation jets before being targeted.

Source

@Nick: TS/COMINT know it's a combination of NSA and private sector that includes domestic access and FBI assists with *compelled* partnerships. Note that "parternships" suddenly includes non-cooperative parties & remember this in other documents. Only TS/COMINT-ECI WPG people get to know how FBI gets the cooperation or forces them. This is telling because the existence of the basic warrants and orders Skeptical references certainly aren't ECI. The methods NSA and FBI are using to get "domestic" companies to do SIGINT enabling *are* ECI. The evil stuff is likely in there.

This is a bridge too far, I'm afraid. "Details" would include descriptions of the actual collection, how and where the FBI collects the data (or if the company does so for him), etc. Note, for example, that street addresses of sites that are used for collection are also classified as ECI.

In general, the tenor of your analysis seems driven by an assumption that classifications are being made to conceal illegal acts. But in fact the classifications appear to be made, appropriately, on the basis of how damaging to ongoing operations the exposure of a particular fact would be.

There is absolutely nothing here to indicate illegal or unethical actions - and this shouldn't be surprising, frankly. The level of documentation and care that has accompanied even the most questionable programs exposed has been, taken as a whole, exemplary. We're a long, long way from the days of Nixon's Plumbers.

SmokingHotOctober 12, 2014 6:42 PM

Former NSA Director's Investments Investigated and OK'd

http://arstechnica.com/tech-policy/2014/10/former-nsa-director-had-thousands-personally-invested-in-obscure-tech-firms/

Jist of the article is that though ok'd, it still looks pretty shady and likely not okay.


The article ends reiterating the bigger problem:

Since leaving the NSA, Alexander has founded a company called IronNet Cybersecurity, which offers protection services to banks for up to $1 million per month.
In June 2014, Rep. Alan Grayson (D-Fla.) wrote a letter to Wall Street's largest lobby group, the Securities Industry and Financial Markets Association, in which he questioned Alexander's financial ethics.
"Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you."


Clapper, Alexander, and countless other current and former officials, of course, are paid by defense contracting firms.

I am not sure if that outshines the Cheney-Halliburton sort of mess, but this kind of dealing is now well accepted in society.

Alexander's behavior here needs no condemnation from people who have a conscience -- it is clear that what he is doing is highly improper.

But, how the times have changed... when bribery is accepted as something OK to do.


SmokingHotOctober 12, 2014 7:25 PM

@name.withheld.for.obvious.reasons

Interesting thoughts...

Our inability to responsibly recognize our failure(s) and come to grips with our "operational capacity" and "moral/ethical/societal" responses is troubling. For example; using the instrument of war as a general tool to answer large and complex issues strikes me as completely simplex view of the problem(s) and really is a stupid method to employ as a either a tactical response but even worse as a "strategy".


It is entirely barbaric.

I would suggest human beings have a limit to their capacity. There is very much a 'two steps forward, three steps back' progress. It is more like, they are incapable of going beyond their own weak capacity.

They are straining at the rope that holds them back.

It does not matter how intelligent they are, nor how hard they try. They are leashed and can not break free.


Put another way: there is no leash but their own form. A form which is limited.


They have to have an entirely new form in order to have an entirely new world. And that is impossible for people, except by a very dramatic metamorphosis at their core level of being.

Such things are not under people's control. I do not think worms have any sort of conscious knowledge of what they are doing as they build their cocoon, and they surely have no idea of how their life will be after they change.


But, the most promising and brightest glimpses here and there. Light at the end of the tunnel sort of thing, one can just barely make out....

Likewise, they can not see all the butterflies flying about, busy over all of this activity. To a worm, the activity is of worm activity. Eating leaves and such. Butterflies have an entirely different perspective both of worms and the entire world.


One can see down, but one can not but the sheerest level see up.


It seems simply, somehow better, is all one knows.

skeevticalOctober 12, 2014 9:46 PM

"we're a long, long way from Nixon's plumbers"

Interesting lie on multiple levels by risible but dogged liar skep. First of all, they weren't Nixon's plumbers, they were CIA's plumbers. Pious invocation of Watergate play-acting is the crucial tell that skeptical is full of shit. Next is the idea that "care" is some substitute for probity. Care for these murderous beltway vermin means meticulous documentation hidden from the public. The we have the argumentum ad ignorantiam against NSA criminality, as always, autistically fixated on specific pieces of specific documents in a way that would embarrass a third-tier toilet contract-hack J.D. (USG saved skep from all that, so he's understandably grateful, but still, how much human dignity are you willing to shitcan just to vest?)

Nick POctober 12, 2014 11:40 PM

@ Clive Robinson

Ok, before I say anything, remember that NSA owns patents on ECC and only licenses it to those who comply with their... secret requirements. Likewise, leaked CIA document suggest any that export all have escrow backdoors. Starting with that, we should assume the company exporting ECC has doubled up on TLA cooperation. Even if we don't, though, I still managed to find some useful information:

Certicom sells licensing rights to NSA
https://www.certicom.com/2003-press-releases/314-certicom-sells-licensing-rights-to-nsa

And that "NSA deal" led to the "first profitable year in its history"
https://www.certicom.com/2004-press-releases/295-company-announces-q4-and-year-end-results-for-fiscal-2004

They were bought by NSA. Blackberry apparently worked with NSA and was a primary customer of theirs. Now, Blackberry bought them. Seems fitting. So, NSA made them so they could break them and someone else could buy them to everyone's profit. Gotta love the modern private/public partnerships. ;)

Note: I didn't see a contact field on the site you linked to. I was going to give them these so the connection was more clear.

I also like this "benefit" on their government solution page:

"Eliminate potential liability relating to Certicom implementation patents within the NSA's Suite B field-of-use"

Buy our NSA approved product or we sue your ass. Deal?

BenniOctober 13, 2014 3:34 AM

Skeptical wrote:
"Two other German officers, Col. Andreas Pfeiffer and Maj. Marco Gumbrecht, noted in the same report that the F-22′s capabilities are “overwhelming” when it comes to modern, long-range combat as the stealth fighter is designed to engage multiple enemies well-beyond the pilot’s natural field of vision"

This is true, the F22 can better engage other airplanes at a distance. The problem is just that one really does not need that capability.

Once the enemies airports are destroyed, one needs systems to counter air defenses.

For this purpose (destroying the air defenses and airports in stealth mode), Europe uses specially equipped tornados with electronic anti radar devices, and the eurofighter is then for the bombing run.

In Syria, for example, Eurofighters would be better than F22, since the Eurofighters can carry more load, and thereby destroy more hardware quickly.

Perhaps one would need F22 for an attack against Russia. There, one would start by disabling nuclear missiles and the command centers with real stealth fighters like the B2 at night. It may be one would need an F22 there as "support" in order to ensure that airspace is clean for the bombers. But this is a highly unlikely mission, as many airports can be disabled by dropping a few bombs at them.



BenniOctober 13, 2014 3:43 AM

@Skeptical:
In a real combat situation, this is what would be used if european airplanes would go against F22's: They would start with one tornado, equipped with this system.

http://de.wikipedia.org/wiki/Tornado_Self_Protection_Jammer

That would make the F22 blind, and then an Eurofighter would engage it in close combat, on sight, where F22's stealth is useless.

And this ability is what the US do not like, and therefore NSA spies on EADS....

JacobOctober 13, 2014 3:59 AM

Krebs report on a newly discovered vulnerability in Bugzilla which is amazingly simple:

When you auto-register an account and provide an email, you can tweak the page html field to fool the system so it will not verify the provided email.
A researcher from Check Point registered a new account under admin@mozilla.org email address and was immediately granted an access to all bugs - including security sensitive bugs under embargo.

Apperantly that bug was there for 10 years... however, it has been fixed today.

No luck for major open source software this year.

Clive RobinsonOctober 13, 2014 4:17 AM

@ Benni,

The best aircraft for some of the roles you mention, and the fact it did not need a runway, was the UK designed Harrier Jump Jet. UK politico's rather foolishly decided that it was "old fashioned" compared to the likes of the Eurofighter and F22 and sold the lot to the US for way way better than "fire sale" prices....

As you may further know the UK does not have an aircraft carrier at the moment, supposadly we have two on order/being built. So currently we share one with the French...

The two on order keep getting changed due to idiot political decisions and are now so over budjet they may not see the water before they are mothballed / scraped / sold to some future enemy at a knockdown price.

The simple fact is at the very least each one of these aircraft carriers will cost over six times what the French aircraft carrier cost -- inflation linked comparrison-- thanks to amongst other things the "Special Relationship" the UK supposadly has with the US. As one UK commentator was heard commenting "It's a relationship that keeps giving... We do the giving and they keep taking the p155".

sena kavoteOctober 13, 2014 4:48 AM

Duplication for assurance and error catching

This is partially inspired by Nick P 's designs.

Upsides are that no tinkering with hardware required and this also helps with software bugs and physical "soft errors" in hardware. Some or all of this can be implemented in virtual machines connected by virtualized networks. This is much easier to implement with command line programs / text mode / terminals rather than GUI.

Computer A is as small as can be. Raspberry pi is much bigger than needed, but may be the best choice. Keyboard and mouse are plugged in this. 2 ethernet cables go to different computers B and C.

Computers B and C handle the actual computing and are more powerful. One of them or both may be intel NUC. Software in them is very different. B may run Debian stable, Ubuntu LTS or openBSD (older) and C may run Arch Linux or some other Distro that is meant to be new. These are connected to computer D (and others).

Computer D combines input from B and C and forms graphics / text on screen and possibly audio on speakers. There may be 2 different terminal windows side by side so that they can be compared. Or if the command line programs are supposed to function exactly the same if no bugs or soft errors are encountered, then put the 2 terminal windows exactly on top of each other with one having 50% transparency and both having the same font type and size. Some programs will work faster in Arch / Manjaro / Antegros compared to openBSD, Ubuntu, Debian or OpenSUSE. In those situations, the overlay terminals will look strange for a while, until both computers B and C get to the same phase. Occasionally it may be necessary to scroll one window with keyboard attached to computer D.

Computer B is also connected to computer E and computer C is connected to F.

Computers E and F handle encryption in a way that is supposed to give exactly the same stream of bits. They get their entropy from the same file that may be 4 gigabytes large in 8GB SD cards. The entropy file is formed by concentrating to 30% size an uncompressible video of something chaotic, like water waves, leaves in wind or snow falling, in half-dark to add some quantum noise. I don't know if "concentrating" is the term of art for arbitrarily combining bits and bytes to form data that is more random. Alternative to having a common file is to have a separate entropy server. E and F are connected to G.

Computer G compares the 2 bit streams and communicates with computer H that is connected to internet.

Computers I and J are file servers to computers B and C. I is connected to B and J is connected to C. Both have same files. One has ZFS and other has btrFS or ext4 file system.

All computers can do some logging. Writing to DVD R or blu-ray R little bit at a time, one log entry file at a time, prevents malware from erasing or spoofing previous logs. Encrypting log entries with a public key prevents malware from reading logs. Encrypting logs with public keys and saving on hard disk will not prevent erasing but can prevent spoofing of previous logs, if one log entry file is encrypted 2 times with a same nonce / one time use random arbitrary string included on the end, encrypted with different initialization vectors to form 2 different versions of the same logs. The nonces for each pair of encrypted log entry files are stored on RAM and that memory space is erased after use. The logs can be decrypted and checked on completely separate off-line computer that has all the keys and nonces.

If we add some hardware tinkering, there could be unidirectional lines to a logging server that in this context could be called computer K.

thevoidOctober 13, 2014 5:49 AM

In summer 1964 President Johnson summoned Greek ambassador Alexander Matsas to the White House and told him that the problems in Cyprus had to be solved by dividing the island into a Greek and a Turkish part. When Matsas refused the plan, Johnson thundered: 'Then listen to me, Mr. Ambassador, Fuck your parliament and your constitution. America is an elephant. Cyprus is a flea. Greece is a flea. If those two fleas continue itching the elephant, they may just get whacked by the elephant's trunk, whacked good.' The government of Greece, as Johnson insisted, had to follow the orders of the White House. 'We pay a lot of good American dollars to the Greeks, Mr. Ambassador. If your Prime Minister gives me talk about democracy, parliament and constitution, he, his parliament and his constitution may not last very long.

When Matsas in consternation uttered 'I must protest your manner', Johnson continued shouting 'Don't forget to tell old Papa - what's his name [Papandreou] - what I told you. Mind you tell him, you hear', whereupon Matsas cabled the conversation to Prime Minister George Papandreou. As the US secret service NSA picked up the message the phone of Matsas rang. The President was on the line: 'Are you trying to get yourself in my bad books, Mr. Ambassador? Do you want me to get really angry with you? That was a private conversation me and you had. You had no call putting in all them words I used on you. Watch your step.' Click. The line went dead.

from nato's secret armies: operation gladio and terrorism in western europe,
daniele ganser citing peter murtagh 'the rape of greece'.

NickP has mentioned Gladio before, this is a great book that cites other
sources worth following up (someone here cited a documentary last week that
is a major source for this book).

this (quote and book) references a few things that have been topics here
recently. plus the nsa thing is interesting.

Andrew_KOctober 13, 2014 6:36 AM

@ Nick P
Regarding buying a new computer after passing borders -- that's why one regularly finds me walking through new cities and looking where to find seccond hand shops. Buy a used consumer notebook, use it a couple of days. Then sell it to the next shop. If you're a little talented in SE, you don't even lose that much money on this.

@ Bob S.
Regarding further whistleblowing, I wonder why NSA does not try drowning the media (and therefore public perception) in allegedly leaked documents. Just until no one but experts can validate what is fiction -- and what not. There can be some super evil things, some harmless things. Important is just, that the majority of them can be falsified. It would give Whistleblowing (as such) a bad mouth of unreliablilty.

@ Jacob
Consider the following question very seriously: Is it worth fighting the battle? As Clive stated, you are not in a lecture hall. No one will care whether you can prove the problem to be unsolvable. Let me put it in the words of a Gunny: "You created the problem. You solve it. Are we clear on this?" That's will happen -- you have to solve a problem of which you know it is unsolvable.
If decrypting the data will cause worse punishment than not revealing it, stay encrypted and face the music. Especially if it poses vital danger to others or if others are somewhat involved.
In any other case (which might be 9/10): Reveal it. There is absolutely no need to ruin your life for a honourable principle, as bad as it sounds.
I know that this is a CYA strategy of going the easy way. Know your battles.

@ Clive Robinson
I do not hope for a revolution. I hope for no one of us being put under scrunity. Our generation was able to witness one peaceful revolution (Germany 89/90). Chances of seeing people conquer Intelligence headquarters once again are below low. I think it's even more probable seeing NSA storage center being hit by an asteroid than an other peaceful revolution in a Western country in my lifetime.

@ 65535
Of course NSA uses all four opportunities for adding nasty extras to hardware. Which one is chosen probably depends highly on the target.

SmokingHotOctober 13, 2014 8:03 AM

on 'is the US Government bad'


In general, the tenor of your analysis seems driven by an assumption that classifications are being made to conceal illegal acts. But in fact the classifications appear to be made, appropriately, on the basis of how damaging to ongoing operations the exposure of a particular fact would be.

There is absolutely nothing here to indicate illegal or unethical actions - and this shouldn't be surprising, frankly. The level of documentation and care that has accompanied even the most questionable programs exposed has been, taken as a whole, exemplary. We're a long, long way from the days of Nixon's Plumbers.


I think one question is: 'why are people distrustful of the US Government, after all, no blackmail has been found, nor has there yet been found any instance of individuals profiting, of control of congress, the President, the house of representatives, or other leaders', and 'even all of this Snowden and Manning have exposed there have been no criminal investigations or judgments made, therefore it is all legal'.

To phrase all of that in terms that a spin doctor might phrase it, who is paid by that same group.


There are quite a few bullet points there.

(1) The Plumbers were a very small part of the problem. Nixon had previously asked Hoover for help, but Hoover realized somehow his days were numbered and refused. So, Nixon had to rely on two ex-CIA and a handful of ex-CIA Cuban-American agents. They did a pretty sloppy job, but would have gotten away with it had the FBI's Hoover regime not been on its' last legs. The cover up only failed because one FBI man turned honest, for which he was punished by the FBI.

He was so scared, he did not tell the truth until his death bed confession a few years ago. Many decades after the fact.

(2) The FBI for the decades between the 20s and the 70s was thoroughly corrupt and engaged in every manner of illegal crime. During that time, no one dared talk or reveal what was going on. Even today, you have to dig into some books to really get the full story, though much of it is lost to history because Hoover burned much of his evidence. Still, we know such things as: Hoover extorted Presidents and terrified all of Washington, wiretapping and controlling the entire House & Senate. His litany of crimes are startling, but can be found elsewhere. This ranges from hiring Mafia hit men for dirty work to running a "cleanse the US Government of homosexuals" campaign while he himself was nearly an open homosexual.

Some traits, some notes of suspicion were available to the public, at the time. Hoover used vast FBI resources for his own profit and often appeared traveling about the world, having a good time with his male escort. Maybe not as bad as such things as extorting Roosevelt and Kennedy, or illegally surveilling MLK and acting out severe harassment measures against him.

Was Hoover behind the assassinations of Kennedy and MLK? Nobody knows, but he definitely had motive and means.

(3) The FBI, the CIA, and other branches of the US Government also were engaging in vast numbers of black operations during at least some of these years.

But, point on these legacy matters is merely, 'nobody knew until it got so bad that the President himself was caught in a swamp of federal crimes'. Even then, had the FBI not been looted for secrets by some brave activists, it may have been they would have gotten away with everything.

(4) Not only the second Iraq war, but the wave of a decade of harsh sanctions and bombing occurred by primarily the US Government who lied, or were thoroughly incompetent and blind, claiming Iraq had WMD and ties to Al Qaeda. The level of this criminal action is impossible for the planet to process. Thousands of Americans were killed, many thousands more maimed. War profiteers had a shameful bonanza from it all. Millions of Iraqis suffered severely.

(5) The US trained and armed the Afghan-Arabs including the original members of Al Qaeda, further they trained and armed the Pakistani ISI, a known, deeply corrupt fundamentalist Muslim intelligence agency of Pakistan. (Who have nukes.)

So, the people of Afghanistan suffered when the US left leaving to rule in place the Taliban. Kite flying was made illegal, women had to wear veils, public executions in the once soccer stadiums became the norm, and Al Qaeda was given an environment to thrive while they were continously fed large sums of money from Saudi Arabia.

(6) The US supported the Shah for decades, helping to destabilize Iran. After 911, with years having past, the nation of Iran came forward and condemned 911, including the religious leaders doing so. The US rewarded them by putting them on their 'top three' list of evil nations to be destroyed.

(To be fair, this happened shortly after Iran was caught smuggling arms to terrorists in Palestine, however this sort of "diplomacy" was guaranteed and is guaranteed to cause severe problems in the region.)

(7) It is illegal for the US Government to surveil Americans without a warrant. It is also illegal for US Foreign Intelligence agencies to operate on American shores with minor caveats allowed. These are federal, severe crimes for each case. Parties in the US Government created surveillance systems that take in the private data of every single American, who number around 300 million people.

Though these crimes were exposed, the US Government had a rubber stamp paper trail to help prevent themselves from getting in jail. Regardless, all of this happened outside the legitimate legal system.

So, they got away with it, and continue to. Kind of. Everyone in the world sees this.

(8) The US Government has been playing the victim card while illegally hacking every manner of nation and corporation around the world. A good "for instance" was the recent "Anonymous" series of attacks against governments local and around the world, including particular focus on enemies of the US, foreign embassies, and consulates. All of this we now know happened under the direction of the FBI who was controlling that sector of Anonymous at the time.

(9) The war profiteering in Iraq caused some problems, which got a lot of investigative journalists and even politicians investigating. The world has since learned that the US defense industry is deeply tied into the military and intelligence leadership, literally paying active leaders on duty, as while as soliciting former leaders to go back into duty and help them with their cause.

(10) Not long ago, the head of the CIA was mysteriously deposed by the FBI who "accidentally" discovered he was having an affair. There is nothing illegal about an affair, but he was forced to step down. Post-Snowden revelations, the heads of intelligence who were found culprit were not forced to stand down, instead they were celebrated on the prime time talk circuit. This despite the fact that both men had known monetary ties to defense contractors, including the contractor who lost all of the Snowden data.

Now one of those men has created a business that seeks to charge banks one million dollars a month, offering his expertise as the ex-head of the NSA.

(11) Not a few of these issues were known pre-Obama. Obama came into the office on a platform of change and hope. Though one government whistleblower had stated that Obama was under secret surveillance as a politician.

Obama not only did not live up to his word, in many ways he was worse.

(12) The US Government has been engaging in an international program of kidnapping and torture.


... this list goes on and on and on...


Maybe (13), the "unlucky" number... there has been little to no recrimination for any of this. US Government spin doctors are hard at work, night and day. The US Government continues to get the flag of OK to act abroad with military campaigns, having unseated Qaddafi - not a good man - and left Libya a shambles in control of fundamentalist Muslims, they are now acting to try and undermine Syria.

Of course, meanwhile, the US is suffering an enormous number of unusual setbacks and exposures. The whole Syria, ISIL issue may just be a diversion to preoccupy them, while they walk into one disaster after another.

Are they too big to fail? Is this the penultimate expression of power? Who can stop these guys? The tabloids are brimming with shots of John Gottis of the US establishment.


Like they said about the Titanic, "Even God can not sink this ship".


RGP SecurityOctober 13, 2014 8:21 AM

Deep-fried Squid as Comfort Food

Take your squid and rename it "calamari" to make it more appetizing. Skip the liturgy about Halal or Kosher and just proceed. You can rename the animals, you have the authority; after all, you are going to eat them. No one can stop you.

So you lack squid. No problem. Use Hydra. Those wayward heads of the US Government will do nicely with their little brains and self-interest. They do not cooperate with each other anyway (otherwise Snowden would have been without a job at the NSA and the war would be over in Afghanistan).

Fry the calamari (Hydra) in a piquant sauce until it gets dark like in a Morality Play. After that anyone can understand it and entropy is on your side.
You won. Clappering and back-slapping all around with nods of mutual non-misunderstanding.

Serve with six-sided diced potatoes and Vernam sauce. For dessert enjoy a New York cheesecake with electromagnetic pulse and fresh cream.

--------------------------------------------------------------------


Let's be clear about the Snowden NSA documents and the NSA. The NSA has had an important job to do: protect the US from catastrophe. That job just got harder.

And, unfortunately, the NSA went too far and started spying on people who play Angry Birds and on everyone else all the time. And they trampled on the US Constitution. That is a different conversation.

This Snowden story has two sides and both of them need to be considered. No responsible person can villify the NSA even though it might be a bunch of swollen guys with keyboard skillz in pony tails and/or dudes whose wives dress them in the morning and put that wallet in their back pocket to launch them upon the Multiverse and the intricacies of TCP/IP or PSK 31.

AdjuvantOctober 13, 2014 9:40 AM

@thevoid (someone here cited a documentary last week that
is a major source for this book

Yes, that was me, here, and earlier here as well. I also cited one of Ganser's journal articles last week, and I've repeatedly recommended the work of Prof. Peter Dale Scott, particularly The Road to 9/11 (U. of California Press) [reviews], portions of which use Ganser's work as a major source.

Sibel Edmonds & BFP

One source of information I haven't mentioned here yet would be Sibel Edmonds, former FBI Turkic languages translator (the only fully-qualified FBI translator in the country for those languages during her tenure), whistleblower, and founder of the National Security Whistleblowers' Coalition. Here's a quick bio., and an informative summary of her nearly - suppressed autobiography. I personally afford her a great deal of credibility and trust, much of which I also extend to the journalists which whom she has populated her online media outlet, Boiling Frogs Post. (Indeed, the BFP stable and the WhoWhatWhy stable under Raymond Baker seem to be making some tentative connections).

Edmonds on "Gladio B"

Following the brief trans-Atlantic "glasnost" following the Soviet collapse (which allowed for so much frank discussion in European parliaments and for the production and mainstream BBC airing of remarkable works such as Francovich's film), it appears that Gladio did not go away. Rather, Edmonds states that it underwent a metamorphosis in the late 90s into a new form, a "Gladio B" which has continued to the present day. Rather than summarize her work (much of which I haven't been conversant with recently, and some of which I haven't yet perused), I'd first direct you to her article "How the Sunday Times Investigative Series on Sibel Edmonds & US Ties to Al-Qaeda Chief was Spiked" on Boiling Frogs Post.

This piece is a summary of an article in Ceasefire Magazine (UK) by Dr. Nafeez Mossadeq Ahmed (University of Sussex; Director, Institute for Policy Research and Development) [another name I haven't mentioned here, and one whom I'd describe as situated towards the deep end of my personal root of trust], which in turn explores the spiking and suppression of what would otherwise have been a four-part investigative series in the London Sunday Times.

A couple of brief excerpts:

In interviews with this author in early March, Edmonds claimed that Ayman al-Zawahiri, current head of al Qaeda and Osama bin Laden’s deputy at the time, had innumerable, regular meetings at the U.S. embassy in Baku, Azerbaijan, with U.S. military and intelligence officials between 1997 and 2001, as part of an operation known as ‘Gladio B’. Al-Zawahiri, she charged, as well as various members of the bin Laden family and other mujahedeen, were transported on NATO planes to various parts of Central Asia and the Balkans to participate in Pentagon-backed destabilization operations.
According to two Sunday Times journalists speaking on condition of anonymity, this and related revelations had been confirmed by senior Pentagon and MI6 officials as part of a four-part investigative series that were supposed to run in 2008. The Sunday Times journalists described how the story was inexplicably dropped under the pressure of undisclosed “interest groups”, which, they suggest, were associated with the U.S. State Department.

If that whets your appetite, I'd highly recommend continuing with this highly enlightening four-part video interview series between Edmonds and her collaborator James Corbett on the subject of Gladio B. The segments may be found here [1], here [2], here [3], and here [4], with an additional Q&A session here [Q&A]. For those who would like more background review drawing on Francovich, Ganser, et al., there are also prefatory interviews on Gladio in Europe here and here.

Finally, Edmonds has just published a novel entitled The Lone Gladio which, as a roman à clef (I'm personally a few chapters in, and I've just encountered the FBI translator and analyst Elsie Simon) promises further enlightenment. (See Corbett's review here and others here.

That should do it for now. Back to reading!

sena kavoteOctober 13, 2014 9:45 AM

Demonstrable data destruction or undecryptability

Sometime ago someone linked to a product page of a SSD model that shatters instantly when needed. That erases only tiny fraction of the data, that is probably already encrypted and the key erased before shattering. But it probably makes clear to anyone who tries to get that data at gunpoint, that it is lost, and shooting hostages won't help.

For similar reasons(and others), it would be good to have an option to store hundreds of gigabytes of data on something that chemically and physically resembles a 8mm film roll. The needed mechanism is simpler and smaller than what is in a film projector or film movie camera. The film tape just rolls in front of a 8mm long microchip with thousands of microscopic LEDs in a row, flashing bits to that tape.

Exposing that tape to light erases all data instantly. Plus if the production volumes are high enough, it just might be cheaper per gigabyte than hard drives. It also may have better impact resistance.

Demonstratable undecryptability is less likely to succeed with its human interaction aspect. (better word needed) It could mean some kind of write-only file system on a partition or disk, maybe by using asymmetric encryption / public keys or many many symmetric keys that get erased under the data they encrypted. To work, the system needs to be common knowledge, just like most laws need to be in order to work. This has strong non-technical aspect. At least in court, expert witness can testify that decryption is not possible and there is no symmetric key to reveal.

Write only filesystem would reveal only it's fill level. Could there be a format that does not reveal even that or reveals it's fill level only with a key?

AdjuvantOctober 13, 2014 10:06 AM

ADDENDUM:
See Washington's Blog's report on Edmonds' novel here:
http://www.washingtonsblog.com/2014/09/sibel-2.html

And as usual, "Washington" has done a far better job than I could of elucidating why Edmonds is such an important voice (and why the inclusion of this addendum is self-justifying.

In the real world, Edmonds is a former FBI translator who translated terror-related communications for the FBI right after 9/11. In that capacity, she read communications between terrorists and other radicals.

Edmonds has been deemed credible by the Department of Justice’s Inspector General, several senators, and a coalition of prominent conservative and liberal groups.

The ACLU described Edmonds as:

The most gagged person in the history of the United States of America.

Famed Pentagon Papers whistleblower Daniel Ellsberg says that Edmonds possesses information “far more explosive than the Pentagon Papers”. He also says that the White House has ordered the press not to cover Edmonds:

I am confident that there is conversation inside the Government as to ‘How do we deal with Sibel [Edmonds]?
The first line of defense is to ensure that she doesn’t get into the media. I think any outlet that thought of using her materials would go to to the government and they would be told “don’t touch this . . . .”

Even Paul Newman [co-sponsor of the PEN/Newman's Own First Amendment Award]praises Edmonds, saying:

Sibel Edmonds would not let an intimidating FBI shut her mouth, and as a result, suffered grievous consequences, but she has persevered and we are better off for her sacrifices.

Many thanks, as always, to our gracious host for permitting such open discussion.

Sancho_POctober 13, 2014 11:22 AM

@ Clive Robinson:

Good points, thanks, especially the FAT and the time stamp issue.
What I did - and only discovered when I was already out of the airport - was that while on the plain I’ve corrected my agenda on my netbook, saved it to the “secret” part of the external drive - but didn’t securely delete it from the HDD cache …
It must be really difficult to be a criminal.

As for the “wear and tear”, I’ve heard that before, but I guess it’s kind a red herring. The mechanism is designed to evenly distribute write access, if so possible. Sometimes it may finally prevent write access to used blocks so you (as regular user) can not overwrite (small) chunks of the data anymore (which I guess is moot if the data was encrypted).
However, as I’ve seen from playing around, the data from such algorithm doesn’t reveal much - i.e. there is no absolute timestamp to track “when”, but it can be seen how heavily and where (in memory) the device was used:
Thus I’d suggest for flash memory drives not to use brand new devices …

Also it is imperative to (TC) reformat the drive (or to nuke it) after anyone had the chance to copy the content, otherwise a simple compare to a different point in time could immediately give evidence of differences in the “secret” part.

This is why I’m playing with a read protection - no access, no copy, no headache.

SmokingHotOctober 13, 2014 12:00 PM

@RGP Security


Let's be clear about the Snowden NSA documents and the NSA. The NSA has had an important job to do: protect the US from catastrophe. That job just got harder.

This Snowden story has two sides and both of them need to be considered. No responsible person can villify the NSA even though it might be a bunch of swollen guys with keyboard skillz in pony tails and/or dudes whose wives dress them in the morning and put that wallet in their back pocket to launch them upon the Multiverse and the intricacies of TCP/IP or PSK 31.


What is to worry, Snowden is gone now.

Nobody to blame, because Snowden simply outsmarted and outpowered the entire US Government.

If Snowden, a 27 year old could do this, how much moreso could a China, a Russia, or an Iran do this?

Snowden was and is a superspy.

If you had an intelligence agency consisting of people of Snowden's capabilities, you would have the world's scariest intelligence agency. They could probably invent time travel machines while also going about their daily job and completely protecting everyone from all the billions of terrorists out there.

Now they all know that the NSA may actually be spying on them.

Because you know, they were not already relying on cryptology and throwaway phones.


Who knows how many of the 300 million some odd Americans may be spies out to conquer the world with their evil villianry? Maybe they are all Snowdens. Better watch them all.

So that is what is happening.


If the data was valuable, maybe they should have considered protecting it in the first place...


Nick POctober 13, 2014 12:29 PM

@ Skeptical

"This is a bridge too far, I'm afraid. "Details" would include descriptions of the actual collection, how and where the FBI collects the data (or if the company does so for him), etc. Note, for example, that street addresses of sites that are used for collection are also classified as ECI."

That part might be true.

"In general, the tenor of your analysis seems driven by an assumption that classifications are being made to conceal illegal acts."

My analysis here is driven by the observation that there's deception by U.S. government at every level. People at Unclassified level fund these programs thinking one thing is going on (eg overt warranted metadata collection). People at Secret level know they're being lied to (clandestine collection) and keep the lies going. People at TS/SCI level know the public and Secret clearance holders are being lied to (compelled backdoors in US products with mass collection of *data* & metadata). Then, TS/ECI level continues that process. As we go up, the details of what they're actually doing diverge considerably from what the public and Congress authorized. That the public and many in Congress said so after the leaks substantiates that further.

So, I'm saying these organizations are pervasively deceptive, scheming, and possibly unlawful in what they do. The further up you go, the more of this you see. Whether they've done the dirty deeds now or might later, it's already evident that they might be and need to be reigned in now.

Of course, SmokingHot's list shows that my presumption of covert ops community continually scheming up crimes and ops for their own purposes is quite justified. Hoover's use of blackmail to control Congress and Presidents with less surveillance/power than NSA justifies putting high effort into preventing history from repeating. And that CIA is already hacking their Congressional oversight tells us plenty. That Congress is blocked from getting evidence of this or prosecuting them says even more. The corruption and rogue behavior, along with immunity to it, is thoroughly baked into our current system.

And now Alexander is apparently doing exactly what the whistleblowers were charged with doing. Except he's doing it for profit. That's when it's OK. ;)

@ SmokingHot

Excellent list!

@ thevoid

To be clear, I did brief research into Gladio that showed no evidence of the U.S. sponsoring terror. What I found was that the Italian Gladio group was doing false flag operations, we had blackops groups worldwide doing who knows what, they operate outside of military/civilian/international law, it remained secret for decades, it was admitted (without much detail) decades later, and they presumably continue to do whatever they're doing. It's probably a USAP given its secrecy, criminality, and the fact that many of the 50+ politicians authorizing SAP's would probably oppose it as an unnecessary risk. A USAP just takes 3 that almost always give in to military and intelligence requests.

It's also a great counterexample to any claim that a conspiracy involving many people can't last decades without the insiders blowing it. Even when just one group confessed, the rest of the operation is largely in the shadows and intact. Clearly, they compartmentalized it into cells much like terrorists do. No surprise as terrorists learned that trick from the CIA long ago. ;) And CIA NCS is the only one authorized to execute a mission like this. (Pause) That we at the Unclassified level know of... (sighs)

@ Adjuvant

Thanks for links, especially. I might try to read them to see if there's any more reliable information about what U.S. operatives were doing. Given Cold War era thinking, the base theory of "armies staying behind just in case" is by itself believable. Congress would've gone with that as a regular SAP given their paranoia. Additionally, Italian criminal culture (eg P2) is very prone to wild conspiracies happening in practice. That their operatives started doing false flags to boost military and police power wouldn't necessarily imply what ours would do. Many web sites seem to make the fallacy of jumping right from Italian ops to American ops as if they're the same.

So, before I even go through the links, is there any information from *very reputable* (to courts or American people) sources that U.S. end engaged in false flag operations under this program? Otherwise, it isn't worth reading except as historical data of black ops.

Nick POctober 13, 2014 1:53 PM

@ sena

As much work as you've put in, it still fails due to the TCB: two easily hacked computers. They can modify the input and feed BS to the output. A custom malware could sync the two. The NSA has attacks on the Linux kernel far as we can guess. This means you can use arbitrary flavors of Linux, even two at once, but still get hit.

The simplest set of requirements are this:

1. A computer with non-writable firmware that does trusted boot from media.

2. A trusted media and OS to start with.

3. Whatever provably effective hardening steps you can on that OS.

4. No unmediated connections to anything. (Ethernet is out.)

Now, you need to decide if this system is for viewing stuff you get from untrusted sources, sending stuff you create to untrusted places, or doing both simulatenously. Making them interact implicitly creates the third option unless you force a safe interaction.

If you're making a receiver, air gapping it to only act on data received through read-only media or data diodes suffices.

If you're making a sender, air gapping it to only send data one-way via optical media or diodes suffices.

Note: Markus exploits both of these in his Tinfoil Chat scheme.

Now, if you want to send and receive, you have more problems to solve. You have to ensure the untrusted data going to a sender (esp if it does signatures) won't compromise it. So, the types of data must be limited to data that provably can't harm that system and/or with data consumers on that system protected/isolated in event of attack.

I used simple data formats over simple communications protocols running in PIO mode. I/O and memory accesses were controlled by host processor & trusted software. Every state, including failure, it can be in must be analyzed & shown to be safe. Every trick that protects buffers, etc must be used. Simple formats include RTF, HTML 3.2, JSON, LISP notation, and so on. The parser must be bullet proof, with the terms all checked for validity. One can also analyze for randomness or bytecode-looking sequences to try to spot potential attacks. Such stuff rarely appears in most files, so it's a good warning sign. The guard, like other systems, must load into a trusted state unconnected, connect over the safe lines, and best practice have no user-modifiable persistent storage. RAMdisks all the way after booting from ROM or CD-R even better.

Btw, the guard itself doesn't have to understand external formats, protocols, or I/O such as storage: front-ends and back-ends can handle all that while using a simplified interface to guard. This basic model was used in Orange Book MLS efforts to leverage highly assured kernels in terminal, networking, storage, and database applications. (Examples for DBMS)The front end handled everything needed to ensure trusted device would process it (plus initial filter), trusted device ensured it would be safe (among other things), and optionally a backend (eg COTS filesystem) did some work on the now-safe[r] data. Basic model worked enough that, NSA pentesters didn't think they could beat it so long as trusted software had no known flaws. No wonder they had defense contractors patent a lot of that stuff and export restrict it...

Old computers with jumper controlled EEPROM's and foreign-sourced embedded computers are best for guards. If you start with this model, you can build your redundancy ideas into any end of it with voting protocols. Gotta start, though, by determining the use case (send, receive, or both) and building a rock-solid root of trust. Then, leverage root of trust to the max. Check out this Boeing example where they stretch three trusted components, two impenetrable in pentesting so far, for all kinds of security benefit.

name.withheld.for.obvious.reasonsOctober 13, 2014 2:22 PM

With all the fanfare and merit that is afforded the illegal collection of individuals on a massive scale (metadata IS data, a person does not suspend 4th amendment rights because they buy cauliflower but a phone call is different?) and irrespective of congress, executive, and the woefully inadequate courts why isn't the following true:

The federal government will be mandating that your phone number AND IPv4/IPv6 addrs be tattooed to your left forearm. This will add the necessary integrity and fidelity the collection programs that are sorely missing. It is part of the Narrow Attribution Zero-effort Initiative. This is also proposed to the legislative changes in the FISA amendment act--and I'm sure it will found the the new CIPA legislation. CALEA alreadly applies this authority to manufacturers and providers of telecommunication services.

Wouldn't this help those that extoll the virtues of these programs and improve its legitimacy?

Why not mandate it for all. This could be a positive for the tech community as the government will have to provide subsidies to the poor in order to nationalize/force compliance. So in way this is a win for the impoverished. Way to go tech community, delivering useful products to the masses--is than an award for that?

JacobOctober 13, 2014 7:00 PM

Another nail in the coffin for the privacy of the citizens of the world. From the Silk Road court proceedings (via the emptywheel.net site):

"The government responded by claiming that even if it did hack the website, it would not have been illegal:

"Given that the SR Server was hosting a blatantly criminal website, it would have been reasonable for the FBI to “hack” into it in order to search it, as anysuch “hack” would simply have constituted a search of foreign property known to contain criminal evidence, for which a warrant was not necessary .""

and then:

"On Friday, Judge Katherine Forrest rejected Ulbricht’s efforts to throw out the evidence from the alleged hack, accepting the government’s argument that Ulbricht had no expectation of privacy on that server regardless of when and how the government accessed it."

I guess that if I hack a TLA computer claiming criminal activity due to violating the US constitution and subverting foreign government and companies, repeating such an argument in a US court would not go so smoothly...

GrauhutOctober 13, 2014 7:56 PM

@Clive Robinson The ideal area to attack at low level was not the CPU but an almost as ubiquitous I/O device common to all platforms, such as Network controllers, Video/graphics controllers, HD controllers and other I/O controlers with DMA. Oddly perhaps we did not consider the bridge devices because they were to close to the CPU, nor the sound sub system

Toys for boys, the ultimate wet dream of every real hacker is an own remotely installable SMM RIMM, non melting ICE cream on ring -1. Ok, the cpu in an offloading nic is a nice jump point and transport hub afterwards. But in boss mode this is maybe just another preinstalled uefi driver, DEITYBOUNCE 2.0. ;)

Evolution never stops, FA8650-10-C-7024

Nick POctober 13, 2014 10:29 PM

@ Grauhut

STONESOUP is delicious some say. Tastes like imitation to the gourmet stuff that they're approximating. Maybe they'll get there soon. Meanwhile, I'll continue working on my recipe until its ripe for publication.

thevoidOctober 13, 2014 10:53 PM

@nickp

To be clear, I did brief research into Gladio that showed no evidence of the U.S. sponsoring terror. What I found was that the Italian Gladio group was doing false flag operations, we had blackops groups worldwide doing who knows what, they operate outside of military/civilian/international law, it remained secret for decades, it was admitted (without much detail) decades later, and they presumably continue to do whatever they're doing. It's probably a USAP given its secrecy, criminality, and the fact that many of the 50+ politicians authorizing SAP's would probably oppose it as an unnecessary risk. A USAP just takes 3 that almost always give in to military and intelligence requests.

the book i referenced (nato's secret armies) would be worth your while. it is
a heavily footnoted account, country by country, of these secret armies, which
did take very different forms in each country, for a number of reasons, some of
them social (so more terroristic in italy, seemingly almost benign in denmark).

true there's nothing that ties the cia DIRECTLY to terrorism, just as there's
usually nothing that directly ties the mob boss directly to a hit. some things
are said and understood. those terrorist acts however were carried out with cia
supplied arms, by cia or sas trained men.

the whole thing blew wide open because italian prime minister andreotti was
implicated, and the whole house of cards came down. officials from other
coutries criticised him, and he produced documents showing their complicity.
given that that these armies were heavily, sometimes violently, supportive of
the right, the left leaning parties started to use this, at which point many
of the left-leaning governments were implicated by the right...

however, much evidence comes from reports by the various governments during
the cold war, who investigated after arms caches were found, or other
'activities'. many of the stories after the 1990 exposure and round of
investigations have been consistent with many of those older reports, and
many officials involved in the original cases later admitted these were all
part of gladio. though i haven't watched them yet, some of this is in the
frankovich bbc documentaries @adjuvant linked to.

in many of these countries, high ranking military/intelligence chiefs even said
they were not answerable to their government or people, but to nato.

in every case it is clear that the cia was deeply involved, even if unaware or
unconcered with particular methods (highly unlikely). it mostly started with
dulles/wisner, and that thinking has never left the cia. much of what was done
was directly at the cia's behest.

It's also a great counterexample to any claim that a conspiracy involving many people can't last decades without the insiders blowing it. Even when just one group confessed, the rest of the operation is largely in the shadows and intact. Clearly, they compartmentalized it into cells much like terrorists do. No surprise as terrorists learned that trick from the CIA long ago. ;) And CIA NCS is the only one authorized to execute a mission like this. (Pause) That we at the Unclassified level know of... (sighs)

indeed, it is a great example of widespread official secret keeping. even
socialists covered up for fascists. so much for the idea that the opposing
political party will out their opponents. even when parts of gladio were
exposed, as they were over the years, they were still contained. like in any
good compartmentalized structure, noone really knew what it was they were
doing, let alone any bigger picture, believable cover stories could be
manufactured, and there is always the appeal to 'patriotism'.

in fact, it seems that any rogue person could claim to be working for an
intelligence agency and get almost anybody to do anything, and keep it secret,
just for the excitement of being part of that 'cloak and daggers' stuff. the
very nature of the secret armies meant that there were never any officals
involved, the 'gladiators' never had any ability to verify what they were
doing was sanctioned or legit. it was all taken on faith. (although their
trips to various international training camps could have convinced them it
was part of something bigger.)

this went on for nearly 50 years before the 1990 revelations. documents
existed, and none were leaked. noone even leaked anything to legitimate
parliamentary investigations.

So, before I even go through the links, is there any information from *very reputable* (to courts or American people) sources that U.S. end engaged in false flag operations under this program? Otherwise, it isn't worth reading except as historical data of black ops.

honestly, this is a funny criteria. courts and american people? since when
have either been able to tell their ass from a hole in the wall? i guess what
you are saying is you want evidence that can be 'presented in a court of law',
but... that's for a different world than this one.

the only thing that would convince 'the people' maybe would be every network
(including msnbc and foxnews) saying the same thing. you mentioned your 9/11
experiment, to see what the more intelligent people here would think (which i
think i saw, though i didn't know it was an experiment, it was something i was
curious to know the results of too). engineering types ignore *physical*
evidence for psychological speculation about how people do or do not act. how
much less would 'the people' or even the completely currupt courts be able to
judge such things. the judges believe the same nonsense propaganda as the rest
of the population, perhaps even moreso as they are stakeholders. can't imagine
the courts even hearing evidence.

what do you think though that the american people would find reputable? if
jesus himself resurected and contradicted the party-line, they'd crucify him
again (or maybe the ol' american tar&feathers will make a comeback).

i am almost done with my countrymen, may their chains rest (not so) lightly
upon them. i'll stick to reasoning with the reasonable, and they are
*individuals*, not 'the people'. perhaps some of those individuals may have
better luck with 'the people', i have had none, and have seen none, and see
no reason that any of that will change.


as to history, there's no evidence gladio really stopped, so it's not 'history'
in the sense of 'gone and done'. power never changes, nothing stopped them
before, gladio was exposed and nothing really happened. they keep on doing what
they do. the paths laid down during the cold war are the same ones being
followed now. it 'worked' then, it 'works' now, and all of the relevant
structures remained in place. why would they change? nato is still doing it's
thing, the secret agreements are probably still in force. even after gladio
was exposed there were international meetings of the stay-behind army
representatives. the geopolitical 'great game' hasn't changed, neither will
its tools. at worst they go underground until the people forget (as they
always do).

in fact, the 'strategy of tension' has ALWAYS worked thruout history. whats
more, those using these tools know they work, and many of those chosen for
these armies were ultra-fascists (to ensure anti-communist sentiments), who
wouldn't and didn't hesitate to go rogue. shades of al-qaeda. if it was just
history though, it is still very relevant history. the consequences abound.


@adjuvant

thanks for the links, boilingfrogspost.com is now one of my, very few, decent
news sites to check, some familiar names there, and the frankovich documentary
is on my list. that linked post of yours was a good one too, it dealt with the
psychology in a much less speculative way.

i remember when the edmunds thing was new, now i'm older, and the police state
seems firmly in place. i used to say noone believed we had a coup because there
were no tanks rolling down the street. guess i can't say that any more (they
still don't believe).

Many thanks, as always, to our gracious host for permitting such open discussion.

hear hear. though i don't see this as really off-topic, i got into politics
for security reasons...

FigureitoutOctober 13, 2014 11:47 PM

Clive Robinson && 65535 RE: hardware mitigation of backdoors && data flow control
--I've kind of fallen for this area as I like to imagine how data flows, and how it squeezes thru certain constructs. I'll put out my build on a firewall combined w/ a one way cables into internet PC as well as net-tap to another full blown data logger.

Start off easy using an older PC and ethernet. Since I "can't do it right" 'right now', it'll likely be wifi coming in via USB and onwards via bidirectional ethernet for the PC I want decent speed and net-tap off to a 1TB HDD or a nearly dead laptop.

For some more ideas of "doing it right" you can look into RS232-TTL converters, and if the nice module is still too much for you to trust there's circuits where you're talking compromising millions upon millions of transistors, resistors, capacitors... Also, this is similar to a circuit I've seen (kinda, not really; was a different application, but same idea) w/ a few transistors and resistors, connected to the converter, connected to a hyperterminal program putting the data in a text file. Assuming most EE's could put that circuit together w/o too much trouble, but will look to coders for getting the data in a digital format.

Another upcoming build includes a super cheap spectrum analyzer based on smartphone and RTL-SDR dongle (waiting on parts). Regard it as more a toy instead of serious tool as if I asked to see some engineering department's spectrum analyzer and they showed me a rooted android and dongle I would laugh right there. But outside a secured flashing area, you could watch while flashing and look for activity on GSM bands (use small antenna and obviously shut your phone off).

Also, a nifty simple antenna modification to the classic WRT54G router for long-range wifi for various reasons. Probably going to reflash the router w/ OpenWRT and see what kind of range I can get, and no ridiculous looking antenna so people don't give you weird looks. However, also looking to build a yagi directional antenna (just need to get the measurements right for wifi bands) or potentially using a small satellite dish w/ a can on focal point for super long range; I'm not sure I really believe the ranges these people were getting (125 miles...). Think it was merely receiving, still needs to be checked out.

Looking forward to other people's builds (Thanks Markus Ottela!)

sena kavote RE: jamming side channels
--Planning on that too on my end. My thinking is optoisolators (crazy cool component) for each chunk that needs power like a few RNG's just spewing crap. Of course filter the mains as best as I can/know to, but that means not separating power lines. So either more easily ID power consumption or be more vulnerable to attacks on all aspects of PC...tough choice...

Nick P RE: "your enemies"
--Don't want to get in a prolonged debate on it, but you can't just sit and post on internet and not admit you're a voter (or at least a member of public) and thus part of the problem. I'm not a voter anymore so I'm not your enemy anymore..? :P

People don't speak out anymore (let alone DO SOMETHING, gee whiz don't get carried away..) b/c look what happens to them! Get put on list, subject to employment issues and other pointless attacks. To encourage people to do that is not looking out for their best interest, it's "sending off others to fight and die for you". Look at the protesters in the country, there's SWAT teams to deal w/ them. Go to your local statehouse and look how pathetic and fake it is. Try to bring up issues that actually matter, the derpers will crowd you out w/ issues from the f*cking 70's that don't matter; there simply won't be anyone or any avenue to bring up real issues to change things. Old, decrepit, hopeless, depressing place that's owned.

The better option is to let it fail and start over. It's basically failing on its own right now. In the mean time prepare your mind and build up some guns/ammo/food/water/firewood when the economy collapses and society collapses. Then rebuild, just like history, we never learn...

Clive RobinsonOctober 14, 2014 12:34 AM

@ Grauhut,

The US Air Force Research Labs STONESOUP contracts [1], cover all sorts of research, I've only read bits and pieces of, but I've been left with the impression it's all CPU and above on the computing stack. Ranging from source code analysis through dynamic analysis for race conditions in multithreded executables etc.

Whilst it's essential research --most of which should have been done years ago-- it cannot see below the CPU level on the computing stack, which means lower level attacks on the computing stack will be invisable to it if they are there prior to the use of STONESOUP techniques. Further STONESOUP is not realy aimed at malware hidden in the likes of DRM on non executable media files.

System Managment Mode does offer some interesting oportunities, but again idealy you would want an attack level below this, such that it is esentialy covert to the usual security observation and development processes. The use of a suitable logic analyser triggered of the SMIACT# pin, will not only discover SMM usage but also pull the code off the busses in a nice clear and debugable way. I've actually thought about what you would need hardware wise to use SMM not just for a security hypervisor but also as a method to spot BIOS and other changes that would indicate rouge code for execution on the CPU (see my various chats with Nick P and Wael about Probabalistic Security that developed into what Wael christend C-v-P discussions). That said there is little published on SMM for this sort of thing with a Black Hat 08 presentation being a bit of a wakeup call for many [2]. The down side of SMM attacks is that they can easily go horribly wrong due to assumptions about what state the surrounding hardware is in. It's one reason why the TAO catalogue gives different SMM attacks for diferent platforms (DEYITYBOUNCE being just one of many).

Likewise other attacks that use main CPU cycles are going to be observable to the usual tools hardware developers use, contrary to the reported claims of the Blue Pill Rootkit developer Joanna Rutkowska. One of the BH 08 SMM Rootkit developers Sherri Sparks, appears more cognizant and worldly wise on this aspect.

Thus for the likes of the NSA getting below the main CPU or using another difficult to observe I/O device CPU with DMA to the main memory is potentialy more covert. Further if it gets put in a chip that then gets used by all motherboard manufacturers it solves quite a few issues such as getting malware onto target systems, as it will be on all COTS systems air gapped or not. Thus finding a "chip" that is used in every PC that is entirely propriatory provides an interesting start point for such a covert attack entry point.

As noted in the past by Robert T the sound chip used on motherboards is probably more ubiquitous than any other chip, subverting this at the chip fab would prove a better way in than almost any other as it's not a place people would go looking. It's main disadvantage being it's limited range connectivity. Another advantage to using the sound chip is you could use "Digital Watermarking" DRM techniques to actually trigger various functions and have it fairly immune to being removed from a file by editing, compression or even significant file format changing.

[1] http://www.iarpa.gov/index.php/research-programs/stonesoup

[2] http://www.infoworld.com/article/2653209/security/hackers-find-a-new-place-to-hide-rootkits.html

WaelOctober 14, 2014 1:06 AM

@Clive Robinson, Grauhut,

As noted in the past by Robert T the sound chip used on motherboards is probably more ubiquitous than any other chip
CPU counts as a "chip"? Good thing you used the word "probably" :) regarding the sound chip, it was another discussion under BadBIOS. Later on I read about BadUSB. I wonder what will be the next ba ba ba bad thing! BadCPU?

sena kavoteOctober 14, 2014 1:25 AM

Duplication for assurance and error catching

Firstly, my previous description needs at least this addition between file servers I + J and core use computers B and C (let's say that both B and C are intel NUCs ).

Line from I to B and line from J to C have small computers K and L that copy bits coming from the intel NUC it is connected with to both file servers. A file server then checks, that data and protocol messages from both intel NUCs is consistent, perhaps even identical. When the file servers send, K and L check consistency between what I and J are sending to both of them. Alternatively or in addition, K and L can be connected directly to send copies and/or hashes of what file servers and intel NUCs are sending them, for comparisons.

The file servers can also have tripwire files / booby trap files like "how_to_put_laser_beams_on_sharks.pdf", "all_my_passwords.txt", "worlds_most_embarrassing_porn.jpg" and "private_keys_for_accounts_I_do_not_have". When K and/or L see those files requested, alerts ensue.

All the computers can do alerts by flashing LED and stopping communication.

Secondly, the NUCs, file servers and maybe other parts too can have domains separated to different virtual machines like QubesOS does, but bank domain VM in NUC is connected to bank domain VM in file server and work domain VM in NUC is connected to work domain VM in file server etc.

@Nick P

But is it not very rare that one exploit works with both Linux and any BSD? Lets throw Debian GNU/hurd in the mix. (It is Linux that does not use Linux kernel but hurd kernel)

And for some tasks, there are separate software that are internally completely different but work the same way with regard to input and output, although not always with same speed.

Could it be that if firefox or elinks or some pdf reader is compiled with LLVM / Clang instead of GCC, and with different settings, the vulnerabilities would be different?

If a process crashes in NUC because of attack, is it possible to immediately send a message about that event to some other computer before malware has any chance to prevent that sending? If so, reboot the NUC immediately. Also, all javascript and flash code must always be sent to other computer and logged there, in case it has attack code.

GrauhutOctober 14, 2014 2:09 AM

@Wael, Clive Robinson: A SMM RIMM can manifest as something like a BadBios running on BadCPU. Have a look at STONESOUP SPECTRE SMM RIMM and Phrack 0x0d 0x42 0x0B.

SMM BadCPU Mode is below anything since 80486. Under UEFI BadBIOS is just another module.

WaelOctober 14, 2014 3:15 AM

@Grauhut,

You have a link to "STONESOUP SPECTRE SMM RIMM and Phrack 0x0d 0x42 0x0B"? I think @Clive Robinson meant these sort of BadXXXX tactics are detectable by using some tools such as a logic analyzer. For the SMM / SMI handler, code execution happens behind the OS's back but the operation can be observed on the Bus or even at the CPU pins using a pod -- that is for any operation that does any sort of I/O or external to CPU operations such as changing a memory address content or reading it.

Clive RobinsonOctober 14, 2014 4:46 AM

@ Wael,

The main CPU can come from one of a couple of manufactures and changes quite dramaticaly every year or so.

The standard sound chip design has not realy changed in seven years or so, and as Robert T pointed out the actual design macros used in combi chips are effectivly "standard library" parts put in by the mask makers that the chip designers never actualy see the contents of.

So yes they are probably on more motherboards than any one CPU type.

Clive RobinsonOctober 14, 2014 5:03 AM

@ Wael, Grauhut,

Yes logic analysers are a fairly standard hardware development tool that will spot SMM activity.

However SMM steals cycles from standard software activities, so if it gets above 1% of CPU on some systems that run only one program then it will start to be visable, the higher the utilisation the more likely it is it will get noticed and also the chance of crashing the system.

I'm not saying you will spot it easily at the software interface but it's effects will be there to be spotted.

Thus attacks that use another CPU in an IO device will show very little in the way of bus usage, and if using DMA little or no effect on the main CPU utilisation.

If we go down the computing stack a little further then the hardware tell tales get less and the stability higher.

WaelOctober 14, 2014 6:17 AM

@Clive Robinson,

True... Treating the whole device as a black box, and observing ingress and egress traffic may help. Still not 100% because, among other reasons, dormant malware may wait for a command which may not occurs during the observation period.

Nick POctober 14, 2014 9:18 AM

@ Figureitout

"not admit you're a voter (or at least a member of public) and thus part of the problem. I'm not a voter anymore so I'm not your enemy anymore..? :P"

I don't vote. I provide voters information they need and hope they make a good call. The problem is they've disqualified all the good candidates by the time the main election hits. Voting there means I have to vote a bad guy into office. Many do in name of damage control. Myself, given two bad options, I take option three: the middle finger to the situation.

George Carlin had a skit on this. He said people often claim if someone didn't vote they can't gripe about the situation. He replies that the scumbags wouldn't be in office if people didn't vote for them. He didn't vote so he had nothing to do with it. (paraphrased) "It's all you other assholes that did this so YOU have no right to gripe about it." Haha.

"Get put on list, subject to employment issues and other pointless attacks. "

Exactly... And would I add to that in the name of offering products to an apathetic people? (sigh) I've honestly been considering just starting over in a new country where people care a bit more and most of this stuff doesn't happen. One of those nice European or Nordic democracies. They tend to be SIGINT allies so risk to U.S. is minimal from their perspective. Thing is, I'm not sure if I'm safe getting on a plane. So, I continue to look for options here.

@ sena kavote

It's not going to be one exploit. They have hundreds to thousands of them. A recent Chrome vulnerability strung together 5-6 bugs to produce one exploit. The guy said it was easy and took less than a week. You have two vanilla pieces of software that aren't designed for security. If they get the binary or code, they'll get in. If not, then you've basically obfuscated things. That kind of protection works or doesn't.

"And for some tasks, there are separate software that are internally completely different but work the same way with regard to input and output, although not always with same speed."

That's a good thing. Security by diversity, I call it.

"Could it be that if firefox or elinks or some pdf reader is compiled with LLVM / Clang instead of GCC, and with different settings, the vulnerabilities would be different?"

It's possible. The way to test is to disassemble and compare the output of the compilers. Different isn't all that matters, though. It has to be different in a way that makes one vulnerable and one not. If the problem is a buffer, the buffer overflow attack might work on both even though they used different assembler codes. There's an active line of research right now of automating this process of making meaningful differences during compilation.

"If a process crashes in NUC because of attack, is it possible to immediately send a message about that event to some other computer before malware has any chance to prevent that sending? "

You could, but MINIX 3 shows they crash plenty from mere errors. A crash != an attack. Treating it like one means you loose availability. See how tricky the stuff is? It's why I try to use trusted, minimal appliances like guards so I can ignore as much of this stuff as possible.

@ Wael

"Still not 100% because, among other reasons, dormant malware may wait for a command which may not occurs during the observation period."

The classic threat: subversion! Of course, I'll add that the input itself might not look strange at all: a vanilla looking chunk of data might crash or exploit the machine. There will be patterns looking like crypto or code, though. *Probably*. Unless it's disguised as a web access, esp HTTPS.

I wonder if anyone is hiding malware as DNSSEC requests yet. I'd try that if I was still in the business. I'd use DNS for covert channels at the least.

sena kavoteOctober 14, 2014 9:53 AM

Re: Exploits

Clarification: I meant to ask, if source code is the same and has the same error, could it be that different compiling makes using of that error for attack purposes slightly different? Maybe different enough that attacker could not use one attack string for every executable binary that is compiled from the same sources? Some compilation results could be attacked with that one string and some other compilation results would need different string, depending on options, switches and compiler? In some cases, maybe even so that some bugs caused by error in source code, are exploitable only with some compiler setups?

Would it be good defense to setup OS so that if anything crashes, computer suddenly just powers off without doing anything before that?

I believe the command line "sudo poweroff --force" does almost that kind of shutdown.

sudo halt -f may be better if it leaves ram open to inspection. With VM, save execution state, otherwise some probing via firewire might be feasible...

Firefox has a good or bad feature on by default that saves text on disk while writing so that it is not lost on blackout. In that assured computer setup I drafted, that kind of backup data that firefox saves should be saved to the file servers only.

Clive RobinsonOctober 14, 2014 10:32 AM

@ Nick P, Figureitout,

With regards voting and registering to vote, I have several problems with it, which I suspect you will both relate to,

The first is "representational democracy" is in no way democracy and any one who claims it is, either cannot think or thinks you cannot think, so tries to "gull you" for their benifit. Why should we have to have "monkeys in suits" who are mainly self interested deciding what should happen at our expense.

Secondly, when have you ever seen "none of the above" as the last option on a ballot paper? More than likely never, you get some puerile argument about "spolied votes" well they don't count to anything which is why you get stupid statments that you are "voting for the opposition" or some other brain dead nonsense that basicaly says "we have a rigged system and you won't be allowed to fix it by getting rid of us".

Thirdly, the use of voter data for raising money etc, it's a breach of my privacy and I realy realy resent it. Worse it can easily be shown to be amongst other things "environmentally unfriendly" when you consider the waste involved with "personalised junk mail". And worse yet when combined with other types of junk mail or supposadly anonymous data it reveals all sorts of things about your socio economic positions including credit rating, health etc all usefull for those who want to commit identity theft and the like or more importantly deny you oportunity in life.

There are other reasons but those three alone should tell you that the powers that be not only want to keep the voting game rigged for their benifit from the public purse, but also the "kick backs" they get one way or another that the less desirable elements in society are prepared to bribe them with for preferential consideration for access to your privacy and tax payments.

SmokingHotOctober 14, 2014 10:51 AM

@sena kavate

Clarification: I meant to ask, if source code is the same and has the same error, could it be that different compiling makes using of that error for attack purposes slightly different? Maybe different enough that attacker could not use one attack string for every executable binary that is compiled from the same sources? Some compilation results could be attacked with that one string and some other compilation results would need different string, depending on options, switches and compiler? In some cases, maybe even so that some bugs caused by error in source code, are exploitable only with some compiler setups?
Would it be good defense to setup OS so that if anything crashes, computer suddenly just powers off without doing anything before that?


Some current defenses which are mainstream operate on this kind of principle, changing the addresses in memory on systems to make exploit code not work.

If someone sophisticated enough is targeting you with zero day, however, they are likely to assess your system environment first, or they could lose their zero day. If you were working for anyone, you might hand that over and then their enemies would have their hard won capabilities.

Actual exploits that run do not crash.

There are also many exploits which do not rely on memory issues.


I think if you are concerned about being a target of a very sophisticated attack, however, you should be asking your self, "Why", and so value how much you would be worth to "them" to have your system compromised.

In other words, you would have a much bigger problem then "they" just attacking your computer system.

ThothOctober 14, 2014 11:04 AM

@Sancho_P
If you don't want to expose data on crossing through territories, probably the best way is not to put all eggs in one basket. Zip all the data and encrypt with a secret key and split the encrypted data over M/N quorum and to take another step further split the secret key over shares of M/N for the secret key. For the split data, put them all over the place. In multiple copies and devices. They can get one share of it or a few but that's not going to help them much.

@sena kavote
I think there is an IACR article published sometime ago regarding the proof of data destruction in the sense you make a DH based key pair like a DHIES and you retain one of them and use the other to sign the encrypted data and dispose any one of the keys. Then afterwards you do the wiping algos. If you can find bits of signed data using the remaining pair, you can tell if any stuff are not wiped cleanly. What I mentioned is just an abstract of what I understand. You do need to do a search on IACR's website if you want the exact article. Main thing is to proof destruction or not.

Clive RobinsonOctober 14, 2014 11:19 AM

@ Vas Pup,

With regards your question about the "RF proof coat" from the school surveillance thread.

The coat was designed as a "fashion piece with purpose" it's declaired purpose was to make you less visable to technological surveillance in two basic ways, the RF screening of the metallic thred cloth and the visually disruptive padding and patterning.

However it may serve to keep you safe in a third way, by screening any medical electronics that could suffer from EM fault injection to your detriment or death.

With regards what they say about the RF screening it appears to be only reflective like an imperfect Faraday Shield, and thus suffer from a couple of issues, firstly it's properties are very dependent on good fastening continuity or significant overlap, secondly it would act as a "radar reflector" making you very visable. Both of these could be solved by having an EM absobing layer on the outside of the metalic thread cloth layer.

Almost the first thing you notice about the coat is "no hood" thus CCTV based facial recognition will still work well. Thus the addition of a large sholder encompassing deep hood similar to those you see on Vulcans in the early startrek movies would be a considerable enhancment, especially if it has an in built IR proof fine cloth veil internaly which you can see through, and optionally a "polution mask" similar to those worn by cyclists made of easily replacable activated charcoal absorbers, good not just for car fumes but most other disruptive gases (CS, Peper spray, etc) including quite a few nerve gases ( not sure on small molecule blood agents though).

Further uprating of the metalic thread cloth could also make it tasser resistant.

So yes it's a start but there is room for improvment ;-)

WaelOctober 14, 2014 11:52 AM

@ Nick P,

a vanilla looking chunk of data might crash or exploit the machine.
Yep, implies a state of the device as well. This innocent looking chunk of data should only take effect when the device is put in a certain state, or is effective against a set of devices that have some specific "fonts" or applications installed. Which means the "malware" is designed for a specific device (or set of devices) fingerprint.

GrauhutOctober 14, 2014 2:49 PM

@Clive: "If we go down the computing stack a little further then the hardware tell tales get less and the stability higher."

They don't want random white noise from your soundcard, they want to inject their stuff into a booting kernel in order to be able to send out data from you memory and disks to them. SMM malware can f... a loading kernel before he even initalizes, before any protection is up and running. This just slows down booting a little, but after booting some funny crap they can simply give you a fake sysload. Full fledged matrix. What would a rootkit scanner see? Nothing to see, the code came "out of nowhere" from a ring 0 point of view and the rkdet sees only what is shown to it.

And the best is: A SMM malware UEFI module could come preinstalled, waiting for an activation code. A real big os independent active _NSAKEY.

Sancho_POctober 14, 2014 6:07 PM

@ Clive Robinson

Re: Voting and (representational) democracy

I have another, very basic issue with democracy:

When we have a serious issue with our car (i.e. the breaks don’t reliable work when wet) we’d ask a “specialist” for suggestions / help.
Not in the government.

In our democracy, all monkeys in suits must vote in favor of the party line, even those who think potatoes grow on trees.

And that may be still an advantage (“please raise your hand NOW”).

But when it comes to vote for a state’s party line we ask all, also those who don’t even know what corruption is.

So the skeptical masses, well “informed” by the media, with their narrow view of the world (may try to) decide where to go.
This is our democracy.

In reality:
The President of the European Parliament has outed something along the lines about ‘Internet related questions’ that “it’s not important what the specialists say but also those who are not informed, this is democracy”.

That means clearly “Of course we will ask every idiot - but anyway reign how we want”.

Sancho_POctober 14, 2014 6:16 PM

@ Toth:

I think to split ciphertext (and OTP key when used) is a mandatory security enhancement when sending important private messages over the open Net. Each snippet which the attacker could catch and work on offline is a nightmare for the security of the message, but splitting may help to confuse the attacker.
However, that method isn’t suitable when traveling, as my example was Concern is. To work on the data while some hours on the airplane (work in progress) all parts must be accessible.

Nowadays you can have inflight Wi-Fi so one snippet could be (hopefully) loaded (without pulling the micro-SD out of the toothpaste - tube and cleaning / drying in the lavatory ;-)) - but they would know what you have downloaded (each bit is recorded including MitM attacked).

Also you need an application to split / merge (and encrypt / decrypt),
and yes, I would really hesitate to “put all my eggs” into my carry - on :-)))

WhiskersInMenloOctober 14, 2014 9:50 PM

Ebola and security theater:
Here we go again:
The practice of taking temperatures at airports, and disinfecting
sidewalks as you have seen on TV, is to reduce panic - not a
productive way to reduce EBOLA risk.

We need some medical folk not crypto folk to
address this fully... but it seems to me
that influenza and food poisoning kill more
individuals in the US. And the best thing citizens
can do for all is hand washing on a regular basis.
Ebola and 50+ common medical issues present exactly the
same and have a short list of simple and effective citizen
capable remedies best described as common sanitation.
Hand washing, surface cleaning...

Like other security challenges reducing false positives
is an important task. Reducing flu, common colds, food
poisoning free health care resources so a nasty like
Ebola gets more attention by experts.

WaelOctober 14, 2014 11:11 PM

@Grauhut,
Thanks for the links... It would seem, on first pass reading, that exploits are possible because of two main reasons: 1) Hardware missconfiguration by the BIOS. 2) Firmware that's not digitally signed by the manufacturer. The rest of the article has some good information.

WaelOctober 14, 2014 11:19 PM

@Clive Robinson,

Thus the addition of a large sholder encompassing deep hood similar to those you see on Vulcans in the early startrek...
Looking like Darth Vader will beat technology, but will shift detection to the visible spectrum because it will stand out like a soar thumb -- In countries that don't have Veils as a norm, to be precise :)

FigureitoutOctober 14, 2014 11:24 PM

Nick P RE: political landscape (crrrrinnnggggeeee...)
The problem is they've disqualified all the good candidates by the time the main election hits
--Real problem is actual real people in communities everywhere don't nominate someone they actually know on a first-name basis; country's too big now. Won't expand on others as I'm done w/ that field and it's common sense.

RE: George Carlin
--LOL, actually bought one of his books "Napalm and Silly Putty"; even mentioned him as one of my role models in high school to which my teacher responded, "That's scary."-lol...He stated the ugly-ass truth, but that's it really lol; made a living off just ranting, must be nice.

would I add to that in the name of offering products to an apathetic people?
--You're not selling to that market. Get that thru your head. You're selling to a growing group of people concerned about security; very simple, how many people have been hacked and had no clue how? Also, I think the best area to jump on is bank security and protecting money. There's a million places someone could've gotten my card numbers and opened a fake paypal account and withdrawn money; and GSM security for 2FA looks like a f*cking joke. It sucks, and there's no one offering any products there besides backdoored pieces of crap. It's the Fab managers, these people have to realize just how critical it is to keep a lock on their factories.

RE: moving to European country
--If you're used to America, it's going to be culture shock. It's polite to learn some of the language and adapt to the culture. While the politics and gov't structure aren't really all that great in Belgium, I recommend it. I used to just bike back-n-forth between Netherlands and Belgium and there's no border control and all that crap. You can mostly just go across borders pretty easily, and from Belgium you can get to Germany, England, Netherlands, France, Luxembourg all really quickly (45 min drive across entire country). EVERYONE speaks english (at least in Flanders) so there's little problems talking to people.

I agree though, I want to check out Switzerland from all I've heard about it.

Conclusion:
--It's not worth getting worked up about, just isn't. Nothing good comes from it besides regret. Won't change a damn thing. Doesn't even matter, what can some politico do about a malware over the internet? Kill switch? Ever heard of radio retards? Nothing, they just need to STFU, stand down, and listen to people who know better than their dumbasses.

Clive Robinson
--I know, it's a fraud and it has to be for the country to now remain functioning due to all the decay from history (thanks guys!).

Straight told the dumb b*tch that called me asking if I was going to vote "No", and she's like, "Uhh, mmmK, buh-bye!". I want to be prepared for the next one I get so I can troll the hell out of them. I've seen it first-hand too, the politicos have a database of ALL voters that they call based on party lines asking these dumbass questions; that's what this guy's job was. Calling people all day, mostly getting hung-up on or angrily told to not call during dinner, etc. How depressing is that? What kind of skills does one even learn doing that?

As I told Nick P, not worth even thinking about; so again to anyone considering it, DON'T. It's all so aggravating you may do something you really regret. Focus on what you can do, get in science, do something positive for real people. You'll realize your mistake when you wind up w/o a job as all those worthless jobs will be computerized in due time. If everyone stepped up and did some things (I could probably take care of most roads in ~50 mile span of my home, but need a little funds, expanding this to each job gov't currently does and we don't need them...); there would simply be no use for them and finally you can squarely place the blame on yourself for failures.

OT
--Inverse Path releasing open hardware, a computer on a USB-stick. Found via hackaday. Bad timing probably lol, but it's at least another option.

http://inversepath.com/usbarmory#usbarmory_coin-tab

WaelOctober 15, 2014 12:05 AM

@Figureitout,
Great link about inverse path. I'll get one of them :)
The contrast they give between a TPM and Trustzone is out of context.
Say, how does one verify the open hardware? Thier word?

FigureitoutOctober 15, 2014 12:17 AM

Wael
--Let us know what you think of it. :) Your guess is as good as mine...Not possible besides pentesting. It's a SoC, there's crazy form factor, even smaller components than where you get to there's no visible difference between a cap, resistor, inductor...By the hand, you can't analyze it; must use other machines which in turn could have malware...see where this is going? I'm going to stop. It's a choice, that's all.

sena kavoteOctober 15, 2014 4:19 AM

Firejail

FreeBSD has had sandboxing with jails for years, but only this year Linux got something like that:

http://sourceforge.net/projects/firejail/

Is it not strange that Linux has lacked something so important, something that a lot less used OS has had? (I do not use any BSD, but I have played with them. I use Linux.) This needs explanation.

Stones for stamps

In some earlier squid post I pondered about using stones as physical keys. The hardware needed would be something cheap and common, but the software would be really complex: on the same level as 3D engines that are used in mass market games like borderlands or battlefield4. I hope I could think of better comparisons.

Now I thought a use for stones that is low tech all the way:

Where stamps are needed for paper, make additional stamp that is made by dipping a stone on that same stamp ink and then pressing that stone on paper.

Stone can be glued to a chain.

This should increase trust on papers not being forged, since stones can not be replicated.

There could be public databases of official stone prints.

Clive RobinsonOctober 15, 2014 5:32 AM

OFF Topic :

SSL is vulnerable to attack that's over 20 years old

@ Mike The Goat posted a link to the POODLE attack PDF over on the school surveillance thread earlier, however slightly easier reading is,

http://www.theregister.co.uk/2014/10/14/google_drops_ssl_30_poodle_vulnerability/

But simply this is a Man In The Middle attack on a protocol use negotiation protocol, usualy called a "Fallback Attack". I've been warning about such attacks since I realised how easy it was to exploit such fallback protocols back in the early 1990's, and produced a proof of concept for a commercial bank software package that fell back to plain text... I'm reasonably sure I'm not the first to have done it, because it's such an obvious attack.

Clive RobinsonOctober 15, 2014 6:00 AM

OFF Topic :

Something for the weekend Mr Bond

Many moons ago there was a 007 gadget that James Bond used to open a safe in a Zuric Lawyers office.

Well you can now build the hardware to do the same for around 150USD,

http://www.theregister.co.uk/2014/10/13/heistmeisters_crack_cost_of_safecrackers_with_150_widget/

The trick with these devices to go fast is like that of cracking passwords "don't brut force, use a known code list".

Even if you don't have a list, mny many establishments that deal with confidential and above secrets use a "dictionary word to combination" algorithm that is easily remembered, thuss on a shift rotation the security officer simply tells their replacment the word that might be say "apple"... as with computer passwords this cuts the number of tries required down drastically.

Oh and another trick, you don't have to check every number, due to slackness in the mechanical system the number range 74-80 will generaly work for the combination number 77.

Mike the goatOctober 15, 2014 6:32 AM

Figureitout: you've got to love Carlin. He wasn't afraid to tell it like it is!!

Clive: yeah my post was slightly O/T on the other thread but figured that the squid thread was too old given it was a Wednesday. Seems I was wrong and people are a lot more chatty since last time I was here!

Now re protocol downgrade attacks; it surprises me too Clive, considering that the risks of allowing such a thing are well known. I guess vendors want to make sure that they support old clients and are backwards compatible, often to the extreme detriment of their product's security. I recall a vuln a while back with a particular OS's IPSEC stack where one could request "null" encryption. That's a hell of a downgrade.

SmokingHotOctober 15, 2014 7:03 AM

@WhiskersInMenlo


re 'Ebola'

Oh you are telling me, I have been hearing about this crap for weeks now.

Good article, a bit funny, from cracked, which has all of my talking points:

http://www.cracked.com/quick-fixes/why-americans-need-to-calm-f234025-down-about-ebola/


The much more serious problem right now is anti-biotic resistant flu strains. Ebola is not high spreading.

Good system some people made to keep tabs on potential disease outbreaks (this system actually caught the ebola outbreak):


http://healthmap.org/en/


(Not a doctor, but read assessments of ebola years ago, same talking points remain true today.)

Clive RobinsonOctober 15, 2014 9:03 AM

@ Wael,

Did you miss the word "deep"?

That is the hood comes a long way forwards such that the face is in shadow in all normal lighting conditions, the veil would be made of very fine cloth and act almost like a one way mirror (or think lace curtains across windows) thus the ears, eye distance, nose and mouth are sufficiently indistinct even to IR that facial recognition does not work. The breathing mask would also make the lower face geometry very dificult to determine with any certainty. Thus even if they do naturally have the "Darth Vader" look few if any will see anything other than shadow.

Oh and seeing people wearing face masks around London especially in areas with high east asian populations such as Wimbledon (Japanese), New Malden (Korean) and other "high polution" areas is not sufficiently uncommon as to require comment or suspicion.

ThothOctober 15, 2014 9:08 AM

[OCAI]

After some challenging hours of touching some PKCS11 stuff ....

I think Cryptoki should be outdated and nuked.

Here's MY version of Cryptoki called Open Cryptographic Access Interface (OCAI).

As we know, PKCS11 is an interface to a C/C++ library object. Yes ... the version language that led to disasters in Heartbleed and so forth. Oh, and that is considered language lock-in too because if you want to access PKCS11, you need something to communicate with C/C++ stuff. What if I am using something like Ada or OCaml or even CRYPTOL to talk to a cryptographic interface, I need to get it to talk to C/C++ first...

What have we been using to keep our Internet data flowing. We do not exchange C_Objects do we ? We exchange a set of defined bytes to each other so that we can achieve interoperability across platforms and languages and this is where PKCS11 fails due to the need to understand C/C++ at the basic level.

Here is a basic draft of Open Cryptographic Access Interface.

Please give your comments here. To mark your comments for easier reading and tracking, please add a "[OCAI]" tag on top of your comments like what I have done above to my comment post.

-------------------------

Open Cryptographic Access Interface (OCAI)
Version: 1.0
Crudeness Level: Very Very Very Very Very Crude
Initial Author: Thoth
Other Authors: -- Please Add Yourself --
Language Type: Binary

Abstract:
As we know, Cryptoki/PKCS11 has done a good deal into promoting the growth of cryptographic tokens in the market. Over the years, technologies improve to a point we could actually program a chip to understand Java or some higher level languages directly from the chipset. The C/C++ programming language is becoming a burden to secure coding and a good number of us want to retire the use of C/C++ but the fact is C/C++ is so pervasive, it is an addiction hard to kick. To use a cryptographic token, the current standard is to have an understanding of C/C++ (or some form of bridge) to call it's PKCS11 APIs. This would mean a chip that has high level programming langauge (Ada, Java, OCaml...) baked into it's cores, would also need to understand C/C++ which will add to the chip's burden (because it needs to understand 2 or more languages). To progress beyond C/C++ bindings to cryptographic operations, I hereby propose the initial draft for OCAI protocol which should be studied and not used in the field.

Protocol Description:
The OCAI protocol is a binary language with a JSON-like semantics. In simple, you construct your protocol objects in the semantic form and encode it into binary form. For transportation purpose, it maybe converted into a Base16 (hexadecimal) or Base64 format so that the protocol may continue to work by passing a Base16/64 string to components without needing to know the platform underlying each component.

Semantic:

{

}

The OCAI protocol sends out binary objects as part of it's request/response. Requests and responses are also considered objects, so you are literally exchanging binary objects. As a bonus, you can separately send OCAI objects on different channels and this will aid in the adoptation of multi-channel communications and possible deployments on one-way protocols and traffic (e.g. data diodes).

Object types:
Objects are encoded in a binary of 8 bits per byte in the ASCII format as it is one of the most universal binary format known. The header will be used to represent the types of objects contained in the content.

The current types of objects in consideration are listed here:
- Request/Response For Service
- Cryptographic Keys
- Cryptographic Messages
- OCAI Protocol Key Exchange/Rekeying

Object Type Header:

The header is made up of a main object type header specifying the nature of the request as the first half and the second half as the previous (responding message's) identifier. If it is the initial message, the identifier would be a simply 0x00 zero byte as the identifier.

The first byte of the main object header will indicate the type main object type where 0x01 is for normal service, 0x02 for crypto keys, 0x03 for messages and 0x00 for initial setup / login and 0xFF for end of session.

The next 4 bytes of the main object header goes into deeper details of the nature of the object. It ranges between simply throwing out keys and messages, enacting KEX or handling request and response like standard protocol for asking for specific keys, listing keys, cresting keys, deleting keys in specific ways, supported mechanisms for KEX/crypto/wipe/self-destruct or crypto operations.


Object Content:
The main content would be the meta-data of the content and the content itself. You could carry a fixed or variable length message containing keys, crypto operations and messages in greater details. Each object would be best represented in a key-value form for easier understanding and handling. The content maybe encrypted if necessary.

Identifier:
The identifier is always situated at the end of the object for identifying the object. Each exchanged object identifier will not be unique to prevent replay attacks from occurring by using a permutation counter. A random nonce (should not be reusable within the same session) combined with a counter is used as a part of a session identifier. HMAC based operation maybe used to sign the identifier to prevent tempering with the identifier. A hash of the content information and header maybe used as an addition in the identifier within the HMAC operation to prevent the tempering of the header and the content. All those protection are available assuming the use of login-based sessions. If an unprotected session is used, the hash information, nonce and counter would be left in plain sight.

Conclusion:
This document is made abstract to observe suggestions and allow changes to be made.

ThothOctober 15, 2014 9:10 AM

[OCAI]

Semantic:

[Object Header] {
[Object Content]
} [Identifier]

Object Content:
[Generic Header][Detailed Header][ Previous Identifier ]

Clive RobinsonOctober 15, 2014 9:55 AM

@ SmokingHot,

Err flu is a viral not bacterial infection, thus antibiotics don't work against it. Yes doctors do sometines prescribe antibiotics "prophylacticaly" to some people who have viral infections, this is because they are immunodeficient or have other medical conditions where secondary bacterial infections might well cause them to be hospitalized or become terminally ill.

As for Ebola even though it was discovered back in 1976 we don't currently have drugs that are effective against it except in the very early stages. Unfortunatly it's incubation time is very vairiable and people who are infected and worse infectious may be symptom free or exhibit only mild symptoms similar to mild flu. The mortality rate although not 100% might as well be in Africa due in the main to low population density, which in past outbreaks has wiped out entire villages before it spread further. Unfortunatly it is now spreading out of control and the inverse half life, or infection doubling rate is around three weeks. Unlike the past where it remained local due to lack of "news" people are now fleeing and taking it with them, including trying to get to the Western countries where if the do become symptomatic they stand a marginaly increased chance of survival.

As has been seen it is very easy for health care workers to become infected even though they take fairly stringent precautions it would appear they may be insufficient there is now two confirmed cases of infection in health care workers for a single now deceased person, which means they may well have infected others. Few hospitals in the world have level 4 biohazard facilities which would ensure sufficient issolation between the patient and others.

Bear in mind the northern hemisphere is now heading into winter where most peoples immune systems take a hit due to colds flu and Noro virus. We are going to run into the issue of vastly increased need for beds due to complications of those three alone. Trying to differentiate between them and early onset Ebola is going to be difficult at best. The knock on effect of this will be more people will die of the winter maladies irrespective of if Ebola gets a toe hold in Western nations.

Thus sensible employers should be considering emergancy plans where all but critical staff do "home working" and whilst it's getting late it's not to late to gear up on it.

The saving grace at the moment is Ebola is contact spread, but with people with immunodeficiency it could mutate and become airbourn infective the UKs Lord Winston has been outlining the likely consiquences if it does and they make grim reading.

The question thus becomes can we synthersise a vaccine using the antibodies present in the blood of the very very few survivors, and if we can, can we do it in time when you consider it usually takes six to nine months to synthersise and package up individual doses of winter flu vaccine....

AdjuvantOctober 17, 2014 12:56 PM

@NickP So, before I even go through the links, is there any information from *very reputable* (to courts or American people) sources that U.S. end engaged in false flag operations under this program? Otherwise, it isn't worth reading except as historical data of black ops.

Sorry for the delay in replying. I think @thevoid gave as good an answer to this as I could have given. If you want to grok what is going on at a deeper level, I can tell you that the effect of Edmonds' information is similar to flipping on a lightswitch. This isn't stale history; it's current history. If you demand something that will be admissable in court, Edmonds has testified under oath, including to the 9/11 Commission, and I'm sure she would do so again. Honestly, I'm not sure how much better quality of information anyone could realistically expect to get. Look, Ma! I made a transcript! This information is crucially important for establishing a sense of context. Edmonds calls it a "master key" to understanding a lot of things, including 9/11, and I don't think she's far off. I realize, however, that it's tough to get anyone to sit through six hours of video for any reason, so I found myself wishing there were a transcript I could refer people to. Since there wasn't, I just went off and made one. And then the second. Here are the first two interviews in the format of fully skimmable, time-commitment-free HTML text. I'll probably pass these on to the BFP folks once it's polished up. I may even transcribe the rest of the series.

http://www.jottit.com/29u85/
http://www.jottit.com/af2hf/
Enjoy!

AdjuvantOctober 17, 2014 12:57 PM

@NickP So, before I even go through the links, is there any information from *very reputable* (to courts or American people) sources that U.S. end engaged in false flag operations under this program? Otherwise, it isn't worth reading except as historical data of black ops.

Sorry for the delay in replying. I think @thevoid gave as good an answer to this as I could have given. If you want to grok what is going on at a deeper level, I can tell you that the effect of Edmonds' information is similar to flipping on a lightswitch. This isn't stale history; it's current history. If you demand something that will be admissable in court, Edmonds has testified under oath, including to the 9/11 Commission, and I'm sure she would do so again. Honestly, I'm not sure how much better quality of information anyone could realistically expect to get.

Look, Ma! I made a transcript!

This information is crucially important for establishing a sense of context. Edmonds calls it a "master key" to understanding a lot of things, including 9/11, and I don't think she's far off. I realize, however, that it's tough to get anyone to sit through six hours of video for any reason, so I found myself wishing there were a transcript I could refer people to. Since there wasn't, I just went off and made one. And then the second. Here are the first two interviews in the format of fully skimmable, time-commitment-free HTML text. I'll probably pass these on to the BFP folks once it's polished up. I may even transcribe the rest of the series.

http://www.jottit.com/29u85/
http://www.jottit.com/af2hf/
Enjoy!

GrauhutOctober 19, 2014 6:42 PM

@Wael: "...that exploits are possible because of two main reasons: 1) Hardware missconfiguration by the BIOS. 2) Firmware that's not digitally signed..."

As long as we only have to deal with hackers, this is mitigatable.

When it comes to the NSA level, and they already weaponized SMM bios in Dell Servers with DEITYBOUNCE in or before 2008, it could be their actual _NSAKEY, delivered as an UEFI Module.

https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html

The NSA needs no misconfigurations and fake sigs, they let their modules be signed and installed. Secret courts and orders, security levels beyond the official levels...

The NSA used SMM malware in DEITYBOUNCE, why should they have stopped this? With todays UEFI BIOSes the can simply add a UEFI SMM runtime service and are in godmode then, even after booting an OS, completly invisible to the OS, only guessable by lost CPU cycles.

tianocore.sourceforge.net/wiki/UEFI/PI_FAQ#What_about_boot_and_runtime_Services_in_SMM_mode.3F

They even have an own IP Stack
www.quarkslab.com/dl/13-04-hitb-uefi-dreamboot.pdf

Sounds like a real BadBIOS problem.
seclists.org/dailydave/2014/q1/13


My own sec rule says "no new x86 hardware without coreboot support".
blogs.coreboot.org/

WaelOctober 19, 2014 7:38 PM

@Grauhut,
When it comes to state level adversaries, one is out engineered, out funded, and possibly outlawed :) No chance of beating an adversary of such capabilities. I remember RobertT disagreed a while back...

Is this blog under a DDOS attack? I noticed some silence for a few days...

Nick POctober 19, 2014 8:22 PM

@ Adjuvant

Thanks for going through the trouble for a transcript. What I took from that were there were specific private parties (a) conducting acts of terror, (b) operating with impunity in NATO countries, (c) legally sheltered by NATO countries, and (d) connected to intelligence or LEO's to some degree. There are specific names mentioned. That just one of these guys gets citizenship and diplomatic passwords from U.S. while on INTERPOL's most wanted list is quite a link between us and Gladio claims. So, the question that comes to mind is, "Is there any documents, financial transfers, etc that corroborate those specific claims?"

If there are, then we've found the connection between U.S. and Gladio. We've also began establishing that the U.S. is willing to sponsor acts of terror by Muslims to achieve political or military agendas. That would tie into the 9/11 claims. If there's no substantiation of these associations, then we have to default on the stay behind army theory with the Italian branch getting a bit out of control as they often did & possibly throwing BS our way. And 9/11 gets judged on its own.

Edmonds testimony alone isn't enough for something this big. It *must* be corroborated. Even she implies that talking about how hard it is to digest & take in the big picture.

Nick POctober 19, 2014 8:34 PM

@ Wael

"When it comes to state level adversaries, one is out engineered, out funded, and possibly outlawed :) "

That's what I eventually said. (sighs)

"No chance of beating an adversary of such capabilities. I remember RobertT disagreed a while back..."

I agreed with him, too, as he and I both did it on more than one occasion. His methods were better potentially just because they cleverly relied on skills almost nobody has. Less every year, actually. I'll add that one must beat them across the board to win and each person's winning criteria (eg compromises) is different. A person willing to build in backdoors, share design info, restrict business relationships, etc might not come under too much scrutiny. A U.S. company selling high assurance, on-chip crypto to the Chinese will probably have a TAREX team up their ass in no time.

Varies. That's why I like the obfuscation approach best. What they don't know can't help them. Obfuscate relationships, methods, suppliers, configuration, and so on. Good INFOSEC & COMSEC on top of a policy of mainly referencing vague terms representing things discussed in person. The same stuff CIA used to do. That we are still vague on details of some of their illegal activities shows tradecraft and obfuscation are the best methods if done right. Meanwhile, crypto and FOSS didn't do shit to stop NSA. Like I predicted. ;)

Oh yeah, and keep one's person and business out of the Five Eye's countries. That's also a lesson to learn from RobertT, who intentionally didn't do business in U.S. to avoid its issues. He also, like me, used physical compartmentalization of his systems to separate personal, main business, more critical projects, etc. Not sure if his data moving methods were strong, but extensive air gaps put him ahead of NSA remote capabilities a bit.

"Is this blog under a DDOS attack? I noticed some silence for a few days..."

Anytime it goes down, I email Bruce to see if it's under maintenance. He usually straight up says that. Was more vague this time. So, might be an attack or just an unusual system/service reliability issue. They run a Perl-based web application on top of a regular server far as I know. Plenty of room there for non-NSA problems. They resolved whatever it is so not our concern past that.

WaelOctober 19, 2014 9:28 PM

@Nick P,

I agreed with him, too, as he and I both did it on more than one occasion.
How can you tell you weren't hacked with any degree of certainty? Certainly they won't tell you oh, Mr Nick P, we got you! We now know what you are working on because we ex-filterated your data using such and such technique.

Oh yeah, and keep one's person and business out of the Five Eye's countries.
There are indications that Five Eyes have control over non Five Eyes countries...

but extensive air gaps put him ahead of NSA remote capabilities a bit.
 
Hmm, thought from the BadBIOS discussion that air gaps were insufficient. One needs vacuum-gaps inside a Faraday cage -- or vice versa...

AdjuvantOctober 19, 2014 9:38 PM

@Nick P Edmonds testimony alone isn't enough for something this big. It *must* be corroborated.

Couldn't agree more. Edmonds does broadly claim that details have already come out in various mainstream press reports, in various languages. Aside from Corbett's post-production editing of a few select media screenshots into the video, though, there's not a lot of follow-up on the references. I frequently find myself wishing for more specific citations. Such a firehose of information, with so little in the way of crossed "t"s and dotted "i"s to facilitate further research! The entire series is in dire need of an exhaustive set of footnotes and an annotated bibliography. Once I get the transcripts completed, I may concinve myself to proceed by trying to help fill that gap.

Speaking of the transcripts: I have first-pass drafts of parts three and four up now -- pretty ugly, but usable. They're now cross-linked from one and two above, and links to the remaining parts of the series will follow. I won't post further links here until they're polished. Feel free to read the alpha version, though!

Nick POctober 19, 2014 9:42 PM

@ Wael

It's a heuristic of mine that they're failing if they keep trying more and more clever stuff. The trick was that they thought they were attacking one kind of thing, but were hitting another. One there's a record that I bought and operated. One there isn't. One is more trusted than the other in operation. And it isn't the one they know about. Most likely, they were running through every permutation of what tricks I could've done on the one they know about. See how obfuscation tilts things in one's favor?

"There are indications that Five Eyes have control over non Five Eyes countries... "

Certain levels of influence over countries and companies. Not straight up control that I can tell. Cooperation and subversion. Varies entity by entity. Hence, my security by diversity heuristic.

"Hmm, thought from the BadBIOS discussion that air gaps were insufficient."

BadBIOS shows that certain air gap strategies were insufficient. Not air gaps in general. Even highly assured guards for moving data might have defeated BadBIOS if it started with USB sticks or some crap like that. See why I like simple, dumb, hardware interfaces mediated by straightforward software?

Obviously, though, people didn't focus enough on the hardware. Myself included. Many strategies once believed secure won't be because their assumptions were... under-informed. My framework still applies and my new approach is bottom-up rather than top-down. A hybrid actually. Should fix or prevent most issues.

Nick POctober 19, 2014 9:45 PM

@ Adjuvant

Corbett himself is of questionable reliability. That adds to the problem. He'll certainly cite some good information and present it well. He'll also throw in stuff that's questionable or even downright misleading. This was evident in his "9/11 A conspiracy theory" video. Minus the questionable stuff, it was an entertaining start at getting people thinking about the official theory. But he didn't publish it minus that stuff, did he?

AdjuvantOctober 19, 2014 10:06 PM

@Nick P: Yes, I agree that Corbett has historically put out a lot of questionable stuff, and for that reason I generally have not followed him closely -- though I would add that based on my more recent sampling, his work seems to have improved. I recall qualifying this to a friend as a "partial remission of his foot-in-mouth disease," or something similar. ;-)

SkepticalOctober 20, 2014 11:44 AM


@clive: The first is "representational democracy" is in no way democracy and any one who claims it is, either cannot think or thinks you cannot think, so tries to "gull you" for their benifit. Why should we have to have "monkeys in suits" who are mainly self interested deciding what should happen at our expense.

While I understand the sentiment behind this, and your other points, I think voting as an informed citizen is a civic duty of great importance.

Where would we be had all those who came before us derided laws and voting as useless, and declared only technical measures of value?

Imagine for a moment a world where power is everywhere unbound by law - where neither common law, nor statutes, nor Constitutions (nor any combination thereof, as appropriate for one's country) protected one's rights or limited the extent of government authority.

Do you suppose, even for a second, that technical measures would suffice in such a world? Why we would surely be a globe of mere warlords and frightened serfs.

Politics is often ugly and venal. James Madison, whose views on government have inspired many, who penned some of the most eloquent arguments in favour of dividing and limiting government by law, found this out only too well, when he was defeated in one of his earlier elections because he refused to serve ale to ploy voters while his opponent was unburdened by such scruples.

Yet, politics still works. Politics gave us roads, and bridges, and a welfare system to prevent the worst; politics, eventually, gave us coordination in world wars to defeat the forces of fascism and tyranny; and it gave us, along with many mistakes, the stability, prosperity, and endurance to outlast the brutal contradictions of the Soviet Union.

Politics has given us abuses of power - but it has also given us the power to rein in those abuses (and we have done so - and will do so again if needed).

Yet all of that depends crucially on voters. Politicians, at their best and most courageous, may defy public opinion for a righteous cause, but usually and ultimately they care most about their fates at the ballot box, for better and for worse.

One vote will be unlikely to change an election, or history - yet should the belief in the importance of one vote be held by millions, then change is not only likely but impossible to stop.

You cannot keep faith in humanity, and stop showing up on election day. You cannot protect rights and privacy with simply an encryption suite. You cannot hide from the messy, glad-handing, bullshit that accounts for so much of politics, and hope to be a part of progress.

And this because out of all that bullshit, all those petty favours, we have emerged as nations of better laws and of better institutions. And that is because behind the bullshit and the petty favours, real matters of importance are being weighed - and whether people like you will show up to vote on election day is a consideration.

Sometimes a key vote in a legislature will turn on just a few representatives - a few who may be principled and informed enough to vote for the best policy, or a few whose constituents will vote them out if they do not vote correctly.

You have to show up. I hate to close with a Woody Allen quote, but when I hear the truth I care not who speaks it: 90% of success in life is showing up.

And voting is showing up in a democracy1.

[1] "Democracy" is a word that has altered it means over the centuries according to use. When we speak of democracies today, we mean liberal democracies that incorporate rule of law, universal suffrage, and protection of minority rights. So let's not get hung up on what "democracy" may have mean to writers in the early 19th century, who thought it a form of mob rule.

Clive RobinsonOctober 20, 2014 6:46 PM

@ Skeptical,

My point is technology can "remove the middle man" or in this case "the representitive" who these days is anything but...

There are democracies --some Swiss Cantons-- where the voting on real substative issues takes place by a show of hands in the town square once or twice a year.

Obviously this does not scale with traditional human systems, but technology could make it possible.

The question of people chosing to or being compelled to vote is a thorny one. My personal view is that if you don't wish to participate fine that is your democratic choice, but I also believe that a protest vote of "none of the above" or spoiled votes should be counted and have equal value as to any vote for a candidate, and if it "wins" then the vote should be run again with new candidates / policies.

Belgium has proved the point that you can run a country for a year or so without a "Government" being --supposedly-- in charge, and many other places have shown that the world does not end because the people don't want any of the crooks / shysters on offer. It's not being able to get rid of them democraticaly that is in fact more likely to bring the world to an end as the people rise up against them and bullets start flying.

Arguably however some people actually do not want democracy, many Russians did and some still do want what they feel is the security of the old Communist State, even though like the majority of political systems --including representational democracy-- it failed to deliver anything of use.

As for the passing of legislation etc, the more open the process the less likely the legislation is to be bad or misused. After all do you realy think the Patriot Act would have survived proper open scrutiny?

Also I firmly believe that all legislation has a life span and it should have a "sunset clause" of at most fifteen years if it's not voted back by the majority then it lapses, and either dies away or gets rebirth in a new form more appropriate to societies norms.

To some this might seem dangerously radical ideas, however to others not radical enough, and that's the danger, forcing something on people is a form of restraint and history shows us the longer such opression lasts generaly the more violent the backlash. I'm not keen on the idea of the tree of liberty being refreshed by the blood of patriots, this world has seen way to many heros and marters dying uselessly in the name of ideals. It would be far better to have such people being more gainfully employed building society peacfully with the will of the people behind them.

Clive RobinsonOctober 21, 2014 2:32 AM

@ concernedforbob,

All we know is that he nolonger posts here under "RobertT".

So the past tense is with respect to his comments, not anything else.

AdjuvantOctober 21, 2014 7:50 AM

@NickP: Two points.
1. That just one of these guys gets citizenship and diplomatic passwords from U.S. while on INTERPOL's most wanted list is quite a link between us and Gladio claims. So, the question that comes to mind is, "Is there any documents, financial transfers, etc that corroborate those specific claims?"

Primary documents might require a lot of wrangling (or a minor act of God) for you or I to get hands on today, but if you're looking for independent corroboration on Çatlı-and-aliases, it's not hard to find -- especially in Turkish. Edmonds' earlier piece here has some more links. Included is a piece on the passports from Milliyet, dateline Chicago, 2 December, 1996. -- and I tracked down the byline as well: she seems like the sort who would archive things. Also cited is this press piece of indeterminate date, which reported yet another alias, this time on an American passport. Make of that what you will, after deciphering your preferred auto-translate.

There's also a two-volume collection of original Susurluk documents put out in 1997. But that's just one product of and entire Turkish-language cottage industry on the subject. On the face of it, corroboration would not not seem to be lacking...

2. Even if you object to Corbett as interviewer (and I'm personally inclined to give him the benefit of the doubt), does it honestly matter? Edmonds just keeps going off on 20-minute monologues and won't let the guy get a word in edgewise, anyhow! :-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.