Friday Squid Blogging: Squid Beard


As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on December 19, 2014 at 4:04 PM • 89 Comments


Jesse ShapiroDecember 19, 2014 4:16 PM

I think it's interesting the way Sony folded to terror threats. I don't know what I would have done in their shoes, but it definitely seemed like one of the kinds of dilemmas addressed in Liars and Outliers.

On the one hand, the odds of an actual terror threat would have to be overwhelmingly small. On the other hand, the costs of such an attack would be catastrophic to Sony.

abraxasDecember 19, 2014 4:45 PM

@Jesse from my understanding it wasn't so much Sony that was concerned about terror threats but theaters were concerned that if anything happened at their theaters that they would held liable. Since the theaters would not show it would not be profitable for Sony and they would lose out on some insurance claims.

Idk though, it will be interesting to see how things unfold and what evidence will come to light about the attackers.

AlanSDecember 19, 2014 4:48 PM

Some thoughts on what CIA Torture and NSA Mass Surveillance have in common.

What's Significant about the Torture Report isn't so much the contents, the essential details have been known for some time, but the reaction: more lies and dissembling, repulsive rationalizations (the effectiveness debate), the failure of Congress to provide proper oversight of a TLA and the executive (again), the continued use of euphemisms (EITs, anal rehydration,...), the continuing secrecy, the self-righteous but hallow pronouncements by the president and others, and the utter lack of interest in holding anyone accountable (aside from a whistle-blower) for the sake of political expediency. And they knew it was illegal in advance. So why not act against what is grossly and blatantly illegal?

The legal aspect is key. One of things this has in common with the NSA misdoings is legalism (“ethical attitude that holds moral conduct to be a matter of rule following”). Margo Schlanger makes the connection here: Intelligence Legalism and the Torture Report. But Jennifer Granick's critique of Schlanger, that legalism is really a "smokescreen", applies to both. See The Surveillance State’s Legalism Isn’t About Morals, It’s About Manipulating the Rules. For her it's not even about following rules in place of doing the right thing but "legalistic justifications" and "wordplay", that is to say appearing to follow the rules.

Either way, if the public laws that Congress passes don’t mean what they say, then compliance is just lipstick on a pig. Chris Sprigman wrote about this here at Just Security, and he sees the culture of lawyering at the NSA, far from assuring the agency’s lawfulness, as actually aiding and abetting the essential lawlessness of the mass surveillance programs..

Lipstick on Carl Schmitt, the ‘Crown Jurist’ of National Socialism, might be a more accurate description and the answer to the question. See The Return of Carl Schmitt.

John Yoo and his colleagues present their critique of international humanitarian law as a validation of the sovereigntist tradition of the American Founding Fathers. That such claims can be taken seriously reflects a failure of critical thought in contemporary America. Yoo’s views on international humanitarian law have absolutely nothing to do with the Founding Fathers. They are a cheap, discredited Middle European import from the twenties and thirties. Viewed this way, it becomes increasingly clear where they would lead us.

What happened after 9/11 was a state of exception. The endless War on Terror is the road to a permenant state of exception.

For more on Schmitt See Luban, David J. Carl Schmitt and the Critique of Lawfare. SSRN Scholarly Paper. Rochester, NY: Social Science Research Network, March 28, 2011.

Milo M.December 19, 2014 5:08 PM

Filed under "Do Troll Hunters Need A License":

"Along with each username and its associated comments, he was capturing a string of encrypted data. He recognized the string as the result of a cryptographic function known as an MD5 hash, which had been applied to every e-mail address that commenters used to register their accounts. (The e-mail addresses were included to support a third-party service called Gravatar.) Fredriksson realized he could figure out Avpixlat commenters’ e-mail addresses, even though they were encrypted, by applying the MD5 hash function to a list of known addresses and cross-referencing the results with the hashes in the Avpixlat database. He tested this theory on a comment he’d made on Avpixlat with his own Disqus account. He encrypted his e-mail address and searched the Avpixlat database for the resulting hash. He found his comment."

Mr. PepinoDecember 19, 2014 5:40 PM

Hi Bruce & blog readers,
I made an electronic music track about the total surveillance around us
and took extracts of an interview with Edward Snowden and the tv show 'Inventing the Future - Surveillance Technology'
with Bruce Schneier as a guest.
You can hear two statements of Bruce starting at about 03:00.
The other statements come from Edward Snowden and Robert Tercek, host of 'Inventing the Future'.

Its licensed under creative commons. You can find the track here (needs java script!):

Total Disinformation Awareness (Paranoia? Mix)

With the music i try to reach the kind of audience that normally is not interested
in these issues. I think that the ignorance about surveillance is even more dangerous than the surveillance itself.

Bob S.December 19, 2014 7:29 PM

@Alan S.

That was a marvelously insightful and thought provoking comment. Wow!

I followed the link to the article regarding "The Permanent State of Exception and the Dismantling of the Law..." I found it very helpful explaining what I, and I hope others, see happening before our very eyes. But, we simply can't label or name it's just ...happening.

The authors talk of a permanent state of emergency which entitles the executive power to grant itself exception to the rule of law. It's not exactly a dictatorship or's something different, maybe a whole new kind of government altogether that doesn't have a name yet. I agree.

Apparently Paye was particularly focused on the vast powers, including over life and death, granted to police. Indeed it's suggested the courts and legislatures have become co-opted and subjugated by police. I agree. The military is not mentioned especially, but clearly in the USA the police and military are melding into a unified force of dominance and control over the people.

That these tendencies are occurring not only in the USA but many western powers is especially alarming.

It's a whole New Deal, or should I say Anti-New Deal?

Once we have a clear and compelling understanding of the problem it will become possible to find a solution. Until then, we're screwed.

Blog Reader OneDecember 19, 2014 9:11 PM

Jason Koebler of Vice magazine on the Sony hack (Schneier is mentioned in the first article):

On e-mail security, the StartMail service, with an emphasis on privacy, is in operation and has a whitepaper on the reasoning behind certain security decisions:

Jonathan WilsonDecember 19, 2014 11:17 PM

Cinemark Theaters is being sued over the batman shooting (where some random guy showed up to a screening of the latest Batman film with no warning and shot people). Cinemark Theaters will likely argue that it didn't know about the incident and couldn't do anything to prevent it and will probably win.

If the theater chains go ahead with screening The Interview and an event happens, it will be much harder for the theater chain to argue that it couldn't stop the event (since there was a warning that such events would happen)

Not only that, if the theater chains show the film, there is a high chance that those theater chains will be hit by the same cyber attackers as hit Sony (and its a good bet that the security at these theater chains is even worse than what Sony had)

ThothDecember 20, 2014 8:15 AM

Tor project itself is already pretty much rather unstable after all that has pass. It was never designed to withstand HSA attackers from the beginning. And not to forget, it was funded by the DOD/US Govt after all. I am pretty sure the US Govt/DOD have much better anonymity or hidden identity system with much higher assurance in place for their field agents to deploy than to rely on Tor anymore. Tor was just the beginning and now probably to the US Govt, it's way pass it's usefulness and live span.

If a network relies on some form of directory system whereby taking over more than half the directories would cause panic in the system, then this would not be a very useful thing in modern day anonymity routing protocols.

For an anonymous P2P/F2F system, it should not have a reliance on directory servers as much as possible. All nodes should be seen as equal in status and equal in knowledge of each other (assuming everyone knows nothing of each other ... zero knowledge) and does not have any trust on the other person.

Anonymity (of IP addresses and internet identities) is something new and strange to the internet as it was not deisgned in such a way in the beginning. The current internet model is a giant monolithic monster limping around suffering from all kinds of ailments anyway.

BoppingAroundDecember 20, 2014 10:25 AM

[re: summary of the Pew research on the future of privacy]

> For the great privacy wars to get started, people may need motivation in the form of a major incident -- what some analysts call a "privacy Chernobyl."

And it probably has to be really hurtful and personal.

> "The benefits of cloud-based, personal, digital assistants will be so overwhelming that putting restrictions on these services will be out of the question," said Google's chief economist Hal Varian. "Everyone will expect to be tracked and monitored, since the advantages, in terms of convenience, safety, and services, will be so great."

Emphasis mine. Did not expect any other answer out of Google frankly.

> "We will adapt to 100% transparency and the utter loss of privacy, accepting that secrets no longer exist.

The 'plebs', yes. Willingly or by coercion and deception. I am not so sure about the others, particularly the alphabet agencies. I would think they'll find a way to conceal things even in plain sight under the spotlight.

And, data brokers. Why do these even exist? What they do is questionable at the very least. Yet they seem to be thriving. Any info?

Now the time is to read the full report.

AlexDecember 20, 2014 10:51 AM

There's a lot of discussion about what the response to the DPRK should be. Some are calling for military strikes. I'm pretty sure that won't happen, but it does show that there's a lot of anger out there.

I'd like to see the security community insist upon seeing some sort of evidence that North Korea was behind the attacks. I don't think it's good enough for them to say that they've looked at secret data and concluded that the DPRK was responsible.

We've seen the heads of the NSA and CIA lie to the public and Congress in order to win political fights. The government's national security team has significant credibility problems.

We need to know exactly why they're saying that it's North Korea. And if the evidence isn't compelling, we have to call them out on it.

Gerard van VoorenDecember 20, 2014 11:34 AM

@ Alex

I don't know who is behind this attack so it is entire guesswork.

Obama said that they want to make legislation that could improve the internet. That is a good thing, when done right. I do have a serious lack of trust however.

Which brings me to the absolute lack of security built into the internet that the TLA's and the attackers are very well know about.

If you want to blame an organization, the TLA's are to look at, especially the NSA. Next organization is Sony Pictures itself of course.

Obama is very forgiving to these organizations, but somehow not for the attackers.

Clive RobinsonDecember 20, 2014 2:35 PM

@ Alex, Gerard van Vooren,

The US needs a other war....

It's been pushing at Iran and NK over the past few years, at present Iran is perhaps being usefull. Whilst China however is doing lots of damage in the China seas, and has in effect told the US to get out of what it considers it's seas.

The US has a history of trying to forment war with NK via various tactics since the end of hostilities back in the 1950's usually by joining in war games etc by SK. The previous SK premier was a bit of a nutter and was all for invading NK at the end, which the SK people don't realy want, they want unity. Neither China nor the US want unity between the North and South.

During the past few years NK has shown it has the ability to put rockets up into space and also keep it's centrifuges safe from US malware. Of more recent times it would appear that NK has progressed sufficiently far along the nuclear device development that they may now have a device capable of putting on top of a space bound rocket.

Contrary to what may have been implied the US does not have a viable "shield" to nukes launched from orbital platforms nobody does because the cost is to high.

Thus to the US military NK potentially posses the most serious threat to them and by implication the US. Also China is also rapidly building up it's "external forces" weaponry and personnel in order to enforce a thousand mile or so sphear of influance, whilst also threatening not just Taiwan but Japan and most other territory within that sphere.

To say the political situation around NK is a little fraught currently would be quite an understatement and it's not going to improve.

When you add to this Russia's current woes and the fact that China has just signed a thirty year energy deal with them at less than favourable terms Russia would no doubt be interested in seeing a bit of turbulance in that region to drive energy prices back up again.

So it's fairly easy to see that there are many people who have a very real interest in "blowing up" any friction between NK and the US...

Remember just a hundred years ago a politically inspired assassination in a "far off place of little consequence" gave rise to the First World War, and the result of that gave rise to the path that led to the Second World War, the consequences of which has given rise to increasing wars year on year since. The one thing 20th Century history has taught us is that most major conflicts forment for years and that one insignificant incident acts as the spark to an earthquake of carnage out of which the US "Military and Industrial Complex" tends to do rather well...

Is this such a spark? Who knows, but most of the sign posts are indicating major military conflict is well over due, and it might also be the US Militaries last chance to deal a blow to ambitions in the China seas.

PerryDecember 20, 2014 3:08 PM

The truecrypt cryptanalysis audit seems to be dead now, the reports keeps getting delayed. This way it will NEVER be finished.

Nick PDecember 20, 2014 5:45 PM

@ Bruce Schneier, Clive Robinson, Wael, name.withheld

I've been working on several fronts recently for developing highly secure systems and networks. I caught myself thinking about my old automatic programming work applied to either an integrated toolkit or design flow using several to produce high assurance systems. The idea was to specify it in a high level language (executable spec), establish key properties in that language, autogenerate code to run through top analysis tools (incl covert channel), autogenerate tests, autogenerate interface/error-state documentation, autogenerate portable production code, and run it through certified compilation. Some portions could be done in background during development with the rest as a batch process running over time or over night. Still a bunch of tools and mental frameworks to integrate, though.

Then Clive posted this link:

Specifically, read this paper then the testimonials. From there, read whatever from the main site you need. Main product page is here.

The paper claims they did a rare thing a long time ago: they tried to categorize the solutions to every problem they encountered, apply them in future developments, automate that, and make one tool for all system development without code. Further, it claims their Unified System Language can describe any system with partial design generation, automatic code generation, certain errors impossible, automatic testing for plenty of others, easy porting, traceability (important against subversion), and plenty more. The testimonials show it used on a diverse array of tough and typical projects by many different kinds of companies.

I just need some engineers with a math background and good abstract thinking skills [I lack] to review the method against its claims. If it's what it claims, name.withheld and I might need to pause whatever methodologies we're working on to see how to build on top of this amazing tool. Along with the whole software engineering and formal methods communities. If it's bullshit or hyped, then peer review either prevented wasting time or let us apply it appropriately. I just need to know if it's legit and whether I should build on it.

From that point, I'll have to determine whether the process is usable by majority of software engineers. If not, I'll continue researching my methodology that's basically a 4GL & design flow for secure development in a procedural style. If so, I might try the tool myself or start integrating parts of my methodology into it. Need to have a number of different types of people review it, though.

ThothDecember 20, 2014 7:00 PM

@Clive Robinson, Alex, Gerard van Vooren, anti-Warhawks, et. al.
Just like how someone tried to sue Israeli generals and important personnels of Israel attempting to enter EU (I remember one of the comments some posts ago had it), the same, attempting to sue those Warhawks (US, UK, Russia) from entering other region especially in the entire EU region to pursue them of war crimes.

If the US were to be successfully charged of war crimes, every single US President would have to be charged since almost everyone of them are involved in some war mongering of sorts to be found severely guilty.

One method to clean up the infrastructure from these corrupted politicians who love to burn the citizen's cash and war monger is to raise enough critical awareness so that people are not sleeping in their sofas watching glamourous airstrikes with beautiful tracer rounds flying overhead like Star Wars while on the ground bad stuff is happening. More internal leaks in a responsible format is much welcomed to expose their dirty laundries.

The final straw might be to replace the entire political system by the people/citizen of the USA in a blood-less fashion. The Democrats and Republicans in a two party system is rather too limited of a choice and it allows cahoots between the two parties. Both parties are doing very little good and waging war. The economy and the amount of US Govt debts is sky rocketing daily as well besides all the eletronic crap-work the US Govt is doing against it's own people and the World. They have pretty much turned their backs against their people and the World as a whole in my opinion.

I am always a little skeptical about security projects as they are very tedious and very difficult to handle. It has a high probability of failing due to some reason. One reason I am very cautious of fundings. It is about time people start to give up the "research Truecrypt" and same for the researchers. Make a provable full disk encryption software much better than Truecrypt than to try to rescue something already doomed.

Hugh JassDecember 20, 2014 7:55 PM

@ Nick P

FYI: I believe that the 001 Tool Suite was about $10,000/seat about five years ago.

Nick PDecember 20, 2014 8:04 PM

@ Huge Jass

I appreciate it. I'd call that steep cost for a development environment. Then, I remember all the tools one has to buy in addition to basic IDE's that do many functions included in 001. So, it might be acceptable if considered an integrated bundle of many parts of the software lifecycle. Might even be cheaper.

Anyway, did you get to use it or just did a price quote? Any knowledge on effectiveness?

SkepticalDecember 20, 2014 8:10 PM

@AlanS: It's an interesting comparison. Although I haven't followed the "Torture Report" discussions very closely, I think you're really stretching in drawing similarities to NSA's collection programs. And then to bring in Schmitt... are we really calling the NSA incipient Nazis?

@Clive: It's not in US interests for a war with North Korea to break out, and the US certainly hasn't been trying to "foment" war with North Korea by holding military exercises with South Korea's military.

Re whether DPRK is responsible for attack on Sony:

It certainly would fit the known evidence, though other theories fit the evidence as well (albeit not quite as neatly - but fit enough).

Still, the US has stated definitively that the DPRK is to blame. Since there is no reason for the US to deliberately lie about such a finding (it would be far easier if a private actor were to blame for the attack), one can reasonably narrow this to a question of whether the US is likely to be mistaken about such a finding. And given the expertise and technology to which the US has access, a mistake here seems unlikely.

Site R Special Needs campDecember 20, 2014 10:00 PM

Holy crap. Skeptical actually believes the US government. When Colin Powell was waving that little test tube of Bush's coke, I wondered, Who is stupid enough to fall for that? When they caught Saddam in the super-secret 9/11 planning meeting with Al Quayda, I thought, What kind of retard swallows that shit? When Spike Bowman flushed the evidence and blamed some sad sack for weaponizing anthrax with his Williams-Sonoma mortar and pestle or something, I thought, How fucking stupid do they think we are? When they told us about the Viagra mass-rape storm troops in Libya, I thought, This is a joke, right? Only a waterhead could hear that and not bust out laughing.

Turns out they were talking to Skeptical all the time.

Just think about competent intelligence services, Russia, China, India, Sweden, Egypt, Cuba. Just imagine how they're duping this poor dumb shit with OPSEC. They must be cryin laughin, sending him on hilarious snipe hunts and keeping him all wound up and shit-scared like this.

Of course skeptical's like a GS-4 cleared for Confidential at the GSA Wastebasket Emptying Task Force but I know these goobers, they're all just like him. This is how stupid they are.

Hugh JassDecember 20, 2014 10:16 PM

@Nick P

"Anyway, did you get to use it or just did a price quote?"
Unfortunately, just a price quote.

"Any knowledge on effectiveness?"

Utter Martyr SemmitchDecember 21, 2014 2:44 AM

@Site R

Turns out NK's a low-risk option for putting the PRC in its place. Clashing with the PRC amongst other things, puts the US at risk of defaulting massively on its debts, and I expect the US Army, Marines, Navy and Air Force would mutiny on being paid in Confederate scrip. So the US looks big by posturing and threatening NK, and the PRC's supposed to take note and walk small.


You notice one thing, that people ain't talking about? If this is the security of one of the big names in entertainment. What's the rest like? And I'm bettin that the PRC knows.

So much for ~Skeptical?

CoryDecember 21, 2014 4:16 AM

@ Alex

I would have expected this type of response from President Bush Jr., but certainly not from President Obama. His advisors must have really blew his socks off with the evidence they presented to him surrounding DPRK's involvement.

I still don't understand the rationale behind why we NEED this war. Politics is certainly not one of my strong subjects. I'd expect going to the theaters to watch this movie will be enough show of my support for this cause.

Just being cautiously skeptical...

Gerard van VoorenDecember 21, 2014 6:09 AM

@ Cory

"I would have expected this type of response from President Bush Jr., but certainly not from President Obama. His advisors must have really blew his socks off with the evidence they presented to him surrounding DPRK's involvement."

I think that comment is naive. Obama doesn't have a good track record at all when it comes to being sincere.

A wise man once said: "Do not listen to what they rave about but look at what they do."

"I still don't understand the rationale behind why we NEED this war. Politics is certainly not one of my strong subjects. I'd expect going to the theaters to watch this movie will be enough show of my support for this cause."

There are two kinds of war. The necessary war and the luxury war. You can only win a necessary war. The best example is WW2. Germany only started "total war" in 1942, when they realized that with the war in the USSR they overlooked the Russian vast terrain, climate, industrial capacity and mentality. Vietnam and Iraq are also good examples.

There is no NEED for a war at all for the US. But the deep fascism, arrogance, ultra nationalism and the utter wrong WASP mentality of justice in the US, being continuously conducted and hardly ever questioned, leads to ever lasting aggressiveness. We are talking about propaganda on a massive scale.

This culture leads to seeing everyone else as an enemy. Manipulating assholes such as Cheney and Rumsfeld made heavy use of this. But Obama is now doing the same with directly pointing to NK even tough there are still lots of questions.

SkepticalDecember 21, 2014 6:36 AM

@Site: :) It must be tough living in a complex world with such a simplistic view. Everyone lies, including the US government. The tough part is that no one lies all the time.

In assessing whether the US government is lying in this case, you'd want to first look to motive: do they have a reason to lie and claim the actor to be the DPRK?

The answer is no, because this matter is much more easily resolved if a private actor, and not the DPRK, is involved.

Once we've (for the purposes of a quick analysis here) eliminated deception in making the claim, we'd want to look for a probability of error. From the outside it looks like DPRK was always the favorite to "win" this, which is to say that DPRK always appeared a very good suspect. That kind of early impression can shape cognitive commitments and affect how later evidence is perceived, often with deleterious effects on the quality of analysis. But, the US has a strong interest in the named actor not being the DPRK, and so it is likely that the analysis was thoroughly checked and re-checked. It's also true that the US has a fair amount of expertise in these matters.

Taken together, then, I'm inclined to grant the US claim a high degree of credibility (not to the point of certainty, obviously, but high enough).

SkepticalDecember 21, 2014 6:53 AM

@Utter: Clashing with the PRC amongst other things, puts the US at risk of defaulting massively on its debts, and I expect the US Army, Marines, Navy and Air Force would mutiny on being paid in Confederate scrip.

I'm not sure why you think this. Can you explain? My own prediction would be that a war with the PRC, something both the US and the PRC would very much prefer to avoid, would result in a massive flight to US Treasuries, driving up their value.

Nor do I see how a war with North Korea would affect PRC territorial claims.

Nor do I see why the US statement that it would undertake a "proportional response" to North Korea would have any affect on the PRC's territorial claims.

SkepticalDecember 21, 2014 7:02 AM

* That last sentence should read "would have any effect" not "affect".

I don't think the claim that the US wants a war with DPRK has much to it, frankly. The best alternative to the scenario in which the DPRK is to blame is that a malicious individual or entity undertook the attack but very skillfully left a trail leading to DPRK. Based on what we know, this alternative scenario can't yet be dismissed, but given the expertise of those involved in the investigation, and given the interest in not incorrectly identifying DPRK as the perpetrator, I'm inclined to give the alternative scenario a low probability of being true.

No Man's Island Adult Day CareDecember 21, 2014 9:24 AM

Classic skeptical, picking through his dingleberries, rolling them between his fingers, squeezing them, sniffing them, tasting them, all the time words, words, words, blah blah blah, on and on, credibility, expertise, probability, analysis, degree, but you know in the end it all comes down to what the government says. He'll be a drooling dupe as long as it gets him his attaboys and pats on the head. When educated people with integrity start to pay attention, he'll glom onto some other Government-Issue Slender Man. No inkling of how this eff... aff... eff... affects his credibility. He simply can't imagine what it's like to have a 100 IQ.

Clive RobinsonDecember 21, 2014 10:49 AM

It would appear that Vlad Putin is getting involved in the NK SK devide issue. Basicaly Moscow want's to sell gas to SK and to do this effectivly needs to put a pipline down through NK.

This obviously needs NKs permission not just now but in the future. It's something the US is very unlikely to want for a number of reasons. Obviously NK is going to want quite a few things in return for their co-operation one thing that is cheap for Russia but imposibly expensive for NK is getting the US pressured UN of their backs as Russia like the US is a permanent security council member and thus can veto any further US pressure tactics.

The Guardian had a piece on this a couple of days ago,

For those of a particularl mind set it provides another reason to suspect NK is not behind the Sony hack. As we know the US has behaved rather predictably with regards NK as they have done for the past half century. On the old "leopards don't change their spots" theory, it might well be seen that this current blow up is to Russia's advantage, as they can use their position to curtail a lot of options the US War Hawks might have been considering. And in the process give the US a sufficiently public "Black Eye" to act in the Russian favour (which might strengthen the rouble amongst other things).

Whilst China has so far been quiet on the issue, historically it's usually been in their interest to give a degree of protection to NK. Whilst this has been lacking in recent times a visible liason between Russia and NK might prompt them to take a position. Partly because a gas pipline between NK and SK will most probably open up closer liasons which in turn may well give SK a land bridge --away from Chinese actions in the South China Seas-- through Russia which would be of benifit to SK and Russia and in turn NK.

@ economics 101,

It's rather more than "not paying dead men" if a state of war develops even a cold war then the US can sequester any Chinese assets, which would be very very significant. China has for various reasons purchased large amounts of US debt, which at the time caused financial stability and thus continued US trade with China. If the US in effect kicks that into touch it will almost certainly lead to "interesting times".

Clive RobinsonDecember 21, 2014 11:58 AM

It would appear that even the "Guardians of Peace" (GOP) don't think the FBI have a clue,

If this is actually the same people then the NK link is looking even more tenuous...

Has anyone in the US noticed that the TLA for "Guardians Of Peace" is the same as for the Rebublican "Grand Old Party"?

Is it a coincidence? A clue? Or maybe more clever misdirection?

The one thing that is clear who ever is running this show from the GOP side has remarkably good media and internet opinion manipulation skills. North Korea on the otherhand is consistently fairly hopeless at such things, with all their offerings aimed inwards at their home audience as in their most recent nonsense.

I suspect that we will start seeing the US pull back on this drum banging saber rattling rhetoric over the next week or so. However I still have my doubts they are going to investigate properly as sometimes "humble pie sticks in the craw quite painfully" and thus it's best to keep it off the menu.

My money is still on a disafected insider or recent ex-insider as there are too many tell tales of intimate knowledge of Sony's network that would be very difficult for an outsider to know. Unless Sony fully documented their network and security and left it in an easy to find place that the hackers then used. Let's put it this way they have done dafter things...

Nick PDecember 21, 2014 1:06 PM

@ Clive

re Sony

And BOOM my theory just got new support. Funny to think a handful of INFOSEC people spending a small amount of time on almost no data come closer to the truth than the massive and powerful FBI. All that mass collection, near police state power, hackers, implants, etc and they can barely keep up with a handful of guys on the Internet. Maybe it's all a waste of money seeing its consistent failures. Or maybe it was meant to be used for something other than terrorism and cybercrime.

At any rate, if my organization was the victim of cybercrime I'd call a private security firm instead of the FBI. We'd figure out what happened, take the steps we think are necessary, and only contact the FBI if we had evidence they could follow. They're half decent at *that* if most of the work is already done for them.

AlanSDecember 21, 2014 1:33 PM


"And then to bring in Schmitt... are we really calling the NSA incipient Nazis?"

No, but I am saying that post 9/11 American politics has been drinking from the same well. There are numerous articles in law and academic journals discussing the relationship between post 9/11 politics and Schmitt's political philosophy (some defending a Schmittian position). I'm not making a flippant or hyperbolic connection here. And the connection actually goes back further than 9/11 to the political economy of Hayek and other neoliberals associated with Mont Pelerin Society who were interested in fortifying traditional liberalism against communism and socialism. Schmitt, whatever you think of him, is an important influence on post-WWII political thought.

John Yoo's memos didn't appear like magic as if from nowhere.

Some more references to add to the one above:

Abraham, David. The Bush Regime from Elections to Detentions: A Moral Economy of Carl Schmitt and Human Rights. SSRN Scholarly Paper. Rochester, NY: Social Science Research Network, May 1, 2007.

Chehab, Ahmad. A Madisonian Response to Posner and Abebe. SSRN Scholarly Paper. Rochester, NY: Social Science Research Network, December 16, 2011. .

Cristi, F.R. Hayek and Schmitt on the Rule of Law. Canadian J. of Political Science 17, no. 3 (1984).

Huysmans, Jef. The Jargon of Exception—On Schmitt, Agamben and the Absence of Political Society. International Political Sociology 2, no. 2 (June 1, 2008): 165–83.

Kutz, Christopher. Torture, Necessity and Existential Politics. SSRN Scholarly Paper. Rochester, NY: Social Science Research Network, December 1, 2005.

Posner, Eric A., and Adrian Vermeule. Crisis Governance in the Administrative State: 9/11 and the Financial Meltdown of 2008. SSRN Scholarly Paper. Rochester, NY: Social Science Research Network, November 13, 2008.

Scheuerman, William. The Unholy Alliance of Carl Schmitt and Friedrich A. Hayek. Constellations 4, no. 5 (1997): 172–88.

Scheuerman, William E. Carl Schmitt: The End of Law. Rowman & Littlefield, 1999.

poiuytDecember 21, 2014 2:27 PM

Bruce, who are the "weird harassment shit of the future" watchdogs/police? Or do we just call them "psychotropic medication dispensers"?

Sancho_PDecember 21, 2014 4:56 PM

Unfortunately Skeptical’s opinion often represents the (mostly silent) majority of the Americans, so read it carefully to understand the disaster we are in.

To begin with, the film “The Interview” is a (typical?) American (business?) wet-dream,
primitive, offensive, hypocritical and disgraceful - but probably good for profit. [1]

Did I miss that discussion?

- Oh I understand, it’s not the film, now it’s for the sake of our society, the right of free speech, free expression, western culture and value, freedom in general, our constitution and our exceptionalism.

“We cannot have a society in which some dictator in some place can start imposing censorship in the United States.”

Proudly The President Of The United States (Nobel Peace Prize 2009)

The simple right wing authoritarian follower understands “act of terror against our nation” and now dreams of “covert response” or even going to war against the arch-enemy.

Btw, which of those arch-enemies?
Thanks, the FBI clearly stated there is no evidence right now but we know it was NK,
- that’s much more than “we have strong evidence for WMD”, isn’t it?

Yup, “everyone lies, including the US government” but “no one lies all the time”,
and the US gov lied so many times in the past, this one must be the truth, granted.
We don’t need evidence to find someone guilty, we are above the law.
We can’t see any reason why we should be wrong.

It was a criminal act against a private company.
As others mentioned it was likely done as retaliation by ex IT-staff.
If this is true I would not call that “hacking” without knowing more details.
Even enhanced security measures can not fully prevent that as the world has seen in the case of Ed Snowden.

But it’s all speculative because of high secrecy - to keep severe holes open.
And don’t forget they need your support (moral and money) to improve surveillance and security. In secrecy, of course.

For the alleged low security measures at Sony I agree with Bruce Schneier’s
“… this isn't something markets can fix.”
- because -
”The fact is that governments are making the market not work …”

“Too big to fail” == Game Over, market is broken beyond repair.
Corporations won’t be guilty any more.

To be clear, I wouldn’t support a Chinese (Russian, …) film depicting “Obimbo” dead in underpants at the gym, but I'm sure there wouldn’t be any such id …
Wait, now that the idea is out, why shouldn’t we make this film ???
Or is it patented in the U.S?

SkepticalDecember 21, 2014 6:02 PM

@Sancho: I gave particular reasons for my conclusion that the US is unlikely to be mistaken in laying blame on the DPRK in this case. You have not addressed those reasons.

As to the theories of an ex-employee or some other entity, these certainly remain possible, but it's likely that the FBI traced out the evidence rather thoroughly on possibles like ex-employees.

Remember that in place of our very thin speculations, the FBI would have actual information on other possible suspects, some of which may well eliminate those suspects as possible perpetrators. They would also have access to a store of intelligence information on DPRK's operations which we know nothing about. It's a bit silly to presume that the US agencies involved here are simply stupid, especially in an area like this.

As to the recent appearance of a video purportedly by the "Guardians of Peace", I don't think the commenters here realize how problematic that video would be for their theories if authentic.

The case that someone other than DPRK committed the attack rests on the claim that the evidence pointing to DPRK is deliberate misinformation - that the use of infrastructure, tools, techniques, and work signatures associated with DPRK units was planted deliberately to frame DPRK and throw the US off the trail of the real perpetrator.

If that case is true, it would make no sense at all for the real perpetrator to then post a video claiming that DPRK didn't do it. The real perpetrator would lie low and let the US blame the DPRK as planned. However, it would make sense for DPRK to post such a video if they were intent on disclaiming responsibility, as they clearly are.

@AlanS: No, but I am saying that post 9/11 American politics has been drinking from the same well. There are numerous articles in law and academic journals discussing the relationship between post 9/11 politics and Schmitt's political philosophy (some defending a Schmittian position). I'm not making a flippant or hyperbolic connection here. And the connection actually goes back further than 9/11 to the political economy of Hayek and other neoliberals associated with Mont Pelerin Society who were interested in fortifying traditional liberalism against communism and socialism. Schmitt, whatever you think of him, is an important influence on post-WWII political thought.

Yoo's view on executive power has its roots in Locke, to a certain extent in Hamilton, to a lesser extent in Lincoln, but mostly (in my opinion) are the creation of Yoo himself. I don't recall him ever citing Schmitt as an authority in his memoranda, at least.

As to the role of Schmitt in post-9/11 America, I've found most of the discussion of Schmitt comes from those who wish to associate a given government policy with Schmitt as a means of criticizing that policy. I don't think Schmitt is a very good guide to understanding any of it, including policies with which I disagree (or disagreed, if they're no longer in force). Many people seem to think Schmitt is an appropriate place-holder for any concept that involves heightened executive powers in an emergency. But he's really not - many theorists have argued that the executive requires greater power in certain types of emergencies, and Schmitt's views on this don't set him apart. What does set Schmitt apart, moreover, are not very useful to understanding American politics.

Turning back to Yoo himself, his memoranda were repudiated rather quickly by OLC, so even if they were rooted in Schmitt, they're hardly representative of American government.

Sancho_PDecember 21, 2014 6:41 PM

@ Skeptical

Well, you wrote it’s likely that the FBI traced out other entities, but given the poor record in the past I do not blindly trust U.S. TLAs when it comes to critical missions. Again, secrecy is often used to hide wrongdoing, so they are not credible per se, on the contrary.

I wouldn’t call them plain stupid, however, if it is deliberately done it would be even more horrifying.

The “Masters of the Internet” control and monitor the fibers and look for - what exactly? Me writing “bomb” or “OBL” in an email?
They call it “National Security” but are blind when it comes to secure Americas business and governmental infrastructure?
In case it wasn’t clear before, IT and Internet are today’s blood of western existence.

So let’s hope that their focus isn’t set correctly (say: find Sancho but not the potential harm to society).

As to who points at whom the U.S politics is the least trustworthy entity in the world, sorry.

OrkinDecember 21, 2014 6:57 PM

Shorter skeptical: leave it to the FBI because they know best and the FBI wouldn't lie, Todashev had it coming and Tom Thurman nailed OKC and Lockerbie and it wasn't fair that he got crapped out in disgrace.

Longer skeptical: Evan Bayh is Brennan's bitch and congress is a cringing rubber stamp for CIA but How about those crazy gooks, now Brangelina must be really mad, computer espionage is so terrible!!!

USSADecember 21, 2014 7:59 PM

This is interesting...

Warning: Do NOT use my mirrors/services until I have reviewed the situation

"Many of you by now are probably aware than I run a large exit node
cluster for the Tor network and run a collection of mirrors (also ones
available over hidden services).

Tonight there has been some unusual activity taking place and I have
now lost control of all servers under the ISP and my account has been
suspended. Having reviewed the last available information of the
sensors, the chassis of the servers was opened and an unknown USB
device was plugged in only 30-60 seconds before the connection was
broken. From experience I know this trend of activity is similar to
the protocol of sophisticated law enforcement who carry out a search
and seizure of running servers.

Until I have had the time and information available to review the
situation, I am strongly recommending my mirrors are not used under
any circumstances. If they come back online without a PGP signed
message from myself to further explain the situation, exercise extreme
caution and treat even any items delivered over TLS to be potentially

DanielDecember 21, 2014 8:05 PM


Not even I suggest that the executive shouldn't have power in a genuine emergency. The problem, however, is that as we have seen time and time again "emergency" is an empty word just like "national security". It means whatever someone wants it to mean. Moreover, there is genuine problem of the executive inventing emergencies or a series of crises in order to perpetuate its whims. That's what so great about terrorism--it will never be defeated. There is always a bogeyman under the bed.

In my opinion the greatest man in the 20th century is none other than Gorbachev. Why? Because he made the elites in America realize the flaw in static, state-directed conflict--one can never account for the do-gooder who throws a monkey wrench into the game by quitting it. I give Cheney and Bush credit--we will be chasing ghosts and specters until the end of time. There is an endless supply of #2s in the middle east that we can kill. It will be an endless game of whack-a-terrorist whose goal is not to defeat any particular entity but to make sure the American public stay appropriately cowed and manipulable.

ChristopherDecember 21, 2014 8:05 PM

Re: GOP posted video

I'm more troubled by the fact that this group can still post videos anonymously, with no strings attached to their whereabouts. This leads to a few unfounded speculations...

1. HSAs are playing dumb. (this means either a false flag op, or they are waiting for the hornet to return nest)

2. Every time GOP makes a public cyber appearance, it does that thru a brand new lead source. While HSAs watch this dude waiting for a reach, some other dude makes the next contact. This would lead to state sponsored work because nobody else has that type of work force.

3. These cyber appearances have nothing to do with the perpetrators. They are propagandaists or opportunists with their own separate agendas.

By the way, merry christmas all...

AndrewDecember 21, 2014 8:28 PM

For years, those whose main task was to defend nations had no better goal than to make everything vulnerable so they can spy everybody. Now they are surprised that things turned against them just like ISIS or talibans.
It doesn't really matter if it was North Korea or not, they have used the same defective infrastructure that noone is really interested to fix.

ChristopherDecember 21, 2014 8:55 PM

@ Sancho_P

I think secrecy is essential in this type of architecture because it rests on laying a false sense of security. A common belief is that if one makes it, someone will break it, if not now then perhaps in the future. Staying ahead of the curve often means constant innovation, but essentially one cannot break what one does not know exist.

ChristopherDecember 21, 2014 8:58 PM

@ Sancho_P

Edit: by that I meant the false sense of security in the mind of those who are watched.

AlanSDecember 21, 2014 9:10 PM


If Yoo thinks he's following John Locke, and you believe him, you are both a little lost. Sure you've got the right John Locke? When did torture become the "public good"?

"...his memoranda were repudiated rather quickly by OLC, so even if they were rooted in Schmitt, they're hardly representative of American government."

They tortured people. Lot's of people over a number of years. And Yoo argued, along Schmittian lines, that the executive had unfettered power to act.

de Greiff or DornerDecember 21, 2014 9:30 PM

@Daniel, emergency is a meaningless word, mais non. The legal meaning and procedural requirements of emergency are set out in ICCPR Article 4; compliance is subject to independent review, not by the shaved apes of the supreme court but by an elective panel of international experts; and wrongful acts in breach are subject to reparations, restitution, compensation and satisfaction, enforced by erga omnes obligations.

It seems as though emergency is meaningless only because key officials and the public are kept ignorant of the binding law that remained when this government set the constitution aside. If you didn't live in a propaganda bubble tighter than North Korea, every citizen would be holding the government to the binding standards of its own commitments. Despite all the state propaganda, people are catching on and going over the government's head to the legitimate authorities.

RichDecember 21, 2014 9:31 PM

Obama may be walking back some on blaming N. Korea for Sony's woes:

It's not an act of war but cyber vandalism.

ThothDecember 21, 2014 10:39 PM

@USSA, Nick P, Clive Robinson, high assurance people et. al.
So, Riseup, have fallen to the HSAs this time ? I say Riseup may have fallen to HSAs not because of a knee jerk reaction to the email on the Riseup Tor Server getting owned but because if someone can pop the covers on the Riseup Tor Servers, the likelihood someone can compromise other servers owned by Riseup is even more real.

This is where the usual low assurance lies in. You don't need to hack the crypto Tor provides, you hack everything around Tor itself.

Tor has lots of problems (traffic analysis Clive suspected) and many others. The one mostg fatal error is probably the low assurance mechanism used to deploy Tor agaist HSAs like NSA, GCHQ, BND and the likes. Probably I would say a lot of them are implemented with errors as well and the low assurance turns out no assurance at all.

Tryig to medicate a dying horse (Tor) to make it run alittle more is abit too much but there are too many people relying on that dying horse or do not know how to move over to something better (does it exist ?).

The use of stock supplies for running Tor in the usual configuration (COTS rack server) and really hoping someone walks in and intercept the Tor Server. It is asking to be compromised in the stock setup anyways.

So what's the solution instead of just whacking at Tor ? Well, here's some LOW/MID ASSURANCE setup to get you going.

| |
| A Hardware Assured Secure Execution Environment (HASEE) ~ Thoth |
| |

1.) If you host a security setup in a public/shared place (Server/Web Hosting company), you have no assurance. Period. You allow someone to walk in and out and touch your rack (regardless if they are caged). The security guards there have your rack keys/spare keys and do not need to obey you.

2.) The entire setup here would be a home setup and you would be taxed on resources and cooling equipment.

3.) The setup WILL mention the use of self-destructing mechansims including THERMITE which many of you have a really bad knee jerk reaction so if you disagree with the THERMITE part, you can ignore that part. THERMITE is optional.

4.) You will need a hardened steel vault that uses a traditional key (not electronics). Reason is to prevent someone from shorting out or hacking the vault circuitry and we all know how easy it is to hack into an electronic vault :) . We will call this your primary vault.

5.) All vault piping should be encased with metal encasement (optional/recommend/low-assure) and for higher assurance, detection mechanism of breaking of metal encasement (optional/recommend/mid-assure) by means of an internal circuit to detect unauthorized entry of metal encasement. Setting the metal encasement as an air-tight setup would turn the piping into a faraday's cage on it's own and provide certain levels of EMSEC capabilities.

6.) In the case of the use of thermite setup, the vault must be surrounded by thermite resistent setting of at least 3 layers of thermite resistent bricks of thickness at least of 90mm. (Nick P and Clive Robinson could help with this part)

7.) Vault must have ventilation ports at the bottom and side of the racks and a secondary thin metal plate with ventilation ports to alternate the openings for ventilation to prevent direct probing attacks. The ventilation should have a directional nosel pointing downwards to make direct probing even harder.

8.) For thermite setup, the critical components should be linedin a straight line directly under the thermite tube an have thermite resistent bricks acting as tubes to guide the thermite flow. For the thermite must be setup at the highest point of the vault directly above the critical components with thermite bricks as guide. The top of the vault must have additional protection to prevent tampering with the thermite canister.

9.) Chipboards (Raspberry Pi, Beagleboard, Arduino board) would be used as the CPU and maybe clustered (physically by GPIO pins, serial ports or network cables) within the vault. There are currently no known SEE chipboards so it is only possible to make do with these chipboards.

10.) Module segments in the vault would be segmented by capabilities. There will be a HSM Segment for secure cryptographic capabilities, Tor Segment for hosting Tor binaries, CC Segment for Command & Control capabilities. All of them will use stock chipboard as mentioned in #9.

11.) The OS should be a hardened or high assurance kernel. If possible, the seL4 kernel would be much recommended but if unable to do so, use OpenBSD.

12.) The HSM module(s) can be clustered to handle crypto loads. The HSM should be at least FIPS 140-2 Level 2 compliant up to Level 3 compliant. What this means is the secret keys should be secure within the HSM and in no time should it leave the HSM in clear form in Level 2 mode and in Level 3 mode, the HSM should not release the secret keys in any condition. All security operations with crypto mats should be directed to the HSM.

13.) The HSM software should consist of a trusted codebase and untrusted codebase. The hardware should have tamper circuitry of certain levels to deter tampering. The HSM chipboards are to be rested in a metal case with lid switches on the four corners of the metal case and one additional central lid switch on the middle of the chipboard. The lifting of switch would wipe the entire memory of the HSM. An internal battery should supply the HSM with sustained power in the event circuit trips. This is the minimal protection the HSM module should have. The use of serpentine form of electrical meshing, light sensors, motion sensors, noise sensors, EM sensors, radiation sensors, temperature sensor, humidity sensor and such on the HSM chipboard to defeat various probing and intrusion attempts should be optional according to one's abilities to manufacture the HSM. Immediate wiping of the entire HSM memory (volatile or not) is mandatory when a sensor trips. EMSEC protected HSMs are very much preferred. The use of COTS HSMs are very much welcomed but due to the possibility of backdoors on the crypto chips of the COTS HSM, it can turn out to be a risk.

14.) The HSM trusted codebase should contain a MMU/IOMMU, a codebase in a safe and correct language (Haskell or Ada) which can be verified. The crypto-library should be mathematically verifiable or you can use CRYPTOL and port it to a format accessible to the codebase. Note that CRYPTOL can be accessed by Haskell. Permission controls of key mats should be embedded into the codebase and every key mat (called a key blob in HSM parlance) contains a key permission list, approver signature (HSM signed and key custodian signed) of the key, the hash of the key, the key label and the key mat itself. The key mat should be strongly encrypted by a root HSM key. An API for accessing the trusted codebase must be available. An API for the general usage of the HSM should be made public as well.

15.) The HSM untrusted codebase must access the trusted codebase via the API calls for additional functionalities like outsourcing of computations to a cluster of HSM. Computations in the cluster must share the same environment (root HSM key) to operate. Permissions are to be gradually escalated for more trusted functions but keys must obey FIPS requirements of never leaving the HSM when not authorized or in clear form.

16.) The HSM root key should allow secret sharing in case the root HSM key should be shared between K/N or M/N admin key custodians. Operator key custodians (operator functions) could be used to group the other keys if necessary.

17.) The CC module would be used as the nerve center to control the activity of the vault modules and must be coded in a safe language (Haskell or Ada). It should not perform crypto on it's own if possible and leave the crypto to the HSM modules. The main use of the CC modules is for the operator outside the vault to send and receive requests/response from the vault operations. only a single network port or serial port is allowed for the CC module and it uses a customized secure comms protocol to communicate with the user (user must install a comms suite). Authentication should be done with PKI and the CC would host a Secure Directory and Secure Log in itself. The user should use a security token and a PIN to authenticate themselves. A Net Management Unit (NMU) to filter the commands/response is necessary before encrypting the message and sending out or receiving. It should in all be a trusted codebase with a secure comms link via NMU control, user permissions, PKI-ID via Secure Directory and a Secure Log signed with a CC module Log Key hosted in the HSM.

18.) The Tor modules are the least trusted on the list and are to be erasable and reinstalled on demand by the administrator of the system. They should communicate with the HSM for crypto and receive commands from CC module and be discarded when unnecessary. Their memories should be volatile only so in the event a tamper trips a power supply, the internal state of the Tor modules would immediately be wiped to protect the Tor users from further compromise.

19.) EMSEC requirements for protecting the modules would be highly advisable when affordable.

20.) Emergency kill switch and tamper lid switches would be mandatory and range from a series of actions that can take place. The most severe would be hardware destruction (thermite deployments if available) or zeroizing of all keys, memories and storage. The priority should be to zeroize the root HSM keys and HSM keys before going for other components.

21.) A ssafety mechansim for the thermite deployment to not allow thermite to be triggered when a repair/operator opens the vault for maintenance would be required. (Clive Robinson and Nick P can help here). I would suggest the operator (or a few operators over a quorum) and a authorized custodian (or a few custodians over a quorum) to both login and disable the tamper mechanism together to the CC link and setting the vault to maintenance mode (which would not trigger some of the traps).

This is a very rough sketch of a HASEE Tor Server Vault which is still rough around the ages and anyone can suggest improvements to it's design. The component for the Tor Server Vault can be used in other scenarios (you can learn to build your own HSM) that you need.

ThothDecember 22, 2014 12:11 AM

It seems like torrenting from a centralized model was not the best idea and now an attempt to decentralize it is coming:

A better way to distributing the torrent files is via turning all torrent clients into torrent distribution servers as well. This would become a potential pain in the neck as anyone (including legit torrent usage) would become somewhat MPAA/RIAA/HSA resistant as you would have to regard all torrent users as illegitimate. each client during idle periods would hold tiny caches of torrent files and distribute/propagate a hashtable of known torrent files held by clients. Every torrent client would have some form of a small cache of some torrent files and would allow the network to always have certain contents available somewhere.

FigureitoutDecember 22, 2014 12:37 AM

Thoth RE: TOR
--They do the best they can w/ the funds they have knowing all the devs PC's will be targeted. There are few to no "competitors" and the network can always be strengthened w/ more use which I why I said a "civic duty" on behalf of privacy advocates would be to make a blog made thru TOR and random email account on TOR to add to the network.

RE: "HASEE"-lol the names...
--I would probably call it more of a physical/OPSEC strategy, which the mental framework is pretty good; engineering details are sparse which is where the real fun starts.

If you're so intent on using thermite, for your server or disks, just have to have bare minimum of like 6ft of VGA/USB/PS/2/HDMI/whatever cord for the keyboard, mouse and screen (assuming a normal setup, or just ethernet and tunnel in). Assuming no one would be so dumb to setup their thermite real close, probably deserve the burn (or hands melt off) "playing w/ fire". You could also just keep your keys on rolling papers dipped in kerosene or oil, then ignite w/ a butane torch for the coolness factor. I have a design in my mind for a thin torch device which I guarantee has already been made; essentially one of these torches and metal screen around an external case. On trigger, screen opens partially, burns, drops ash into ash tray or have a CO2 canister just blow a puff of CO2 on ashes; done. I have a pellet gun that does the CO2 thing lol. I'd say take measures to never have such secrets need those precautions all of a sudden, but to already be tucked away.

For EMSEC you need a primary shield of the room, then shielded room, then shielding for PC's (shielded cables, etc.). Problem is, some cables can only be manufactured practically by factories (embedded bugs wired to power lines in USB cables for instance). Air flow is a perpetual problem as you can fully enclose a box for obvious reasons, the air vents will be biggest holes...

As far as the boards, RasPi/BBB/Arduino aren't by any means your only options. There's at least hundreds of dev boards you could get, proprietary of course.

Separating modules EMSEC wise is a great idea, only connected via bus lines that get shorted by jumper pins when not in use (probably SPI/I2C/etc).

Focus on porting some homemade kernel to hardware first before trying seL4. Go for low earth orbit before landing on the moon.

The rest...look how are you going to integrate all that? You'll drown in implementation details. Maintaining the OPSEC all that time, it physically drains you, kills you, you don't sleep, barely. You have to plan the times you need it, get it over w/, then relax.

Look at what Markus Ottela did, he's got a chat client on a RasPi. How many attacks could be leveraged against a bare RasPi just chilling unshielded, not physically secured, etc...? A ton, but it's small and mobile. Probably attacks still lurking in python code. But if he's shown that it's practical to get decent bandwidth thru a nice homebrew Data Diode design w/ 2 serial ports and opto isolators; that can be expanded. I'm planning on using that design for a box touching internet after a firewall or two (which can be net-tapped to either a server or local PC running Wireshark storing all packets). Then I can send documents or software I need from the PC one-way to my research PC. Probably opening files and observing any obvious malicious activity. In that PC I can just copy/paste data to text file and make copies of pics from on screen, cutting out malware *there* at least.

What I'm saying is try to remain practical and not get too off into space, if you want to actually have a product. And practice w/o *going live* w/ fakes first. If you got "HSA's" following you, go analog. If you got random criminals/creepers/mobsters, get a gun.

OT: "Crypto Photography"
--Interesting concept, w/ some potentially practical uses. I've wondered if I could do something kind of wierd like this w/ radio, the actual protocols not the data though.

It's a rooted camera w/ custom firmware that encrypts photos immediately. If it can get some sort of RF module to if need be immediately get photos out and have keys stored elsewhere to document authorities killing innocents somewhere, that'd be very useful.


Clive RobinsonDecember 22, 2014 1:25 AM

@ Thoth,

I use smallish free standing commercial safes for such work.

As I've indicated before these are lined with a "fire clay / brick" liner for two reasons. Firstly so the thermite is not an external fire risk and secondly and more importantly, whilst thermite does generate a lot of thermal energy for a short period of time if it's surface thermal leakage is high, it won't destroy the chips and HD platters beyond recovery.

This level of thermal insulation can be a problem depending on how much energy is consumed by the electronics as the internal temprature can rise to the point where the electronics becomes "life shortened" or unstable due to actual silicon chip temp.

Currently I've found that simply using simple thermal managment using fans and heat pipes works. The heat pipes run from the outer metal case, through the fire liner to a simple black anodized heat sink mounted above the electronics with a low voltage low energy fan to circulate the internal air through it. The fan wiring and the heat pipe supports are mechanicaly configured to be immersed in the thermite in such a way that they become "thermal fuses" and cease to conduct heat when the thermite is triggered. I had thought about adding a source of oxidizer such that the aluminium heat sink it's self would burn, but decided against it.

As for "anti-tamper" you actually need very little to do this, you need to design a little "key store" and "alarm unit" using the likes of a Microchip single chip microcontroler. It has several functions to carry out, which are, monitor the anti-tamper circuits, trigger Mother Board hard reset, trigger thermite and store a master key in a semi secure way.

There are a whole host of ways to determine from within a closed safe if it is being tampered with externaly and range from simple trembler switches through heat sensors, microphones and radiation detectors. There are however limits on what you can achive against attackers using the likes of disruptor charges and water drills and thus you need external proximity sensors as well as carefull room/area design. In essence when an entity enters the controled area a timer is started if certain actions are not carried out then various actions follow. The down side of this are "false alarms" such as a heavy truck going by in the street or road works causing movment tremblers etc to trigger. Such false alarms cannot be stopped only mitigated against by having multi level alarms driving multi level responses, you don't want to trigger the thermite unless you realy have to, as not only is it expensive on units it's messy as well requiring a clean up crew with hazmat experiance.

Thus I would urge people to consider ways to avoid using thermite if possible or very much restricting what it needs to destroy.

Thus if you can get all your crypto keys stored and processed on a SIM or Smart Card then it's only this that needs to be toasted. The use of IME's to semi mutable storage if correctly designed means that only the crypto keys in the IME need be negated, and there are ways to do this effectivly with software solutions. Likewise crypto keys used on the mother board can be protected by various software techniques. I've discussed some of these before on this blog with Nick P and RobertT who had seen the use of Lorenz attractors (chaos) to protect in memory secrets.

ThothDecember 22, 2014 1:31 AM

You can say it's poor OPSEC that is why lots of Tor servers are going down and out. The default configuration of a plainbox in someone's else closet would be the most unwise. Is that poor OPSEC problem ? Of course. It is OPSEC that is hard to do right. You can have a 30 character split password and what not but someone enters the room and the plainbox and that's over. That is what almost every other "security setup" is doing.

If you start from a hardened box that self-protects to some degree (thermite is just for extreme cases) and you put the hardened box at home , you are still in control to a good degree. I would say TFC is a good idea but it misses the mark on the current topic on Tor boxes security by a margin. Most Tors are running stock server/machine and gets compromised without much trouble. For those who want Tor to be alive a little longer, it's about time they consider making use of their basement or attic for hardened Tor servers (without the thermite for the faint hearted). The issue I do foresee is the network flooding into their house network for Tor services.

It might sound far fetch to sit down and consider how to architect some safety from physical entry for their Tor boxes and run it all de facto and get owned big time.

In simple, for those whining, sit down, rethink and do something...

There might be a ton more chipboards than those I mentioned, so take some time and look around. You can have a custom board if you have the capability as well.

The current fatality with Tor is physical security. I am not surprised people are hosting Tor on some VPS server or something of such which is why they get badly owned.

Most Tor "routers" and "anonymity access point" products are just so badly designed in terms of physical security and the ease of getting into hardware is getting much easier.

The HASEE is just a low assurance to mid assurance variant. It could have been a much higher assurance version but it is going to make a lot of people whine about it's impracticality for most part of the posts below and I doubt Nick P would want to dive into a higher assurance version of the Tor server vault due to the impracticality beyond much of what I mentioned. The mentioning of thermite is an explicit option (in case you didn't notice that).

The dream of security on stock boxes off the shelf is just insecure. It is about time efforts are invested into turning the tide around even if it meant a high assurance CALEA like Nick P's design that must be properly engineered to prevent any possibility of misuse and accountability of CALEA accesses to both owner of the box and the public.

As you said, go analog, if it is possible for Tor boxes to transmit analog but the problem is not analog or digital. The problem is the security of the boxes itself.

The feeling of powerlessness is understandable as facts are being dumped in our faces by compromises after compromises of supposedly secure setups not just by OPSEC but by something we feel pretty helpless (physical security).

Apart from the thermite episode, here's something to expand on the practicality of the above setup. Get metal sheets and bend and weld them to a rectangle shape. Make a front door panel and set a key hole. Make sure all corners are properly welded. If you are worried about someone knowing the key design, you can make your own one if you are good at it otherwise a commercial lock is quite good enough. Don't forget that simply taking the keys and unlocking the front panel would not disable the tamper alarm. A quorum of admins and operators must enter the system console and disable it as well before turning the key to opening the front door.

Maybe adding a siding cabinet type of access to load the modules onto a sliding cabinet tray that have I/O bus pins would be a good idea. Operators could slide the cabinets of the main vault box and load their modules in. The critical modules themselves have their own casing and tamper circuitry as well so it's going to pose another level of headache to attackers. The vault box does not have to stop someone taking a power saw or a drill bit from entering the box. What it needs to do is trigger the approriate response to the appropriate threats. If the attackers are going physical, a double or triple layer security mesh would trip them up and erase the modules. The roof and sides (including the door) can be lined with a fine copper circuit mesh (security mesh) so that drilling or sawing would break the copper mesh and trip the circuit and trigger the traps. A fine industrial security mesh (about 2 to 3 layers of them) would meant the attackers have to use precision lasers to burn the mesh and connect the circuit (not very expensive for equipments but time consuming and must be well-trained). This is where other sensors to complement the security mesh and lid switches comes in.

Regarding crypto-photography, you could technically do that. Current circumstances looks like rooting is needed.

ThothDecember 22, 2014 1:54 AM

@Clive Robinson, Nick P, Figureitout, USSA, high assurance people et. al.
A better way is to equip a tiny drill bit aimed on top of a small microchip that stores the key memories. Since the microchip is very small, a tiny drill bit of sufficient size could be used to drill the microchip to dust when triggered. Motors taken from toys and amplified maybe enough to drive a tiny drill bit through a small memory chip with above assumptions.

Another method is a good steel casing with a fragile memory chip and a shape charge and some form of explosive absorbant. The shape charge should only be strong enough to blow up the memory chip but weak to be contained within a reinforced steel case and explosive absorbant.

Found some interesting physical protection mechs from a web search:

FigureitoutDecember 22, 2014 2:39 AM

--I'm not going to address all that now, go mobile if you're really concerned about physical security (means take it out to other threat vectors). Take your PC into the shower room, lock door. Store PC under mattress so you must be moved to get to (can still break in and inject temp. anastesia).

Replace the TOR server monthly which is still streaming TOR traffic thru a 'net connection you set up (covering that up takes a team and more work). Upstream or downstream that there are devices which can be planted which do something I'm not quite sure; it's weird. Get RF warnings for perimeter breaches, the sooner the better. Change connections frequently.

See how it's too much for one individual! Don't fall in that trap! I'm telling you right now...

Nick P won't run TOR server b/c it's too much a risk for him; he doesn't "host". He won't take on risk to himself, it's why he pushes everyone else to fight gov't, and complain they don't do anything when he knows that's how you get targeted. Also got him to admit he doesn't even vote when he tells everyone else to vote. He's got his grudges and he's got the poisoned mind of being targeted, paralyzing him...

Gerard van VoorenDecember 22, 2014 5:07 AM

@ Thoth. I don't know what you all want to do and whether it is a hobby or necessity but I think Figureitout is right. You can build all the security in but all it takes is one mistake. Remember how Bill Tutte broke the Lorenz SZ40/42 cypher as an example for this. It only takes one click on a Flash script or a bad Java Applet that you aren't even aware of. And AV doesn't work against the governmental stuff. Besides that all you still need expert knowledge on a large array of technology. As I said before, I still prefer true anonymity because that keeps the SWAT teams away. If you need anonymity and the *mainstream* technology doesn't provide it... don't use that technology.

ThothDecember 22, 2014 5:29 AM

@Gerard van Vooren
Yes I do agree with how fragile security is. Security is very easy to go wrong with just a single bad click. What I am saying is that the current trend of problems is usually hardware security. You could get a great protocol whatever it is but it needs a physical form the manifest. A stock server or stock machine won't work anymore these days.

As I have iterated, true anonymity will not be possible in the current light of technologies and Government interference. It is not just one technology that has shown incapability of providing anonymity but a whole sleuth of technologies that the modern Internet is built on that does not provide in the loose sense of true anonymity.

In regards to my original post which contains the problem of what seems like a physical security attack, I prescribe the exact specifications for the exact problem. Of course OPSEC and all that are highly regarded as long as every single link along the security chain is perfectly executed (which rarely happens). A weak chain is all it takes as you guys have iterated many times and which I fully agree.

It can be regarded as an expensive hobby I guess...

Clive RobinsonDecember 22, 2014 6:01 AM

@ Figureitout,

. He's got his grudges and he's got the poisoned mind of being targeted, paralyzing him...

The feeling that you are walking around with cross hairs on you is both mentally and physically debilitating.

It's happened to me a couple of times, and all you can do is "try to act normaly" and it is an act when your mind&body are screaming at you to hide in a hole. In the army it has been known as "long gun fever" and just one man (the sniper) can destroy the "battle rediness" of a regiment sized group, or a group spread out over a couple of square miles.

From what I've been told quite a lot of Americans are still getting mental health care over the "Washington Sniper".

For a sniper you know that if the enemy catch you, there is no international treaty that will save you, their commanders will look the other way whilst the troops beat you to death or if you are lucky just shoot you. That is as a consequence of the fear snipers induce, which is why snipers are generaly cut a lot of slack by their own side, especialy their commanders.

The same dibilitating effect has been induced in people by various IC agencies. Thay use all sorts of quite simple tricks to instill paranoia in you and will find ways such as disturbing your sleep to make it worse. They know that in a normal person one of two results will happen fight or flight will kick in the body will kick out stress hormones and this will be detectable by those normally around you making things worse and you will either become debilitated from fear or rage at the most minor of provications. In the latter case they know it's easy to push you into lashing out in some way, which usually results in the police being called etc. In the former people frequently seek out chemicals to try and rebalance their bodies and minds. Either way you are nolonger capable of being effective.

If however you know the game they are playing and you have the right mind set, you get revenge, not by rage or violence but by "turning the tables" and playing them. During "the troubles" in N.I. various people under observation used to pull tricks on the watchers and keep them stressed out with the result some of them raged and became violent or alcoholic. Each little victory against the watchers is worth more than any therapy or chemical can provide.

But at the end of the day it usually achieves nothing for either side, except wasting their lives, in the case of the watchers they generaly don't survive into middle age without medical assistance due to the damage of the stress hormones. It takes a dogged and unimaginative personality to still be "at it" at that age, and they frequntly pay for it via divorce etc...

For the watched, all they realy want is "the monkey off their back" and where they can they they "slip away" where they cannot be found often into other countries. But as those who have done it can testify, "life on the run" is not glamorous and you end up looking over your shoulder and not trusting people, which for those that are "social creatures" is hell.

These problems were known about back in the Victorian and earlier times from the likes of Jeremy Bentham and his Panopticon design back over two and a quater centuries ago. It's been said that his ideas only became possible with the advent of CCTV, which we now find on nearly every street corner in the UK.

GrauhutDecember 22, 2014 6:37 AM

@Skeptical/Alan S/Bob S

The kind of lawless lawful system we are living in since the NATO war declaration after 9/11 has a name, Ernst Fraenkel coined it "The dual State".

Most people today think the nazi era in Germany was a lawless time with blood in the streets. It wasnt. It was like today, some were acting above the law taking others any kind of rights, for the rest of the people there still existed a working civil law system. Thats why the people dont stop to believe they live in a working lawfull society.

"The Dual State in which he analysed the political system of the Nazi state. For Fraenkel it was a "normative state" (Normenstaat) which secured the continuation of capitalist society for those Germans not threatened by Nazism coexisted alongside a "prerogative state" (Maßnahmenstaat) that used legal sanctions as well as brutal violence against people considered to be enemies of Nazism and Nazi Germany."

In the moment the gestapo comes to arrest you in gitmo its to late to protest.

Bob S.December 22, 2014 7:05 AM


Dual system state...exactly.

At least one TOR server was taken down by some government agents over the weekend and involved plugging a USB device into a server. Apparently the specific target is node directories.

Even if TOR comes back up certified clean, attacks by governments will not cease.

It seems when our government does it, it's legal. When someone else does it, it's illegal and they are hauled off to the gulag. A dual system.

It's sort of a parallel reality. One for them, another for us.

BJPDecember 22, 2014 10:36 AM


We often agree here. This time we do not. Maybe I'll regain some cred. :)

Many people have granted undue weight to the concept that, if whomever hacked Sony did not do so at North Korea's behest, that the presence of TTP seemingly linked to the DPRK can only represent an intentional effort to frame the DPRK, and thus subsequent behavior (such as posting a video denying DPRK involvement) appears counterproductive to the presumed effort made to point at DPRK.

This posits a black and white selection between clearly-DPRK and not-DPRK-but-wanted-to-appear-as-DPRK, while ignoring the excluded middle: J. Random Hacker, aware of the fact that malware samples (including those that may be accurately attributable to a nation state) end up deposited at malware libraries from which anyone with a desire to do so may download, modify, and deploy them.

In deploying such found malware, one may, or may not, elect to make use of the "shared" proxy infrastructure the malware used previously. See for a rather detailed take down of the claims that the IP infrastructure used against Sony somehow indicates DPRK involvement.

I also note with interest that the claimed GOP messages did not mention the movie a single time until news of the hack broke widely in international media and speculative attributions to the DPRK, due to the upcoming film, began to appear all over the net. Only once those claims showed up everywhere did the alleged GOP messages reference the film. (Side note: I'm not sure how the media, Sony, or FBI have sought to authenticate pastebin-posted screeds as having originated with the same crew that hacked Sony, but in the past as in with serial killers I have always seen reference to some held back shared secret by which law enforcement assumed authenticity vs copycat. Haven't seen that here, certainly not in the public pastebins.)

I won't deny that potential classified evidence may make it overwhelmingly obvious that the DPRK initiated an attack on Sony. At the moment, though, the public "evidence" offered amounts to nothing. Nothing. With a history of declaring Hatfill behind the anthrax attacks, or declaring a YouTube video behind the Benghazi attacks, or proposing Rube Goldberg contraptions to decloak a Tor hidden site that reek of parallel construction to zero in on an already-identified target, DOJ does not speak from a position of good faith.

Rather than posit nefarious motives, I think it more likely that FBI simply has it wrong. Perhaps from too credulously accepting Mandiant's claims, perhaps from top brass pushing careful analysts to make leaps of faith to save face, or even, perhaps, on the heels of a 13 month effort to reform Cuba relations, as part of a multi-pronged administration effort to pressure the DPRK in a way that forces them to open up.

Extraordinary claims require extraordinary evidence. That the very first salvo of public "CYBER WAR!(tm)" lobbed at the USA consisted of a data exfiltration attack against a Japanese entertainment company, and not a nuclear reactor, or hydroelectric dam, or power substation, or financial hub simply beggars belief. And if one accepts that the targeted Russian attack on the NASDAQ counts as a cyber-offensive move, or that successful Chinese efforts to steal F-35 technology from defense contractors count as one, then the question of "why the hell would we say the balloon has gone up over a private, foreign firm" gains significant relevance. I do not want to believe we will only attribute cyber-warfare (as much as I detest the phrase) when it comes from an enemy (DPRK) that we do not need financially (PRC) or that has more nukes than we care to defend against (Russia), and only when it strikes something as exceedingly irrelevant on the global scale as a movie production company.

(Meanwhile, I cannot hold back ironic chuckles at those who would damn NSA's surveillance efforts while faulting them for "not protecting America (Sony)". Logical consistency called and requests you buy a clue.)

FredDecember 22, 2014 11:28 AM

@ Figureitout "... if we could just get everyone to wear a tinfoil hat..."

When will too much OPSEC becomes too much OPSEC ? That's OPSEC with a(tm). and then some schmuck will tell ya the best OPSEC is no OPSEC.

Marcos El MaloDecember 22, 2014 1:28 PM

Seems to me that the DPRK and G.O.P. link could be retroactive. If G.O.P. is only in it for the money, why wouldn't they enter an arrangement with the DPRK? Why wouldn't the DPRK jump at the opportunity, since the G.O.P. provides a layer of deniability (and could prove it already had the goods).

Nick PDecember 22, 2014 1:36 PM

@ Clive Robinson

Good guess. One thing turning his claims on its head is I *was* highly active in security engineering, activism against corrupt government, hosting Tor/Freenet, and so on. The results of that are that I have a high risk of imprisonment/torture/death, no references of INFOSEC work, a shit job, dollar to dollar living, and very little property. Among other things. If my stuff annoys them, they'll seize it. If I'm seen as a threat enough, they'll create a trumped charge like copyright infringement because I did Bittorrent or posted someone else's work here without written consent. So many things they can do.

Far from a grudge: people are actively, right now, doing things that prevent me from protecting them or myself without having what little is left taken away. And the people I'd be protecting wouldn't pay me or even give a shit when I was gone. Not very motivating. Meanwhile, I'm still designing, posting, training new people high assurance (eg Thoth), working on business models, trying to source funding, and assessing the risk of international business given CIA's torture flights & NSA export influence. I'm not sitting on my hands but I'm also not jumping up to activate their point-and-shoot reflex either.

Yet, people in Germany didn't expect service providers to give the middle finger to the SS. It would've only resulted in one less service provider or new management/ownership compliant with SS. I wonder why people like Figureitout expect me to try the same stunt in this semi-police state given the results would be the same. Actually, have been the same for a number of colo's FBI has put out of business because one customer was under investigation and they seized everybody's stuff. Then there were situations like Lavabit. Then various FOSS projects shutting down mysteriously. Everyone trying with real success seems to disappear one way or another so that's a losing battle without a lot of leverage on powerful people. Honestly, I think it would take support along the lines of the Koch Brothers or Goldman Sachs to have a chance of winning. Real political and financial heavyweights with people all in Washington. I'm currently flyweight so...

Note: Even the at-high-risk Tor developers get paid, can replace seized assets, and have no single point of failure. Not true for me.

poiuyDecember 22, 2014 2:22 PM

Blogformat suggestion for Bruce: give an option to collapse all comments to one-liners. (This would make burying comments less effective.)

Bruce PerryDecember 22, 2014 4:30 PM

Just discovered through careful observation a DVD laser light hacker/cracker issue. Ran a Free Software Foundation Trisquell install and watched very carefully the logs and noted a script placed on the computer which anticipated the DVD drive being there when I restarted. The script was trying to replace my loop on the hard drive with a non-encrypted loop so it could be spied on (or so I presume). I saw the air go out of the room wherever these "smart" hackers were when I simply disconnected the DVD drive. Upon restart the computer looked for the nonexistent fake drive that was going to be some portion of SR0, the normal output of the DVD drive. Watch those air-gapped computers.

I wonder if Richard Stallman would be interested to know the malware hosting this hack was a Windows 8 operating system which has been thoroughly and badly hacked. By what appears to be 20 users more or less, including the non-administrator mode my wife uses which has the name of my wife plus _0000 as the user name. Seems Micrososft places about that much importance on the end user's safety, the end user being my wife. Probably more than 20 hackers but that appeared to be the count last night.

One of the hackers even had the gall to put malware or something on the machine and called it "install-clap". My wife said no one uses that term any more and I suspect she's right. We do have some age on us which makes the insulting term put on this computer which is my wife's computer. It gripes me like the devil himself.

Question for Law Students at final exam time: Discuss the liability of Microsoft and any company that had its software used in this hack to the Free Software Foundation, Richard Stallman, the Trisquel developers and the owner of the Linux box who has no agreement with Microsoft concerning Trisquel.

Incidentally, we buy our software except some free use applications although I'm presently locked out of some of my license codes. Haven't watched porn in several years here although I do visit the home page of one of the high traffic porn sites now and then on my machine to keep the lights on, however dim they are, in the minds of the moralists in this part of Appalachia. Don't download movies or music. Pay for our NY Times subscription and subscriptions to Harper's etc. (Harpers has the best writers and best archives going back to about 1850 so students of history have much to gain from a $14 Harper's subscription.

Although I really don't want them knowing what writers I enjoy reading from the 1800s

BPDecember 22, 2014 4:53 PM

Hey Trip.

That ARS Technica article was perhaps caused by recent gossip in Germany about the old Krupp steel works having to fire up again and begin making modern versions of "Big Bertha" because of NSA hacking. You remember Krupp don't you. You know they're the family owned company that had to find a male heir to marry Bertha because in those years the Germans didn't take kindly to ladies owning a company. Seems they had a terrible raid at the end of WWII and lost most of their factory to poachers steeling the steel works and presses - just some folks looking for a little loot to poach and they were said to come from both the East and the West.

Of course, those old Krupp family drove a hard bargain since the 1500s or so when they first sold knives, swords and such. By WWI they sold arms to the British and collected royalties based on how many German soldier's those old cannons the Brits purchased had killed. Not a joke. Might be called treason by some but we in America don't have to look far today to see similar hard bargains being fought for over our young soldiers in the our Corporate/Spying/Tech/Military/Industrial-Complex that exists here.

Nick PDecember 22, 2014 11:17 PM

@ Andrew

Wish they did key and damning PowerPoint slides instead. BULLRUN esp. Good news is they have the one I invented and posted here before the leak: RAGEMASTER. Might get it in the future. The mug too. ;)

ThothDecember 22, 2014 11:49 PM

@Nick P, Andrew
Anyone thought of printing one's public keys on the clothings and walking around with it ?

Try walking through Airport Security with one of those NSA printed t-shirts and I wonder if those people there would raise eyebrows. Or maybe print @Bruce's picture (with @Bruce's permissions) since @Bruce attack the TSA very frequently.

ChristopherDecember 23, 2014 2:30 AM

Sancho_P • December 22, 2014 12:36 PM
Secrecy (e.g. to cover actions) from top down is always wrong.

Not sure if I follow your jist there. What does that make of secrecy from botttom up? Is it less wrong, as wrong, ro so wrong?

Sancho_PDecember 23, 2014 10:31 AM

@ Christopher

Instead of direct answering I’d like to ask if you didn’t mean "privacy" from bottom up?

Secrecy is often used to hide wrongdoing, turn it around, wrongdoing of authorities is always (tried to be) hidden in secrecy.
Nothing against privacy, but the part “authority” has no privacy, it is not private.

Let’s take the “boss”, you may have privacy as the person, and secrets in face of your employee A when it goes for personal details of employee B.
But when you start having secrets in your relation with A - which is your partner and aid - you will fail.

“There is no crime, no ruse, no trick, no fraud, no vice which does not live by secrecy. Bring this secrets to light, unveil and ridicule them to everybody. Sooner or later the public opinion will sweep them out. Publication may not be enough - but it is the only means without all other attempts will fail.”

(Joseph Pulitzer 1847-1911)

[Apologize my attempt to translate, didn’t find that in English]

HenryDecember 23, 2014 10:57 AM

@ Christopher said, "Not sure if I follow your jist there. What does that make of secrecy from botttom up? Is it less wrong, as wrong, ro so wrong?"

I can answer that for you. Secrecy from the bottom up is always wrong.

FigureitoutDecember 24, 2014 1:36 AM

Thoth RE: TOR-based OPSEC
--What you're getting at is also mostly physical security, which is impossible w/o having at least a pair of people switching off staying by the server/router 24/7. W/ a group of 4+ people who strongly trust each other, that's doable. Most people won't even be interested in that amount of security, but that's what it takes bare minimum.

What we need is a mobile bridge/router for TOR if you want to contribute to network for little chunks of time. I won't get too deep, in that you can make traffic analysis worse that it already is by "randomising" when you contribute.

Agreed w/ most of your points, I won't bring them all up as they're there for people to read (even my big point EMSEC, b/c I came across some attacks which I find hard to have succeeded any other way..but just pulling the ethernet plug, removing wifi and bluetooth cards and antennas is pretty good, at least for well-developed attacks). It takes TIME pure and simple to run thru implementing a modern SoC, even small ones, let alone the AM335x by TI in a Beaglebone ( ). I notice that many of these SoC's have their main chunks separated and only connected by CRITICAL bus lines, tapping those lines is game over; assuming a clean PC (lol), clean power, last major way in is compromising emanations. To be up and running in this century after evaluating something of that magnitude, by yourself b/c it's a "no-trust" environment today, still so many unknowns; and it's back to TTL chips and bare bones circuits which won't be easy to connect to a compiler, which is another killer area, let alone any meaningful comms w/ the circuit. Even then still, based off what all you can stuff in these SoC's, what else can you stuff in a normal sized transistor and other components..? Then, even after all that, there could be intentional lies in there mandated, giving false data and there's really no meaningful way to test for real security of these SoCs.

I mean, I don't care b/c I enjoy it when it works, just can't even say for sure. And that's really annoying.

Gerard van Vooren
--Thanks for backing me up. We probably won't ever agree on "the evils of C", until I see a real practical alternative and force myself to learn it. W/ regards to just making one mistake, it's a problem knowing exactly where to start and if you're putting holes in from the start using known backdoored PC's to develop it...few to no alternatives so it's bare bones circuits and pencil/paper for what you really want to protect.

Clive Robinson
--Don't really need to tell me much of what you said, but for others and "future victims" I suppose it's good to hear. I could never stand being in range of a sniper, hell no. Which could anyway by some random psycho who just decides to kill random people s/he doesn't know today, b/c why not..? I know 'some' of their tricks to send me off the deep end (after torturing me etc.). I don't play those games anymore nor engage them on their terms. Noobs looking for a little fun, maybe on my terms, if they want a bitter taste of what it's like. It's a pointless waste of resources, and it's pretty apparent they have a mental illness which it's just best to keep a distance unless they get too close and need to be killed.

The biggest thing for when they get people involved in my life in it. So like people at my school, my work, my friends; when they tell them lies, then they read the crazy sh*t I say here and get these false impressions of me...I won't forgive them for that. I can't repair those relationships when agents approach civilians and warn about me false data based off their sick obsession of taking me down. Then those civilians find out for themselves, some of them do, that they've been duped by the agents. That's the most f*cked up feeling which they make me feel like I was a part of that.

So f*ck it, I'll do what I can while I'm not in prison or dead. And I won't say anything to provoke people w/ mental illness like their personal lives, or what I know about them, etc.

--I didn't say that on tinfoil hats, you can wrap your dick in tinfoil I don't care, and you're getting 2 simple terms mixed up. EMSEC gets to me b/c it can get you from basically any angle (assuming vibrations from the ground) any time you don't have a shield (and the shield won't keep every wave out, for instance terahertz radar (aka high gigahertz, 675GHz and above) and specially crafted magnetic fields will go right thru many standard shields and it's radiation a malicious person is literally shooting you w/). OPSEC requires a bunch of "make/busy work" which is extremely annoying but only done by the most obsessive. So too much OPSEC is when it overwhelms all your other functions and you find yourself not protecting anything of actual value, but just the OPSEC of your OPSEC and you basically curl up in a ball and die alone b/c anything more is a breach. There you go since you asked.

Nick P
--I'm not asking for you to put yourself at risk. Stop taking credit for what you didn't do and blaming everyone else for your problems. Everyone can do that. Cock (koch) bro's and goldman [nut]sachs won't save us; so kill that random fantasy. Politics doesn't matter anymore, when their networks are wide open and they'll be too carefree and lazy to protect themselves from attacks. Those old f*cks won't even know what's hitting their network and siphoning data from their devices. F*cking break your fears! Unbelievable you aren't working in INFOSEC, you said you were before. Stop worrying about open source designs and focus on getting a job you enjoy, as I said before. F*cking dollar-to-dollar, that slavery kills minds. You need to stop that first. Do I need to start looking for jobs and forward links to you?

Markus OttelaDecember 25, 2014 12:33 PM


Re vulnerabilities in programming:
As I stated in the paper, input reading can not be guaranteed. A buffer overflow attack or similar might compromise RxM and make the system display false messages. There's not much can do apart from validating MAC of received message before decrypting the message. Compromise of received messages can be detected with an additional airgapped computer, checksums and manual comparison.

Unless TxM OS is compromised during DL/installation procedure, the security claim holds: no targeted exploit can exfiltrate keys/plaintexts. Additionally, you can analyse everything TxM outputs with measurement equipment and determine existence of covert channels.

Re cooling:
The EMSEC box doesn't have to have vents. The components that heat can be submerged in oil and then, by cooling the case from the outside, the components will also stay cool.

Also, your 'tough love' isn't helping anyone here.
Focus on how you can help the community.


I like the idea of copper mesh. Maybe use two thinly separated layers as a switching surface for airgapped RPi inside the safe that triggers the thermite. As for physical access control, use a safe with hasp or weld one yourself). As for lock, use Abloy disc tumbler padlocks, e.g. PL362; no locksport enthusiast has ever picked one (not even Abloy classic, not to even mention Sento / Protec) without drilling it. If you can pick one from off-the-shelf, the chance of adversary having the key combination is unlikely. Bear in mind that if the adversary has enough time, the key of drilled lock can be reverse engineered from the discs, recreated and the discs can be inserted in another lock. But this is a lot of effort just to compromise a single Tor node.

My guess is the intelligence community prefers compromising Tor nodes with remote exploits. I'm guessing there can never be exploit-proof OS. The best approach would be to create self-maintaining, easy-to-configure OpenBSD/armv7 image with auto-starting Tor-relay node for BeagleBone. This could make it easy for anyone to contribute to the network in a way that would make a difference. By increasing the number of nodes, the network should get harder to physically compromise, the day no major vulnerabilities exist in the software.

ThothDecember 25, 2014 7:41 PM

@Markus Otella
The security mesh technology using copper meshes in serpentine fashion are already found on HSMs like the IBM model 4765.

Something like this:

It makes the package challenging to cut in a normal setting (metal tools) but using an ion beam with precision you could cut the mesh wires and at the same time reconnect the copper around the side by depositing composites. The problem is most meshes have predictable patterns and there are some that tries to randomize it and then layer it about 3 layers deep making a successful ablation on one layer does not mean the other layers can be proceed carelessly and can be somewhat time consuming.

What can be done is detecting of ion-ing process or some form of displacement of ionized composite at awkward location when the ion beam attempta to ablate an area and deposit composite around the electricial wire to create a gap. This is where obscurity works by making the mesh cables sit on top of opaque plastic or some kind of filament backing and the chipboard to deter use of X-ray scanning would usually have tiny radiation sensors to detect X-ray attempt and zerorize keymats on the chips itself.


I still like the LOPPER (blowup chip) which is simply a shaped charge in a steel case and you set the critical register for the master key inside. Once the tamper circuits out, the shape charge blows and destroy the master key chip in a contained steel case. The amount of explosive must be very precise so as not to blow the board and people up. You could squeeze some register cells less than 1k bits for an AES master key (256 bits) or for a SAVILLE cipher (NSA Tier 1 cipher) is known to be 320 bits.

Nowadays, the metal surrounding the machine isn't a whole big deal. The main meat is the tamper detection and reaction mechanism. You could have agencies use lasers to just cut open the safe. The lid switches are precisely use for intrusive attempts if they manage to bust open the covers or cut any part of the metal off. Instant zeroize or self-destruct.

My bringing up of the issue of physical security is that we have reach a point where we have high quality kernels, we have good ciphers, high assurance computing, we have well known OPSEC techniques like key splitting over a quorum ... the one weak link we don't really have is a good physical shell for it to sit inside.

Would you feel very comfortable if you know your crypto-keys could be trivailly retrieved from a naked board if someone gets at it ? Probably no ... you would be tossing in bed when you know the airport security wanted to "borrow" it for a while. If you have some form of physical detection and notice the alarms go off the and airport security hurriedly running to you to ask you to disable it, you know something have gone on and it's time to replace it. Of course you could replace your naked boards everytime you go abroad but it's expenisve and non-assuring.

I took a lot of design from modern HSMs because my day job is to implement these stuff into real life critical environments and although these HSMs are most likely stated pwned by the big boys on the block, they still have some value to learn from.

Regarding EMSEC and heat dissipation. One technique is to slow down the crypto process so that your output is lower and this way you generate less heat to dissipate. This also protects against certain network side channels if say you limit your speed at 100 kbytes/sec every fix interval output rather than exporting results fresh out of the box immediately. Cooling gels can be useful too.

It is about time we stop pinning our hopes on de facto security (plain chipboard, AES candidate ciphers or chained ciphers, good kernels). We need to think invasive as the threat is now a rather mobile one. Shrugging shoulders on de facto security is one of the worst attitudes because most of the famous banks are doing de facto security and still getting breached ... let alone Sony Pictures.

What is needed is high assurance security the Nick P and Clive Robinson style.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.