New Documents on NSA's Cryptanalysis Capabilities

Der Spiegel published a long article today on the NSA's analysis capabilities against encrypted systems, with a lot of new documents from the Snowden archive.

I'm not going to have time to look at this for a few days. Describe anything interesting you find -- with links to the documents -- in the comments.

EDITED TO ADD (10/28): This is in conjunction with a presentation by Laura Poitras and Jake Appelbaum at the Chaos Communication Congress.

EDITED TO ADD (1/14): Matthew Green's comments on the documents. And the Poitras/Appelbaum talk is on YouTube.

Posted on December 28, 2014 at 5:06 PM • 149 Comments

Comments

siddDecember 28, 2014 5:32 PM

The Spiegel article indicates that Tor attacks are ineffective. One way to render the attacks even more impotent is to add a high latency option to Tor. A great deal of traffic does not require low latency.

BenniDecember 28, 2014 6:42 PM

On tor, there is more in the snowden files from spiegel:

http://www.spiegel.de/media/media-35538.pdf

http://www.spiegel.de/media/media-35543.pdf

http://www.spiegel.de/media/media-35542.pdf

It shows that they are doing correlation attacks and tor traffic shaping already, and they are reporting success with it.

These documents were written in the past. If there is one old document, saying that tor poses a major problem but not a catastrophic failure, and then there is another document, saying "have shown deanonymisation attack for tor. Requires tor collection from exit nodes we own. Hope to get this running live..." Then one has to assume that this IS now running live...

The real good news is that they are not able to decrypt pgp.

The bad news is that they are decrypting vpn and tls in the millions, and even ssh.

I would have liked it if the article would have more information on how far they are with breaking AES encryption. The article only says they try to do it, having 5 "inhouse tools at hand".....


And by the way: For our fellow NSA readers:

Spiegel even has published your kill list, or "disposal matrix":

http://www.spiegel.de/media/media-35508.pdf


DanielDecember 28, 2014 6:50 PM

The article mischaracterizes the state of encryption on the internet in a crucial way. It claims that the NSA is troubled by the rise of "ubiquitous encryption" because it is no longer possible to track users based upon the use of encryption alone. In a technical sense this is true but misleading. The NSA maybe not be able to determine much from the fact that a user is using encryption but it can tell a great from the implementation of encryption. There are only 6000 exit nodes to the Tor network and so it's trivial for the NSA to know what encrypted traffic belongs to Tor and what isn't. In fact, some commercial websites block traffic from Tor exit nodes. Some banks will call the account holder under the guise of anti-fraud if they detect that the bank account was accessed via a Tor exit node. I think it is easy to overstate the problems caused to the NSA by the rise of ubiquitous encryption. For ubiquitous encryption to become a real problem for the NSA it would have to not only use the same encryption but the same implementation. That day, if it ever comes, is a long ways away.

anonymous cowardDecember 28, 2014 7:23 PM

It pisses me off that they waited 18 months to publish these papers. They should have been in the open immediately after Snowden spoke up.

GeorgeDecember 28, 2014 8:05 PM

@ anonymous coward
Some pundits will say they slow leak to keep public in focus. I think it's more likely that Snowden entrusted them to take the time with sorting. It's obviously not his intention to release intel harmful to agents operating in the field or geolocational info which may endanger operations.

RogerDecember 28, 2014 8:21 PM

@George
I think the complaint isn't the slow leak policy, it's that some really important stuff like the evident compromise of TLS and SSH has been left on the burner this long. If these protocols are compromised, or even partly weakened, we needed to know about it right away, not a year and a half later. Given that the NSA's capabilities have only been improving since these documents were written, it's possible TLS is now much more easily broken. Working on next-generation encryption protocols could have begun immediately and threat mitigation procedures could have been put in place. Instead we're months, years behind where we need to be.

Bruce SchneierDecember 28, 2014 8:35 PM

"I think the complaint isn't the slow leak policy, it's that some really important stuff like the evident compromise of TLS and SSH has been left on the burner this long."

Speaking as someone who has seen some of the documents, don't assume that they've been "left on the burner." There's a lot of very technical documents, and it takes a lot of hours to understand them all. This stuff might have been discovered only recently.

anonymous cowardDecember 28, 2014 8:36 PM

@George: What Roger said.

Besides, as a non-American and victim and possible target of America's bullshit I couldn't care less if some agents bite the dust, operations go wrong or whatever.

Nick PDecember 28, 2014 8:44 PM

@ all on time to publish individual documents

Lets remember that Snowden used scripts and guesses to grab a truckload of documents. He then dumped them onto a number of people and organizations. The documents were probably not organized. Like Wikileaks & the Guardian struggled with Manning's leaks, people combing through the Snowden leaks are likely looking at a bunch of documents with odd names, slides with useful data, slides with confusing codenames, and so on.

It would take a while to find the useful documents even if they were plaintext. The human mind can only look at so many slides in a day. The documents with codenames would cause people to take even longer to find others with those, determine their relationships, and convey that meaning to readers. A number of leaks have been that way. So, the combination is a huge amount of documents to go through plus many to correlate and analyze. Without NSA's help, such a process could take a lot of time. Not betting that NSA will help anytime soon.

Nick PDecember 28, 2014 8:47 PM

@ anonymous coward

Seeing comments like yours makes me wonder what country you're in. Specifically, if they are one of the many conducting foreign espionage for I.P./politics, domestic surveillance, and/or SIGINT partnership with NSA. The first and third of those are a *lot* of countries.

milkshakenDecember 28, 2014 8:48 PM

Yet another possibility is that Appelbaum did not sit on this Snowden material for a year and half. Perhaps he obtained the most important evidence only much later, from someone else, and managed the release of documents with a great care to protect his source. Just speculating.

GeorgeDecember 28, 2014 8:52 PM

@ anonymous coward: "Besides, as a non-American and victim and possible target of America's bullshit I couldn't care less if some agents bite the dust, operations go wrong or whatever. "

I don't agree with this reckless consideration of collateral damage. American or non-American is not the issue at hand. Regardless of origin, governments are comprised of civilians; any of whom may be hurt because of this type of recklessness. But of course neither you nor my opinion matters, this is up to Snowden and his chosen cohort of journalists.

FigureitoutDecember 28, 2014 8:59 PM

anonymous coward
--To avoid being called putting agents into harm's way (which they do to us as their job), someone needs to blank out their names (which will still be known to someone). Also, if there's a list of locations and somewhat precise details of launching some terrible attacks on innocents w/ ease, the entire security is relying on obscurity, would you be the guy making the call there? That being said I do believe in gov't data being publicized, that secrecy has gotten entirely out of control such that it will kill itself eventually (by killing its host economically).

On the leaks...

Feels great when massive protocols come crashing down eh? If SSH is broken then how many goddamn systems are really vulnerable? My school's supercomputers are. During this time you know it's broken if f*cking sucks to still use it and this is time when attackers get in an leach into the next setup, it's how it works...And their in your new setup!

Also, since these slides are a few years old, no mention of TinFoil Chat. Most other chat clients don't even touch data diodes and controlling data flow better locally.

GnuPG, as mentioned by Grauhut, needs funding to the tune of 120k euro...I don't have the f*ckin' money to contribute, I don't think I'm alone...

TOR NEEDS MORE PEOPLE CONTRIBUTING, just like Wikipedia (you know you use it a lot and free load). The network can get much stronger operating at full strength.

RE: not being able to compromise these targets
--My assumption is that they passed the OPSEC and ENDPOINT security tests. Otherwise they wouldn't need a decrypt and can just watch. Oh, BTW, heads up MiketheGoat, looked like they could have your email address lol...Probably 1-3 chars off length.

If they can't crack these, then can they crack encrypted files hand-passed and you did encrypting either moving around (outside normal location) or heavily shielded and running every other electrical device you can. If you expect real security using the same method of sitting on a PC and connected to internet, then you get what you deserve. There needs to be other means leveraged.

For instance, I finally have some free time to do some projects I want, and looking into obfuscated OOK (insecure yet easy to check for errors and yet another method), FSK (more secure but still simplistic) and GFSK (smaller footprint, different security properties) for relaying some packets w/ RF ofcourse. These protocols are as old as...I don't even know...and well known. However I can work w/ them easier than something like GSM and tweak the protocols and suddenly any "publicized" decoding software won't work; you can do this to many many RF protocols. Looks like I may be able to get tops 255 bytes and more like 128 bytes per transmission. That's 128 chars [of key mat]. All you do is hand off one of these transceivers to someone you want to exchange either key mat or other authentication OUT OF BAND. Phone lines (if you can really trust ZRTP not leaking out to your smartphone) have been tapped going back so long and companies monopolized, better to go smaller and homemade as much as you can (still using some RF chips w/ a crazy backdoor).

Probably more than what a lot of people will actually do, but hey, this is schneier's blog...we don't defeat just skiddies...

BuckDecember 28, 2014 9:00 PM

Speaking as someone who has seen some of the documents, don't assume that they've been "left on the burner." There's a lot of very technical documents, and it takes a lot of hours to understand them all. This stuff might have been discovered only recently.
Such a shame that there's not a very large community with a vested interest in getting to the bottom of this all... It's also quite curious how after a year and a half, the 'most powerful agency in the world' has still yet to remove its potentially compromised agents from harms way... I wonder what those life insurance payments look like!

BenniDecember 28, 2014 9:01 PM

@anonymous coward

In this lecture http://media.ccc.de/browse/congress/2014/31c3_-_6258_-_en_-_saal_1_-_201412282030_-_reconstructing_narratives_-_jacob_-_laura_poitras.html

Poitras says that some of it was not published earlier because she lacked access to some of the files.

Somebody broke into Greenwald's house, as well as into that of Appelbaum...

During the 1950's the building of DER SPIEGEL was raided in an illegal police operation. And DER SPIEGEL was illegally infiltrated by BND agents... That will not happen again, as these actions led to a government crisis in Germany. Nowhere are Snowden's documents safer from spooks than in this building. It is therefore good to see that they now have access to the documents in Germany.

I think one should give them all the time they need. At the beginning of the newspaper, the founding editor of DER SPIEGEL laid down the following principle:

Everything that is written in DER SPIEGEL must be absolutely correct.

No way this German newspaper will publish a story in some kind of a rush... They will carefully check everything before it gets out. They have the largest fact checking department of a newspaper on the planet.

But in the end everything gets out and that is what's important. The New York Times and the Washington post also wrote about NSA Bullrun. But they did censor the names of the affected applications and they did not mention what is secure. That will not happen with DER SPIEGEL as we have a truly free press here.

Appelbaum even said that they will investigate the persons who are on the NATO killing list and report about them...


In the lecture, they said that they will publish more soon...


I wonder how their attack on AES works? What are they meaning with "a handful crypt-analytic tools"? Appelbaum says they still can not crack AES but what do they mean with this cryptanalysis? What do they get out of that?

Also, more details on the attacks of tls or ssh would be interesting...


Nick PDecember 28, 2014 9:16 PM

re what's secure

Remember that the groups' activities are silo'd a bit and the toolbox works on many levels. These documents indicate that they can't do blanket surveillance of the hard tools and might not be able to compromise their *messages*. On the other hand, the hosts they have exploits for. That many good INFOSEC people take this as an endorsement that using their product is secure is disturbing. More realistically, it's an endorsement that their product doesn't make it easy for NSA and they have to target something else in the stack. Something they might target at will or might do very selectively to avoid giving up their 0-days.

Changes the perspective a bit.

Carlo GrazianiDecember 28, 2014 9:37 PM

I'd be cautious about concluding that, for example, "SSH is broken", on the basis of this fragmentary report. Claims of successful decryption of SSH sessions almost certainly don't mean that (a) public key protocols protecting key exchange are broken (GPG would be broken too), or (b) any of the suite of ciphers used by SSH is vulnerable. They could be talking about side-channels, like fooling people into ignoring warnings that server keys have changed, or about sessions initiated from compromised machines.

Much of that article strikes me as superficial -- basically reporting on what NSA employees have, at some time or another, claimed had been or could be done, with little reflection on what the claims actually mean or how they could in fact be true. Hopefully they'll get some help sorting out the technical issues that they seem to be having trouble understanding.

DDG/CPDecember 28, 2014 9:40 PM

George, another skeptical persona, is trying to humanize the Stasi and inhibit rights defenders from "hurting" the spies who titter about your sons' and daughters' impetuous sexts and compile your vulnerabilities for future reference. We're supposed to fret about 'recklessness,' when a lame-brained crime ring of military oafs has recklessly wrecked the internet to impress their supervisors.

And ooh, they've compromised SSH! Who uses default SSH for anything but honeypots these days?

GhostInYourShellDecember 28, 2014 9:58 PM

Speaking as a guy responsible for the security of some of the products and protocols mentioned, I find a lot of this disturbing but sadly not surprising. I have a number of suspicions about the attacks on at least two protocols that, literally, I am down the hall from people who wrote the standards, and I suspect a lot of this comes down to weaknesses in common implementations as well as weaknesses in randomness, some of which is introduced in the specifications!

For at least one protocol, I've had long standing concerns about the way the keys are generated, with a number of closely-related keys all being derived by combining a single shared secret with a static value and then running them through a hash function, which may even be selectable by the attacker in some cases due to protocol weaknesses and common implementation choices! (NONE should NEVER be a valid cipher/MAC choice I argue unless in debug mode, and then require manually specifying it!) Sadly, I know very well that my personal skill set does not include cryptanalysis, but I wish I could get the thoughts of someone competent in the field to look at parts of the key exchange process, as it "feels wrong" to me.

NSA pervsDecember 28, 2014 10:03 PM

@Nick P. 9:16, exactly the proper perspective! Government voyeurs, like muggers and rapists and all other criminals, prefer the soft target. So don't be the soft target! Who among us is enough of a thorn in the government's side to expend a good zero-day on? We each have to ask, Am I that important? We all aspire to be worth the trouble, but really, by and large we're not, and we won't be, individually, until so many of us oppose the secret police that our numbers overwhelm the exhausted and despised regime.

Perfect security is paralyzing, as is the complete control that the government seeks. Each of us will throw a bit of sand in the government's eyes every day, and it will slowly go blind and stagger about and fall.

POKKOPDecember 28, 2014 10:15 PM

- NSA has crypt-analytic capabilities against AES, but can not break it.

- RSA vindicated again, first by Snowden and again by GnuPG not being broken.

- TLS, SSH, VPN, IPSec all broken.

- Truecrypt is known to have thwarted NSA.

JonKnowsNothingDecember 28, 2014 10:38 PM

@Roger and others re: The Time it Takes to Report

In addition to the multitude of documents from the Snowden Files there are 2 or 3 other NSA Whistleblowers passing documents to Appelbaum. Appelbaum was not an original recipient of the Snowden files and at various times, he had "some" but not all of them.

Laura Poitras does have the whole set as do a few others. The Guardian has a full set and some documents are scattered among other news outlets. Outlets like in Denmark and Brazil were given documents that related specifically to their countries.

One huge problem for "journalists" is that several countries where the information "might" be released, have now passed specific anti-freedom-of-information laws to prevent the reporting or display of such documents. Even in the case of reporting on documents that pertain to a different country, like in Australia, where reporting on documents showing a GCHQ/NSA attack on a Belgian Telco, "may" be blocked and the reporters imprisoned under new anti-terrorism laws. The UK has similar laws in place now too. It's likely that The Guardian has been muzzled with one of these new UK gag orders to prevent their reporting on anything no matter which outlet they use to report (UK/USA/AU). Germany has begun to move towards the NSA view of "nothing to see here - move along" and has been considering sanctions against the journalists reporting such information from inside Germany.

There are few places where it is truly safe to report from or that will prevent a rendition to a CIA Black Site. Poland certainly will not be preventing any renditions and have stated they will be actively assisting in them with the continuing use of Polish CIA Black Site Facilities.

Some of the information is very detailed and people like Glenn Greenwald just haven't a clue what it all means. He understands the politics but he doesn't get anything about the details. He's the last guy you'd want reporting details and General Hayden would make mince-meat of him on the US Neo-Con Talk Show Circuit if he tried.

Each release wobbles the internet more and more. It's cracked, the structure is broken and it will collapse right around Google's ears. Big Data knows it too - just ask Sony about their security or how an attack on NKorea Nuclear Reactors continues - did they get a new version of STUXNET or just the same old one that isn't blocked by any AVCo?

YOU have known all along too. You just pretended it was all OK. Business is good. You got your fancy job, your fancy car, your fancy mortgage and a 401K plus a pile of stock options. But everyone has known all along. We ALL pretended we didn't know.

The nine most terrifying words in the English language are,
'I'm from the government and I'm here to help.'
Ronald Reagan

That can now be reduced to 2 words:

National Security

NoSuchAgencyDecember 28, 2014 10:48 PM

Spiegel: ...Advanced Encryption Standard, are both widely used and difficult to attack cryptanalytically. The NSA has only a handful of in-house techniques. The TUNDRA project investigated a potentially new technique -- the Tau statistic -- to determine its usefulness in codebook analysis...
Difficult...but not impossible. I'd suggest they are able, with more or less time, to crack certain messages. If it is assumed the underlying implementation used was secure, then it leaves the password and/or key schedule as the weakness(es). It would suggest that they have the ability to determine the key, or key fragments, through message analysis, with perhaps some brute-force thrown in to fill in the gaps. It then raises the question of what is creating the weakness: poor password choice, or flaws in the AES key schedule when used with certain passwords?
"It's satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque," says RedPhone developer Moxie Marlinspike.
Spiegel says that it is only "catastrophic" for the NSA when ZRTP is combined with other methods. How does ZRTP do when looked at on its own?

NoSuchAgencyDecember 28, 2014 11:01 PM

@Andrew: Are you saying that they have a complete break, in certain situations? That is the only conclusion I can reach if no analysis is performed, and the encrypting system was not directly compromised.

Note that I also assume they were not a MITM with any key exchange prior to encryption.

stevenDecember 28, 2014 11:20 PM

SSH has many implementations. Of those, OpenSSH supports many ciphers, methods of key exchange and message authentication. I'd trust the default settings in recent releases to have been secure, and especially if you follow such advice as at https://bettercrypto.org/

Some ciphers we should already know to be risky: certainly the original arcfour, perhaps even the revised arcfour128 mode, or perhaps 3des-cbc. Those might only be used in a non-default configuration, or if either the client or server lacked support for a preferred stronger cipher. Downgrade attacks are actually defended against by the SSH protocol I think, unlike SSLv3.

But SSH can appear in some risky forms: embedded devices (like routers, out-of-band management controllers for servers), with poor entropy generation, ancient and limited SSH implementations supporting only weaker ciphers or smaller DH groups; or perhaps running on hardware that has been compromised in some way (defective by design, customs interdiction, or hacked) so I'm not surprised/worried to hear that 'some' SSH traffic gets decrypted; I'd really expect that.

Coyne TibbetsDecember 28, 2014 11:21 PM

@Daniel

I think you misunderstood NSA's concern about ubiquitous encryption. As I read the statement, as it stands today, the NSA can assume anyone using encryption is a bad guy: guilty until the NSA proves they are innocent.

Ubiquitous encryption is anathema to such a practice.

FigureitoutDecember 28, 2014 11:24 PM

anonymous coward & others RE: revealing names
--As has been stated, I'm wondering what you would do considering many years in jail and "extraordinary rendition" or straight up murder. They have brainwashed troops at their disposal and eventually robots. Would you feel comfortable turning on your car or turning the doorknob to your residence (mechanical action for an explosive)? They do not follow laws, at all really.

If you're so brave, maybe push to get involved and tie your real name to it instead of being another euphoric keyboard warrior.

RE: Appelbaum's & Poitras talk
--Just listened to it, chilling...Appelbaum keeps getting better and better at talks and I like how he recognized the very few devs (just software, not even RF or hardware people which is what the software is running on...), "stay standing!" and pushing for MORE. Just like OpenSSL, there's like what? SINGLE individuals developing this software everyone uses?! Wow...We need more and we can do more, a lot more; it's just getting started. But I can understand the devs reluctance perhaps as they know they'll be targeted, probably break into residences, you know, the usual...Just a heads up if it hasn't already happened...

AndrewDecember 28, 2014 11:34 PM

@NoSUchAgency Possible, it could be, for example, full break at endpoint in some implementations. Just like you said or even more, maybe complete key retrieval in some situations.

Anyway, I'm reading some funny stuff in arstehnica:
http://arstechnica.com/tech-policy/2013/06/exclusive-in-2009-ed-snowden-said-leakers-should-be-shot-then-he-became-one/1/
"...However, after learning that Snowden appeared to be an Ars user, we received chat logs from multiple longtime users who recalled IRC conversations with the user known as TheTrueHOOHA."

Oh really, internet chat logs now presented as facts. This could quickly turn into a defamation operation, any kid can take a chat log from internet, edit it, click Control-H and replace the user name with whatever name or add things. I was just wondered where this is heading.

Clive RobinsonDecember 28, 2014 11:35 PM

@ NSA pervs,

Who among us is enough of a thorn in the government's side to expend a good zero-day on? We each have to ask, Am I that important?

Err it's the wrong question, and asked to late.

We are all targets and have been for some time, the question of being worthy of a zero day as an individual is pointless, as Stuxnet and other attacks have demonstrated.

As long as one person who cannot be pinpoint targeted exists who is worth a zero day, then the NSA will use it for "fire and forget" tactics, which will always have collateral damage by definition. Which was why Stuxnet came to be found and subsiquently other government agency network based attacks and malware using zero days.

You need to assume as a starting point that your every connection to the internet is not only recorded but the computer used is compromised within seconds of first connection if not before, and thus plan accordingly.

You can with a little fore thought mittigate this fairly easily with simple "safe work habits" involving segregation / issolation and one way data flows. After all scientists and egineers working on / with dangerous things have "safe work habits" they use day in day out for their entire working lives without incident.

What is much harder to deal with is those "directed attacks" that come through your door, involving close physical contact by Government "officers" or their "arms length, deniable" "contractors", or insider "agents". Because they can subvert your "safe working habits" in ways that won't blow up in your face today or tomorrow but only at some point in time of their choosing...

Don't be fooled into thinking there is something magical about ICT or the likes of the NSA, GCHQ et al that makes the laws of physics not apply. Those laws do apply and both you and the NSA et al live and die by them, the only advantage they have over you is resources and your own limitations in thinking.

Bruce MangeeDecember 28, 2014 11:38 PM

Small comment, it's "Chaos Communication Congress".
---
{Wer mehr Bildung will, muß auch Klugscheißer ertragen können. - HG. Butzko}

Clive RobinsonDecember 28, 2014 11:53 PM

@ NoSuchAgency,

@Andrew: Are you saying that they have a complete break, in certain situations...

There are time, power and other side channles that will reveal either key or plain text.

Also with embeded devices used in VPNs etc there is the question of "not enough entropy" which has been shown to be problematical in the past as well as PubKey certs made with software with bugs in it which reduce entropy down to just a handfull of bits.

DanielDecember 29, 2014 12:31 AM

@Coyne Tibbets

As I read the statement, as it stands today, the NSA can assume anyone using encryption is a bad guy: guilty until the NSA proves they are innocent.

Ubiquitous encryption is anathema to such a practice.

Ubiquitous encryption solves that problem if and only if not only the encryption standard is the same but the implementation of the encryption is the same. So long as there is one implementation for "bad guys" (Tor) and another implementation for the hoi poli (HTTPS) there isn't any improvement in information leakage. In other words, if before the NSA could identity potential targets because they used encryption when others didn't the NSA can now identify the bad guys because they use Tor when others don't. It's true enough that not everyone on Tor is a bad guy but with two million users compared to the world wide population of 3.3 billion internet users it narrows the universe of targets quite a bit.

That's how the article goes astray. It focuses on the encryption vs non-encryption dichotomy and ignores the fact that the dichotomy between various implementations of encryption leaks just as much information.

Markus OttelaDecember 29, 2014 1:08 AM

@ Nick P

RE: all on time to publish individual documents
"Lets remember that Snowden used scripts and guesses to grab a truckload of documents. He then dumped them onto a number of people and organizations. The documents were probably not organized."

To quote on Glenn Greenwald in his book 'No Place to Hide':

"As I continued reading, two things struck me about the archive. The first was how extraordinarily well organized it was. The source had created countless folders and then sub-folders and sub-sub-folders. Every last document had been placed exactly where it belonged. I never found a single misplaced or misfiled document."

Of course, as you said, reporters can only look at so many slides in a day. I'm sure understanding and mapping the cryptanalytic attack techniques NSA has is one of the most challenging aspects of reporting: drawing any conclusion has huge impact on what protocols and tools people will trust.

Appelbaum said in 30c3 'To Protect and Infect' that he's seen documents that say NSA can't retrospectively decrypt OTR-conversations - this slide was finally displayed yesterday, one year later in his 31c3 talk.

Markus OttelaDecember 29, 2014 1:28 AM

@ Figureitout

Re: TFC in NSA slides.
"Also, since these slides are a few years old, no mention of Tinfoil Chat. Most other chat clients don't even touch data diodes and controlling data flow better locally."

The first draft schematic of TFC is from spring 2012 and it went straight to the drawer. The project was initiated in July 2013 a month after Snowden leaks created the demand (and rendered my earlier research on surveillance obsolete). The first public version of TFC is from December 2013, so unfortunately Snowden leaks are not going to evaluate the security of system. So from this you can deduce the thought-process is almost three years old and half of that has included programming.

ITStudentDecember 29, 2014 2:05 AM

I'm unclear on SSL and TLS. Are they broken, or does it come down to the key length? Can someone smarter than I please explain if SSL/TLS are broken?

JonKnowsNothingDecember 29, 2014 3:50 AM

@Markus Ottela and others re: We Need More Documents

It really no longer matters if even 1 more document is released. We know the whole thing is broken. There's no direct fix for anything. For anyone micro-focused on X-tech or Y-method, the entire structure is compromised. Even if no more documents come forth we already know how bad it is... it's bad.

The issue remains: What will YOU do about it?

You already know that everything from the hardware down to the device drivers, network packets, domain name system and every router on the planet is compromised. Your encryption won't help if your system has a key logger watching you run your encryption routines or capturing your information as you type it - long before you decide to encrypt it.

Going upward it's worse because it compounds National Security with Business Interests and who's going to bell-the-cat there? Your data is harvested and perma-cookies inserted in your systems all for the sake of a LIKE button. You want your LinkedIn profile to be accurate and the hiring managers are running automated algorithms against your LinkedIn profile to auto-exclude the greatest number of people possible. The security services around the world are also doing the same thing. If your meta-data is FREE, then it's free for anyone who can tap into it.

You think your compiler is safe? Think again. It's not and there's no way to know for sure which part is compromised. If you are erring on the side of "TRUST" you have missed the big picture and no number of documents will "clue you in".

We don't need more documents, we need more folks to "Get a Light Bulb Moment".

Like this line:


POKKOP
- RSA vindicated again, first by Snowden and again by GnuPG not being broken.

It's vindicated alright: it's on the hit list and if not compromised now, it will be soon. Why even THINK it's not being attacked or that it will be "safe" anytime in the future. And you don't need to attack encryption if you just pass by it to start with or if you are hauled into a Secret Court with No Lawyers and a guy like Jose Rodriguez waiting for you. You will hand over your keys before the first drop of water lands on your face but they'll keep pouring anyway just to make sure you didn't fib about the sequence order.

Anything encrypted is auto-harvested and held FOREVER at the NSA data center in Bluffdale Ut. The GCHQ has a similar facility in the UK and Amazon is building one for the CIA. They have all the money the US Black Budget can shovel to keep this system rolling As Is. Greed Works.

They got a water can at the ready for YOU if you dare to challenge them and another set of documents won't change that.

ht tp://en.wikipedia.org/wiki/Jose_Rodriguez_(intelligence_officer)

ht tp://en.wikipedia.org/wiki/Senate_Intelligence_Committee_report_on_CIA_torture
ht tp://en.wikipedia.org/wiki/Utah_Data_Center
(urls fractured to prevent autorun. remove the space from the header)


Hell's FireDecember 29, 2014 4:30 AM

Indeed. While partial technical solutions may carve out some niches, this is really now a global cultural issue. At the present time, when the most powerful military on the planet, has demonstrated the intent to deprive as many as possible of communications private from them, trying to win the tech battle for the masses is pointless.

Back in the day, when slavery was the norm in your area, the sad fact of the matter was that it wasn't a matter of "what will YOU do about it". It was a matter of "what CAN you do about it." The sadness lying in the fact that answer was basically "nothing other than hide my true beliefs, and share them only with my most trusted friends, and even then at great risk of being exposed and then persecuted into misery or death".

This is not a technical battle. This is a philosophical battle. On the order of slavery as far as defining the individual's fundamental relationship to society. And it's no honest philosophical battle. The government with the most powerful military on the planet has been conspiring to keep its populace miseducated about technology, lest the 'expectation of privacy' enjoyed by past generations be remembered in detail by the current generation as their understanding of their new cyber world matures.

The enemy wants you to believe in magic. And that God himself has granted them magical powers. They want to stoke racism and religious insanity in their quest to maintain dominance. They will torture. They will assassinate. There is no open source code solution to this problem right now. This is a bitter cold philosophical war. It is not at all clear where things are headed.

ThothDecember 29, 2014 5:12 AM

@JonKnowsNothing, Hell's Fire, all
It is a three prong battle and everyone must fight it. It is a technical battle to flush the mess out and also a philosophical and political battle. Philosophy is good at changing minds but not at giving people power to push the agenda and this is where political fights bring the practical reality in. Power is like gunpowder to the projectile and how the projectile is created is by philosophy and the creation of the projectile is the techniques and methods. All must come together to be complete and isolating one is disastrous in itself.

There will be times where people must sacrifice themselves to bring the three prongs together into one. Hopefully we still have courage and strength left to make the changes. We obviously have the technical capabilities and philosophy but we just didn't put the powder right and that's why "the bullet flew an inch out of the barrel and dropped dead" in a way.

We need the few who are powerful and influential in our community and share the same thoughts to help us break the enemy lines first. I don't mean we have to see ourselves as less powerful or feel bad about ourselves but in fact we have to all take power into our own hands but nature as it is, people are made unfair (despite everyone born with inherent capabilities) but circumstances shape it differently. Some powerful ones with the same agenda would need to break the first line and the rest, we have to continue the push.

What must the first step to break the enemy's lines be ? Education as usual. We are taught the wrong stuff and we need to unlearn and relearn the proper mindset. Introduce the proper basics. Open everyone's eyes. Knowledge is power indeed. Once that have reached a critical mass, knowledge will turn into power where everyone will start to riseup and make changes (and not simply just talk and demand). Empowering everyone is crucial to the whole.

For those who simply shake their heads and think that all these I have said is an Utopian dream of rewriting the already rotten history, what have you done to help mankind a step further ?

Do note that eventually, the enemy is actually ourselves :) .

DouglasDecember 29, 2014 5:59 AM

@JonKnowsNothing wrote, "Each release wobbles the internet more and more. It's cracked, the structure is broken and it will collapse right around Google's ears. Big Data knows it too - just ask Sony about their security "

The Internet we know now is very different from that 5 years ago. If we look at Internet as slices of time, each slice is a little bit different than the next. Five years from now, what is broken today would have been slowly patched away. Old flaws will be fixed, as new flaws are introduced. What is broken today isn't eternal.

Markus OttelaDecember 29, 2014 6:24 AM

@JonKnowsNothing:

There is no political solution to stop spying on foreigners, so we foreigners quickly narrow the solution down to technology.

Do we know that much? We've seen evidence of attacks in the leaks, we can prioritise over media coverage and even do a healthy dose of extrapolation. What we can't address, we speculate and in the spirit of full-disclosure, inform the users about. Having users evaluate system security against their threat model is a gratis way to boost security of any system.

I'm commenting the following from the perspective 'TFC as an answer to to the problem of secure communication', ignoring the inconvenience issues. Other online interactions (publishing and browsing) have less expectation of privacy. There is no ubiquitous technology that will solve all three challenges and the two others are arguably harder to solve, but nevertheless, this 'mirco-focus' solves a huge issue.

One of the disclosed attack vectors:
TFC doesn't protect against pre-exploited OS image. NSA didn't inject every 03/12 RPi firmware with intelligent malware that knows what to spit out via UART just in case someone decided to create the usual three-computers-per-user-chat. So, we have somewhat a good chance to trust older COTS hardware. When trustworthy hardware (data diode) makes remote post-exploitation provably impossible, you've limited the automatable attack vector to OS image.

So what we need is a tech community with strong relationships and web of trust to make sure the code hasn't been altered during download. Keylogger-wise, we don't even have to have 0-day free TxM OS, merely a malware-free one. Moreover, you can still detect the malware and it's covert channel with dumb and relatively cheap measurement instruments. The biggest issue we face in web of trust is bootstrapping, but it's certainly not impossible. We can airgap our signing computers, and there is a clear physical- and cost limitation on where intelligence community's field agents can operate in (mass surveillance-wise).

Looking down from this perspective to the public guidance - Appelbaum saying handling top secret NSA documents is secure if you just renew your OTR keys every few days and (No I'm not assuming that's all the OPSEC they have), having The Grugq call TFC excessively paranoid even at the point where there was no message integrity, I'm not sure you should say a sophomore is 'not doing anything about it'.

TFC doesn't assume the C compiler is safe, there are other applications to verify entropy. If you're saying Python interpreter can't execute the code it's given, we should be doing OTP on pen and paper.

With TFC, it's kind of hard to expect user to remember hundreds of millions of OTP key-bytes. TFC isn't waiting for RSA to fail on QC, or even if AES was completely broken; Thanks to Nick P pushing me, even the lower security version, TFC-CEV uses cascading encryption with three more algorithms inside AES.

Full disclosure also makes further developing easier. Just like I offered to fix the "private key jacking" problem invisible.im listed as a risk, so too can other people contribute to whatever they want to improve on TFC: "My Novena laptop isn't factory compromised", "I can change the HWRNG circuit design so you can get rid of the risks those black box IC op amps impose" or "I found a bug".

That should answer the questions "What will you do about it?" and "What can you do about it?". Wait for 'light bulb moment' isn't the answer.

I'm not interested in discussing individual social media services and their privacy violations; while there is social pressure, they're not obligatory. Since every useful feature could be replaced by encrypted mail and IM, they do not offer anything past user interface and "social points".

@ Thoth
I like what you said. I think we should eventually get everyone involved, but another reason I think crypto is so empowering is you don't immediately need that to happen - You only need to encrypt with those you trust. In those cases there is natural incentive to strive for privacy.

Freedom of the pressDecember 29, 2014 7:52 AM

@Benni re "Freedom of the press in germany"

"That will not happen with DER SPIEGEL as we have a truly free press here."

Am I overlooking your sarcasm here or are you serious?
If you are serious, take a look at this ..
https://sicherungsblog.files.wordpress.com/2014/12/ruc39findenaugenderredakteure.pdf (german only)
That paper takes a look at the NSU-scandal where many foreigners were murdered and how honest the press reporting was. This is a short summary of it, comparing the honesty of 14 news outlets: https://sicherungsblog.files.wordpress.com/2014/12/80.png
Look at the colum of Der Spiegel. Even BILD has more facts than Spiegel. Yes, you read that right, even that boullevard bullshit piece of newspaper got more facts right (in this case, at least). So much for "biggest factchecking department in the world".

If you werent serious just ignore this, Im sorry, my sarcasm-detector sometimes fails horribly.

Nick PDecember 29, 2014 8:30 AM

@ Markus Ottela

I stand corrected. If it's very organized, then they should post helpful slides as they come across them. Waiting a year to show critical information doesn't seem justifiable. At least Appelbaum told people what to use at the talk and has been supporting other good efforts.

Btw, when did the Grugq say TFC was excessively paranoid?

anonDecember 29, 2014 9:34 AM

OpenVPN? Someone earlier asked if someone more technically inclined can explain whether or not SSL is broken or only partially broken. Speaking to that, what about the OpenVPN protocol, which uses SSL? Especially since they are attacking other VPN protocols it would be nice to know if the technology behind OpenVPN is a viable alternative.

sprocketDecember 29, 2014 11:06 AM

I wouldn't put much weight in to Greenwald saying the data was organized. This was a reporter who thought PGP was amazingly advanced and confusing. He's going to make a judgement call on the organization of technical data?

What I'm finding interesting is the assumption that SSL, SSH, etc. are all broken (and hey - who didn't know PPTP was dead). Based on what? The slides themselves note that they can't service all requests to crack these protocols (but will offer ways to turn a "no" in to a "yes"). Implementation and operational security are key factors - ones that are much more tied to users and manipulation.

Nick PDecember 29, 2014 11:42 AM

@ Markus

What a dumbass. Ive lost respect for his judgement on INFOSEC with that one statement. That he makes money facilitating 0 day sales to spies might explain his position on the matter though. TFC and similar solutions getting popular might hurt sales.

Of course, markets usually stick with insecure stuff so I doubt he'll ever run out of work.

shank_steakDecember 29, 2014 1:14 PM

What would be the point of worrying about TLS or SSL being broken? It keeps the script kiddies out for now.

Can someone clarify what is meant by ssh being compromised? There are many ways to encrypt an ssh session including converted gpg keys. If I use an RSA public/private key as the encryption method, then is the session still compromised?

Also worth mentioning, of the content I've read from the Snowden dumps, it seems like there was a whole lot of cheap talk that amounted to elaborate methods of describing dictionary attacks.

f439h8f3hDecember 29, 2014 1:19 PM

Now everyone be good little users and flock to Truecrypt, OTR and PGP.

Anyone who monitors TOR news knows the TOR part is BS.. Kids are even doing attacks on TOR these days..

Nick PDecember 29, 2014 1:33 PM

@ sprocket

Im not buying that either. I think what it means is the protocols can often be beaten due to bad implementations, configuration, fallback attacks, and/or specific protocol weaknesses.

That NSA internally uses an IPsec variant (HAIPE) that's Type 1 certified proves IPsec can be made very secure. It also implied pre-Snowden that NSA knew vanilla IPsec was insecure and was withholding the specifics for SIGINT use. ;)

Nick PDecember 29, 2014 1:45 PM

@ anon

The safe route for assessing security of anything is to default on Insecure Until Proven Otherwise. INFOSEC standards for highly secure stuff require very rigorous development process and evaluation. Most FOSS stuff, including security, isn't done that way. So such apps are probably insecure and should be treated that way until an assurance case is vetted.

There are occasionally exceptions where high assurance engineering wasn't used, but result was secure enough in the field. Qmail and Truecrypt come to mind.

GuestDecember 29, 2014 2:54 PM

Please don't forget that those documents are fairly dated. A lot has happened in the meantime. For example, earlier documents already noted that ssh was vulnerable. People looked at the code, and discovered some obvious problems: openssh's key exchange was degrading the security level down to 80 bits if told to use AES with 128 bit security level as block cipher. Which happened to be the default setting. Also, if told to use ECC cryptography, it used the NIST curves, which can be speculated to have a special mathematical structure allowing the NSA, by some numbers only known to them (and which they in some way used to generate the unexplained constants in the NIST standard), to compute the secret key from the key exchange, similar to Dual_EC_DRBG. Current openssh does not degrade the security level and offers DJB's curve for ECC.

SkepticalDecember 29, 2014 3:44 PM


I'll refrain from my usual diatribe about the very low benefit/harm ratio scored by these leaks. Even some of the seemingly more innocuous documents can provide helpful direction for the planning of foreign intelligence operations against the US. That kind of thing isn't in the interests of anyone who cares about human rights, notwithstanding the criticisms that can be made (some of which I agree with, some of which I don't) about the US in this regard.

Well - so I mostly refrained, anyway.

A few conclusions others might not draw from these documents, but which are important:

First, the documents are strong evidence that projects devoted to information security and privacy (including anonymity) can flourish in the US without compromise. Various tools listed as resistant to eavesdropping or tracking are projects with a strong US base. The Tor Project has long maintained that, per the advice of its legal counsel, it could not be coerced into compromising itself, and these documents provide further evidence of that fact.

Obviously, if you're planning on using those tools to break US law, then locating in the US might be a bad idea (as is breaking US law). But if your goals are legal, even laudable, then I think that the US offers a better base of operations than anywhere else.

Second, the documents clearly indicate that NSA is aware that privacy tools are, as put in one of the documents, "dual use" in a twist on the usual meaning of the phrase: they are used for good, by good actors (human rights activists are explicitly listed here), and for evil, by bad actors. It's also clear that they're aware of the tradeoffs inherent in the presence of vulnerabilities in those tools.

Third, the documents indicate that those who are undoubtedly bad actors (AQ operatives) are using the better privacy tools. This isn't unexpected, but it does make clear the reverse of the tradeoffs coin: privacy tools with vulnerabilities can be problematic because good actors may be compromised, and privacy tools without vulnerabilities can be problematic because bad actors may not be compromised. I think a balanced approach to privacy must acknowledge both sides of the tradeoffs coin, and seek solutions that mitigate both sides. A narrow focus on one side or the other is sub-optimal.

Fourth, while the NSA presentation containing the risk matrix adapts the language used on that matrix throughout the US military, "catastrophic" probably shouldn't be taken literally as it might in other uses of a risk matrix.

Fifth, the GCHQ presentation on BULLRUN contains little mention of the deliberate introduction of vulnerabilities into commercial software. Instead it emphasizes the growth of other capabilities. Personally I suspect that any introduction of vulnerabilities is done far more rarely, and in a more targeted fashion, than many who comment here believe.

Sixth - and here I fall back again into some of my usual diatribe - a large portion of the content in these documents concerns efforts by the US or UK to defend themselves against attacks on protected networks, or their extensive efforts to develop more secure information systems (even though excerpts about formal verification development and after-market anti-tampering detection are encouraging). Leaking this kind of information is about as far from whistleblowing as I can imagine, and it's extremely dubious as responsible journalism (that's not to say the authors of the article don't take responsibility seriously - but some of their publishing decisions appear to me to be weakened by inevitable group-think or group-polarization).

Seventh, as others have already noted, I think the article's broad conclusions about what 5-Eyes have "broken" exceed what the documents actually indicate.

Dirk PraetDecember 29, 2014 5:21 PM

@ IPsec, @ Guest

Interesting article which echoes preliminary conclusions of quite some analysts out there, i.e. that NSA is able to decrypt certain traffic by either intercepting or breaking keys/key exchanges resulting from poor default configurations, use of (deliberately) weak(ened) ciphers/algorithms and inadequate RNG's. Quite frankly, we already knew they were doing that and the implications thereof.

This certainly doesn't mean SSL/TLS, SSH, IPsec and other protocols mentioned in the slides are now dead or compromised beyond repair. What it does mean is that people need to up the game using stronger configurations, avoiding known or suspected to be compromised ciphers/hardware, get rid of (weak) PSK's and apply PFS wherever possible.

@ Skeptical

Obviously, if you're planning on using those tools to break US law, then locating in the US might be a bad idea (as is breaking US law). But if your goals are legal, even laudable, then I think that the US offers a better base of operations than anywhere else.

It really doesn't matter which US tools or (cloud) services you are using for whatever purpose if you are not a US citizen. Under current US law, non-US citizens in essence have no rights. Check out Caspar Bowden's slides on the issue from 31c3 .

I think a balanced approach to privacy must acknowledge both sides of the tradeoffs coin, and seek solutions that mitigate both sides.

We've been there before. Weakening, backdooring or otherwise subverting any algorithm, protocol, standard, application or appliance makes all of us less secure.

StephenDecember 29, 2014 7:21 PM

@Figureitout
Re: "that secrecy has gotten entirely out of control such that it will kill itself eventually (by killing its host economically)."

Secrecy itself is not detrimental to businesses at all. It is the leaking and revealing.

@Daniel
Re: "In other words, if before the NSA could identity potential targets because they used encryption when others didn't the NSA can now identify the bad guys because they use Tor when others don't."

I'm sure they know not everyone using Tor is a "bad guy" - I doubt real hackers still use it after the silk road arrests. I think it's highly probably that most people who still use Tor are human rights activists in some way.

@Thoth
Re: "We are taught the wrong stuff and we need to unlearn and relearn the proper mindset."

Well, what is the proper mindset? Please tell...

TS/SCI/ARSCHLOCHDecember 29, 2014 7:44 PM

In a heartening development, skeptical's new maunderings do not rise to the level of lies. They are not even false. They are bullshit in the technical sense that skeptical loves to read his words words words, but the deception does not reside in evidence or argumentation. It's just a stream of buzzwords appropriate to 15 second TV commercials.

"the planning of foreign intelligence operations against the US" Note how skeptical characterizes the outside world as "foreign intelligence" while mixing NSA domestic espionage, sabotage, and ultra vires sexual peeping together with its victims into one big happy family called the US. Then by some undisclosed argumentation he pulls out his ass, he links it to human rights, which he wouldn't know from a bar of soap. He just uses the beltway mediocrity's trick of sticking resonant words into a sentence and hoping you will nod. That works pretty well with people who can't get real jobs and have to live off our taxes.

"balanced approach to privacy" Here skeptical reveals himself as a cheerful ignoramus, making shit up. He puts in little rhetorical flourishes like "must acknowledge" to tart up nonsensical baby talk. When the US sends mediocrities like this into the international space, they get skillfully dissected in public and they don't even know it until somebody back home explains it very slowly. Skeptical won't get that far.

Skeptical patty-cakes his bullshit into discrete numbered turds but point six is more of the same, unsubstantiated bullshit with nary a supporting fact. Well, maybe a little extra whining. Six is worth reading, though, for a lecture on responsibility from the kind of third-rate weasel that supports sabotage of a country's critical infrastructure during a humanitarian catastrophe.

Skeptical is not the saddest dimbulb in the meetings. The security state scrapes the bottom of the barrel by design. They start to think and hmmm is as far as they get. He's here to win the hearts and minds of people who think rings around him. He doesn't see the problem.

ThothDecember 29, 2014 8:09 PM

@all
@Bruce Schneier did do some cryptanalysis on PPTPs (https://www.schneier.com/cryptography.html) which is interesting.

@Stephen
I am working on it currently. Will publish some stuff soon. Put it in essence, the right mindset I am pointing at is to get those users who shrug their shoulders at security to realise how dangerous their mindsets are. Oh, an email account compromised ? No probs, I will just ignore it since I am not using it anymore ... WRONG !!! Right mindset is to tell all friends about compromise and not open emails, tell email provider to blacklist and not walk off (which most people do). That's just the surface of what I will probably publish very soon somewhere.

@anon, TLS/SSL broken, SSH broken, et. al.

"The safe route for assessing security of anything is to default on Insecure Until Proven Otherwise. INFOSEC standards for highly secure stuff require very rigorous development process and evaluation. Most FOSS stuff, including security, isn't done that way. So such apps are probably insecure and should be treated that way until an assurance case is vetted."

This is the same for protocols like SSL/TLS, SSH and such. They are simply cobbled together with close to no security proof and formalisation in their specifications until very late when they are worldwide implemented. There are many good protocols with security proofs in rigid mathematical formats (MinimaLT by Daniel J Bernstein) but these were not implemented. It's about time we use mathematically rigid and secure protocols rather than some protocols cobbled with some after thoughts. In fact, it's about time we put the MinimaLT protocol to the test if possible and if proven secure by cryptographers and engineers, it could take over TCP/IP for a more secure out of the box variation.

Nick PDecember 29, 2014 8:19 PM

@ Skeptical

Regarding point 6, I agree it's not whistleblowing: more like reporting on things that the government declares secret. I disagree that leaking it is damaging to the U.S. The methods of how to produce secure systems are well known and taught in hundreds of universities worldwide. Many details are in papers and books freely available to the general public. A few commercial products are available with design documentation and/or code. Going from there, the NSA slides on phones and smartcards showed they were actually pretty far behind the public sphere. They're doing prototypes of unknown quality while commercial sector are shipping products leveraging good techniques and academia (including foreign) is making prototypes with better properties.

Further, other leaks show NSA is more about weakening our systems than strengthening them. These secure system ideas won't benefit us: likely just defense contractors and government. That NSA's offerings funded to tune of tens of millions haven't matched commercial work from the 90's that *they certified* or modern COTS products is worth publishing. I mean, they know how to do it right, they keep wasting money doing the same toy projects, delivering nothing, and secretly weakening the same types of products in industry. I think an argument for fraud or something similar could be made on those projects. Probably another example of the most common fraud at the DOD: lying about the benefits or intent of programs in order to get tax dollars for personal/organizational profit and jobs in Congressional districts.

So, I'm glad they leaked that too. Now I know that my guess of NSA IAD being mostly worthless as a leader for U.S. INFOSEC is right on. DARPA and NSF are taking the lead to make things that are actually secure. Good deliverables*, even public, are coming out of that work. NSA IAD should be mostly defunded and the dollars sent to organizations delivering the goods. Having slides like these lets me make that informed decision as a taxpayer.

* Example here of a DARPA funded solution that's secure from the ground up. Video is quite suitable to the layperson. First few minutes illustrate all the threats. Skip to 4:58 for an explanation of the problem and their solution. This is what we need funded to protect us from cyberattacks. Then, if government wants SIGINT, they can argue over mandatory backdoors which would be more secure on such a processor.

nitzekinsDecember 29, 2014 9:07 PM

"targeted surveillance is probably necessary and inevitable"

A tacked-on shibboleth proving Matt Green knows which side his bread is buttered on at Johns Hopkins. The rest of the writeup coheres.

AnuraDecember 29, 2014 10:04 PM

RSA is more susceptible to side channel attacks than AES. It's also significantly slower. You are better off using multiple ciphers with different keys like mixing AES with Salsa20 (combined with a message authentication code, of course).

tyrDecember 29, 2014 10:13 PM


It might help to have a short history lesson.

In 1941 there was a coalition of nations bigger than any previous one.
It was equipped with leading edge technologies, had demonstrated its
battlefield superiority over every opponent. Its opponents were sunk
in dis-array and confusion and humanity was under a black cloud of
gloom. It looked invincible.

Today we have a similar situation. But by 1945 the bombed out rubble of
the invincible and the hanging of its government criminals put an end
to their dreams of empire.

The historical precedent is clear for even the dimmest to read and be
able to understand. When the tide turns as it always does, you do not
want to be on the side of those who make unjust laws, take unjust
actions or disobey your own countries laws. Just following orders is
not an excuse to save you from the tribunal that will hang you.

The good people of the world have always out-numbered the bad and as
they have the time to build a clear case against the bad they will
prevail over any foe.

We can now return to technical nitpicking and a search for some surety
that what funds the current clusterfuck won't destroy society before
they get hung.


ThothDecember 29, 2014 10:23 PM

@nitzekins
Not sure if we could look up to Matt Green any further.

In response to what he said in his last sub-header of "A note on the ethics of the leak".

Although surveillence is just a feature of a modern communication network that has flipped from freedom into some kind of abyss of sorts, it is the rights of citizens to know what is going on and where their tax money goes ...

@all
Regarding the still missing results on Truecrypt audit Part 2 ... what is going on ? After sometime, the part 2 results or even partial results or raw data does not even see daylight.

Not wanting to put the hurt on the fundings for OpenSSL/LibreSSL, GnuPG, Tor and all the other security research and projects but the fact the truth is ... do we still hold onto the past and not want to move forward to an improved future ?

Mirage OS is creating a Haskell-based SSL implementation (assuming the high assurance nature of Haskell programming and the team are building a high assurance OS kernel). Why are we still sitting on low assurance and bloated OpenSSL when it's about time we take the evolutionary leap we have been pushing back all these while.

Tor network is pretty badly bashed up by the more constant attacks of the HSAs (presuming it's not broken in protocol wise yet). The biggest problem is the endpoints for hosting Tor and the nodes themselves are not even assured to any degree. Trying to do security on a pathhetic endpoint yields at best half done jobs. About time we start to look into higher assurance (not going to expect the Quantum Leap into CC EAL 7+ Highest Assurance) which a few of us including myself having given advices regarding differing assurance levels of protection according to one's abilities.

For the most basic protection, we need researches into integrating lid switches onto chipboard computing devices like Raspberry Pi, Ardunios and Beagleboards inside a casing with these lid switches protecting them against a LSA-type physical intrusion and graduate to using an easy to make security mesh wrap to wrap the casing's interior and the circuitry with security circuit meshes that would zeroize key mats (at the minimal) on chip. Setting up a spare tamper battery inside the casing of these boards and detecting disabling/dead tamper batteries and then zeroize key mats would always be useful.

For MSA-type adversary in physical intrusion, motion sensors, temperature sensors, light sensors, humidity and air pressure sensors could be introduced and these are considered FIPS 140-2 Level 4 specifications (highest of the FIPS 140-2) if the key mats are properly provisioned according to FIPS 140-2 Level 1-3 as well.

It is abit hard to expect the community to integrate stuff like radiation sensors to stop X-ray of devices and detection of ion particles in use so that will be impractical unless for HSA defeating techniques.

I doubt this is the first time I am repeating on how to do physical security of devices and what to take note and I don't think this will be the last time. I may simply keep posting the same measures above (probably with upgrades from feedbacks) unless I am getting really tired of here :P .

Another routing protocol would be to base off @Clive Robinson's "Fleet Broadcast" method and formalise a secure and oblivious routing protocol over a "Fleet Broadcast". We need cryptographers and engineers working on the protocols and maths proves first. Using a UDP datagram based broadcast would be the first step in re-using the existing infrastructure.

The "new" adversary of security is HSAs in general as they do not simply display high capabilities but posess resources and actual capabilities if needs arise.

DanielDecember 29, 2014 10:39 PM

@nitzekins

I fail to see what was wrong with Matt Green's comments, you picked out one statement and took it completely out of context--he's not passing a judgement, only offering a descriptive statement. One which is correct.

The most interesting aspect of his comments to me is the one, "In fact, many of the documents seem geared towards actually protecting knowledge of NSA's cryptanalytic capabilities from NSA's own operational staff (and other Five Eyes partners)."

Winner winner chicken dinner.

My own intuition is that Tor is completely compromised by the NSA but only a small group knows it. They want their analysts to use Tor so they can spy on their own analysts. This is why the NSA seems so far behind on compromising Tor compared to other encryption implementations.

It's important to grasp that most of the information we are seeing was never intended for our eyes. So the question then becomes why did the NSA want their own staff to know X? If Alexander and others can lie to Congress they can lie to their own employees.

Clive RobinsonDecember 29, 2014 11:12 PM

@ Nitzekins,

Yes targeted surveillance is inevitable, it goes with the assumed right of the state to protect the citizens of the state from each other and from citizens of other states, and forms part of the basic pact between citizen and state which alows society as we know it to function.

It's what we see historically with Police forces and espionage agencies, and when kept in check and balanced with the needs of the citizens, it is in most respects better than the alternatives.

Problems arise when the checking process is insufficient in some manner and the process becomes unbalanced. The problem with the checking process is it is adversarial in nature and resented and fought by those subject to it.

The two main checking parts of society are the legislature and the judiciary. The problem with the legislature is it's in effect controled by the politicians, who's private aims and objects align less and less frequently with those who elect them. The fact that politicians can get away with this is a major failing of what is called "representational democracy". In some nations the judiciary is not independent of either the politicians or the citizens, and even in nations where there is supposed independence there is usually a system of patronage subverting the independence.

As has been noted before the price of freedom is eternal vigilance, if the citizens "fall asleep on the job" then it's unsurprising when they find themselves sold out for the price of a few baubles.

To many outside observers it's clear that the citizens of the US in general do not care in the slightest about their freedoms as long as the baubles keep comming. Thus is it surprising that those who are not elected buy off politicians one way or another to get the freedoms they want, which almost inevitably are not aligned with the freedoms the citizens might want if they could be bothered to stop chasing baubles and think about it.

If people want the strong checking to balance the power of the Police and Intel Community then, they will have to not just say so but actively fight for it, and when they have it, keep fighting to keep it, as anything less will allow the unelected to steal the freedoms away.

BuckDecember 29, 2014 11:36 PM

@Thoth

I am pointing at is to get those users who shrug their shoulders at security to realise how dangerous their mindsets are. Oh, an email account compromised? No probs, I will just ignore it since I am not using it anymore... WRONG!!! Right mindset is to tell all friends about compromise and not open emails, tell email provider to blacklist and not walk off (which most people do). That's just the surface of what I will probably publish very soon somewhere
Not sure what it's like in Singapore, but in FEYES country, one would probably be a lot better off with a bunch of pseudo-encrypted in-speak that means not-shit to any outsiders... At least we can clearly discount any potentially 'clever legalese' or 'evidence' implantation - correct.!? Cheers!! ;-)

ThothDecember 30, 2014 12:02 AM

@Buck
Not sure what you meant.

@I2P
It is a pretty new protocol (I2P) and is not as famous as Tor so it should be on the lower priority list or not on radar yet until it becomes more famous.

Buck December 30, 2014 12:12 AM

@Thoth

What I mean, is that your 'advice' is very dangerous for the uninitiated in our midst... Please don't encourage it further!

43939f83u4f98uDecember 30, 2014 12:26 AM

I2P is new? I must of had some weird imagination in 2003(1 year after TOR was a semi-public prototype)..

If I want to deanonimize TOR users I'd just use the API maintained by the TOR developers publicly who are going to cons once a month telling everyone the people who paid for their work can't possibly compromise it..

TOR API even shows in it's documentation which calls to get onion node data and how to randomly re-place yourself in the onion. 100% of what ANYONE needs to compromise ANY TOR user's anonymity..

Or,,,, just do what teenage kids are doing with botnets..

ThothDecember 30, 2014 12:38 AM

@43939f83u4f98u
Compared to Tor who have already been out there a little while longer, I2P is still considered a rather new kid on the block. We had to consider the time it was spent in the Naval Research Labs before it appeared publicly and then I2P came in only later.

FigureitoutDecember 30, 2014 1:12 AM

Markus Ottela
--Yeah I have some "drafts" tucked away and will probably revisit them when I'm ready. Need to get my "lab" up to speed and build up reserves for another loss I feel coming on (losing an old PC). But it's been long enough, I'll probably put together a TFC system eventually (just happen to be working w/ opto-isolators right now and definitely no stranger to serial comms too, there's even a DB9 port w/ the 3 wires already soldered just saying "use me baby!", what a nice coincidence :p) and we can try a little chat out (free testing for you). To be honest, it may be over a year though :( as I've got my projects crammed up (just got a touch LCD screen for my RPi, which I want to use as a visual for a net-tap or testing Android apps out; then school takes all my time (grrr). But one of my fave things is tacking on little things to existing systems, so I'm thinking a homebrew "net-tap" to further isolate and importantly monitor the eventual internet comms (just need yet another PC and prob. a 500GB HDD just to be safe in terms of storage).

Main thing though is to render the comms down and convert to hex or decimal, and slow them down, and chuck it all in a big text file; meh nevermind I'll get around to showing what I'm thinking.

In terms of old hardware, all my PC's are x86-based lol...f*ck. I do like the older HP-Compaq laptops, no (at least noticeable) camera and "hot" microphone, at least just a audio in port. 4 USB's, wish there was just one real serial port but no. It's nice for WinXP (f*ck the haters, it's nice for so many embedded platforms) or if I can get more either a linux/OpenBSD. Bluetooth module and wifi card are separate and easily removed. Problem right now w/ one I just got is a bad area of HDD (80GB which again takes up exactly 74.5GB like my other 80GB HDD's...) so it coughed up around 70% on Truecrypt disk encryption...So looks like file encryption until I get a new HDD (ugh).

Other old PC's are Compaq *again*, 20GB HDD, Celeron chip. I could dedicate to a nice node in my 'net setup up but I still want to use it. Then a Sony (arg!) Vaio which has bubbling capacitors so it makes me nervous if I lose it, probably need to replace them. And lastly I fixed an old Compaq Presario (my oldest), which had a bad RAM card and now boots so I need to image the HDD in case it dies too. Some of the real old assemblers for like Z80 I was planning for that or putting Minix3 on it; that's the best I can do on that PC in terms of trust, which I think still sucks...

That's not even all my projects lol (routers and old smartphones are handy and I *think* I can implement my dip-switch boot authentication scheme w/ an Arduino & LCD screen w/ an analog line), so quite a bit...

Cheers from USA and good luck to what you do next...

Stephen
--Gonna have to say more than a vague statement if you want me to engage (and you're not getting the whole of what the secrecy entails or means for businesses and citizens), which mine was vague as I don't want to delve into "common sense" and hopeless depressing and sometimes worthless meanandering topics like just watching the country slide into economic ruin and have to really use survival skills.

Thoth RE: physical security
--Don't just think electronics, some of my best detection methods require zero digital electronics and merely little objects to signify tampering (and break ins). It's b/c I assume attacks on the electronics, as far as I can tell, there aren't any "jedi mind tricks" like "pull" or "push" objects behind a physical barrier from exterior.

One practical setup that I feel is strong is a shed w/ no trees and at least 50-100 ft radius cleared (and a barbed wire fence to keep out animals/leaves giving false detection), and pebbles all around for audio. And then long distance radar for prior RF warnings (has to be robust meaning easy to eavesdrop to get the warning out and not be jammed). Back up power in case of simple 'snip-snip'. My thing is detect before someone can get their hands on something (and I'll want keys not stored there, mobile memory kept w/ me always, and not leaking when I use it).

I say implement what you're thinking (I'll probably get a working radar which triggers a warning (which I want timestamped w/ either nice terminal features or maybe a python script); which has been done a million times, but I'll make it a million and one lol), just don't burn your hand off you pyromaniac (thermite) :p.

ThothDecember 30, 2014 3:07 AM

@Figureitout
Physical security that yoou mention is called perimeter protection/security and is part of a plan for a secure location setup. What I am proposing is a different class called a device physical security. Both types of security is required. I assume physical location security is robust but device security is left open where someone like a friend walks in and knocks over or something along the line of a friendly looking person already beyond your physical location security defense.

One good industry example is a malicious engineer in an organisation. Of course you are not going to have support engineers and just yoourself to access (that's your use case).

In my experience, audio is not the best warning mechanism if you want to try and detect anyone crossing a pebble field. As one of my customers use to tell me, no one's gonna to listen to audio alarms of a secure machine because there's too much noise distraction and you might not be at the site.

If you are talking about perimeter location security, I would advise military style. Use a 2 layer fence with 3 ring concertina wire above each fence and a trench below each fence with another 3 layer stacked concertina wire per fence. Remember to make the trench narrow as possible. That would have been rated as good security defense and is heavily used in military installations and taught in military schools as a basic military training. For the more paranoid, immediately after the 2 fences is a 10 to 20 stacked or depth based row concertina wire mesh and that would literally stop a battle tank in it's tracks (still commmonly used in modern military setting). For civilian setting, just dig uneven ditches and cover it up lightly to get an intruder to break a foot. You can add some rocks in the shallow camouflaged ditches.

Thermite is only used for the extreme cases and it's not even remotely rare to see extreme destruction as shown in the LOPPER chip security used in US military hardware where a steel capacity encased a secure chip inside with a shape charge as it's "buddy".

What I am trying to put across is multiple layers of security. You can decide whether you want to use the advises given by me, Clive Robinson and Nick P on device security or not. It is up to individuals to decide if they need/want it.

Clive RobinsonDecember 30, 2014 8:10 AM

@ Figureitout, Thoth,

When it comes to macro physical security, history has a lot to say on the matter of earthworks, ramparts and fortifications. However one thing that always comes up eventually is that they get bypassed in various ways, often to the simplest, and with hindsight most obvious attacks. An example being large bundles of twigs, sticks and branches being dropped on top of barbed wire filled trenches, to allow vehicles and foot soldiers to cross them quickly and relatively conveniently. A look at some of the British "funnies" for the D-Day landings tells you a lot about such things, and goes a long way to convince people that "Static Hard Points" are nolonger realisticaly defendable unless heavily manned. And a look at modern smart weapons removes even the idea that they can anything, the earliest example being the use of VT (proximity) fuses by the alies during the battle of the bulge. Put simply the VT fuse turned artillery shells from "hole making" to "air burst" shrapnel spreading, making their effective kill area orders of magnitude greater and decimated German foot soldiers and light armour vehicles.

However all smart weapons realy do is make weapons more accurate --at considerable expense-- so that you don't have to use as many of them or they can be smaller etc. For all the inherant smartness they only provide any advantage when a target is correctly identified and the smart weapon can actually be brought to bear on it. Thus modern defence tends to rely on not being an identifiable target against which modern weapons can be deployed. This is achieved by camouflage, misdirection and mobility. Smart weapons may be very effective at hitting a target, but first you have to have the correct target to aim at, and as has been seen repeatedly with Drone bassed attacks even technicaly unsophisticated enemies can work misdirection very easily, and when combined with camoflaged mobility the high tech weapons and intel systems used for targeting are easily thwarted.

This is in effect a David-v-Goliath senario in which David has a significant advantage, and as for Goliath as has been noted "the bigger they are the harder they fall".

Camouflage is at the end of the day an imperfect attempt at being invisable. The trick is to not provide signals above the noise floor, or as it's often put "be down in the grass". Obviously the signals you radiate either activly or by reflection are many and varied and this is why multi-spectral systems can be effective in stripping camouflage away if --and only if-- there is sufficient differentiation between the object being camouflaged and what is around it. Thus whilst it is difficult to hide a brightly painted car in the middle of a field, it's fairly easy "to loose it" in a full carpark. Thus whilst it's not possible to be invisable it is possible to blend in such that you cannot be identified. Obviously it is easiest to blend in when the suroundings are as close to your natural signiture as possible.

An example of this is the explosive "det cord" it looks so similar to plastic washing line, that sometimes the only easy way to tell them apart is to cut them. There are a whole host of stories from "the troubles" in N.I. of squadies cutting washing lines full of drying clothes to --supposadly-- check (what is not clear is if it ended up as being a minor method of intimidation of the "paddies" or not).

The point being if you want to hide a lab or commcen etc is you have to either camouflage all it's signals which is difficult or put it in a place where you only have to camouflage one or two, or preferably none at all.

The same thinking applies to the micro and nano worlds as well when you build systems. As has been discussed befor a micro SD card in a hollow coin is going to be difficult to find in a pocket or purse full of similar coins.

However a hollow coin is going to be easily detected by X-Rays or by a couple of pairs of pliers, and it's at this point you need to switch from the passive hiding of camouflage to the passive defence of physical security, to buy you the time to actively destroy the coherence of stored information.

In the ICT world the "smart weapons" can be very smart, thus camoflage, misdirection and the equivalent of mobility need to be the first areas to work on, however system design would generaly work the other way, that is you first design an information container that it is easy to destroy the coherence of the information and work outwards.

When designing a system I concluded that destroying the coherence of information by physical means was unreliable at best and always involved potentialy dangerous energy sources that had all sorts of additional constraints on storage and use. I concluded that the easiest way to ensure the destruction of the informations coherence was to do it prior to entering the container. That is use a reliable method of encryption, and not have the key stored in or brought near the container and decryption likewise carried out in a physically seperate device with no storage capabilities (Similar reasoning applies not just to the storage of information but it's transportation as well). It is only when you have this level suitably sorted out that you can progressively work your way up the chain.

PeterDecember 30, 2014 9:12 AM

@Daniel, Re: "It's important to grasp that most of the information we are seeing was never intended for our eyes. So the question then becomes why did the NSA want their own staff to know X? If Alexander and others can lie to Congress they can lie to their own employees."

lol! did you even read it?

ThothDecember 30, 2014 9:13 AM

@Clive Robinson
That is a very rich food for thought :) .

A dump en/decryptor that simply stores nothing and you load the keymats, use a password to unwrap the keymats and simply forgets everything after the session.

NitzekinsDecember 30, 2014 9:34 AM

@Daniel (10:39), to test whether Green's assertion is normative or descriptive, just plug in a substitute subject: "sexual exploitation of children is necessary and inevitable."

Which makes you wonder, those hot naked intercepts passed around by the young bucks at NSA - have they been reviewed for compliance with 18 U.S.C. § 2252A?

AdjuvantDecember 30, 2014 1:24 PM

@ Figureitout, Thoth, Clive:

Regarding physical security:
in appropriate settings, never discount the alert value of appropriate livestock.
One might, for instance, consider a Guard llama: http://en.wikipedia.org/wiki/Guard_llama

Failing that, I've had a former Australian SF guy suggest to me in all seriousness that a small herd of goats can be highly effective.

Ha-ha, only serious.


citizen0December 30, 2014 3:23 PM

Would be nice to have more professional insights on how broken:
- VPN
- TLS/SSL
- SSH

really are or whether this is just journalist's opinionated panic...

HansDecember 30, 2014 4:32 PM

@Skeptical

I think a balanced approach to privacy must acknowledge both sides of the tradeoffs coin, and seek solutions that mitigate both sides.

Said like a true fear-mongering scared sheep. We had a balanced approach to privacy that worked well for a long time. The government was required to obtain warrants based on probable cause before beginning surveillance of its own citizens. Then sheep that think like you started going to secret non-adversarial courts getting secret interpretations of laws and twisting the meaning of common dictionary words.

Thanks, but I'd rather take my chances with AQ than trust your kind again that we agree on the meaning of "balanced" or "collect" or whatever.

PaulDecember 30, 2014 7:40 PM

Re: "balanced approach to privacy"

We already have that. It's called 'getting a warrant.'

ThothDecember 30, 2014 8:16 PM

@Adjuvant
Wouldn't it be better to use Clive Robinson's tactics whereby no one knows you are using/hosting a critical service like a Tor Guard or Exit Node ? Plausible deniability of hosting techniques would be very helpful in ensuring they don't know where the physical machine is at. Portability and dynamism of the machine and protocol is very useful.

PeterDecember 30, 2014 10:03 PM

Looks like LEOs are considering independent investigations of SPE hack submitted by foreign security firms such as Norse, conveniently after The Interview made tens of millions in just a few days. Hey, why not throw all the other bad boys under the bus, right?

Frankly, the movie wasn't great, but decent, the kind of movie to go for on a first date. I'd recommend it to anyone who hasn't seen it. :^)

Clive RobinsonDecember 30, 2014 11:18 PM

@ Peter,

The Interview made tens of millions in just a few days

I wonder what percentage went to see it because of the media noise, or because of some sense of faux nationalism... or possibly out of gruesome curiosity...

For some reason a film widely portraied as about murdering someone in cold blood even if in a humourish way --if that's even possible-- does not strike me as "first date" material... perhaps I'm getting a little conservative ;-)

WaelDecember 31, 2014 12:18 AM

@Clive Robinson,

murdering someone in cold blood even if in a humourish way --if that's even possible--
Yup, it's possible. Doesn't qualify as "cold blood", though. But funny.

Clive RobinsonDecember 31, 2014 1:05 AM

@ Wael,

This smart phone does not do "U-blube" for various reasons to do with malware, so I guess you'll have to "tell all".

However thinking back there was a scene in "A man with two brains" involving a somewhat attractive young lady with a very irritating voice, but then I remembered he did not actually "give her the shot in the end" so he did not murder her...

WaelDecember 31, 2014 1:38 AM

@Clive Robinson,

I gotta say something about this thread first: NSA can break anything. I believe they can factor large numbers, end of story. The poor bastards they captured in Area 51, hanger 18 taught them how to do it. And if they forgot how, then there are other weaknesses, backdoors, front doors, snitches, etc... You can't hide from them.

This smart phone does not do "U-blube" for various reasons to do with malware,
Now about U-Tube, I'd rather send you a new smart phone than narrate the clip for you! So I was right after all, eh? Takes you two+ years to admit?

Coyne TibbetsDecember 31, 2014 1:48 AM

@Skeptical: "That kind of thing isn't in the interests of anyone who cares about human rights,... "

Translation: "Anyone who thinks this is about human rights should mind their own business." I haven't heard such double-speak drivel since that created for George Orwell's, 1984; and this is your opening argument.


@Skeptical: "First, the documents are strong evidence that projects devoted to information security and privacy (including anonymity) can flourish in the US without compromise."

Without compromise by who? It's positively not the citizens who can avoid compromise; since the NSA expects us to compromise on everything. So, it must be the NSA that gets what it wants without compromise.

I also think "flourish" is the wrong word. We already know that businesses are being harmed overseas by all the demands of our "security" apparatus. Also, given the government's increasing efforts to crush "projects devoted to information security and privacy", maybe "subsist" would be better than "flourish".


@Skeptical: "...[NSA is] aware of the tradeoffs inherent in the presence of vulnerabilities in those tools."

They sure are: No vulnerabilities, no snooping. Which is clearly unacceptable, therefore there must be vulnerabilities in everything.


@Skeptical: "...bad actors (AQ operatives) are using the better privacy tools."

And here's the case you use to prove your point. Which is: We must have vulnerabilities or we will all die at the hands of al-Qaeda!


@Skeptical: "...'catastrophic' probably shouldn't be taken literally as it might in other uses of a risk matrix."

Since you seem so familiar with NSA and Military Intelligence, perhaps you could elaborate exactly what this is supposed to mean. Aside from what it appears it should mean: "extremely unfortunate."


@Skeptical: "...the GCHQ presentation on BULLRUN contains little mention of the deliberate introduction of vulnerabilities into commercial software."

And this means what exactly? Let's translate: "They said little, which proves there is little." Oh, I see, it means nothing, since it is a logical fallacy.


@Skeptical: "...is about as far from whistle-blowing as I can imagine,..."

The problem is that, for you as for NSA, whistle-blowing doesn't exist. That is evidenced by your very first statement, which boils down to: "Mind your own business." Whether the "leaker" revealed that the NSA drinks lots of coffee-or perhaps that NSA nuked Moscow to get rid of Snowden-you still would maintain that it's no one's business but NSA.

Your "imagination" is disqualified by your partisanship. NSA is also disqualified; same reason. We need an arbiter just a little less myopic to decide whether Snowden is a whistle-blower or a terrorist.

ZakhariasDecember 31, 2014 8:05 AM

Silly sheeps don't get it.

Everything said here about the latest Snowden files is silly.

1. Cracked algos are dead. Point. And thats everything that can be read from the files.

2. Any algo described as non decipherable is no argument for its security, the files are years old. That algos _WERE_ secure, nobody knows whether they _ARE_ secure now. And that even under the following preconditions:
2.a. Snowden files are no fake. (highly possible)
2.b. The Snowden files span the complete knowledge of NSA. There is no hidden knowledge, no Black Chamber inside the NSA. (No one knows.)
2.c. The published files are not censored (in fact they are) and nothing important was left out. (Unlikely with the amount of files. No one knows which material was destroyed during the freak-out of Greenwald and Pointras. No one knows what remains unpublished.)

3. The NSA is not the only player. It is unknown if other countries could decrypt: Russia, China, India, Arabs,...

Quote from the Packet Forensics brochure: "Lulling users into false security."
Remember the HTTPSEverywhere --> Hearthbleed thing?

The material published is _NO_ proof for security of a certain algo.

Clive RobinsonDecember 31, 2014 9:19 AM

@ Zakharias,

1. Cracked algos are dead.

If it was the algorithm of the cipher, possibly, but not if it was another part of the overall system.

There is an old saying that "Software = Algorithms + Data", but that is only part of the story you need to remember "Systems = Protocols + Algorithms + Data" at the higher levels of the stack. That is software functions or subroutines are realy about algorithms and data but the overall software combines these as protocols, often as the parts of standards.

Thus you can break the system at the data layer, the algorithm layer, the protocol layer or even the standards layer, or the implicit interfaces between these layers.

What these documents don't show is what has been broken, how and thus at what layer. Without that knowledge all we can do is guess.

But even at each layer there is ambiguities take many of the mathmatical based algorithms, the algorithm it's self might have a flaw which limits the scope of the attack to that algorithm or the flaw might be at a more fundemental layer, such as finding a way to solve one way functions and thus destroying an axiom of the proofs of whole classes of algorithms (I'll let others describe what the effects of say finding a very economical way to factor numbers into their constituent primes).

But systems have another issue to consider which is "In theory they are secure but in practical implementations they are not". AES amongst other block ciphers are known to suffer from this problem, I have been warning about it on this blog for so long now that the warning has longer wiskers than I have. However even when explaining it in detail, prior to the Ed Snowden revelations the majority of people did not listen.

I actually accused the NSA of rigging the AES contest, and was given the hint by others here that I was seeing things. However over time people realised that the code they used from the AES contest had multiple side channels due to "Efficiency -v- Security" issues and started to fix some implementations. However there are still plenty of broken implementations out there in bespoke closed source code and embedded systems.

So in the case of a bust AES implementation which do we stop using, the implementation or all systems using the AES algorithm?

The answer is complicated, in theory just the broken implementations, however humans have major failings especially when money is involved, so I fully expect broken legacy implementations to be around for the next quater century at least, longer if they get into medical implants or low end infrastructure like smart meters. Thus maybe we should ditch AES and replace it with an equally "theoretically secure" algorithm, which is also designed from the get go to be "practically secure" as well by avoiding timing and other side channels (if it's realistically possible).
Security of systems is way way more complex than just the algorithms, protocols or standards, we have to think about the practical and human elements rather more than we do the theoretical elements. Because at the end of the day compared to the other two theoretically secure dificult as it is is way way easier.

The best we can do with these documents is use them not as proof of anything, but indicative that systems and their implementations need further examination and potentially mitigation.

Clive RobinsonDecember 31, 2014 10:13 AM

@ Wael,

I gotta say something about this thread first: NSA can break anything... ...You can't hide from them.

When it comes to communication, then yes you can not hide from the NSA or other Five Eyes or equivalent organisations. However I can show that they are neither omnipotent or omnipresent, and thus even if they may be able to "break anything" they control, they can not "control everything" nor "see everything" thus there are ways to mitigate their surveillance activities to the point where only "Rubber hose" techniques are available to them as an investigatory tool of previous secure communications, and even that will fail to be of use to them with certain mitigations.

Thus we are left with two issues. Firstly the issue of the "second party reliability" or as once put the "forty pieces of silver issue" can others be turned by ideology, blackmail, bribery or other human failings. The second is "end run issues", that is at some point for a human to be able to communicate the plaintext needs to be in one of the five senses currently available to humans, thus can the plaintext be intercepted by a third party.

There have been solutions to the first problem proposed but they are mainly the stuff of nightmares and deranged thinking. Thus for normal persons the solution is the "gain loss balance" if they have more to lose by betraying you than gain, then whilst reliability is by no means guaranteed it is somewhat enhanced. However there are some interesting multi-party tricks that can be employed to not just detect unreliability but reduce or nullify it's effects. One such is the firing squad technique where it takes all of the multi parties to miss for the required action not to be carried out. Further defectors can be detected by examining the bullets that went wide and comparing to the rifling and other unique marks made by the guns issued to each member of the firing squad. This idea can be modified in many ways to fit different means and circumstances, if those "second parties" are aware of this then defection is considerably less likely. Whilst the firing squad protocol ensures desired outcomes are of a greater probability, it does not stop information betrayal to a third party. This can be solved in various ways by making the information pass through two or more distrusting parties in series in a way that each party may or may not transform the information dependent on some condition within the information. The result is that each party does not know if the information they have is true or false, thus passing to a third party is rendered fairly pointless.

The solution to the second problem is in part "mobility" it is difficult enough to get end run attacks to work with repeatedly used locations, whilst not impossible it becomes extrodinarily difficult when the "target" is both aware and OpSec proficient.

Thus there are mitigation stratagems against the NSA et al if you want to use them correctly from the get go.

Nick PDecember 31, 2014 11:35 AM

@ Coyne

I already did. It was about open and shut when I looked at just the facts of the case, nothing more. People's emotions before that point had polarized them into a for-him or against-him mindset. That didn't make sense to me given a person can simultaneously do good and evil. He certainly did by our legal standards. And I'm not talking technicalities either.

SkepticalDecember 31, 2014 12:06 PM


@Dirk: It really doesn't matter which US tools or (cloud) services you are using for whatever purpose if you are not a US citizen. Under current US law, non-US citizens in essence have no rights. Check out Caspar Bowden's slides on the issue from 31c3 .

For some reason I can't view those slides, but within the US all persons have certain rights, as do US companies. To the extent those slides state otherwise, they are wrong. Outside the US, it's a different matter.

Weakening, backdooring or otherwise subverting any algorithm, protocol, standard, application or appliance makes all of us less secure.

I think that this is actually a much more complicated question than as it is often presented. Specifics here will matter greatly. I'll take a really obvious case, from which I would draw no general policy conclusions, simply to make the point. Suppose "we" refers to a small task force in a hostile environment. Due to the enemy's use of certain devices, the enemy's communications are compromised via a method that requires extensive application of highly specialized and expensive resources, resulting in the provision of timely tactical intelligence to the task force, which enables them to exploit the enemy's plans, accomplish their mission, and minimize casualties. Later, when personnel of that task force rotate off deployment, perhaps they end up using similar devices and protocols in their day to day lives. Have they by any meaningful measure, on net, been rendered less secure? Probably not. There's a tradeoff for them, to be sure, but in that case the tradeoff is probably positive on the side of leaving a means of access to those common devices.

Now I chose a truly obvious case, and one that applies to very few people, just to make the point about the importance of specifics. In other cases, the tradeoff will come out on the other side: the means of access in the device (speaking loosely - apply it to anything from physical hardware to algorithms) may result in such a loss of value as to outweigh whatever benefits are drawn from it. And in many cases, there simply won't be an obvious answer.

I'm increasingly persuaded that there are no easy answers here.

@Nick: I disagree that leaking it is damaging to the U.S. The methods of how to produce secure systems are well known and taught in hundreds of universities worldwide. Many details are in papers and books freely available to the general public. A few commercial products are available with design documentation and/or code. Going from there, the NSA slides on phones and smartcards showed they were actually pretty far behind the public sphere. They're doing prototypes of unknown quality while commercial sector are shipping products leveraging good techniques and academia (including foreign) is making prototypes with better properties.

They are absolutely damaging. The only question is the magnitude, which is nearly impossible to assess without knowing a lot more about the planning and operations of potential adversaries.

For example, information that tells you the rough level of NSA's capabilities could be incredibly valuable for planning purposes. It might tell what you do need to worry about, and what you don't need to worry about. It might tell you that the whispers from some of your sources about the wizards of the puzzle palace are exaggerations. It might tell you that one of your human sources is actually duping you for personal profit or as part of a counterintelligence operation. It might tell you that the compromise of one of your own intelligence operations did not derive from a penetration of your communications but from a human source. It might tell you that you should have more confidence in the fruits of one of your own apparent penetrations of a protected US system. Etc.

Even the most seemingly innocuous information, such as reports about what students worked on while doing a summer program at NSA, could furnish useful targeting information for foreign intelligence operations.

Let me drag an example out of the not too distant past. When President Reagan began to talk about SDI, many in the US dismissed it as technically beyond US reach for the foreseeable future. And indeed, it seems that Reagan himself was unaware of the technological limits before he made it part of US policy. But it deeply frightened the Soviets, who took seriously the possibility that the US could develop such a capability. Had the Soviets obtained reliable information that US technology was at a much lower level, they might have reacted quite differently and in a fashion less costly to themselves.

These are all harms that are difficult to enumerate with specificity to a journalist, to whom they may sound like imaginative speculation and nothing more. Hence the practice of redacting actual names in these documents, and some of the more obviously relevant operational information, but leaving in huge volumes of information that may not place lives in imminent danger but which furnish numerous advantages to adversaries, some that may prove highly significant.

We look at a lot of this information from the perspective of potential government abuse. What does this tell us about what the government might do to us?

It's an important perspective, and a valid perspective.

But - given human history - we should do a better job incorporating another perspective as well: if there were to be a major war in the next 20 years, how might all of this leaked information, in aggregate, have helped what will certainly be the adversaries of liberal democracies? It's not an easy perspective to acquire, because most of us have never lived when two great powers went to war with one another. All of our lived experience is with the threat of government oppression or the threat of violent non-state actors. And for many, the majority of their lives, if not all of their lives, have occurred in a window when Western democracies have been practically untouchable by any external threat - so much so that it seemed only internal oppression could ever pose any danger to our liberties or welfare.

It requires linking our imagination with a sound knowledge of history to really understand the future potential for surprise: for the war we that seemed unthinkable, caused by a confluence of a small factors that we thought shouldn't matter. I am hopeful, and there is reason to be hopeful, but I doubt we have seen the last of major wars between great powers.

So... personally I'd like to see a lot more caution with the information being released. It doesn't harm the public not to publish much of this.

WaelDecember 31, 2014 1:00 PM

@Clive Robinson,

However I can show that they are neither omnipotent or omnipresent, and thus even if they may be able to "break anything" they control, they can not "control everything" nor "see everything" thus there are ways to mitigate their surveillance activities to the point where only "Rubber hose" techniques are available to them as an investigatory tool of previous secure communications, and even that will fail to be of use to them with certain mitigations.
I agree with that paragraph. And apparently so does NSA. Thus the Modus Operndi of collecting everything they can to make up for the two deficiencies resulting in their capabilities asymptotically approaching omnipresence. Omnipotence is not attainable by a human with five eyes or fifty...

Clive RobinsonDecember 31, 2014 2:31 PM

@ Wael, (and others),

Have a chew and a mull on the rest of it, it should give "sufficient meat for food for thought".

Oh and as it's already started east of here somewhere have an enjoyable New Year festival, and a prosperous year to come. Oh and if you celebrate on a different date I hope you enjoy that as well (I will certainly be celebrating Chinese New Year as it falls close to my and others birthdays so is a good excuse to go and have fun ;-)

Coyne TibbetsDecember 31, 2014 2:38 PM

@Nick P: People's emotions before that point had polarized them into a for-him or against-him mindset. That didn't make sense to me given a person can simultaneously do good and evil. He certainly did by our legal standards. And I'm not talking technicalities either.

This is all very true, especially the first sentence of the excerpt: People are very polarized, which is a poor way to decide criminality. (That's why we have impartial judges and written laws.)

I was taking issue with the "as far from whistleblowing as I can imagine," statement on the part of @Skeptical. Of course he imagines it to be far from valid whistle-blowing, since there evidently is no such thing, to his mind.

We could likely write this as an equation: "Leak = espionage; whistle-blower justification = not possible." Whether or not that is a valid perception of Skeptical's mind: NSA certainly uses that equation in its evaluation of leaks. To the NSA, there is no such thing as public interest; except as the NSA decides in its "flawless and lawful" policies and activities. It acts as a law entirely unto itself; oversight of any kind, including whistle-blowing, is unacceptable. Hence, the equation.

So now, your article. At least you're using criteria which appears to have some discrimination as to what is or is not justifiable as whistle-blowing. Criteria that appear designed to protect the public interest as well as NSA interests. (I'm not saying I fully agree, but I could live with it.)

If, in the end, Snowden loses on that criteria, well maybe he should.

DanielDecember 31, 2014 3:15 PM

It's true enough the the NSA isn't a panopticon and that they can't do "magic" but it's also besides the point. Risk is probability times loss. We know what the loss is with the NSA--it's goes all the way up to torture. It goes all the was down through parallel construction. It ends with killing Americans abroad. So even if the NSA only has a 1:100 odds when the penalty for getting caught is so high not many people will takes those types of risks. And even among people who are just trying to guard their privacy there is a risk of getting caught up in all that mess.

So the NSA doesn't have to get everyone. They only need to get enough for FUD. If they torture and kill enough that the people have to take the FUD seriously the NSA have won.

Nick PDecember 31, 2014 3:56 PM

@ Coyne

I see what you're saying. Makes sense. Yeah, I'm trying to use as fair and neutral criteria as possible in my judgments. Debate would continue on grey areas like wasteful programs like Trailblazer. They aren't strictly illegal, but the public should know about the mismanagement. More work needs to be done on criteria for such situations that balance needs of both sides. I'm also for leveraging groups like GAO that regularly challenge the other agencies as somewhat trusted third parties. A leak could go to them instead of general public with them then presenting it in a sanitized way that conveys problems without secret exposure.

More work to be done...

Clive RobinsonDecember 31, 2014 4:15 PM

@ Coyne Tibbets,

With regards your evaluation,

Whether or not that s a valid perception of Skeptical's mind: NSA certainly uses that equation in its evaluation of leaks. To the NSA, there is no such thing as public interest...

In essence you are portraying the sociopath view of the world, that they belive they are right irrespective of any other viewpoint. I'm not entirely certain that Skeptical is as reasoned as that. If you look at,

    They are absolutely damaging. The only question is the magnitude, which is nearly impossible to assess without knowing a lot more about the planning and operations of potential adversaries.

You see a compleatly unsupported assumption given as an assertion. This is more indicative of an authoritarian follower trying to avoid using reason, it's a sort of "slogan mentality" you will have seen with the "Tea Baggers" and their ilk.

Then you see an interesting turn of phrase which contradicts it with "nearly impossible to asses" when talking of the magnitude of the supposed harms.

There is no room in that assertion that there may be good, or heaven forbid it might outweigh the harms which by admission may be so small as to be unmeasurable.

It is a "My Country right or wrong" mentality that unfortunatly has as history shows condemed not thousands not even millions but tens if not hundreds of millions to early graves.

It is an attitude that the likes of Stalin could only dream of in his citizens, and led to the likes of the Nuremberg trials.

It must be nice to have such certainty in your life that you know those you favour are Angeles whilst those you don't are Devils, no room for uncertainty, doubt or impartiality, just march forward and "tie them to the stake" or "hang them high".

You would have thought people would have learnt more from the events at Salem and the later McCarthyism.

JestInCaseDecember 31, 2014 4:48 PM

@Skeptical

“So... personally I'd like to see a lot more caution with the information being released. It doesn't harm the public not to publish much of this.”

‘Harm the public’. That’s interesting. What could possibly go wrong with our senior intelligence service collecting and collating all of the electronic communications of a terrifyingly large percentage of the US population? How many employees of this, our NSA, have access to my information? How many of the contractors? How many of the employees of said contractors? Can you provide any assurances that the contents of my communications will not be available for anything other than national security? Not likely.

I have read many of your posts (like, all of them for the last year). Overall, I would say that you are a rational person who is passionate about her beliefs. You have demonstrated a level of political knowledge and history of intelligence operations that prompt me to ask you this: How far up the ‘chain’ are you? You have been accused of being a shill for the NSA. I’m not certain whether you are or are not, but it is an interesting question to have answered.

You write well. Your points are usually compact and intelligently posed. You have a decent vocabulary and know how to use it. Most of the ‘usual suspects’ (those who post most often) have clearly defined their purposes. Most are not advocating anarchy. Most are looking for, or providing, answers to the technical side of communication privacy and security. Your purpose here, in this blog, is not clear to me. So, what is/are your intention(s)?

Off topic and not likely to be of interest to many/most:

My last interaction with you (Skeptical) was on the topic of the hacking of Sony. Two days after that conversation, my trusty Cisco router mysteriously went on the blink. Hard to believe that after many years of faithful service it would suddenly develop an upset stomach, but it certainly did.

Suspicious? To me, yes. Coincidence? Not likely as I am only allowed one coincidence per year, and that was used up last July. Random electronics glitch/failure? Possible.

In any case, I should state that rooting my router (ha) is a waste of resources. Yes, I do sometimes use Tails. Yes, I do use ‘nix systems sometimes. Yes, I do participate in various fora relating to security of coms. Yes, once upon a distant life, one of my hats was a distinctly darker shade of gray. No, I do not have any contact with foreign nationals. No, I do not advocate the destruction of any country. No, I do not have any desire to commit acts of terrorism and furthermore, I would not assist in any such act.

I’m fairly sure that the inquisitors have known all of the foregoing info for some time. The fact that my systems hadn’t been overtly compromised leads me to believe that I represent a very tiny entity of interest. So, what changed? My suppositions as to the identity of the Sony hackers? Good luck with that line of reasoning.

Am I concerned about the potential for additional attention by the persons who, presumably, hacked my router? Yes and no.

Yes, I resent any intrusion.

No, not really. I have assumed that whatever coms I may have participated in were recorded and have been analyzed to death. More attention to ‘not much’ only results in more ‘not much’.

To whomever: I’m sure you know about two of the systems in my home office. I know that they are very likely compromised (P=0.75). What you likely did not know until now is that there is a third system. This one is not connected to the world, accepts only keyboard inputs, and outputs only in the usual side channels and to CD’s (to which some secret sauce has been applied). Physical security is provided by my four-footed friends. The small one is for the alerts. He yaps. The large one will only growl once as a warning. After that, you should consider how to neutralize a 180 lb. English Mastiff before she neutralizes you.

My boundless ego requires me to say that I’ll be pleased if the attention you may send my way will deflect the attention that was formerly directed to someone who is actually making a difference.

/Off topic

Nick PDecember 31, 2014 4:52 PM

@ Skeptical

I see where you're coming from. I'd normally agree about such things. The problem is that our defensive posture is known to our top enemies: thoroughly compromised. The DOD has been publishing reports for decades showing China, Russia, and others have thoroughly infiltrated our classified programs. Nuclear secrets, IT, and so on were taken with us rarely catching those doing it. This is true for business I.P. even at defense contractors and security-focused companies. The current state of things is that the enemy knows more about U.S. government and commercial defensive posture in practice than those organizations themselves. And they're winning.

Now, starting with that DOD-acknowledged reality, we have the leaks of U.S. INFOSEC research. NSA claims to be protecting networks, doing cutting edge research, etc. The specifics leak. They show NSA to be far behind public sector on many fronts, wasting money on routes long proven insecure, promoting insecure products, and generally doing a bad job on defense. The enemies gain nothing as they already know how insecure U.S. organizations are. The public, however, can connect the dots between the NSA's actions and the devastating results that came from them.

Therefore, there's no provable harm from the leaks of such INFOSEC activities, there is provable harm by NSA/DOD's incompetence, and many stakeholders can push NSA or its oversight toward directions that might actually make us more secure. Or, as I prefer, put INFOSEC in the domain of an organization that's actually been producing results (eg DARPA, GAO, NIST) with restrictions that make them free of NSA influence. If anything, the leaks show that the NSA is so incompetent at defense that they shouldn't even be allowed to speak at a cybersecurity conference. We would be better off hearing from an individual or organization with a track record of building strong solutions.

It also implies Alexander is being way overpaid for his consulting if he's building on what NSA did during his tenure. I could probably deliver them a totally secure platform in 1-2 years for that kind of money. He's probably giving them NSA garbage of the type that didn't stop Russia, China, LulzSec, Anonymous, Manning, Snowden, and so on. Leaks like this might have saved the banks a lot of money.

BroDecember 31, 2014 5:26 PM

The only sane person in the comments is "Skeptical". The rest are blowhards, paranoids, and disinfo agents spouting three-letter acronyms like Chinese firecrackers.

FigureitoutDecember 31, 2014 5:46 PM

Thoth
--Yeah that's where I focus. Once the perimeter's breached, there could be bugs inside so putting lots of things at risk. I like to open up my hardware again and again so having destructive "tamper-proof" locks wouldn't be good for me. Plus I like to remain practical (manufacturing these devices, which would hardly be made at home, is another risk).

Hasn't most of the "tamper-proof" devices been shown to not be? One thing I note on practically every PCB is all the test points, those would have to be done away w/too (thus once it breaks, major clues gone). Anyway, here's where the "security by obscurity" is the reality, otherwise just state how you get in the chip or use standard interfaces lol. I do like the devices that physically destroy programming interfaces when done (so long as you got the software right lol). I also like tweaking protocols and interface wires, having been bitten by that recently (still being bitten, hard now), it can really confuse you for awhile lol.

Practically though, just detecting an intruder and then letting them get away is no good. Likewise letting someone constantly break in and destroy your stuff by triggering the "self-destruct" is waste of time & resources. Thus I use traps. It doesn't take very long to see just how vulnerable our physical spaces are, so sometimes it's not worth the time.

Clive Robinson
--I've seen a large company by-and-large do physical security right (you can only take it so far...). Then let someone in using a completely different badge lol. All fenced in (sometimes using just overgrown weeds to be really annoying to crawl thru), entire premises on camera. Many locations, all manned w/ security (which won't be up to snuff every second). Problem is all the contractors they need and are constantly moving thru, so someone malicious could easily "walk thru the front door".

Guess saving grace or "the equalizer" is attackers are just as vulnerable (as they attack, their home base is left to potential attack); b/c having a bunch of equipment set up in a static place is too handy to move to extremist measures like living in a boat or putting it all in a semi-truck and constantly moving lol.

Adjuvant
--Haha, oh man...one of my relatives just caught a bobcat that was just biting heads off chickens, not even eating them lol. Many times in suburban areas you aren't allowed to have any livestock.

Wael
NSA can break anything... ...You can't hide from them.
--Really? Think how much data is created every second...And as we could see they had some problems w/ OTR and PGP...It's just not true, too much shadow of a doubt.

Skep sniffs the madeleine and off we goDecember 31, 2014 6:12 PM

You can tell skeptical is dimly starting to suspect that he's a laughingstock because his 12:06 response is even less concise than usual - about as concise as À la recherche du temps perdu. Sadly, Skep's no Proust. His million words might be less boring if he wrote them in a cork-lined room and took sex breaks with merchant seamen, but no such luck, so now Skeptical is strolling down false memory lane about how star wars ['SDI,' tee hee!] scared the Soviets, that they're the only ones who didn't know it was a joke.

From skep's pompous and pedantic tone you would naturally think skep was on the ground and saw and touched and played with the Soviet star-wars response, uh, no, wait, that would be me. The Soviet response was less worthless than the US program and much, much, much less costly. Skep couldn't even tell you where their work was done. Yet again, more amusingly than usual, skeptical doesn't know what he's talking about. If bullshit was green he'd be a golf course.

What scared the Soviets was not star wars but intermediate range missiles in Europe. And did they respond beltway-style by pissing away lots of money on countermeasures? No. They mobilized European civil society. No only did they balk deployment, they brought Reagan to the table to negotiate what became 'his' [sic] proudest achievement, START. That is how Russians run rings around beltway dimbulbs like skep, then and now.

And of course skeptical wants you to think real hard and be afraid of the next war. Induced fear of the next bullshit war is how his fellow parasites shred your rights and suck up your taxes.

WaelDecember 31, 2014 7:03 PM

@Bro,

Now the questions that come to mind: Where is this place and when is it? What kind of world, where ugliness is the norm and beauty the deviation from that norm? You want an answer? The answer is...it doesn't make any difference. Because the old saying happens to be true. Beauty is in the eye of the beholder. In this year or a hundred years hence.
(a pause)
On this planet...or wherever there is human life, perhaps out amongst the stars.
(a pause)
Beauty is in the eye of the beholder. Lesson to be learned...in The Twilight Zone.

-- Rod Serling, http://www.raggededgemagazine.com/0103/0103ldc.html

Coyne TibbetsDecember 31, 2014 7:20 PM

@Clive Robinson: You would have thought people would have learnt more from the events at Salem and the later McCarthyism.

People don't learn such things; they tend to have a short-term focus on whatever advantage they can gain at the moment.

This is why we created republics and written laws; and why the decisions always must involve multiple groups in balance: Whenever the rules can be changed (or simply ignored) at self-interested whim or one group gets to be sole arbiter, we see the same problems arise again and again.

Clive RobinsonDecember 31, 2014 7:41 PM

@ Figureitout,

All fenced in (sometimes using just overgrown weeds to be really annoying to crawl thru), entire premises on camera.

That's not realy trying ;-)

A little story from my past for you, which will give you a picture from the sharp end as it were...

I don't know if you've watched Stanley Kubrick's 1987 film "Full Metal Jacket" or not but the last hour or so of it was filmed in the disused Beckton Gas Works on the north side of the river thames.

The place was horrible to say the least with broken concrete with deep pot holes full of dirty water and that nasty weed the nettle, with it's best friend the blackberry or as you might call it the briars with a nice selection of thorns. Oh and some had what we later found out was toxic chemical residues mixed up with coal dust and broken glass, all jolly good stuff along with a few animal turds and rat wee etc....

For the film they needed quite a few extras which is why for a couple of weeks I wore the GI uniform, and got a lot of free tea and food as well as getting paid a pittance to be there as did some of my fellow soldiers from the UK Sig regiment we were in. It was all supposed to be jolly good fun, but turned out to be what is sometimes called "charecter forming".

The thing is Stanley Kubrick was not happy with the Gas Works as it was (you can see how it started out in a James Bond movie filmed a few years earlier). So he demolished quite a large part and built fake hordings and other signs. Unfortunatly this disturbed a lot of the natural fauna and thus spread the nettles and briars around the place, crawling all over, under and through it under direction was not as much fun as you might think, and occasionaly it was dangerous due to broken glass and suspect pools of chemicals as well as brick slides etc.

The thing is the extras fell into three groups, those thespy types that did it between acting jobs --and would have failed a real army medical--, wanabies and us soldiers... guess which group got dicked to do the belly crawling and such like, yup us squadies. So somewhere in that last hour of the film you will see us in the background being cannon fodder to the action. Whilst you can see some of our faces at times, I've only been able to identify my back in one scene. It was interesting but it took quite a while for the wounds to heal afterwards, and no amount of free tea or grub could make up for getting thorns and nettles in places you would not believe it was possible.

So yup I know from practical experiance how to make a defensive area were the weeds bite any intruders, break arms and ankles and occasionaly give gashes needing real medical attention such as stiches and injections as well as those scissor like instruments for digging out broken glass and grit and god alone knows what from those gashes...

WaelDecember 31, 2014 8:29 PM

@Clive Robinson,

wanabies and us soldiers... guess which group got dicked to do the belly crawling and such like, yup us squadies. So somewhere in that last hour of the film you will see us in the background being cannon fodder to the action. Whilst you can see some of our faces at times, I've only been able to identify my back in one scene.
That's pretty funny! You must now give us a reference to that clip on U-tube! I'll chew and mull over the rest of the other stuff later...

FigureitoutDecember 31, 2014 8:32 PM

Clive Robinson
--Haha, I've spent a considerable amount of time dealing w/ weeds, thankfully I didn't have the pleasure of removing the ones upwards of 6-ft tall and the spikes go straight thru gloves...

Yes I've seen that movie ("damnit Private Pyle, wipe that grin off your face!"), after reading "Blube tube" comments on my "music" (if you can call it that :p) I got curious. Just searched it again and amazed google, VUDU, & amazon are charging for it...it's free on a simple google search lol...

I'm pretty familiar w/ blackberry briars, and just briars in general, definitely annoying if you're the "path clearer". A family member got stuck one time behind a bunch and stepped on a hornet's nest in a hole...yeah definitely a "Saw-like" scenario by Mother nature (you can live if run thru the briars).

So I'm not sure if you're "pulling my leg" but I don't think I need to see your backside to get an idea what you look like (a 7-ft tall santa claus like look eh? :p) and that partially explains something else I won't say, but it explains a lot lol (a "disappearing act"). You could be the one to confirm it, not me.

But what you're saying is to build a building around the river thames? :p No one wants to be there lol, it's actually part of my strategy...make it really uncomfortable being there. Man, last place I worked for I got a nice smell of "treatment plant" that fills air, then burning garbage and roadkill, and of course plenty of car exhaust. Combine that all w/ hard manual labor and 100+ degree (F) and you got "heaven on earth"...I'd do it if everyone else pussed out and it was life-or-death and I got paid decent, but nope, none of those.

Dirk PraetJanuary 1, 2015 3:01 PM

@ Skep sniffs the madeleine and off we go

His million words might be less boring if he wrote them in a cork-lined room and took sex breaks with merchant seamen, but no such luck

From skep's pompous and pedantic tone ...

Although there are probably quite some folks on this forum - including myself - who think of @Skeptical as a government mouthpiece, there is really no reason to indulge in this sort of abusive behaviour. Everyone is entitled to his/her opinion. I'm surprised @Moderator has let you get away with this.

Sancho_PJanuary 1, 2015 6:49 PM

@ Dirk Praet

Seconded.

@Skeptical pretty much represents the sentiment of a huge part of the Americans, probably the (voting) majority - although most of them by far couldn’t argue like him.
His comments are very valuable and welcome,
otherwise we’d miss the real world.
I do not see him as a government’s mouthpiece as I can feel his heart in most of his comments. Probably he’s an old (sorry, I mean experienced) lawyer / judge, but he’s on his own.

Nick PJanuary 1, 2015 6:54 PM

@ Dirk Praet

I agree. It's happened a lot since you were gone and especially after the Snowden leaks. Things started getting a bit like Slashdot. I'm trying to stay civil and focused on ideas debating people such as Skeptical. My concern with comments like those above is that it makes our side look like raving lunatics while giving the moral (and rational) high ground over to Skeptical. We must all remember that there's tens to hundreds of thousands of people who read without commenting, make decisions based on what they see, and then influence others. Being civil and focusing on the facts + well-supported opinions increases the odds readers listen to what our side has to say and maybe acts on it.

quick edit: @ SanchoP Excellent points on Skeptical being representative of many voters and informing on their perspective. He's not the only one. Treating such people like garbage changes nothing. Must understand them, help them understand the situation, and adapt our arguments via those discussions. I know his presence has benefited my own case against the NSA.

name.withheld.for.obvious.reasonsJanuary 1, 2015 8:47 PM

@ Skeptical

But - given human history - we should do a better job incorporating another perspective as well: if there were to be a major war in the next 20 years, how might all of this leaked information, in aggregate, have helped what will certainly be the adversaries of liberal democracies? It's not an easy perspective to acquire, because most of us have never lived when two great powers went to war with one another. All of our lived experience is with the threat of government oppression or the threat of violent non-state actors.

Two things;
1.) Years ago I worked on a project specific to SDI, most of the research concentrated on the computational system(s) and support.
2.) The project was compromised by an agent of a foreign country under the noses of the company and the researcher(s), except for me. I was noticing changes to the access times on directories on the research data server(s). My first thought was a backup was in progress but the archive bit and the RPC connection(s) didn't make sense. Tracked it down to another project that was running code embedded in the OS--happened to have access to the source and discovered a plain text domain name reserved for the target of the ex-filtration.

The point; irrespective of the intentions of governments, corporations, and organizations the tendency for public abuse of information happens at a rate that pales in comparison to the damage done by deliberate sabotage or espionage. Truth tellers, whistle-blowers, and journalists have far more influenced positive changes than the negative effects of deliberate misuse of power/capabilities/resources.

More damage is done by people exposing the banality or innocence of government(s) or official(s). Ignoring or re-framing the person behind the curtain as less than a threat results in conditions that can be seen in Germany in the 1930's. Only a 'bad' German would question the benevolence or motives of the state. A 'good' German would grab an arm band, a brown shirt, and their best marching shoes and get in line.

WaelJanuary 1, 2015 11:38 PM

@Figureitout,

Think how much data is created every second
It's not creation that's significant. What counts is how much data is "transferred". TLAs are improving thier capabilities for intercepting and storing this information either for real time analysis or post mortem. When I say "you can't hide" I mean: Once you become a person of interest on thier radar, you're pretty much screwed. A person of interest is different than a "Target", so I am not contradicting a statement I made previously. To elaborate: The population is the target. Out of this "Target", a few become "of interest". Since the volume of "information" transfer (or creation, if you insist) per second (sounds like information velocity -- the first derivative of information units with respect to time) currently surpasses interception and storage capabilities, avoiding "being a target" may mean behave in a way that causes you to be pruned out of the target population. Not sure that makes sense...

Clive RobinsonJanuary 2, 2015 1:15 AM

@ Figueritout, Wael,

It's not creation that's significant. What counts is how much data is "transferred".

Hmm it is the amount of data created that is the main stumbling block and likely to remain so for the foreseeable future.

This is because even if they could move all of it and store all of it, they just don't have the resources to process even a tiny fraction of it currently (though that will change as and when suitable AI becomes available, so it's just a question of time...).

In essence the NSA is trying to build a "CYA Time Machine" such that when an incident occures they can "go back in time" and listen/look at what the "known actors" did in the way of communication and try to work out who the other unknown actors are and who they communicated with and about what.

If the "incidents" were only of the type the US public could get behind --think four horsemen of the Internet-- then the NSA would not realy have any worries.

However they are not and when the likes of the IRS have been used for what looks like "political" targeting, US Citizens with above average intelligence start to think, "If the IRS... What about the NSA..." especialy with the stories of "LoveInt" etc showing there's nothing to stop it. Especialy if as various studies suggest over 60% of US marriages have at one time or another one or both parties having extramarital relations.

Further it's no real secret that the various law enforcment agencies see significant possibilities in amongst other metadata, phone location information to find not just drug dealers but their customers, and even gamblers and those who use prostitutes. Knowing full well the Politicos are going to support them in this, as not only does it help with their re-election but also it shows a return on the money stuffed into the NSA's pockets.

WaelJanuary 2, 2015 1:44 AM

@Clive Robinson, @Figureitout, @All,

though that will change as and when suitable AI becomes available...
Strange you mentioned that! I was thinking about it a few minutes ago. Was thinking when this level of AI is available, how the future may look like. What I envisioned is a completely automated system that collects all information and processes it. No human interaction needed. When such a system finds someone guilty of some law violation, it'll prepare a statement of incrimination, sends the evidence to that person to be summoned for trial -- and that's the "happy path". The not-so-happy path would be the following:
1) Person is suspected of some violation
2) An AI computer entity is assigned the case; call it the prosecutor
3) Another AI computer entity is assigned as the defense attorney
4) Prosecution and attorney litigate the case, while the "defendant" is unaware.
5) When the "defendant" is proven guilty, a drone is dispatched to do the deed.

The sad thing is that the procecuter in step (2) is a quantum computer with huge amount of resources and the defense attorney will run, by default, on a 386SX computer with 64MB of RAM. The richer and "more connected" the defendant is, the higher processing power they get assigned to them. Welcome to the future, one possible branch that our future may traverse.

ThothJanuary 2, 2015 2:39 AM

@Wael
That is one very bleak future you are predicting. Hopefully we don't get there or it would be like a Minority Report style society. I wonder how a drone would execute a person in a crowded street without harming or killing nearby "innocents" ?

WaelJanuary 2, 2015 2:43 AM

@Clive Robinson,

forty pieces of silver issue
Was still mulling and chewing on that post, until I choked on this sentence. What is it in reference to? Biblical?

WaelJanuary 2, 2015 2:50 AM

@Thoth,

Drones will be more advanced by then; they will hover close to the "criminal" and kill the convict with a bullet. Surgical precision without "collateral" damage. The sad thing is the victim's last thoughts would be (when he detects the drone): Oh, cool! The stuff I ordered from Amazon arrived! It's gonna be a nice weekend ;)

Some guyJanuary 2, 2015 6:14 AM

@Wael,

and the defense attorney will run, by default, on a 386SX computer with 64MB of RAM

That's quite the setup, as the 386SX can only address 16MiB ;-)

Dirk PraetJanuary 2, 2015 6:41 AM

@ Wael, @ Clive Robinson,

forty pieces of silver issue

I'm confused. If it's a biblical reference to the price Judas Iscariot betrayed Jesus for (Matthew 26:15), then it should be thirty pieces, not forty.

bobJanuary 2, 2015 7:03 AM

These are the documents that were published in June 2013, correct?

Since then, OpenSSH has seen several compromises, the latter ones resulting from security audits prompted by the earlier. As such, I will consider a carefully configured OpenSSH based system secure until I see evidence to the contrary.

Conversely, in the past year, a number of analysis attacks against TOR endpoints have, apparently, resulted in some success.

Clive RobinsonJanuary 2, 2015 7:12 AM

@ Wael,

Yes the original refrence is to Judas Iscariot's selling Jesus to the Romans "for the price of a slave" [1] which ended up in various Bibles in different ways, but it's meaning is used far wider.

Essentialy it's referring to a "turncoat", "traitor" or "Judas" who in effect "sells somebody to an oppressor" for immunity and some kind of gain. The essential point is they can only do this because they are an insider trusted by the person they are selling.

So in the case of an encrypted channel between two parties, the first person (you) sends to the second party (me) messages that the third party (oppressor) cannot read because the system used is sufficiently secure. For some reason I decide I can get some kind of reward (silver) by selling to the third party the encryption keys. The result you get grabbed by the oppressor and I walk away with the reward in my pocket. Legaly it's also used to be called "Giving King's Evidence" which even today is significantly abused in the likes of "plee barganing".

[1] When I was young I was taught "Forty" pieces others believe it's "Thirty", others say originaly it was just "the price of a slave" [2]. I'm further told that "Forty" is a magical or mystic number, because it's the first English number spelling where the letters are in alphabetical order and thus it's similar to trying to find 666 in Hebrew writings etc. That said Thirty is another magical / mystic number as it's the multiple of the first three primes. Any way the "price of a slave" supposedly ended up purchasing a plot of land called "Potter's Field" which was used to bury the dead, which is why some cemeteries and other places of internment are called "Potter's Field" either directly or as a slang name, so if you went to a town in the US some hundred or so years ago and asked about a person, rather than be told they are dead you might be told "They lie in Potter's Field".

[2] Some people debate what the value of "the price of a slave" is and these days it's a lot more than the supposed silver weight value would be (aprox 400GBP). It's said to be the equivalent of a quater of what you would pay for a labourer for a year. In the UK that would be the equivalent income of around sixteen times as much as the silver value.

BoppingAroundJanuary 2, 2015 10:15 AM

Thoth,

I would say his (Wael's) scenario is going to be real once we have everything to implement it. What and who is there to prevent that?

> I wonder how a drone would execute a person in a crowded street without harming or killing nearby "innocents" ?

Wait for him/her to get to a [relatively] desolate place. Unless your target is a bum that is literally living in that crowded place. There are plenty of other methods to unperson someone then.

Mind the remote weapons platforms. See this or this or this as an example.

I think this kind of systems could be utilised too.

Sancho_PJanuary 2, 2015 10:31 AM

@ Wael, Thoth, BoppingAround

”Was thinking when this level of AI is available, how the future may look like.” (Wael)

No worries, we won’t go there.

Instead we will hit a hard stop long before.
The reason is our natural intelligence wasn’t enough to see the other problem.

SkepticalJanuary 2, 2015 11:08 AM

@Clive:

If you look at,


[Skeptical] "They are absolutely damaging. The only question is the magnitude, which is nearly impossible to assess without knowing a lot more about the planning and operations of potential adversaries."

You see a compleatly unsupported assumption given as an assertion. This is more indicative of an authoritarian follower trying to avoid using reason, it's a sort of "slogan mentality" you will have seen with the "Tea Baggers" and their ilk.

Then you see an interesting turn of phrase which contradicts it with "nearly impossible to asses" when talking of the magnitude of the supposed harms.

But of course I gave a list of different ways in which the information could be damaging. And I repeatedly emphasized could or might to make the point that these are possible ways that the information could be damaging.

I also emphasized that we do not know the magnitude of the damage, (0,catastrophic], as such information may fortunately prove to be of very little use in the ways I mentioned (there are more of course, but the list is enough to make the point), or, less fortunately, the information could prove of great use. Unfortunately it's frequently very hard, and sometimes impossible, to tell which is the case.

Here is my paragraph again, to spare you the trouble of finding it in the list of comments above:

For example, information that tells you the rough level of NSA's capabilities could be incredibly valuable for planning purposes. It might tell what you do need to worry about, and what you don't need to worry about. It might tell you that the whispers from some of your sources about the wizards of the puzzle palace are exaggerations. It might tell you that one of your human sources is actually duping you for personal profit or as part of a counterintelligence operation. It might tell you that the compromise of one of your own intelligence operations did not derive from a penetration of your communications but from a human source. It might tell you that you should have more confidence in the fruits of one of your own apparent penetrations of a protected US system. Etc.
Even the most seemingly innocuous information, such as reports about what students worked on while doing a summer program at NSA, could furnish useful targeting information for foreign intelligence operations.

Hope that clarifies things.

There is no room in that assertion that there may be good, or heaven forbid it might outweigh the harms which by admission may be so small as to be unmeasurable.

Of course there is. To say that a leak contains damaging information does not exclude the possibility that it also contains beneficial information. The question was whether there is published information in these documents which is damaging. There is. And in my opinion, there is far too much of it.

It is a "My Country right or wrong" mentality that unfortunatly has as history shows condemed not thousands not even millions but tens if not hundreds of millions to early graves.

It is an attitude that the likes of Stalin could only dream of in his citizens, and led to the likes of the Nuremberg trials.

No, Clive, it's simply an awareness that many things are not binary, and that everyone is prone to error and bias in their thinking. If I had a "my country, right or wrong" mentality I wouldn't bother engaging in any discussion here, or in taking other viewpoints seriously. Part of what I value in these discussions is that I am forced to re-examine assumptions, to imagine different perspectives, and to consider my own blind spots and biases.

None of us is expert in every domain, and yet many of the most important questions that confront us as individuals and as societies occur at the intersection of many domains. It is at those intersections where we are most prone to biases and errors. And without doubt, the issues central to this discussion are at such intersections.

The experiences we have as an accident of when we are born can be the source of immense blindspots and can allow us to be very unpleasantly surprised. We easily mistake a temporary state of affairs for a permanent state of affairs. The discussions surrounding what to publish, and what not to publish, do not give sufficient weight to the damage they may do to liberal democracies relative to other nations. It may be distasteful for many to even think in those terms, and it may be difficult for most to think in those terms, so accustomed have we become to a time without major war, when external threats have been limited to enemies of very limited technological power and resources.

It remains to be seen whether this state of affairs persists, and the history of the last 100 years gives us reason to be very cautious.

One of the troubling aspects of Snowden's reasoning for these leaks is that he perceives the only threat to liberty as deriving from the governments of liberal democracies. Underlying that perception is a massive, unquestioned assumption about the current state of affairs and whether major wars are forever behind us. It is a blindspot difficult to see, because his lived experience has been entirely in a time without wars between major powers, and almost entirely in a time when US power was unquestionably supreme. It literally requires an act of imagination, helped by history, to fully understand the possibility that what he is taking for granted in the current state of affairs may someday change quite radically.

Note that blindspot, question the assumption behind it, and suddenly much of what looks innocuous in these leaks becomes cause for greater concern - and at the least, cause for greater caution in publishing them.

Incidentally, love of country does not equate to uncritical support of that country's policies. One of the (many) problems with Stalin is that he commanded a loyalty to his person rather than to his country. And one of the most celebrated aspects of George Washington, in American history at least, is that he expressly refused such loyalty, insisting instead that his officers be loyal to their country.

WaelJanuary 2, 2015 1:03 PM

@Some guy,
Re: 386SX...

Yes, I realized that after posting. To be honest, I forgot whether 4MB or 16 was the max. I thought no one will pay attention to it, but I was wrong... Some guy found out ;) Good catch. I am aware of other inaccuracies I stated in the past, and will correct them when the opportunity arises. Some date to more than two years ago... I didn't correct them at the time because I either said I won't talk about them again, or thought correcting them will add more noise. Speaking of specifications, I say they should be more transparent; the things that are not listed should be! The spec for a smartphone should look like this:

Quad Core ARM Application CPU (ACPU)
2.4GHz
Latest Version of OS (so I don't pick on a specific OS)
1K Zero day exploits
5 Backdoors
13 Front doors
5 persistent location snitches that cannot be turned off
13 Compromised keys
200 rogue root certificates
100+ probes to exfiltrate private information (surroundings, Hotpot SSID and passwords, Bluetooth MAC addresses, contact lists, emails, SMS, directory structures, photos, voice mails,...)
Preferred lists http://en.m.wikipedia.org/wiki/Preferred_Roaming_List
Manipulated PLMNs: http://lteuniversity.com/p/lteacronyms.aspx
5 sensor side channel leak facilities
300 identifiable (small footprint :)) fingerprints for tracking purposes
Remote control services for Microphone and camera
Environment awareness and reporting system (who you are you meeting with, how far your friends are, which hotspots you are close to, how fast you are driving, which is your preferred route,...)
...

I'll wait for this Friday's Squid thread to post an interesting article and comments pertaining to Moore's law.

WaelJanuary 2, 2015 5:28 PM

@Clive Robinson,

Quiet a bit to chew on...

When it comes to communication, then yes [...] where only "Rubber hose" techniques are available to them as an investigatory tool of previous secure communications, and even that will fail to be of use to them with certain mitigations.
Agreed. The mitigation techniques can be summarized in probable deniability, lack of possession of keymats, automatic self destruction, ghost accounts and multi personality accounts, as well as perfect forward secrecy where applicable.

Thus we are left with two issues. Firstly the issue of the "second party reliability" or as once put the "forty pieces of silver issue" can others be turned by ideology, blackmail, bribery or other human failings.
If you can't trust the second parties' security operation or their loyalty then your security controls fail.

The second is "end run issues", that is at some point for a human to be able to communicate the plaintext needs to be in one of the five senses currently available to humans, thus can the plaintext be intercepted by a third party.
Very true. That's one reason I said true end to end security will terminate at the brain, bypassing all senses. At the same time, if the technology existed for Brain to Brain direct communications, then the same technology can be used for interception as well -- A Brain in the Middle attack, if you will ;)

There have been solutions to the first problem proposed but they are mainly the stuff of nightmares and deranged thinking. Thus for normal persons the solution is the "gain loss balance" [...] detect unreliability but reduce or nullify it's effects.
Yea! Bruce treated the subject in "Liars and Outliers".

One such is the firing squad technique [...] where it takes all of the multi parties to miss for the required action not to be carried out. Further defectors...
The only comment I have is a joke: Q: How can you tell a firing squad is from ______ ? A: They form a circle. You can fill in the blanks with your favorite stereotyped stupid country or region.

The solution to the second problem is in part "mobility" it is difficult enough to get end run attacks to work with repeatedly used locations, whilst not impossible it becomes extrodinarily difficult when the "target" is both aware and OpSec proficient.
Yes, true. Still have to be aware of rogue cell towers and IMSI catchers that target cell mobile communication devices, Mobility becomes a powerful weapon when combined with burst transmissions and spread spectrum or otherwise in relayed point to point communications. I remember your microwatt transmitter that ranged a few hundred miles? You still haven't shed more light on it ;) This citation is a reminder: I have used microwatts of power in the VHF band to send simple t'lem info at 0.2bits/sec hundreds of miles very reliably which people using conventional equipment cannot receive standing with in eyeball range of the TX antenna.

Thus there are mitigation stratagems against the NSA et al if you want to use them correctly from the get go.
When exactly does the "get go" start? Suppose I want to communicate confidentially with someone after all the crap I said here. My "get go" has left the station a while back, I would think ;)

Sancho_PJanuary 2, 2015 6:25 PM

@ Skeptical

Is it discussing Snowden’s reasoning without Snowden?

What you call Ed Snowden’s “blind spot” is correctly named liberty.
Right, in his lived experience the US and their deputies engaged in war after selling weapons to the world (singing: “We give - we take - it’s the business we make”).

But Ed could escape the nationalistic paranoia drummed by the US (media+) when traveling abroad. Despite his serious “patriotic” mission he experienced the feeling of personal freedom, openness, respect for different cultures and possible partnership even with “foreigners”.
He transformed from a brainwashed warhead into a human being.

He decided not to follow the money but his heart.
(And yes, he broke the law that “protects” wrongdoing - let’s prosecute the wrongdoers.)

Nick PJanuary 2, 2015 7:28 PM

@ Wael

"The sad thing is that the procecuter in step (2) is a quantum computer with huge amount of resources and the defense attorney will run, by default, on a 386SX computer with 64MB of RAM. The richer and "more connected" the defendant is, the higher processing power they get assigned to them."

That never entered my mind when thinking on AI. That's clever and very possible. We're seeing evidence of it with the law firms using advanced text processing, organization, and search software to produce supporting evidence from data obtained through discovery.

"they will hover close to the "criminal" and kill the convict with a bullet. Surgical precision without "collateral" damage."

They already exist and on a budget. DARPA-style funding would add the surgical precision part.

" I say they should be more transparent; the things that are not listed should be! The spec for a smartphone should look like this:"

That's hilarious and the most accurate spec I've seen so far. You left off the secret key broadcasting feature that comes in all models without the premium TEMPEST option.

WaelJanuary 2, 2015 8:09 PM

@Nick P,

You left off the secret key broadcasting feature that comes in all models without the premium TEMPEST option.
Oh, yea! I did because I didn't think of it ;) Secret, my Ankle ;) Haven't you heard? Their ain't no such thing as "secret". Even NSA can't keep a "secret", lmao

ChuckJanuary 2, 2015 9:13 PM

I love Skeptical because he articulates intelligently within the confines of established norms, laws, order, and trust. He is the model citizen, 100% trust model under a benevolent society. As we've grown to know, such person does not exist in reality, which is why I think he is a persona by projection. What he is not is a scarecrow to enhance the opposing view. Skeptical is the model American we all aspire(d) to be. Sorry if you are in fact yourself which means I guessed wrong, but even so it wont change my opinion of you.

FigureitoutJanuary 2, 2015 9:51 PM

Wael RE: creation or transfers
--Man, I don't want to get wordy on this common sense...but fine...Trying to shift the topic I see, not so fast; admit defeat (kidding :p). Yes I mean creation, that which won't even be captured. Sometimes I think about what data is philosophically, and I get freaked out quickly and stop. I think it can be destroyed (if no one copied it which is kind of hard to know) but then the material is recycled (I'm talking about HDD failures or just destroying storage media). That process is creating data, all the audio of wind and people's voices and noises of cars etc, that's data. Light shadows and different perspectives of an object is data. So much data isn't even detected by...anything. Particles that go thru us and theorized "dark matter"for example. Now tack on all the RF data flowing thru the air. All the complex bio-chemical reactions and physics. That is what I mean by data, not just human data. What's getting transferred is likely a good amount of IP-cameras, lots of internet traffic (all the troll garbage 4chan etc lol), and mobile/land phone lines (and the mic's cameras on smartphones). That's the main sources. Practically, some of a [general] transaction will be visible (for those practicing decent OPSEC); pre-encrypted data offline and then compressed and encrypted yet again, they can have fun w/ those turds.

Operating under some pretty crushing assumptions (like this dragnet near real-time surveillance), one can still use electronics and circuits and some of the same things we've talked about over and over again here, it's just...doing it and normalizing it.

RE: the target stuff
--Yeah blah blah, facebook searching is a big part lol. But the targeting system can fail spectacularly and waste a lot of time and resources (not to mention many investigations how many people are investigating how few people lol, the "investigatee" is outnumbered). They simply show a badge and start talking charges and all this in our BS legal system that sustains itself w/ low-crime and lets the mega-criminals destroy society. Then just break-in afterhours and tell cops to "move along" or install via technicians/contractors and/or plant employees etc etc...Anyone can do this, not very skillful, gathering [good] intel in a hostile environment is where the skill is and Americans aren't known for understanding other people's cultures so they'll stick out like hell from what I've seen also just training wise... Maintaining a "mobile lifestyle" you either need a decent chunk of cash (and I mean cash lol), and just move and stay low, get someone else to get food, then keep moving during heavy traffic hours. You can never relax, always plan next move, stay away from windows, etc. You can't have a nice comfortable "lab" or comfy home to feel comfortable, always a new place, moving stuff, etc. Not too many people can do that, it'll be too much for them. I personally hate it when I have to move stuff dramatically as it messes my brain up and feel jumbled.

RE: AI & murdering drones
--It's a 2-way street as ole Dick Cheney (bluetooth in his heart haha) or Diane Feinstein (drone peeping in her window) or even Michael Hayden (overheard interview on train) can tell you. Everyone becomes entrapped in the dragnet and we can all have a drone piloted by *anyone* strapped w/ C4 or smaller explosives or gas or acid or a gun. You know anyone can just break in a home too trivially, or just camp out the windows and snipe you. Thankfully it doesn't happen often as it takes a certain kind of psycho-coward to do that.

RE: IMSI catchers and small transmitters
--Only idiots who'll get caught real quick use cells like it's "secret" or have them on their person when conducting a real key exchange or other "rendezvous". For comms how about a hand-crank radio w/ CW-keyer on classic HF band and a 700KM contact? F*cking awesome...http://hackaday.com/2014/12/19/gibson-girl-emergency-beacon-built-from-a-wind-up-flashlight/

I'll put on squid thread start of some very doable RF authentication (still NOT secure by any means, the preamble being just on-off 010101010101 and using current frequencies and G/FSK...but still someone needs to have a set-up for that and capture at random times). I want to hear what you're working on too. :)

RE: rich vs poor
--Boo hoo old as history, individuals can take down big systems now. It's nerd dream lol somewhat, we have power now! While the rich are "living it up" a malware is getting written just for them by someone they f*cked over. Honestly it's just nature (predator/prey always adapting). And don't hate on 64MB RAM, you can do a lot on it! As Austin Powers says, "It's not the size baby, it's how you use it!" :p

Clive Robinson
it is the amount of data created that is the main stumbling block
--And current algorithms are taught 'weirdly' and our generation is a bunch of "code cutters"[1] (partially blame being given a Quad-core PC and 1GB+ or RAM as a kid and get spoiled quickly), so it'll take some random stroke of genius I don't see happening soon to come up w/ a better sorting algorithm (not even one that just sorts lowest->highest).

NSA is trying to build a "CYA Time Machine" such that when an incident occures they can "go back in time" and listen/look at what the "known actors" did
--Yeah and look for "attack techniques" more like retaliation or "active defense". I thought all that was given though, same w/ drug dealers and all the porno people. "Loveint" lol, so cringey. It's all just jealous humans being irresponsible w/ systems they have no business using, summed up in a sentence.

[1]Not Bunnie & Xobs, they're doing some impressive reverse-engineering, well got lucky for some parts but still..[2]( http://hackaday.com/2015/01/01/reverse-engineering-a-superior-chinese-product/ )

[2]Oh look, I'm adopting your little sidenote system, isn't that cute? :)

IFeelLikeANSAShillJanuary 3, 2015 10:26 PM

The way the Der Spiegel article is written, it's difficult to tell what sort of volume the NSA is really handling. It talks in terms of "10 million intercepted https connections a day," but it doesn't explain exactly how it is using the word "connection." Presumably it's not referring to the exchange of login credentials, as it later describes that number as being 15,000 times smaller. The other extreme would be referring to cracking some percentage of TCP connections on port 443, but this makes the NSA's feat seem not terribly threatening at all. When I loaded Wikipedia's front page, I had 25 https connections, and there are over 5 million hits per day for that page alone, not counting any other pages on that site. If they're counting TCP connections, they're probably getting the lowest-hanging fruit.

I want to say that Der Spiegel is referring to something similar to pageviews, but I'm not entirely sure how you could tell which sets of TCP connections go together unless you've already decrypted them. That would be a little more concerning, though.

And yes, I feel like I'm playing the part of NSA apologist, but without more details, it's hard to tell how big of a deal this is.

KurtJanuary 3, 2015 11:34 PM

@IFeelLike

It depends on intended audience of leaked articles? Any number of intelligent poster here can probably come up with better gestimated numbers based on their own technical assumptions.

IFeelLikeANSAShillJanuary 4, 2015 9:45 AM

@Kurt

Exactly. If the leaked documents were intended to show why the NSA needed to have this power, they would make the numbers seem as impressive as possible. If they were trying to justify further funding, the numbers would be as small as they could get away with.

And Der Spiegel's presentation of it is also subject to the same biases. Without further clarification, I'm not sure what it all means.

AnontinaJanuary 4, 2015 6:20 PM

I'm not sure I buy this article. I think if there were some unholy alliance between the NSA and Microsoft to spy on users it would be classified at a higher level than TSI (these do exist). Also why in the world would Microsoft participate? No reward would seem to compensate for the risk of losing so many customers should the truth really come about. Business and government in the US aren't that amicable.

someone that used to visitJanuary 6, 2015 8:04 PM

I've been away for a while, so maybe I've learned my lesson and maybe not, what can say with certainty is that I'll be reading and rereading all these documents because only by knowing the truth will I stay free.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.