NSA Hacking of Cell Phone Networks

The Intercept has published an article -- based on the Snowden documents -- about AURORAGOLD, an NSA surveillance operation against cell phone network operators and standards bodies worldwide. This is not a typical NSA surveillance operation where agents identify the bad guys and spy on them. This is an operation where the NSA spies on people designing and building a general communications infrastructure, looking for weaknesses and vulnerabilities that will allow it to spy on the bad guys at some later date.

In that way, AURORAGOLD is similar to the NSA's program to hack sysadmins around the world, just in case that access will be useful at some later date; and to the GCHQ's hacking of the Belgian phone company Belgacom. In both cases, the NSA/GCHQ is finding general vulnerabilities in systems that are protecting many innocent people, and exploiting them instead of fixing them.

It is unclear from the documents exactly what cell phone vulnerabilities the NSA is exploiting. Remember that cell phone calls go through the regular phone network, and are as vulnerable there as non-cell calls. (GSM encryption only protects calls from the handset to the tower, not within the phone operators' networks.) For the NSA to target cell phone networks particularly rather than phone networks in general means that it is interested in information specific to the cell phone network: location is the most obvious. We already know that the NSA can eavesdrop on most of the world's cell phone networks, and that it tracks location data.

I'm not sure what to make of the NSA's cryptanalysis efforts against GSM encryption. The GSM cellular network uses three different encryption schemes: A5/1, which has been badly broken in the academic world for over a decade (a previous Snowden document said the NSA could process A5/1 in real time -- and so can everyone else); A5/2, which was designed deliberately weak and is even more easily broken; and A5/3 (aka KASUMI), which is generally believed to be secure. There are additional attacks against all A5 ciphers as they are used in the GSM system known in the academic world. Almost certainly the NSA has operationalized all of these attacks, and probably others as well. Two documents published by the Intercept mention attacks against A5/3 -- OPULENT PUP and WOLFRAMITE -- although there is no detail, and thus no way to know how much of these attacks consist of cryptanalysis of A5/3, attacks against the GSM protocols, or attacks based on exfiltrating keys. For example, GSM carriers know their users' A5 keys and store them in databases. It would be much easier for the NSA's TAO group to steal those keys and use them for real-time decryption than it would be to apply mathematics and computing resources against the encrypted traffic.

The Intercept points to these documents as an example of the NSA deliberately introducing flaws into global communications standards, but I don't really see the evidence here. Yes, the NSA is spying on industry organizations like the GSM Association in an effort to learn about new GSM standards as early as possible, but I don't see evidence of it influencing those standards. The one relevant sentence is in a presentation about the "SIGINT Planning Cycle": "How do we introduce vulnerabilities where they do not yet exist?" That's pretty damning in general, but it feels more aspirational than a statement of practical intent. Already there are lots of pressures on the GSM Association to allow for "lawful surveillance" on users from countries around the world. That surveillance is generally with the assistance of the cell phone companies, which is why hacking them is such a priority. My guess is that the NSA just sits back and lets other countries weaken cell phone standards, then exploits those weaknesses.

Other countries do as well. There are many vulnerabilities in the cell phone system, and it's folly to believe that only the NSA and GCHQ exploits them. And countries that can't afford their own research and development organization can buy the capability from cyberweapons arms manufacturers. And remember that technology flows downhill: today's top-secret NSA programs become tomorrow's PhD theses and the next day's hacker tools.

For example, the US company Verint sells cell phone tracking systems to both corporations and governments worldwide. The company's website says that it's "a global leader in Actionable Intelligence solutions for customer engagement optimization, security intelligence, and fraud, risk and compliance," with clients in "more than 10,000 organizations in over 180 countries." The UK company Cobham sells a system that allows someone to send a "blind" call to a phone -- one that doesn't ring, and isn't detectable. The blind call forces the phone to transmit on a certain frequency, allowing the sender to track that phone to within one meter. The company boasts government customers in Algeria, Brunei, Ghana, Pakistan, Saudi Arabia, Singapore, and the United States. Defentek, a company mysteriously registered in Panama, sells a system that can "locate and track any phone number in the world...undetected and unknown by the network, carrier, or the target." It's not an idle boast; telecommunications researcher Tobias Engel demonstrated the same capability at a hacker conference in 2008. Criminals can purchase illicit products to let them do the same today.

As I keep saying, we no longer live in a world where technology allows us to separate communications we want to protect from communications we want to exploit. Assume that anything we learn about what the NSA does today is a preview of what cybercriminals are going to do in six months to two years. That the NSA chooses to exploit the vulnerabilities it finds, rather than fix them, puts us all at risk.

This essay has previously appeared on the Lawfare blog.

Posted on December 9, 2014 at 6:33 AM • 36 Comments

Comments

UhuDecember 9, 2014 7:37 AM

The link to details on the company Cobham seems to be broken, but I think I found the relevant patent:
http://www.faqs.org/patents/app/20080214212

In the patent (paragraph 29) it looks like you need a special base station that does not follow the standard call setup procedure. Any ideas on how to detect this?

chuckDecember 9, 2014 7:56 AM

You wrote:
The UK company Cobham sells a system that allows someone to send a "blind" call to a phone -- one that doesn't ring, and isn't detectable. The blind call forces the phone to transmit on a certain frequency, allowing the sender to track that phone to within one meter.

That sounds hard to believe unless the system includes multiple receivers near (100 meters or so) the targeted phone that can use direction finding to locate the phone. Look at the location results reported recently by the FCC. See Table 1 at page 9 of https://apps.fcc.gov/edocs_public/attachmatch/FCC-14-13A1.pdf.

In these tests the phone and network were cooperating to generate the location info. Assisted GPS was a component of the systems tested. The best system tested operating in the most favorable location setting was able estimate location to within 29 meters of the true location only 67% percent of the time. In dense urban areas the best system's error was greater than 100 meters, 10% of the time.

If these guys have an effective system for cell phone location to within 1 meter, there are bigger markets than the intelligence community.

Chuck

SteveDecember 9, 2014 7:58 AM

Bruce: Do you have an opinion on the reported policy update (earlier this year) from President Obama that when vulnerabilities are discovered, by the NSA or others in federal government, the "process is [now] biased toward responsibly disclosing such vulnerabilities." If that were taken seriously, it would now allow the kinds of broad vulnerability exploitation that are described here. On the other hand, there are exemptions and loopholes in that new policy that are wide enough to drive a truck through. Is this new policy simply being ignored and intelligence agencies are just carrying on "business as usual?" Any ideas?

UhuDecember 9, 2014 8:30 AM

@Chuck: It looks that what they do is to make a blind call (that does not trigger a user notification) which either allows them to control the frequency, or at least be notified of the frequency used. The phone sets up a call and thus continuously transmits, and since they know the frequency, they can then use an antenna array to triangulate and pin-point the location. So you would need to be close, but you would, for instance, be able to locate a target in a crowd.

It's not as great as it first sounds (that's why I tried to look up additional information). It would still be useful for a sniper, or if you have an array of microphones, you could listen in and filter out the rest of the crowd.

Also, their proposed approach with antenna arrays would make it possible to not only locate a target once, but to follow the target in a restricted area in real-time. Just set up two of the arrays. They do not need to turn (as with the old fashioned directional antennae) and thus could easily be concealed. They can potentially determine the direction of multiple sources in parallel.

I don't know over what distances this would work. I imagine that governments would want to set up such tracking infrastructure in busy places such as airports or big squares used for protests. Maybe not so interesting for the USA, but I would imagine that Egypt or China would find it quite useful to immediately locate the source of a tweet and arrest the person.

UhuDecember 9, 2014 11:17 AM

How to detect if this is being used? Do native programs (the ones we can write ourselves, not OS components, but excluding web applications) have access to an AT-command level interface of the radio module? If so (and for GSM), I would expect that AT+CGED (which lists details on the serving and neighboring cells) would list the connection to the serving cell as active (!= signaling only in the channel mode parameter), as the module is transmitting, but AT+CLCC (which lists the status of active calls) would not list any calls. Thus if there is a mismatch between AT+CGED and AT+CLCC, we could assume that we are the target of a "blind call".

By the way, what would the radio transmit? Sound from the microphone?


@Junior NSA cadets: Wow, my bad! And I think of myself as fairly paranoid...

Bauke Jan DoumaDecember 9, 2014 2:43 PM

@Uhu
quoting:
"Maybe not so interesting for the USA, but I would imagine that Egypt or China".
All this uttered without being waterboarded?

If you are in the USA -- wake up my friend, for your own good! China is NOT your
main concern, it not even the main concern of your government. Yooohoo!! It's
you, Uhu -- you! that's their concern.


Sancho_PDecember 9, 2014 4:28 PM

First I thought my English isn’t enough to understand what could be behind that part where Bruce wrote:

“Already there are lots of pressures on the GSM Association to allow for "lawful surveillance" on users from countries around the world. That surveillance is generally with the assistance of the cell phone companies, which is why hacking them is such a priority.” (at the end of 5th paragraph)

I couldn’t grasp “why hacking them is such a priority” (who - whom?) and did not get it in this particular context, it should be the opposite?

But then …
Bruce, this was really deep if I understood correctly:
NSA and the like, or anybody who isn’t really dumb, must have a kind of controlling alongside important tasks.
Checking the input is mandatory, as we all know (OK, most of us, sorry).
Spooks have to be paranoid on that.
Clearly, if they have “partners” then hacking them is such a priority.

So if one has an agreement with Angela M or BND it is mandatory to spy on them, too,
to make sure that there is no information lost, or tampered with, deliberately or not.
If one has a "contract" for "lawful interception" with an cell phone operator
- it is mandatory and high priority to spy on them, too.

They can not sleep without spying on their own spies!

@Chuck, Uhu

I have a very simple Chinese audio device that can unintentionally “hear” an incoming call (or attempt [1]) before my phone rings when both are close together. I think this is from the tower “waking up” the phone and the phone replies with full signal strength, just confirming “I can hear you, go ahead”, before negotiating the required power / quality with the tower.

AFAIK this is before a serious communication is established and can’t be detected on the data side, there is no “content” (e.g. microphone) transmitted.
Very likely this is how drones localize the phone before blowing up the whole building with the suspect’s phone in the pocket of his nephew.

[1]
I guess have such “blind calls” from time to time, without being a target. Probably this happens when the tower wants to make sure that the listed phones are still there, e.g. after a reset / change in the equipment.

ThothDecember 9, 2014 6:29 PM

Why would NSA bother to do cryptanalysis and protocol attacks if they could simply walk in the front door and demand the algorithms and protocols to work as they wanted (plus the ciphers and protocols are developed in the USA in the first place under their eyes).

We should always assume NSA have backdoored GSM stuff long time ago. All these A5/3 cryptanalysis just for the publicity stunt on the network carriers and NSA side.

A way to fix GSM encryption and secure communications is to do something like AES competition but these time it's done by civilians and pushed onto Government standards with as little Government regulation as possible. Something along the lines of the Password Hashing Competition (https://password-hashing.net) would be a nice idea with fundings from private sector, academia and online donations. People submit their ciphers and protocols and other people come along to break it and the finalists present their ideas as a secure communication standard. Private sectors would then implement it. Sounds all nice and sweet on paper but pretty tough especially on the coordination on the ground though.

Uhh noDecember 9, 2014 6:40 PM

@Sancho_P
Signing an agreement does not automatically guaranty unfettered access, but it does provide some legal impunity as leverage. If the war agencies got caught hacking a partner unwittingly, they can always turn around and say, look pal, you didn't keep your end of the bargain and we got this contract blah blah blah so you let our people go... without such contracts, the plea may get stickier.

@Bauke Jan Douma
Remember, USA only cares about spying on foreigners.

Bauke Jan DoumaDecember 9, 2014 8:59 PM

@Uhu
quoting: "Remember, USA only cares about spying on foreigners."

As a Dutchman, that's comforting.
Just joking.
Seriously though -- you want me to take you seriously?

The US Gov't and the NSA and you local Police: they are /all/ about control. Control of Chinamen? Don't be daft. Are you going to stop billions of Chinese by owning GSM? Or are you controlling your uprisings, you inrcreasing and rising uprisings? Are you counting down the weeks till then the next banking crisis? Try to make an estimate of which class has been running you country for the past decades, and what percentage of the population they amount to. You know what fear is? Fear is to be run down, to be crushed, to be lynched and hung from lamp posts by angry hordes who have had enough the the umptieth planned banking crisis because some top executive's wednesday girlfriend's doghandler needed a new hummer.

name.withheld.for.obvious.reasonsDecember 9, 2014 9:05 PM

I resigned from the IEEE this year stating that part of their mission/vision statement could not hold true...

"...delivering technology to humanity."

I argued that instead it should be worded as follows:

"...delivering humanity to technology."

name.withheld.for.obvious.reasonsDecember 9, 2014 9:35 PM

@ Bauke Jan Douma

If you are in the USA -- wake up my friend, for your own good!

I agree with you sentiment but an organization out of control that makes victims of the entire world cannot stand!

I'm afraid every sector of our society has failed;

1.) Citizenry (uninformed, ignorant, and impotent) ,and;
2.) Institutions (Academia, research and researchers, scientists, etc.), and;
3.) Corporations (duplicitous, disingenuous, deceitful, criminal), and;
4.) Government (same as number 3).

That includes all of us--there are no heroes here...

But, there is a chance to go beyond the keyboard and call, talk, and argue with family, friends, neighbors, and local officials at every level to let them no that this continued behavior is beyond unacceptable.

Nick PDecember 9, 2014 9:42 PM

@ name.withheld

Not sure if resigning from IEEE is a good or bad thing given you could have positive influence there. Maybe. Saying it adds more risk to you being ID'd by various parties. I hope your business is at least doing OK despite your battles.

Nick PDecember 9, 2014 9:50 PM

@ Bruce

Well, the endpoints are crap and most of the baseband stacks come from Motorola (and Qualcomm is it?). Clive also once mentioned a certification requirement for mobile that involved a silent auto-answer feature that British intelligence wanted. Not sure if it's official or unofficial. Gotta wait for him to weigh in on this because he knows more about the cell protocol weaknesses than I do.

I just treat the whole thing as untrusted. If I'm using it, I'm being spied on. If I want it to be secure, there must be a highly assured device between the plaintext and the device connecting to the network. And it has to be a separate device connecting to the network, especially for EMSEC reasons. Thing is, I don't have that outside designs that fit in a briefcase. So, I just don't trust this beautiful Samsung phone I have. Must be willing to be recorded if I use it or wait until I get a chance to send the information in a more trustworthy way.

name.withheld.for.obvious.reasonsDecember 9, 2014 10:03 PM

@ Nick P

It took me quite some time to consider my resignation. In the end it was the lack of even broaching the topics of the day. The lack of social responsibility seemed reprehensible and I could not be a part of an organization unable to address these issues. I concluded my statement with a list of failures that reflected the disregard that IEEE had regarding its responsibility as a collective of pseudo-intellectuals. My ability to affect change seemed improbable given that members were bitching each others (members would use bitly links to hide/obscure site redirection to click/pay sites of their own). My confidence in their ability to even address abuses amongst each other seemed insurmountable.

No, my business is not surviving the failing technology industry. You cannot even talk to people at any level about the need to re-acquire the high ground with respect to hardware assurance let alone the software realm. I told you and RobertT how I could easily subvert masks at the RTL level by changing an environment variable on the EDA/development host system...not very reassuring is it?

DanielDecember 9, 2014 10:38 PM

@name.withheld.

"You cannot even talk to people at any level about the need to re-acquire the high ground with respect to hardware assurance let alone the software realm."

Computer security is popular in the academic world, churning out degrees by the thousands. I know people who are getting Master's degrees in computer security and so I pressed them about why. Honestly, it's a box ticking exercise. They can't even apply for the jobs they want without a security related degree. They don't give a shit about the "high ground". My own view is that the reason script kiddies have it so easy is because 90% of the people in computer security have degrees that teach them nothing about computer security. They wouldn't know how to use Snort, let alone something like Metasploit.

The entire strategy in corporations around the world is "roll the dice and pray."

When do we take actionDecember 9, 2014 11:07 PM

When is enough, enough? We all, and I condemn myself here as well, we all sit here and listen to the latest problems and we treat them as we always have, as engineers. We try to think up better encryption, deployment, assuarances and methods, whatever. But, if we would just step back, and look at the oh so big picture, we realize something: It's pointless.
\
Just as Lavabit got shut down for not complying (or being unable to), and Truecrypt just up and left, there is no winning move here. At least not a techincal or mathmatical one. Anything we think up, they can out think, out-move, out-legal us on over and over again. Think up the perfect system? Or even give the NSA too much difficultie? They'll just wrap you up and squeeze.

It's time we stopped focusing on our rote behaviors and recognize the problem in front of us is not one we can solve in our normal fashion. When does it end? When do we stop the daily, and I do mean each and every day assault on our freedoms, our ideas, our very minutia of our lives into this voracious machine? A machine we cannot treat in the usual way, a machine beyond our technical skills.

As I sit here with you and read the comments, I am disheartened by the all too typical response: Just do it this way, and... Only there isn't a point anymore. We are no longer us against an overwhelming adversary, a high strength oppenect, or whatever. There is no against because WE HAVE ALREADY LOST. My friends, I fear the time has come for nothing less then revolution.

Is it not time to turn our skills at problem solving, and circuit design, into practical use? We are the inmates, wandering the halls of this prison, so confused as to our state simply because the hallways are so large! But make no mistake, we are nothing more then charges or wards of the state, to be prodded and studied, and analyzed. Corralled as they see fit. What other point could such massive and never ending data collection have? We are prisoners without walls. Each of us eartagged, and radio frequency tracked.

When are you people going to fight back? You are the only ones with the tech know how to do so. The only ones who can tell the tide, so to speak. And all you do is try to fix broken systems, and design high assurance computers, while the world burns down around you. How much good will all your free thoughts and blueprints be when the powers that be don't allow you to, oh nevemind. It's a brave job I ask you to do, one for soldiurs and scientests alike. Such a rare combo. Perhaps another Snowden will save the world.

LurkerDecember 9, 2014 11:07 PM

Remember folks, this is the organization charged by Congress with protecting the country's computer networks.

FigureitoutDecember 9, 2014 11:55 PM

name.withheld.for.obvious.reasons RE: resign from IEEE
--Unfortunate, kind of hard to sum up the largest professional organization in the world w/ the actions of some childish people. First event I went to for them was great, presenters were *incredibly* smart, and even the guy making the next dick scanner for TSA seemed a bit ashamed (but survival isn't moral). Put on an just 1 event at my school and it was more annoying and draining than I thought, just worried about filling seats. Turned out ok and plan on some better ones.

But I'm sure quitting IEEE and ranting about politics is a much better use of your time/energy...B/c there's hope there...

Bruce
we no longer live in a world where technology allows us to separate communications we want to protect from communications we want to exploit.
--Actually it does Bruce but I get your gist, for most regular internet and of course phone comms, yes. People just have to learn and work for it; the tech. allows it if the people implement it.

When do we take action
--Firstly, you need to quit asking questions and starting taking action in your own ways, and stop relying on others to do it for you. Secondly, I'd caution you saying the "R" word, as that is what started the very annoying investigations into me; unless you're prepared for it.

I've said we already lost the political battle and need to focus on tech/engineering/crypto as that's where the power is now. Who gives a f*ck about some old politico (getting what, $200k + and full insurance?) rambling about gay marriage/abortion when they're getting owned online lol...We just need to keep them thinking they actually do something and keep them occupied "over there".

name.withheld.for.obvious.reasonsDecember 10, 2014 12:26 AM

OT, will move to the Friday Squid in any further response

@ Figureitout
It is the general statement that even the largest organization of professionals (security, crypto, infosec, electrical/electronic, etc.) can and are compromised. Not in a direct fashion, but moreover, an indirect assault by relying on passive behaviors. Hell, a whole country, Germany, became susceptible to a complete fascistic state in little time without the mechanisms that are more than capable of delivering fascist control of the world (relying on the same passive behavior of Germans in the early 20th century). One term thrown around that describes this is "group think" and the same mechanisms are at work here--you need to look at what DoD calls OOTW (Operations Other Than War).

WTF is DoD doing planning OOTW when it is not authorized to do so...read the book "Shock and Awe, Achieving Rapid Dominance".

Wake the F up people.

WaelDecember 10, 2014 12:29 AM

@When do we take action on,

Think up the perfect system? Or even give the NSA too much difficultie? They'll just wrap you up and squeeze.
Correctectmondu!
Summed up here. In particular, these two parts:
So technically, the problem is solvable. Politically, that’s not my area of expertise
And:
Suppose this device is developed and some TLA cannot decipher texts going through the network. Do you think they’ll leave it alone? Of course not! I mean what if the “Bad guys DuJour” get a hold of it and start communicating with perfect secrecy? That cannot be allowed either. So the gadget will be outlawed, subverted, manufacturers will be forced to install backdoors, blah blah blah.

WaelDecember 10, 2014 12:44 AM

@name.withheld.for.obvious.reason,

I resigned from the IEEE this year stating that part of their mission/vision statement could not hold true...
Class act from someone who stands for principles.

Time to mess with you a bit ;) You know, I've been meaning to ask you this question: You previously gave an advice at the end of one of your posts. How do you reconcile that with the handle you chose? But in your defense, I'll say a pair is not enough; one needs to be a polyorchid these days ;)

Clive RobinsonDecember 10, 2014 3:10 AM

@ Bruce,

The game of "fritz the phone" by playing with the standards started long prior to the first digital networks got going. One of the biggest "fritzers" was the British General Post Office later to become BT. It used to be run "by the Government" not by "private enterprise", whilst many would argue about "firsts" the simple fact is the GPO was a well respected leading edge research organisation as well.

If you think back to "Tommy Flowers" and his history at Dolis Hill you will get a feeling for the sort of work they did. By and large all the digital network research was done by the likes of him and later Ken Gravit and many others.

The ability to "listen in" by an operator was always stressed as a "safety feature" as was the much more recent US requirment for having GPS in every mobile. If you want to go looking for "spying" first start with "safety features" you usually won't have to look any further...

Oh and because they are "safety features" they get a pass with standards committees in the same way as politicos do with "think of the children" and the general public.

The reason the NSA refers to this sort of thing as "finnesing" is it's an English pre WWII term from a card game called "Bridge" it was I gather not as popular States Side as it was in England where it was required for just about everybody who was socialy above the bottom of the middle classes. Because of what a finesse is the MIs who were chock full of such "social climbers" used it for what they were doing via the likes of the BBC and GPO "engineering representitives" at standards meetings. The name stuck and got exported with much "Englishness" via the cosy little "special relationship" that owes it's existence to the BRUSA and similar agreements, which in turn via the "British Commonwealth" came to include the other four WASP Nations to comprise the 5Eyes.

@ Chuck, Uhu,

Even multipoint direction finding with antennas the size of "Elephant Cages" will not pinpoint a position to 1m.

To do that you need a multipoint solution involving timing information as well which is what GPS and many other "Radio location systems" use.

What you do is use two or three antennas that will give you the general direction, the "target" is induced to provide streams of pulses that can be "cross correlated" at a central point. As many know GSM works by sending not just bursts of transmission but streams of digital data within those bursts. Thus the directional antennas give a very crude position fix, the data burst timing firms that up with a course range measurment and fine distance is given by correlation of the received data streams. The timing in GSM is very precise for various reasons --general relativity being one-- which is why the base stations have "atomic clocks" in them.

Hope that helps clear the precision issue for you.

bitstrongDecember 10, 2014 11:25 AM

There are billions of phone calls made everyday, so this type of interception seems to pertain to targeted individuals. That's what it's about. It's not like those Russian perverts spying on this webcam feed, then the next. Or a room of giggling FBI agents listening in on random calls. Even if they did, the human infrastructure required to increase the likelihood any given call will be intercepted to even one in a thousand would be gargantuan. Like the entire gov't. And the apparatus to create one-to-one?

Conclusion: if your phone call is intercepted then authorities are already targeting YOU.

Of course, there is another discussion about e-collection and post-analysis, but I don't think that is what this is about.

GrauhutDecember 10, 2014 12:01 PM

@Sancho_P: This simply means the NSA is trying to exploit the lawful interception facilities providers have to offer to local .gov's. Piggybacking...

GrauhutDecember 10, 2014 12:06 PM

@Uhu: In order to detect crap like blind calls and silent sms you need to be the master of your phones firmware. Get sources, learn coding, patch them.

Bauke Jan DoumaDecember 10, 2014 4:00 PM

@name.withheld.for.obvious.reasons

In comment to your remarks.
For those interested, I am a Dutchman, but since The Netherlands has been such a docile
whore to the US' every demand for decades, I consider the two one and the same, undivided.
So in a sense, my government is situated in Washington, not in the ludicrous The Hague;
the lot there is a bunch of stand-up comedians, albeit of the kind with real blood on their
hands, not the Heinz kind (don't be allured into the Dutch = Innocent Cuteness tradition
that is cultivated abroad, and locally, there's murderous sons-a-bitches here plenty, no
fingers in dikes -- fingers on triggers).

I agree with you, and have in fact pointed out so, in your four point analysis of failure.
Including me, us.

It's kind of depressing, but things as they are now don't need to be that way. It's not
cast in stone,m and hard as it may seem, unable to be overcome as may appear, indeed, as
I have done, and as you state here : call, talk, and argue with family [that's a lost cause
in my case, they are the proverbial NSB, i.e. fascist sympathizers by even just keeping
quiet to injustice], friends, neighbors, and local officials at every level to let them no
that this continued behavior is beyond unacceptable.

Thanks for being a like minded person. I appreciate and am deeply impressed what you said
about the IEEE. I salute you for your stance on that.

Sancho_PDecember 10, 2014 6:41 PM

@bitstrong

I don’t understand from what you draw that conclusion and what it means in your eyes.

a) For “intercept” my dictionary says “stop, head off, cut off; catch, seize, grab, snatch, expropriate, commandeer; obstruct, impede, interrupt, block, check, detain; attack, ambush, take on, challenge, pounce on, swoop down on, waylay, accost, tackle” - ?
They may do that but it’s not what they do in the first place.

b) They monitor all communication, that means “automated listen”, wherever they can and try to trash what seems not interesting to them.
To do that they have to vet each and every bit they can access, also yours, if not targeted today, because you may be a target tomorrow depending on the content of your actual communication.

c) Imagine they suddenly decide you are now a target, because of a keyword or whatever.
Do you think they’d start to record your comm from now on to wait if you (or your pal, also a target now) hits another keyword, probably in 8 weeks or so?
Or do you think the’d go back in time for 30 days and check if they’ve already missed anything about you or your contacts?
- This would imply they have at least your last 30 days on their records.
Believe it or not, the latter is their “intelligent” option.
It is called e-collection and post-analysis, that’s what it is about.

d) However, assume you and I are targets already.
Would we know about, could we question that, let alone stop it?
OK, they are targeting us - and now?

e) I have no problem with being a target.
But I have a problem in case a lawyer e.g. for human rights or an investigative journalist or a business leader would be a target. I don't care about politicians.

f) I have a problem with Jussuf Achmad being a target, because he wouldn’t know about -
and this isn’t only cowardly but completely stupid and counterproductive.

It is synonym for powers in fear
and a decomposing society.

GrauhutDecember 11, 2014 6:04 PM

@Bauke Jan Douma: You forgot the expensive sockpuppets in Brussels we have to feed! :)

StevenDecember 14, 2014 9:53 PM

Bruce, you "don't really see the evidence" of NSA working to deliberately introduce flaws?

Ummm... how can you say that when one of the documents on the SIGINT planning cycle The Inercept published shows NSA asking: "How do we introduce vulnerabilities where they do not yet exist?"

StevenDecember 14, 2014 9:54 PM

Bruce, you "don't really see the evidence" of NSA working to deliberately introduce flaws?

Ummm... how can you say that when one of the documents on the SIGINT planning cycle The Intercept published shows NSA asking: "How do we introduce vulnerabilities where they do not yet exist?"

Nick PDecember 14, 2014 11:09 PM

@ Steven, Bruce

I agree with Steven here. That NSA wasn't trying to influence them in a significant way would contradict BULLRUN program slide and ECI slides which say they can use FBI to compel SIGINT enabling. We also see a steady stream of non-standard algorithms and constructions for things like GSM that are weak enough for NSA to break despite strong alternatives available. The evidence of NSA undermining them is circumstantial but I'd say people should keep digging. After all, the forced accomplices are all legally required to lie if they don't want 15 years minimum [per count].

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.