Threats to Information Integrity

Every year, the Director of National Intelligence publishes an unclassified "Worldwide Threat Assessment." This year's report was published two weeks ago. "Cyber" is the first threat listed, and includes most of what you'd expect from a report like this.

More interesting is this comment about information integrity:

Most of the public discussion regarding cyber threats has focused on the confidentiality and availability of information; cyber espionage undermines confidentiality, whereas denial-of-service operations and data-deletion attacks undermine availability. In the future, however, we might also see more cyber operations that will change or manipulate electronic information in order to compromise its integrity (i.e. accuracy and reliability) instead of deleting it or disrupting access to it. Decisionmaking by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving.

This speaks directly to the need for strong cryptography to protect the integrity of information.

Posted on March 13, 2015 at 6:05 AM • 29 Comments

Comments

SoWhatDidYouExpectMarch 13, 2015 8:09 AM

If disinformation is the only thing you have to provide, then from your standpoint, things are working as you intend. However, when it comes time to provide "real" information, there is a quandry. It is likely to be treated as disinformation.

This was always the case with the U.S.S.R. and now is more often than not, the same case with the existing Russian administration.

We have our own situation here with the present 3 letter agencies. Their press reports, interviews, and legislative push all seem "made up" to their advantage under a facade of disinformation.

vas pupMarch 13, 2015 9:16 AM

@Moderator:"Decisionmaking by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving." I just want to add that ALL (pro and contra) information should come first, then decisions are made, not asking NSA/CIA/DIA etc. to provide information filtered out for particular political decision already been made - e.g. starting Iraq invasion.

Clive RobinsonMarch 13, 2015 9:36 AM

@ Bruce,

This speaks directly to the need for strong cryptography to protect the integrity of information

Err there are other ways to sufficiently protect information, if it is local to you and you don't use communications, Write Once Memory and all transaction logging to it is one way. This can be speeded up by using voting systems in the same was as distributed RAID systems.

However I've always maintained strong encryption is a necessary minimum if communication is involved.

What information integraty is a stronger argument for is no "golden key / front doors", I wonder if "that penny dropped" with the report writers...

Lev BronsteinMarch 13, 2015 9:59 AM

The misinformation is the official information though; it hasn't been tampered. It's as likely as not that when the integrity of information is attacked the attacker will put correct information in place of the misinformation. That may be the next Snowden's actions. More importantly the level of misinformation from the elites in society has hit the tipping point where no one will believe them anyway; example: Hillary email.

paranoia destroys yaMarch 13, 2015 10:33 AM

"Decisionmaking by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving."

At the most basic level that describes a large part of the internet besides data in general.

Being Able to trust information already is impaired.
How many times have we heard officials make statements about something they read on the internet or from some biased non peer-reviewed source?

An ad made fun of this with the statement "They wouldn't put it on the internet if it wasn't true."
The changes an activist might make could be to correct false statements.

AnhimjMarch 13, 2015 10:37 AM

"According to documents leaked by Edward Snowden, NSA's and GCHQ's Mobile Handset Exploitation Team[51] infiltrated Gemalto's infrastructure to steal SIM authentication keys, allowing them to secretly monitor mobile communications.[52]

The secret GCHQ document also claimed the ability to manipulate billing records to conceal their own activity and having access to authentication servers to decrypt voice calls and text messages.[52] ~wikipedia

So then, is your bank account record the real deal or has NSA/GCHQ manipulated it? What if a government was short a few billion dollars and decided to simply "manipulate" ban and related records to tide them over?

Obviously, transport encryption via SSL or SSH isn't good enough anymore for the world's banking and financial industry now that governments have entitled themselves to "manipulate" financial records.

Wasn't it nice of DIA to point that out?


David LeppikMarch 13, 2015 10:40 AM

There are lots of levels of this, and encryption only deals with some. Consider a temperature reading in a power plant, or a picture from a security camera. The first risk is that the hardware (thermometer or camera, USB ports, etc.) has been tampered with. This is roughly the same risk that the sensors are faulty, except that deliberate attacks are designed to not look suspicious. The solution for faulty sensors is redundancy.

The next level of attack would be on the firmware or software of the computer that reads the sensors. This is similar to a hardware attack, but redundancy isn't as helpful, since a network attack vector could compromise all the machines simultaneously. The solution is reliable (or no) software/firmware updates, which these days means reliable digital signatures-- which depend on reliable encryption.

Farther up the information food chain you're looking at the reliability of computer networks. Third-party verification can help. Like in old movies, when someone takes a photo of himself holding up a newspaper, to prove that he was in a particular place on a particular date. Or someone sends a letter to a third party, so that person can verify when he knew what he knew.

One particularly novel form of third-party verification I recently heard about is embedding information in the Bitcoin blockchain. If you put a hash of your server's log files in Bitcoin's blockchain, then if you ever need to provide the logs as evidence, you can prove that they haven't recently been tampered with.

Of course that, along with all of Bitcoin, relies on trustworthy encryption.

Coyne TibbetsMarch 13, 2015 11:21 AM

"Decisionmaking by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving."

That is a truly incredible statement from someone who devotes his professional career to lying to "...senior government officials (civilian and military), corporate executives, investors, [and] others..."

Matt StillermanMarch 13, 2015 11:38 AM

There are two necessary integrity conditions for information to be useful:

1. The information, must be correct.

2. The user must have a rational basis for believing it is correct.

So, attackers could compromise either aspect, or both, with distinct effects!

SpellucciMarch 13, 2015 11:56 AM

This speaks directly to the need for strong cryptography to protect the integrity of information.

Doesn't authentication play a role here, too? My thinking is that it is not enough to encrypt the data so that it cannot be tampered with - the source of the data must be verified, too. Or is authentication considered part of cryptography?

albertMarch 13, 2015 12:27 PM

@Coyne
.
Amen. Since when did "...senior government officials (civilian and military), corporate executives, investors, or others..." ever care about the accuracy of the information they receive? As long as it fits their paradigm, it's good information.
.
"...senior government officials..." have always suffered from 'impaired judgement'. 'Accurate information' has nothing to do with it.
.
...

ArchonMarch 13, 2015 12:48 PM

@Spellucci: A lot of things play a role. Encryption, authentication, physical security, careful logging of changes to provide a forensic trail, etc.

I think Bruce's point is that the guys who are so big into SIGINT that they're weakening encryption to make it easier are also saying that enemy SIGINT is the biggest threat. In essence, the guy making burglar tools is complaining that there's been a lot of break-and-enter going on lately.

BlowingAssetBubblesMarch 13, 2015 1:49 PM

In his paper "Interest-Rate Targeting during the Great Moderation: A Reappraisal" , Roger W. Garrison describes how the information integrity of the global price system has been undercut by the actions of the Federal Reserve.

When the Fed moves interest rates, the whole world loses access to what things are really worth. Even the Fed gets lost.

Here are a few key paragraphs:

In the era that has come to be known as the “Great Moderation” (dating from the mid-1980s), the Federal Reserve’s policy committee (the Federal Open Market Committee or FOMC) pursued what has to be called a “learning-by-doing” strategy. The data that counted as relevant feedback—the unemployment rate and the inflation rate— seemed all along to be suggesting that the Fed was doing the right things. Even when the Fed lowered the Fed funds target to 1 per- cent in June 2003 and held it there for nearly a year, the economy appeared to be on an even keel and U.S. interest rates were in line with those in other countries. The historically low interest rates were attributed not to excessive monetary ease in the United States but to a worldwide increase in savings.

But then came the two-year-long ratcheting up of the Fed funds
target from 1 percent on June 20, 2004 to 5.25 percent on June 29,
2006, to stave off inflation. The FOMC reversed course, in response
to softening labor markets and increasingly troubled credit markets,
and began an even steeper ratcheting down on September 18, 2006,
so that by April 30, 2007, the Fed funds target was at 2 percent.
Subprime mortgages revealed themselves as being particularly trou-
blesome, after which it became increasingly clear that the cumulative
effects of deep-rooted financial innovations in mortgage markets had
been leveraged into an unsustainable boom.

...

Lessons as they relate to the central bank are more problematic.
Given the very fact of heavily centralized credit markets, the Federal
Reserve is precluded from knowing what interest rate would prevail
in a decentralized market. The natural rate of interest is obscured by
the Federal Reserve’s apparatus for managing interest rates—all the
more so when yields on securities only dimly reflect the underlying
risks.

vas pupMarch 13, 2015 2:16 PM

@albert • March 13, 2015 12:27 PM:""...senior government officials..." have always suffered from 'impaired judgement'. 'Accurate information' has nothing to do with it. You touched the nerve! Like in any IT program, good output = good input(1) + proper logic(2). Absence of either component provides bad output. Same applies to political decision as well

65535March 13, 2015 2:39 PM

@ Clive

“…there are other ways to sufficiently protect information, if it is local to you and you don't use communications, Write Once Memory and all transaction logging to it is one way. This can be speeded up by using voting systems in the same was as distributed RAID systems. However I've always maintained strong encryption is a necessary minimum if communication is involved.” –Clive

Very good point. But how to we get this down to the average Joe reporter or even to the average Joe?

@ Coyne Tibbets

‘That is a truly incredible statement from someone who devotes his professional career to lying to "...senior government officials (civilian and military), corporate executives, investors, [and] others..."’ – Coyne Tibbets

It sure is. How do we apply remediation the situation? It looks like we have some sketchy people in very high places that need to be screened out. How do we get rid of them?

@ Anhimj

‘"According to documents leaked by Edward Snowden, NSA's and GCHQ's Mobile Handset Exploitation Team[51] infiltrated Gemalto's infrastructure to steal SIM authentication keys, allowing them to secretly monitor mobile communications.[52]’ – Wikipedia ?

This gets back to the question of exactly how the “infiltration” took place. Anybody care to speculate on that?

"The secret GCHQ document also claimed the ability to manipulate billing records to conceal their own activity and having access to authentication servers to decrypt voice calls and text messages.[52]" ~wikipedia

“So then, is your bank account record the real deal or has NSA/GCHQ manipulated it?” – Anhimj

Yes, that is a possibility.

This shows how the system of trust in the financial community can be shattered by out-of-control spy agencies. The average Joe who pays for these spies must have to regain control over them.

In the short term, I can only suggest a 40% to 50% cut in theses “Agencies” budgets to bring them back under control. Someone has to throttle back the spending of these out of control spy agencies.

I suggest pinpointing the politicians who control said spending and force them to reduce money the flow to spy agencies. We have enough budget problems as it is.

“The next level of attack would be on the firmware or software of the computer that reads the sensors. This is similar to a hardware attack, but redundancy isn't as helpful, since a network attack vector could compromise all the machines simultaneously. The solution is reliable (or no) software/firmware updates, which these days means reliable digital signatures-- which depend on reliable encryption.” –David Leppik

The flashing of firmware is a serious problem. It needs to be stopped. But, that is not an easy task. How do we detect malware embedded in firmware? How do we remove it?

The digital signatures and the related counterfeiting of certificates needs to be put under a microscope. The Certificate Authorities and the makers of User agents and Certificate stores need to be independently audited.

The whole Certificate chain has holes in it. If those holes can be plugged and counterfeiting of certificates stopped – a lot of the problem would be solved. But how to so is the question.

“Doesn't authentication play a role here, too?” – Spellucci

It does. Now, we are back to the problem of Counterfeit of Certificates. Tangentially, we are also back to the problem of copying of private keys by Certificate Authorities.

Cough, like G@Daddy who require that one must use their certificates when buying their domain name and hosting service [G@dadday creates both the public and private keys for its customers and could make a copy of the private keys… to be given to the “agency”]. This appears to be a consumer scam – but there are no laws against it.

[Excuse all of the grammar and other errors]

SoWhatDidYouExpectMarch 13, 2015 5:46 PM

Talk about a possible attack on information integrity...

Controlling Brain Activity With Magnetic Nanoparticles

http://science.slashdot.org/story/15/03/13/1957214/controlling-brain-activity-with-magnetic-nanoparticles

From the post:

"Deep brain stimulation, which now involves surgically inserting electrodes several inches into a person's brain and connecting them to a power source outside the skull, can be an extremely effective treatment for disorders such as Parkinson's disease, obsessive compulsive disorder, and depression. The expensive, invasive procedure doesn't always work, however, and can be risky. Now, a study in mice (abstract) points to a less invasive way to massage neuronal activity, by injecting metal nanoparticles into the brain and controlling them with magnetic fields. The technique could eventually provide a wireless, nonsurgical alternative to traditional deep brain stimulation surgery, researchers say."

This is earmarked as "deep brain stimulation". It should have been in the "what-could-passibly-go-wrong" department. It seems that the ultimate use will be brain manipulation. No more influence or intimidation. Just control. Pure control. Only control.

Yet, the brain of a mouse is stll relatively simple compared to the human brain. Who knows...?

No Such AgencyMarch 13, 2015 9:58 PM

What doesn't make any sense is that they're worried about integrity now???

They weaken (or even break) crypto so they can break confidentiality of communications, and now they want stronger mechanisms for assuring integrity?

There is some other reason they want integrity.

Gerard van VoorenMarch 14, 2015 2:17 AM

Is this still part of the "wrongdoers - dual state - G.W.Bush / Cheney / Obama" legacy?

If so, what stops them from not physically goto the source and manipulate the author? After all, they are above the law. I wonder how strong encryption is at gunpoint.

See https://xkcd.com/538/

Andy MarksMarch 17, 2015 1:32 AM

There are well-established and effective means to protect data integrity and system integrity. It's good that technical leaders are bringing it to the attention of those with the means to focus resources in the correct areas. If resources are not focused on these issues, there will be a continued decline of confidence in technology, a vital component in society today.

Sadly, the same applies to both confidentiality and availability. Corporate systems and government systems are vulnerable many times simply because basic configuration errors, such as failing to keep Microsoft Office up-to-date on banking computers, or failure to implement two factor authentication, as seen at JPMC.

Start hiring teams to check all configurations and changes on a constant basis.

I wonder, though, if hackers are simply exploiting the easiest in a wide swathe of problems riddling these networks. As soon as we get 2-factor authentication, them boom: they use social engineering or coercion to gain access to that 2nd factor of authentication. It could be well worth it for them to try, to gain access to that critical system.

Nick PMarch 17, 2015 12:32 PM

re Blackberry "secure" tablet

Let's start with South Korean hardware with insecure chips and firmware from numerous countries. Possibly backdoored by South Korea or Samsung for various reasons. Then, add a swiss cheese OS that NSA and others hit endlessly. Use a wrapper tech made by the most NSA-friendly computing company with a hit-and-miss security track record. Then, leverage a crypto chip that might be backdoored by its host intelligence agency in Germany. Combine these in an unproven way and...

BAM! A SECURE tablet! Couldn't imagine it not working out!

vas pupMarch 17, 2015 4:05 PM

@Nick P • March 17, 2015 12:32 PM. Thank you for your input! Then, in my posting related the beginning should use "secure" rather than secure (like you did).

Poul-Henning KampMarch 18, 2015 4:22 AM

Paul Anderson wrote a wonderful short story about this 1953 "Sam Hall"

Starship Buzzing ByMarch 19, 2015 8:40 PM

Mmm, I would agree that encryption helps here. There are caveats, remaining, however. And, encryption does not completely solve the problem.

I would also agree this is a wider issue which involves "the whole internet". Though, as long as the internet has been around, there has been erroneous information. And quite well before that. To say the least.

Truth, or weightier information, very often is banned. It very often is hated. But, weight it does have, and I remain a solemn believer that it wins out. What is weightier invariably makes it's way up and over. Group think and people's predisposition to believe what they want to believe are the greatest enemies there. Not clever spies, though clever spies can be opponents of truth, operating as disinformation agents while cultivating possible agents and gleaning potentially useful information... ultimately, they are themselves looking for the truth.)

In context, however, what I believe the assessment is talking about is very controlled information, such as XX operations, "double cross" operations. Where diabolical entities utilize surveillance structures against surveillance systems to great advantage. (Dos Equis and Greek food lovers, not included.)

There, a problem with cryptography remains: cryptography while "assuring" information and providing integrity can cause another problem if poorly implemented. Which is it can provide an illusion of integrity of information which is not there.

Many "for instances" there, but good examples might include, for instance, Japanese belief that their encryption system could not be broken. Had they believed it could be broken, their *trust* of the communication systems would have been far weaker then how they were. Likewise, while many German systems were unencrypted, systems which were strongly encrypted erroneously deepened the trust they had of that communication.


Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.