Schneier on Security

Nick P • May 10, 2015 1:08 AM

@ name.withheld

Many of us have an incredible amount of respect for you. You put that at risk citing a fraud who destroys over time all who trust in him. Probably better if you avoid such sources in the future. Find reliable sources who are promoting the truth and expand on their work. I’ve seen too many follow Jones’ lead to end up absorbing their whole lives in his propaganda. To no positive effect either. I’ve never seen him have a positive effect over long haul.

Nick P • May 10, 2015 10:36 PM

@ name.withheld

Thanks for the reply and giving well-articulated reasons for using the reference. The brief part of the clip I watched showed it would be long and was in the rhetoric-heavy style Jones uses. Disturbing, but survivable if the sources are OK. I’ll watch the whole thing in next few days when I have time to spare.

@ all
re Alex Jones

Project Censored has a nice article on him here. The amount of damage he’s done to real work on exposing corruption is incalculable. I know so many young hackers/activists with the right skills to take action that are wasting their time on diversions he created. Even if you’re using articles focusing on links/evidence, be sure to watch out for his tactic of picking just the links that support his view and ignoring anything else. It’s almost better to make your own presentation or video with whatever solid sources he cites. His stuff will be more popular but at least yours won’t be derailing needed focus.

@ Thoth

Good summary of my post and additions.

Nick P • May 10, 2015 11:00 PM

@ Buck

“Full Disclosure: I absolutely agree with what @Andrew Wallace has to say about Alex Jones”

Me too. Unfortunately, statements such as that are a hook to keep people’s attention for the derailing that makes up the majority of his posts. A classic trick that existed long before the Web.

Nick P • May 11, 2015 8:35 PM

@ J

It’s annoying but their goal is to get clicks. That’s their job and that’s what people read apparently. Those promoting realistic information rarely get attention at all. Reinforces the annoying option more. Once again, I blame reader’s preferences and/or human nature.

Note: That you linked to it ensures it will get more views and maybe rewards. Ironic, eh? 😛

Nick P • May 13, 2015 8:50 PM

@ Bruce, all

My late review of Ross Anderson’s “Meeting Snowden in Princeton”
(original article)

I just realized I forgot to review the post. Lol. Ok, here goes.

“wiretaps on the communications between data centres were something nobody thought of”

That was always a threat in terms of government. They’ve been tapping dedicated lines and fiber for a long time. The government has also used highly secure link encryptors between sites for a long time. So, my assumption should be the default: any carrier line is vulnerable to tapping by the local government or any other attackers with enough resources to tap a line. Independent security consultants also occasionally run into Ethernet taps by hackers and even malicious insiders. Further reinforces the principle.

“Second, we also got some reassurance; for example, TLS works, unless the agencies have managed to steal or coerce the private keys, or hack the end systems.”

That is indeed… some… re-assurance.

“And it’s a matter of record that Ed trusted his life to Tor, because he saw from the other side that it worked. ”

There were substantial debates here on this subject. Even Tor says it might be cracked by an adversary with NSA-like visibility. Yet, the result of the debates were several slides indicated severe difficulty with breaking Tor if it was used correctly. One noted that Tor combined with other strong technologies was a dead end for them at that time. So, this claim passes for now.

“Third, the leaks give us a clear view of an intelligence analyst’s workflow. ”

Most of this is expected. The workflow for NSA analysts was described by Bamford and others. Looks similar. The alliances between countries for intelligence sharing are a matter of public record, even with a Wikipedia page. There’s nothing new here except the number of sources, amount of data, and amount of storage. That has implications for what the organization is capable of on a global scale.

“As for crypto capabilities, a lot of stuff is decrypted automatically on ingest (e.g. using a “stolen cert”, presumably a private key obtained through hacking).”

Less re-assurance on TLS.

” but properly implemented crypto keeps the agency out; gpg ciphertexts with RSA 1024 were returned as fails. ”

Predicted by Bruce and other cryptographers. They attack everything around the algorithm if it’s a strong one. The leaks indicate those battle-tested in public by cryptographers and hackers are indeed strong. I’ll add that this further vindicates the crypto competitions, such as AES, along with peer review by talented breakers. I expected them to produce “good enough” algorithms that would be broken and replaced by brilliant cryptographers over time. Instead, the results have been great with most unbroken in practice after quite a while.

Of special mention, these ciphers still deliver despite quite the beatdown over a long period of time: IDEA (24 years old), Blowfish (22 years old), and RC5 (21 years old). Triple DES was also a nice hack to strengthen an existing algorithm.

“However there is no evidence at all of active attacks on cryptographic protocols, or of any break-and-poison attack on crypto links.”

Re-assuring. I predicted this was possible, although not certain, given that NSA’s COMSEC uses an IPSEC variant called HAIPE. Many aspects of the two are the same at the protocol level. They just removed the weaknesses in that one. Gilmore’s post on IPSEC weakening provides hints for how non-standard implementations can improve the security of the protocol. Plus, rigor in implementation process. Obviously.

” By routinely hacking companies of interest, the agencies are comprehensively undermining the security of critical infrastructure, and claim it’s a “nobody but us” capability. however that’s not going to last; other countries will catch up.”

That’s inaccurate: it talks about something that’s been going on like it might start happening in the future. There are already plenty of examples of other nation states and black hats using the same methods to hit everything from government organizations to banks to Google to defense contractors. Terabytes of information have been stolen from Five Eye’s organizations using these techniques. So, the proper viewpoint is that the Five Eye’s intelligence organizations are intentionally letting their businesses be devastated by foreign attack so that their own collection efforts can continue without interruption. That’s why I accuse them of aiding and abetting the enemy.

“Would opportunistic encryption help, such as using unauthenticated Diffie-Hellman everwhere? Quite probably; but governments might then simply compel the big service forms to make the seeds predictable. ”

Or just build backdoors or save key material. Much legislation is being considered and some passed along these lines.

“At present, key theft is probably more common than key compulsion in US operations (though other countries may be different).”

Hard to tell on that one. The ECI leak say FBI compels U.S. companies to SIGINT-enable their products for FISA warrants or whatever else. All the biggest players are involved. This is on top of intelligence (esp NSA) and law enforcement (esp DEA) oragnizations straight up paying for access to useful information. So, the compulson risk is unknown and it’s better to have crypto outside of Five Eye’s jursidiction for that reason. Picking the right jurisdiction is another discussion entirely. We just know Five Eyes are among the worst democracies for SIGINT collection and abuse.

“If the US government ever does use compelled certs, it’s more likely to be the FBI than the NSA, because of the latter’s focus on foreign targets.”

NSA targets Americans, too. Statistically, the FBI is more likely. Yet, NSA also passes their data to FBI and other enforcers for parallel construction. So, this distinction seems meaningless. We might as well think of them as one group working together to find evidence of guilt in our communications.

“The problem with this is that systems like Skype will give access not just to the FBI but to all sorts of really unsavoury police forces.”

This is true. Yet, it can be resolved by the choice of jurisdiction. Iceland has no crypto restrictions that I’m aware of. Switzerland has tight controls on this. Others in Europe vary. The control of the crypto should be kept in such countries other than the despotic regime the user worries about. More complex situations potentially have other solutions but this is a fairly simple solution to this one. I’ll add that the use of anonymity approaches are critical in such states to avoid having the key tortured out of you.

“FBI operations can be opaque because of the care they take with parallel construction; the Lavabit case was maybe an example. ”

That’s a definite possibility. Levison claimed to offer bank-grade security to his customers: a regular platform using SSL connections with a shared private key. Calling that “bank-grade” rather than basic SSL is misleading enough. That he likely used server OS’s they had zero-days on means there’s a real possibility that they hacked the system or had every opportunity too. So, the protection mechanisms for confidentiality and integrity must still be highly assured to stop… parallel construction. Readers probably expected “hacking,” but in police states we must consider them together these days.

Hackers used to use our PC’s to commit or hide crimes. Individuals used their PC’s to hide secrets, protect valuable operations, or even commit crimes. Now, the police and intelligence agencies have strong methods of stealing secrets, disrupting valuable operations, or even committing crimes in one’s name. They’re solidly in the threat profile.

“The NSA is even more cautious than the FBI, and won’t use top exploits against clueful targets unless it really matters. Intelligence services are at least aware of the risk of losing a capability”

“Using network intrusion detection against bad actors is very much like the attack / defence evolution seen in the anti-virus business.”

“Cooperation with companies on network intrusion detection is tied up with liability games.”

Totally true. Many nation-state-level attackers have been busted anyway. This includes the NSA apparently via the Equation Group report. Despite their stunning stealth, even they could be beaten with established, COTS forensics and monitoring. That should re-assure us a bit on the detection and recovery side of things. A non-profit, coalition of anti-surveillance companies could also share monitoring information like we see with big companies in general. Yet, top security pro’s could turn this data into pattern-finders and countermeasures to block whatever techniques are in use.

” Lots of good crypto never got widely adopted as it was too hard to use; think of PGP.”

True. New, usable solutions are stepping up to the plate. They need more peer review. Academics trying to prove themselves in cryptography, security engineering, or even programming should focus on at least one each as part of their work.

“Engineers who design stuff for whistleblowers and journalists must be really thoughtful and careful if they want to ensure their users won’t die when they screw up. ”

This is true. Those who do have solutions that’s “too hard to use.” There’s going to be inherent difficulty regardless given the range of threats. So, the trick is two-fold: identifying the risks and potential design strategies to protect the whistleblowers/journalists; making all of that easy to use. Much harder than either in isolation. Adding compartmentalization makes it even harder. How are they going to use that strategy pervasively if a PGP tutorial is too hard?

“The goal should be that no single error should be fatal, and so long as their failures aren’t compounded the users will stay alive. ”

That’s seems improbable or impossible for most mainstream and COTS platforms. Any that have significant vulnerability to code injection will be totally nuked upon a single failure. Significant timing channels usually take 1-3 failures. That’s disturbing given that amateurs attacking Chrome are chaining 5-6 bugs together to form exploits… found in a week or so. Certain physical isolation schemes can help. Yet, they’re not cheap, shiny, and convenient. They might also suffer from loss of availability when attacked, albeit with the benefit that those attacks waste 0-days on the platform. I’ve proposed techniques to semi-automatically identify the defect upon such an attack.

“For example, password managers are great,”

I’ve always considered them false security against hackers. Common case for PC attack is that malware is injected onto the machine along with a keylogger. It intercepts (a) your individual passwords or (b) your master password for the password manager. It also intercepts the plaintext. The benefits were using more complex passwords, making them unique per site, more secure storage on disk (esp against theft), and more secure backup (eg for device failure). The extra security against malware and hackers, though, should be zero if that attack vector is used.

“Quite simply, the NSA doesn’t care about policy. Their OGC has 100 lawyers whose job is to “enable the mission”; to figure out loopholes or new interpretations of the law that let stuff get done.”

True, along with his examples and scary implications.

“Jurisdiction is a big soft spot.”

The good news, which I illustrated above, is that both sides can work this issue. It’s not a good dynamic for us given that they have more power.

“The deepest problem is that the system architecture that has evolved in recent years holds masses of information on many people with no intelligence value, but with vast potential for political abuse. ”

Well-said.

” People who intern with a clearance get a “lifetime obligation” when they go through indoctrination (yes, that’s what it’s called), and this includes pre-publication review of anything relevant they write. ”

It’s why a number of us have avoided getting clearances. I suggest others do the same if they’re trying to build stuff that can resist mass surveillance.

“The export control mechanisms are also used as an early warning mechanism, to tip off the agency that kit X will be shipped to country Y on date Z. Then the technicians can insert an implant without anyone at the exporting company knowing a thing.”

Nice observation. This is why A1-class systems required “trusted trucks” for distribution of the evaluated hardware. I’ve also promoted using a combination of vetted software, locally procured equipment, and diversity of implementation details to throw them off if you can’t prevent customs or shipping from subverting a pre-owned device. This isn’t cheap but spies use even simpler schemes with success.

“They will make the same security arguments as our governments and use the same techniques, but without the same standards of care. ”

The last part is a good call and vitally important. Many foreign government have (a) lower protection requirements for the data, (b) looser usage requirements, and sometimes (c) active espionage campaigns against Five Eyes companies. Sharing backdoor access with such governments is disaster waiting to happen. Especially if they escalate privilege from a limited backdoor to full control as we’ve seen in remote administration tool’s vulnerabilities.

“Eventually something scary will happen, and then infrastructure companies will care more, but it’s doubtful that anyone will do a sufficiently coordinated attack on enough diverse plant through different firewalls and so on to pose a major threat to life. ”

Maybe. For cyberwar in general, I’ve noticed two things: (a) most vicious people who would want to destroy us physically are too incompetent to do it… so far; (b) those that can do it, which U.S. scares us about, don’t care to do it as they financially and/or politically benefit from our overall stability. Top cyberwarriors are China, Russia, Japan, and Israel. All are trade partners that benefit considerably from all the I.P. they suck out of us. No real threat there… unless you have I.P. 😉

” We have to accept that some people are pro-NSA while others are pro-humanity. ”

Lol. Nice wordplay.

” It’s best to develop a culture where people with and without clearances agree that crypto must be open and robust.”

True but too vague to debate possibilities.

“Secret laws are pure poison; government lawyers claim authority and act on it, and we don’t know about it. Transparency about what governments can and can’t do is vital.”

True.

“However it is possible to layer new communications systems on top of what already exists”

I’ve posted dozens of designs for free online to do just that. I’ve also shared countless academic works solving a tremendous number of problems. Encrypted communication over untrusted networks is one of the most thoroughly solved problems in the security community. As Ross says, the solution is to implement what we know works in ways that keep the untrustworthy parties truly untrusted. There’s also many with the opinion that we should develop as many decentralized versions as possible which reduce the risks of centralization and coercion especially. Whether we do one or both, there are proven paths to greatly improve the resilience of our systems and the social/economic activities they support. We should do this.

Nick P • May 14, 2015 12:49 PM

re wifi and wires

WiFi certainly makes it easier for them, yet not ubiqitous. It’s actually more difficult for them to hit WiFi nodes because they’re all over the place. Better to tap the Tier 1 and Tier 2 ISP’s with specialized equipment to see everything. Then cross-reference what you see to a list of known wifi nodes with associated location, speed, personal/business, and other details.

And the wires are privately owned by various companies. The government only owns the wires and fiber they themselves install. You’ll know the difference if you accidentally cut an unmarked cable during construction.

re equation group

Kaspersky is the one source for the information. I’d like to see some peer review on this. But, this is fairly common in this field. So, you have to look at the data and responses. You noted that haven’t seen many responses from big companies. That is weird and troubling. The riddle is solved when you just read the report: their methods are nearly God-like in stealth (per Kaspersky), they’ll dump an operation at slightest hint of detection, they erase all traces, and their targets aren’t the kind running great monitoring operations. That they heavily rely on HD firmware infection already made 99% of targets out there unable to resist or spot them.

So, it’s believable it might happen without many reporting the compromise. The Russian and Chinese hackers use traditional methods on companies with lots of auditing and contracts with managed security. They get detected at some point but that’s because they don’t care about detection: nobody does crap about the TB they stole. NSA’s TAO and others care about detection to the point of using every technique at their disposal to prevent it. Their targets don’t have as much security investment either. So, it’s believable it could happen. On top of it, a number of these countries wouldn’t admit the U.S. was beating them invisibly for over a decade.

re covert

“Covert means it is illegal, everyone knowing about understands this, and they keep it secret so they and their coworkers do not go to jail.”

I’m not sure what your point is. The U.S. has overt, clandestine, and covert operations. Clandestine means they’re hidden, legal here, and maybe illegal in foreign country. Covert operations are clandestine operations designed to be deniable rather than just secret. Clandestine operation plus a smokescreen. There’s plenty of history of covert operations that should’ve never happened. They need more accountability for sure.

But, don’t make the mistake of extrapolating this too much. Like prior discussions here showed, most countries in the world treat espionage different from other military and intelligence activities. They tend to make it legal for them to do and illegal for everyone else to do against them. A spy caught doesn’t start WW3: the spy is punished and the event might be used for political leverage. We get caught dropping bombs and it’s a totally different story. So, the discussion of what they do in secret with SIGINT and HUMINT should stay separate from covert operations in general. The former is quite broad and with little restrictions. The latter is highly restricted and sometimes even needs Presidential approval if it’s high risk.

re NSA capabilities

You brought up random points on Snowden, NSA, DEA and so on. I don’t see a coheren statement to reply to.

@ Figureitout

re pocket calculators

I told you before they’re good for subversion resistance given they’re nature. They might do well for TFC with the right connectors. Yet, I hesitate to recommend them for one reason: TI’s continued inflation of their prices means many alternatives are cheaper. Things such as the PI keep pushing costs down. Not to mention all the boards with microcontrollers that don’t include wifi, etc just to keep costs down. They’re looking to be best option for Send and Receive with a cheap Linux box for Transmission node.

Btw, KnightOS looks cool. I’d have loved to play with it on my old TI’s back in school. I had a TI-83 and a TI-92 (favorite). My 92 had so much screen, keyboard, and resources to play with. That mixed with KnightOS or a KolibriOS knockoff would’ve rocked.

@ Thoth

I agree for many banks. It depends on the bank, though. A number have implemented many network protections, internal controls, monitoring, logs, and so on. Quite a bit more than the average company uses. Plus, their dependence on HSM’s and mainframes for many operations makes those unlikely to be hit by vast majority of hackers who lack the expertise. So, whether a good bank or a half-assed bank, just putting SSL on email servers didn’t seem to justify the claim. Looked like marketing BS to me.

Plus, a truly secure email service would be using mail guards and plenty of custom code/endpoints. The cost of those are considerable. So, you can tell if an email service is leveraging secure equipment largely by how much they charge. That means that my Kolab account can be hit by hackers regardless of their committment to protecting me. So, I leverage them for transport and will use a guard for receiving if I want real security. And GPG, of course.