Friday Squid Blogging: Squid Kite
Video. Plus an octopus kite, with another squid kite in the background.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Video. Plus an octopus kite, with another squid kite in the background.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
JG4 • May 20, 2016 4:45 PM
some fascinating history
The Beginning of System Dynamics
http://web.mit.edu/sysdyn/sd-intro/D-4165-1.pdf
by Jay W. Forrester
…
In my first year at MIT came another one of those turning points. I was commandeered by Gordon S. Brown who was the pioneer in “feedback control systems” at MIT. During World War II my work with Gordon Brown was in developing
servomechanisms for the control of radar antennas and gun mounts. Again, it was
research toward an extremely practical end that ran from mathematical theory to
the operating field, and I do mean the operating field. At one stage, we had built an experimental control for a radar to go on an aircraft carrier to direct fighter planes against enemy targets. The captain of the carrier Lexington came to MIT and saw this experimental unit, which was planned for redesign to go into production a year or so later. He said, “I want that, I mean that very one, we can’t wait for the production ones.” He got it. And about nine months later the experimental control units stopped working. I volunteered to go to Pearl Harbor to see why they were not functioning. Having discovered the problem, but not having time to fix it, the executive officer of the ship came to me and said they were about to leave port. He asked if I would like to come with them and finish my job? So I said “Yes,” having no idea quite what that meant. We were off-shore during the invasion of Tarawa and then took a turn down through the middle between the Sunrise and Sunset chains of the Marshall Islands. The islands were occupied on both sides by Japanese fighter-plane bases and they didn’t like having a U.S. Navy Task Force wrecking their airports. So they kept trying to sink our ships. After dark they dropped flares along one side of the task force and come in with torpedo planes from the other side. Finally at ll p.m. they succeeded in hitting the Lexington, cutting off one of the four propellers and setting the rudder in a hard turn. Again, it gave a very practical view of how research and theory are related to the field application.
Werner • May 20, 2016 5:02 PM
There is a 262 page report (in German language)
https://www.bundestag.de/blob/393598/b5d50731152a09ae36b42be50f283898/mat_a_sv-11-2-data.pdf written by Dr. Kurt Graulich (former judge at the Bundesverwaltungsgericht, the highest Federal Administrative Court in Germany). This report is one of three versions – the other two versions are not available for the public.
There was an interesting debate about the circumstances of Dr. Graulichs nomination to write these reports and some interesting details escaped about the way he produced these reports.
Graulich acted as special prosecutor and was tasked by the government to write these reports in order to help an investigation committee of the German parliament.
The so-called NSA committee of inquiry (1. Untersuchungsausschuss “NSA”) has been established https://www.bundestag.de/blob/284528/a89d6006f28900c4f46e56f5e0807ddf/einsetzungsantrag_englisch-docx-data.pdf to clarify details about the work of the five-eyes intelligence services in Germany and the knowledge of German authorities about these activities. The inquiry committee was a clear response to revelations made by Edward Snowden regarding Internet and telecommunications surveillance.
Milo M. • May 20, 2016 8:31 PM
Peter G. Neumann at Risks Digest links to this essay on the Internet advertising economy:
http://catless.ncl.ac.uk/Risks/29.53.html#subj12
http://blogs.harvard.edu/doc/2016/05/09/is-the-online-advertising-bubble-finally-starting-to-pop/
“Almost all third party data today is supposedly being used to improve targeting precision.
There are many kinds of targeting data in the display ad world, and each type is supplied by someone different. Contextual, intent, demographic, temporal, behavioral triggers, life cycle triggers, you name it.
This is the n-dimensional data problem you speak of.
Facebook is doing a lot to resolve the n-dimensional problem, right now. As they build-out their offsite ad network, they are gaining real time access to most of the important types of targeting data and organizing them into detailed interest and intent profiles of individual people.”
tyr • May 20, 2016 11:28 PM
From an article on PredPol.
http://www.tomdispatch.com/post/
“If you leave aside issues of bias, there’s still a fundamental question to answer about the new technology: Does the software actually work or, for that matter, reduce crime? Of course, the companies peddling such products insist that it does, but no independent analyses or reviews had yet verified its effectiveness until last year — or so it seemed at first.”
Apparently Predictive Policing is the new buzzword
for police departments use of technologies.
P K Dick would be proud of his prescience.
Clive Robinson • May 21, 2016 1:38 AM
@ tyr,
Your link does not go to the article just the blog’s front page.
As for Predictive Policing, it’s one of those “Intuitively obvious but factualy wrong” ideas people get when they don’t understand probability.
The collecting of post event data tells us many things such as how many buildings will catch fire, and how likely they are to burn to the ground etc. But it will not tell us the address and time of the next house blaze.
Likewise we know that if you leave an item of value around sooner or later somebody is going to steal it. But not who or when.
Unfortunately we know that at some point in the future an armed police officer is going to shoot another innocent person in the US. We don’t know where, or precisely when or which innocent person by which cop or their real reasons for pulling the trigger. All we know is that based on the number of events recorded we can make an informed guess, but should we just arrest a police officer because they are in a bad mood over something in their personal lives –assuming we are even aware of it–?
In our physical world science can accurately tell us what is going to happen to a determanistic object of a given mass etc if it is subject to a given force in an otherwise static or fully known thus predictable environment. But the questions then arise of what happens when you have a lack of knowledge or add nondetermanistic objects such as humans into the environment?
The problem is that some people seriously believe that “more knowledge” will solve the prediction issue, thus the seduction of “collect it all”. What they don’t appear to understand is that you can never gather enough information or have enough time to get over random or nondetermanistic behaviour.
But it also raises a philosophical question, of what if you could make 100% accurate predictions? Does that mean there is no free will? and if it does is anybody guilty? Because their actions were preordained and they had no choice but to carry them out…
But there is also another philosophical question of what happens if you stop a specific crime? Criminals carry out their activities because of a number of reasons, stopping them carrying out a specific crime will not cause those reasons to cease to be in effect in most cases. The most likely result is that stoping one crime will only cause another crime somewhere else later as all that changes is which piece of fruit is hanging lowest to the individual criminal. But there is a hidden issue, each time you move a crime on it adds a time preasure to the criminal. The most obvious is those who need money to buy their “next fix” whatever that addiction may be, they will thus become more desperate with time, and thus their behaviour more drastic. Thus their next crime is likely to be of a higher risk, thus the more likely there is to violence etc.
Which also gives rise to the “social inequalities” issue. If the police are moving crime on, where is it going to. We know the police are a finite resource, thus they can not be everywhere all the time. Who decides where they are “not” going to be? And why? Human nature indicates the police are subject to the “squeaky wheel” of political preasure thus they are not likely to be in areas where the people there have little or no influence. Thus you further enforce the “rich get richer, because the poor get poorer” issue.
Predictive Policing, is a seductive idea, it gives an illusion that you can get more from the same resources. The reality will however be a failure, or an excuse for failure, and in the mean time a lot of people will get hurt who otherwise would have not. Further crime is responsive to deterent techniques, it works around it in a never ending dance. Because whilst in the long run the vast majority of criminals loose they like players in a lottery always have their eye on “the big win” that so rarely happens. Crime is after all is said and done what “The Great American Dream” is realy all about at the end of the day.
Don't Be Evil TM • May 21, 2016 4:56 AM
Google – “Don’t be Evil”. Funny shit, considering googleanalytics.com (among many from the company) is the world’s #1 tracker and:
http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf
In this study, Libert compiled a comprehensive mapping of third-party domains to organizations, showing that Google can track users across nearly 80% of sites through its various third-party domains.
…
All of the top 5 third (tracking) parties, as well as 12 of the top 20, are Google-owned domains. In fact, Google, Facebook, and Twitter are the only third-party entities present on more than 10% of sites.
No wonder they are regularly seen in Washington circles fellating the power brokers.
I don’t think most people (present company excluded) realize just how dangerous (evil) Google, Microsoft, Facebook and other fascist collaborators are, nor their new business paradigm (‘your data belongs to us’) and true purpose in the ‘military-digital complex’.
This article below is worth reading in full, but here is a salient point:
http://monthlyreview.org/2014/07/01/surveillance-capitalism/
The major means of wealth generation on the Internet and through proprietary platforms such as apps is the surveillance of the population, allowing for a handful of firms to reap the lion’s share of the gains from the enormous sales effort in the U.S. economy. The digitalization of surveillance has radically changed the nature of advertising. The old system of advertisers purchasing ad space or time in media with the hope of getting the media user to notice the advertisement while she sought out news or entertainment is becoming passé. Advertisers no longer need to subsidize journalism or media content production to reach their target audiences. Instead, they can pinpoint their desired audience to a person and locate them wherever they are online (and often where they are in physical space) due to ubiquitous surveillance. The premise of the system is that there is no effective privacy. The consequences are that the commercial system of media content production, especially journalism, is in collapse, with nothing in the wings to replace it.
These monopolistic corporate entities readily cooperate with the repressive arm of the state in the form of its military, intelligence, and police functions. The result is to enhance enormously the secret national security state, relative to the government as a whole. Edward Snowden’s revelations of the NSA’s Prism program, together with other leaks, have shown a pattern of a tight interweaving of the military with giant computer-Internet corporations, creating what has been called a “military-digital complex.”Indeed, Beatrice Edwards, the executive director of the Government Accountability Project, argues that what has emerged is a “government-corporate surveillance complex.
Who? • May 21, 2016 6:49 AM
Microsoft is changing the rules of the game to impose its malware:
http://www.tomshardware.com/news/windows-10-auto-schedules-updates,31802.html
Why Microsoft, Apple, Facebook and Google are on business yet is a mystery.
Clive Robinson • May 21, 2016 8:07 AM
@ Wael,
This one should give you pause for thought,
http://arxiv.org/pdf/1605.06022v1
It certainly has some consequences if true.
hawk • May 21, 2016 8:20 AM
Perhaps the speed of light is irrelevant and the distance between particles is an illusion.
@all
Google quietly nukes statement regarding end-to-end encryption for new messaging system called Allo and promotes it’s pseudo message self-destruction feature.
No one had gotten self-destructing messaging systems for mobile devices right. Not even Snapchat or any big names on the Social “Fraud” Industry that buys and sells your data while pretending to be the good guys.
First thing is there is no robust hardware root of trust for the zeroizing of sensitive messages and the fact that these protocols (Google’s new Allo scam product) uses a central server of sorts, it would make collection of messages much more easier and the fact Google quietly removed the announcement of the end-to-end encryption feature that it attempts to promote for it’s new scam products sounds all too fishy….
In fact, Signal, OTR and the likes do not even cut it when it comes to message security (in terms of message encryption) since the assumption is the hardware and software is secure and trusted by default which is a huge mistake.
Before we get into the types of routing (e.g. fleet broadcast methods, point-to-point, multicast, decentralized-servers, POND protocols, TOR routings) .. the basic notion of a secure and trusted execution doesn’t even exist as a physical medium for anything above the hardware layer to leverage for security.
The more acceptable form of end-to-end encryption and also message security from the lower layers is obviously the use of at least a hardware-based Secure Execution Environment (e.g. tamper resistant and programmable HSM like the Thales nCipher and Smart Cards) would be a necessity. Further security like ensuring the chips are trusted or using some form of Prison model on an array of less trusted but lower power tamper resistant chips or using Data Diodes would be much more preferable than outright trusting of an unproven general purpose hardware in a context where secure (and trusted) execution are paramount to integrity of algorithms and anything above the hardware layer.
The bottom line is to treat any general purpose device untrusted and never a medium for sensitive messages unless the message is encrypted on a separate secure device and transferred to the general purpose device solely for the purpose of message transmission over an insecure link.
Bill Shorten & Malcom Turbull • May 21, 2016 10:43 AM
Australia Internet Upgrade
POLITICAL PARTIES ARGUE OVER RATHER THAN CO-OPERATE ON NATIONAL FIBRE ROLLOUT.
http://www.itnews.com.au/news/fifield-knew-of-nbns-afp-leak-referral-419881
Federal police raid politicians’ offices and homes over leaked internal internet rollout documents from NBN Co which refer to projections for meeting rollout targets and deadlines.
We can all benefit here from this government project, but instead they try and score points trashing one another. Thet could be helping explore possible breakthroughs in providing a most advantageous infrastructure project to the massively benefit of Australia for years to come.
Richard • May 21, 2016 11:02 AM
@ Clive Robinson
@ tyr,
“As for Predictive Policing, it’s one of those ‘Intuitively obvious but factualy wrong’ ideas people get when they don’t understand probability.”
The classic example of “intuitively obvious but wrong” is the story from world WW2 where a group of statisticians at the Center for Naval Analyses had conducted a study of the damage done to aircraft that had returned from missions, and had recommended that armor be added to the areas that had, statistically speaking, been shot up the worst.
Having reached this brilliant conclusion, the Defense Department, knowing that armor was costly both in terms of production, and aircraft performance, sought advise from mathematicians to help them develop an optimal formula that would tell them exactly how much armor to add to each damaged area.
Abraham Wald famously suggested that the Navy instead reinforce the areas where the returning aircraft were unscathed, since those were the areas that, if hit, would cause the plane to be lost.
Wald noted that the previous study had gone astray because they only considered the aircraft that had survived their missions – the bombers that had been shot down were not present for the damage assessment. The holes in the returning aircraft, then, therefore represented areas where a bomber could take damage and still return home safely.
Nick P • May 21, 2016 12:03 PM
@ Clive
It does. They claim to have eliminated classical time. Then, all they could manage in scientific output was one paper between two points of classical time. I think they’re still time’s bitch.
Wael • May 21, 2016 12:30 PM
@Clive Robinson, @Nick P,
Acausal has two meanings. An engineering one that describes a system whose output is a function of a future input. And a dictionary definition that means “spontaneous” or without an external cause. I understand the logic behind the statement regarding classic time and qm. Agree with what @Nick P said. Additionally, mathematical operations on a model don’t necessarily mean the real world acts accordingly.
Daniel • May 21, 2016 1:15 PM
Although the piece is mostly about her position on Donald Trump the article below contains a few interesting nuggets of information about Nancy Pelosi’s take on computer security.
http://www.recode.net/2016/5/16/11679242/nancy-pelosi-trump-guarantee-kara-swisher-podcast
here is the money quote,
“And Pelosi confirmed that, for related reasons, she sides with Apple and its allies in the recent encryption battle against the FBI. ‘If we don’t sell our products overseas and be pre-eminent, we will not be as secure,’ she said. ‘I think the Apple argument, ‘no back door,’ is the security argument. If we open it up, who’s going to buy our technology?'”
This argument is a little bit like closing the barn door after all the cows have fled the scene but it’s nice that she is making it.
Dan3264 • May 21, 2016 1:50 PM
@Thoth,
Yeah, security is infeasible(although it might be technically possible, it would take a ton of effort) on practically all computing devices. To really be secure you would need totally open-source hardware and software(or hardware designed by you and not disclosed to anyone else, but that still doesn’t guarantee security) that is verifiable by the user. While I am sure that it is possible to design such a system, doing so would take a lot of expertise. Also, if any configuration of it became popular, it would be relatively easy to backdoor that implementation(if you are a attacker with a lot of influence). Thus, real security is only attainable(assuming you want to be secure against a attacker with a lot of influence) if you do almost everything yourself(and if you know what you are doing).
anon • May 21, 2016 4:23 PM
a software program for generating QKD , Quantum Key Distribution for communications security finally availible
http://phys.org/news/2016-05-secret-unbreakable-key.html
http://www.nature.com/ncomms/2016/160520/ncomms11712/full/ncomms11712.html
AnonLurker • May 21, 2016 4:57 PM
If you liked the Arxiv paper on non-locality, i highly recommend “Spooky Action at a Distance” by Musser.
Excellent simplified overview of the effects, and the different groups formulating competing theories in the fields.
http://www.amazon.com/Spooky-Action-Distance-Phenomenon-Time/dp/0374298513
was already in library too…
Richard • May 21, 2016 5:20 PM
@ Daniel
“And Pelosi confirmed that, for related reasons, she sides with Apple and its allies in the recent encryption battle against the FBI…”
… So it’s all about mega-corporation profits. Thank God, for a moment I thought she might spout something silly like that she was supporting Apple’s encryption arguments because of the privacy rights implicit in the words –
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated”
The problem with it just being about money is that our sell-out public officials think the solution to that is simple – just pass legislation that not only requires companies provide secret security back-doors, but which ALSO makes it a felony to reveal ANY details about this process (including the fact that they have even been asked to do so).
See, no more money concerns – since what folks don’t know obviously wont hurt corporate profits.
…but wait, wont the jig-be-up on the whole FBI backdoor thing the first time someone finds their phone has been unlocked at trial?
No problem, just have the government use the information found after unlocking the device to build a “parallel construction case” without ever admitting that they unlocked the device. Sure, technically this involves officials and agents committing perjury, but who cares about that?
If the case is to high-profile to get away with that, worst case, we just claim that the FBI unlocked the phone by enlisting the services of some nameless hacker (who for reasons of national security must remain nameless).
Sound familiar?
The only way we are ever going to restore the privacy rights promised by our constitution is to get serious and pass some laws that insure that our modern technology isn’t used to completely destroy the fourth amendment.
Of course, this would involve the folks who make our laws, passing laws that limit the powers of the folks that make and enforce our laws.
What are the odds that that will ever happen?
I have a feeling that Ms. Pelosi only -jumped THAT fence- because of her constituents and not because of her own interests. Applesauce
Cliver Robinson • May 21, 2016 6:10 PM
@ Anon,
You might find this interesting,
https://www.osapublishing.org/oe/viewmedia.cfm?uri=oe-24-3-2619&seq=0&html=true
SCW-QKD is both interesting and promising. It also has the potential to be rather more secure[1] than other practical QKD systems.
[1] As I and others have pointed out before, whilst QKD is theoreticaly secure, practical systems have a lot of defects, that can allow an active attacker (Aaron) to determin the state of active components such as polarizers without actually effecting the individual QKD photons… Some people are of the opinion there are no secure QKD systems available commercialy, and it’s an opinion I can sympathize with… I guess I shall have to sit down and think about how to attack SCW-QKD 😉
Nick P • May 21, 2016 7:42 PM
@ Dan3264
“While I am sure that it is possible to design such a system, doing so would take a lot of expertise.”
You have no idea. You have to have enough expertise to at least build a high-res electron microscope for chip verification, chips themselves, and machines to automate the microscopes going over the chips. Maybe the TV’s, too, although you could possibly do pattern-matching on the die as I’ve speculated before. Maybe render them on huge array of LED’s using something like ASCII text art.
In any case, no user-verifiable thing is going to be done at under 0.35 micron… maybe 0.5 micron. You need advanced equipment that’s a black box instead of a microscope. Plus, the chip has to be relatively simple to verify it by eye. The good news is that one set of tools can bootstrap the next. Yet, in the end, most can’t trust it because they built it themselves: they’re trusting that plus others who explained how it works and/or supplied blueprints/source. You have to understand whole thing to know it hasn’t been subverted. And test the materials for those properties.
Very few people will be capable of that. Only three on this blog… doesn’t include me… which is a ridiculously high number for a blog outside analog/RF blogs. 😉 It’s estimated that there are currently 3,000 analog engineers worldwide that get the stuff from PCB down to deep, sub-micron. Beginners have few resources, tooling, or inspiration to start. So, that won’t change much or quickly. And that doesn’t include learning physics/chemistry you need to verify the materials. 🙂
@Dan3264
Just a note that hardware with the “open hardware/open source hardware” only means the layout of the PCB is open. What goes on inside the blackbox IC chips that sprinkles across so much of our daily devices are still left unknown.
Do note also the political and economic dangers of decapping chips (at your own risk) because who knows the IC maker might leverage law suits or get some help from “the higher ups” of the very-likely corrupted Governments of certain nations (most of them 🙂 ).
Dan3264 • May 21, 2016 10:03 PM
@Thoth, @Nick P,
The most practical way to avoid backdoors is ambiguity: Create everything custom and order it all at once. Only buy/have-custom-made supplies that are general-purpose. Create and assemble all your PCBs after you have ordered all the chips. Design all the code and microcode after that. It is reasonable to assume that the government(s) can not know what you are trying to achieve what you are doing beforehand. Thus, they can not risk breaking the spec of whatever it is you are making, because doing so would very likely interfere with whatever it is you are doing. It is best to do this with a ASIC provider that you can sue for not providing what you asked for. On the plus side, if you get in trouble, they now have to reverse-engineer an entire system(and that knowledge is only useful in one investigation). Be sure to put the entire system in a thick metal shell. You should probably also stick in a miniature RADAR unit on battery backup that self-destructs the system if the characteristics of the container changes(secure systems seem to require an infinite number of countermeasures…).
Richard • May 21, 2016 10:22 PM
@Thoth
@Dan3264
Just a note that hardware with the “open hardware/open source hardware” only means the layout of the PCB is open.
While it is true that this is what some folks are referring to when they say “open hardware”, it is NOT true that this is the “only” definition.
There are ALSO open source FPGA CPU cores available, which leaves at least the possibility of a reasonably open source system board on the level of something like a Raspberry Pi (although you might have to give up GPU accelerated video, since video GPU core software seems to all be highly proprietary at this point).
Such a system board could be open hardware at the chip level to the extent that the FPGA CPU microcode is open sourced as well as the full PC board schematic.
While this might not be enough for the folks who insist that it’s not secure unless you dig up the sand and make the silicon wafers yourself, it’s probably good enough in practical terms, if the overall SOC system board design is good from a security prospective.
While it is theoretically possible to insert some kind of hardware back door into the FPGA at the hardware chip level that looks for the open source SOC code, and inserts some kind of tailor made back door, in practical terms, this would be difficult to do without leaving detectable glitches in timing.
Creating such Trojan code to deal with all the complexities of all the variations in both the FPGA SOC firmware and PC board layout itself would be a nightmare, and the Trojan FPGA code would have to be BIG (Megabytes to Gigabytes).
For example, consider a board like the Raspberry Pi 2 which doesn’t have a built in WiFi adapter. In order to insure that our trojan could phone home, our Trojan O.S. would not only need a full network stack, but would also need hardware drivers to communicate with potentially hundreds of different types of WiFi hardware. Of course, it could be designed to detect the O.S. and try to insert a backdoor at that level, but that is also not trivial given the many variations possible.
Sure, embedding even a couple gigs of flash would be no problem for the hypothetical bad guys – but even a few Megs of flash would stick out like a sore thumb on the normally highly regular matrix structure of the typical external serial flash driven FPGA if the chip was de-capped for a security audit.
… and NO, there is no way such a physical audit of hardware you legally purchased and own would break any laws – it would be protected under ‘fair use’.
Nick P • May 21, 2016 11:16 PM
@ Dan3264
The obfuscation approach helps. The thing is that economics dictate chip development at deep, submicron levels. It cost so much that companies usually develop I.P. that others reuse to recover the cost. So, what you suggested could work only on old nodes that aren’t cost-effective for modern use. Could with no guarantee. There are pro’s like one who used to comment here that do similar stuff in companies that have the budget to do it. Usually one component at a time, though, with EDA tools that cost a fortune. So, it’s not a realistic method for most.
@ Richard
Backdooring a FPGA only takes a small amount of code or gates in the I/O interfaces or host. From there, the approaches are straightforward as the host likely has the source and intercepting the I/O often reveals stuff on its own. Far as simple boards, the trojan would just need some RF circuitry for an unusual part of the spectrum. That’s what NSA does in leaked catalog because it’s so obvious and proven in practice. The FPGA’s are so complex and large that it’s easy to hide a subversion in them. All you have to do is put a flaw in I/O or debug stuff which allows lots of access and is easy to screw up anyway. 😉
It’s not open hardware until you have a design that’s been converted down to gates and transistors in a verified way. Then, whose gates and transistors are verifiable. Aside from that, there’s still significant closed aspects that can do you in.
Note: The last line is funny given the numerous people defending themselves from DMCA issues. You could rephrase it to say, “I believe there’s no way you’ll loose in court, criminal or civil, if you have enough money to spend on lawyers.” 😉
@Richard,
I don’t agree.
I think you set the bar too high for such close to the vcc? ground hacks.
If I was sitting in close proximity to a PLL(or not) and DMA(or not) I wouldn’t give a damn about the IETF or FCC, would you?
Network stack and binary blobs are requirements of a second stage payload. The artillery your spotters call in… I’m just not seeing it as a requirement, the environment is really not that diverse… Take a count of the transceiver market then look at the list of available CPUs… You certainly don’t require a full stack and when it comes to wireless you can periodically spit out low power ‘nonsensical’ “noise”…
With the right diagrams and datasheets practically anything is possible imb.
That’s what scares me, power analysis is probably the best way to watch for maligned activity on such smaller systems but anything that close to the hardware is in all likelyhood sporadic, silent and very much a forward deployed asset.
65535 • May 22, 2016 1:08 AM
@ Who?
“Microsoft is changing the rules of the game to impose its malware”
Yes, they are. Some Windows 7/8 owners are getting Windows 10 installed or at least a couple Gigs of Win 10 files downed on their systems. That’s not fair and it hogs band width.
Gibson has a solution:
https://www.grc.com/never10/details.htm
I have tried in on several non Win 7 enterprise boxes and it seems to work.
@ All
Any comments on Gibson’s “Never 10” free download?
@Richard,
Nick’s right of course, but look even a redteam doesn’t need a forward asset that large. Sure it would be nice to triple fault into a custom NetBSD you dd’d into flash emc? or onto a platter but most modern deployments of ‘forward thinking’ software are downloaders/callbacks.
That’s what recon and preparation is for right?
I removed the nag from an early shareware sniffer in the 90s by changing an 0x83 into a 0xC3… when it comes to subversion sometimes all you need is a single bit and your signed integer turns into an unsigned ‘oops’.
Can you verify what you write at the end of each day? 8kloc when you commit?
Can you verify your co-worker’s?
Can you verify your compiler’s?
You’d better start writing “warning Canaries” into your headers incase your compiler’s type mismatch detection is “off”.
But even that won’t stop an unstdlib.
Can you verify your dependencies?
Lawn mowers come out in the spring, you can always hear them in the distance when your 4g signal drops to 2g… They don’t send you a 2mb file they send you an HTTP GET.
tyr • May 22, 2016 3:42 AM
@Nick P.
I started as a firebottle analog tech and have continued
to play catchup (mostly in self defense) for far too
many decades. I find the idea someone understands this
from atomic to major system communications highly
suspect. A true generalist or polymath is a very rare
bird in any field. I’m not doubting the expertise you
find in specialized bright folk just the idea that they
have it all down pat.
@Richard
That sounds like the kind of thing civilian experts are
prone to cook up for the military. McNamara built the
US navy as part of the one airplane fits all model an
F111 that was wheel loaded so high it would break through
a carrier deck when it had no avionics, no ammo, and no
fuel aboard. Lands once needs no fancy arrester gear.
He also buggered the supply chain enough that I recieved
a plug in electrolytic which worked fine but you could
not close the equipment (it was an inch too tall unlike
the item it replaced.
@Clive
Chalk it up to lazy or senile, I can’t remember which.
The whole idea that you can predict criminality traces
back to Spinoza and Calvinism. Apparently really dumb
ideas cannot be snuffed out. Adam Smith has the best
explanation of what police are for but quoting it makes
you sound like Karl Marx.
I never would have predicted that the British police
would have been prancing around with machine guns in
my youth and I read a lot of dystopian SF. US police
shootings are “to a man with a hammer every problem
looks like a nail” self fulfilling prophecy.
@Dan3264, Nick P, Richard
Are there any open source IC chips that have their designs fully verified ir verifiable against their schema and commercially viable ? I do be interested to take a look at one.
The only path left being using the usual commonly available chips and hope for the best.
keiner • May 22, 2016 4:59 AM
…octopus and other animals in the sky! 😀
https://www.youtube.com/watch?v=aXalE3dbDzs
Fun!
Figureitout • May 22, 2016 6:32 AM
Thoth
any open source IC chips that have their designs fully verified
–Depends on what you mean by “fully”, we’ve said again and again though, “no”. Would you trust or be able to verify yourself that analysis if it’s BS or not? What irritates me w/ what some in the scientific/engineering community do, is put in somewhat useless terminology that’s generally just meant to see who “knows the terms”, doesn’t signify much beyond that; so it’s also meant to confuse outsiders and as a way of “job security” I believe that we’re all guilty of.
On my first paid engineering project we found out independently (after having boards made…) that some of the design recommendations were crap/wrong (likely guesses, which is reality on the cutting edge), or at least they need updating. They sound right though. This is the scientific process though when you’re close to cutting edge (I know Google has algorithms patented in the field, but still none of the big guys have perfected or solved the big problems; partly b/c some of it is impossible, only so far algorithms can take you when physics says otherwise) of some sub-sub-sub field, always changing.
The only path left being using the usual commonly available chips and hope for the best.
–This is true in life in general anyway. Gotta trust the guy walking down the street doesn’t just stab you in the neck for no reason; or someone doesn’t have a diabetic coma in a car and plow into you. No one on this forum could suggest a remote hack (b/c physical hack is boring/obvious) for my Arduino physical intrusion detection system; you’d have to hack radar, or shockburst protocol (there’s a hack there likely, that’s the way to hack this); both non-trivial endeavors. If they hacked radar I’d just switch to infrared mounted next to a door, works good.
Guess what, I was just reading in a magazine that drones (not the kiddie ones, the ones capable of holding missile payloads) are being fitted w/ now NXP i.MX6 quad-core chips b/c they’re small/light, and powerful. Every pound they take off, is $30,000 saved. COTS modules. Guarantee (access control electronics) there’s plenty of products gov’t uses that if backdoored, would be exposing themselves to hacks. Maybe the people making these decisions are so delusional/out of touch they take that risk anyway (then OPM hack happens).
You don’t need perfection for good security that works. Keep going for perfection and you’ll have nothing but words…nothing gets deployed.
Unrelated note: Got one of those throwing star LAN taps from Mike Ossman at Dayton Hamvention (which was awesome). I just need to solder on ethernet ports and I’m going to put on cap’s too but he said they’re not necessary so long as you don’t have gigabit ethernet. So I’ll hopefully get around to reviewing it here (just sucks since I have to share a network, I’m away from the modem/router so I have to wait for everyone to be outta town…).
Also got a YARD Stick One lol, couldn’t resist (that’s when I hit my spending limit :p). Based on CC1111 chip from TI. Will let know if I hack anything w/ it.
@Figureitout
the i.MX series are well known for their security and they have some tamper detection too. I am not surprised id some of those can be found in security appliances or as you said … missiles and other remote weapon systems. They are cheap and secure enough for the job considering that the expected shelf life per missile or rocket is that few seconds in flight before it blows something up (if you don’t consider the time it spends in the ammo store).
You can never be too sure about the chip but from a logical standpoint if the powers that be decides to backdoor a chip and consumes it themselves, it do be suicidal in the sense they know the inevitability of the backdoor being discovered. Of course we can be as paranoid and freeze on the spot or we can take security step by step and progress ahead and get better everytime. I would prefer to progress a step at a time and not freeze on the spot.
“You don’t need perfection for good security that works. Keep going for perfection and you’ll have nothing but words…nothing gets deployed.”
I like these words 🙂 . I am working on my smart card projects to push security and crypto from a mostly software-only approach to a hybrid hardware/software approach to up the level of security a little bit more. I was recently looking for an encryption system on a smartphone with smart card support and sadly most of these are doing over unencrypted (and insecure) NFC channel (talk about RF sniffing) out of boredom to try for fun. I wasn’t too happy with them being the symmetric keys and PIN codes are send over plain NFC and the symmetric PGP message key is generated on the phone instead (should be considered compromised) although understandably the smart card should also be called into suspicion for it’s RNG if possible.
My push would be to put all the crypto and key generation/import/export on the card itself (not to rely on the probably insecure host) and to have a software defined secure channel to communicate between the host and card which is very essential while considering so many crypto applications on the smart card simply not even meeting the basic security requirements of a consistent secure channel between the host and card and for secure key generation/import/export.
@Anura
I have an interesting cryptographic puzzle for you to hack.
Most embedded device have very limited resources and that means the packet size of each message is very small (261 bytes including a 5 byte header for a ISO-7816 compliant smart card).
All secure messages require confidentiality and integrity and the integrity part takes the form of a MAC code which can bloat the message size. The incorporation of the MAC into the header instead of hosting a message header and also a MAC would be make the message much more compact as you now have only 1 piece of information (combined MAC and header tag) instead of a MAC and also a header tag.
I am playing around with the following idea:
– Set the header to be the same block size as the chosen block cipher.
– The header should contain a session counter.
– Use a cryptographic hash to hash the message content (presumably padded) and the hash result size must be the same or more than the block size of the chosen block cipher.
– Truncate the hash result to the same size of the block size of the block cipher by taking the last N bytes of the result equals to the block size.
– Use the truncated hash result to XOR with the header.
– Encrypt the header and the message content altogether.
The recipient of the message will:
– Decrypt the message with the session key.
– Calculate the hash of the decrypt plaintext message content and truncate the hash.
– XOR the truncated hash result with the header and get the actual header.
– Check the actual header for the correct session counter otherwise discard message.
The cipher targeted would typically be AES. What are your thoughts on the above protocol ?
Dan3264 • May 22, 2016 8:33 AM
@Thoth,
That is not the only path. It is about mid-range on the “how paranoid are you” scale. Right above that is:Order custom ASICs, order custom PCBs, assemble the PCBs yourself, design all code for it from the ground up (above that on the scale is where you do the things I just mentioned, but make all of the chips yourself and courier them yourself). If you want to know that you are secure, you have to have an infinite number of countermeasures (I note that there are other ways:”In PGPon_paper you store the keys on paper, encrypt the messages using paper and pencil, cryptographically sign the messages using pencil and paper, and decrypt and verify the messages using pencil and paper. Anyone want to use it? Anyone? Why are you all leaving? You guys are no fun at all”). The way you suggested is probably the best way(I personally would go for the “Custom everything” way if I (A) had any secrets worth spending a lot of effort to protect. and (B) had a budget greater than zero for this sort of stuff).
Figureitout • May 22, 2016 10:59 AM
Thoth
–Yeah they think they’re secure enough for a drone which would in theory be subject to quite a few remote attacks (in practice probably experiences not that many).
we can be as paranoid and freeze on the spot
–That’s exactly what I did for a 2-3 years, waste of time. In some cases, no one can do better; having a totally clean endpoint. “Clean slate” in my mind means “bugs waiting..”. In the end you can’t get access to the supply chains or the chips you want anyway (I don’t think they’re that much better anyway). Keep going for perfection and you’ll keep spinning your wheels and have nothing. It’s better to deploy what you can build, and keep working step by step upgrading. For instance, I wanted a different OS than Windows to flash chips w/, but in some cases that’s all you have. I compromise by using Win7 or XP, airgapped; I hate flashing chips while connected to internet.
Right now, I can have a physical intrusion system setup around my house, reporting back to my desk; then my packet sniffer running on my network all the time, again reporting back to my desk (it’s still dropping packets though, grr…). Computers w/ no HDD’s running live for internet surfing/file downloading. Someone needs a rootkit in disk image or some flash chip on board to get a hook in every boot, a risk I can live w/. I can seed any CSPRNG w/ carefully extracted entropy, easy, for my keys/passwords. Have a beaglebone which would make interfacing w/ HWPRNG’s pretty easy. I can send things a couple miles via RF and bypass internet completely but you need a good reason to do that lol. Next I want one-way file transfer from a computer that doesn’t have a regular serial port (so I need a USB-serial converter).
You can take care of quite a lot of password storing, entropy creation, and even transmitting/receiving using pretty small MCU’s. Can just use a regular radio too. Separate the tasks they do. Just takes some work and you can’t be a novice. Right now I’m still pretty reliant on reference designs for having the chip working (generally just a few discrete components around the chip (what needs pulled up/down), power supply filtering, if you want USB that’s another chip, it’s a recurring pattern somewhat); looking forward to getting over that hump where I can do that w/o looking at reference design. But like you I just want to get the chip in a state where I can start coding, then I generally need to see what startup code is needed. Starting to get a sense of what’s needed and how to turn stuff on/off, but on bigger SoC’s the init code can be kind of intense…very touchy too.
So yeah keep working on what you can do, don’t just freeze up in paranoia that it’s never good enough b/c it never is.
Yeah lol, I don’t really trust NFC, but the risks will be low radius proximity. Still you carry a smartphone almost always in your pocket and pass by how many people during the day w/ bags etc…
this is likely the low end of directed effect abilities, maybe high end for consumers/police but i’d just like to have the housing itself and gut most of the insides.
Dirk Praet • May 22, 2016 4:43 PM
@ Gerard van Vooren
Ynng mvggra znngwr Zrg fbzzvtr yhv inyg avrg gr cengra Nna qvr naqrer uroora jr bbx ny trabrt gvwq ra zbrvgr irefcvyq
Dirk Praet • May 22, 2016 7:21 PM
Interesting Guardian read: how the Pentagon deliberately ratted out whistleblowers like Thomas Drake to the FBI for the vicious crime of correctly reporting suspicions of serious wrongdoing within the IC, accidentally “purged” documents that could exonerate them, and how this was brought to light by yet another whistleblower.
If this story holds up, then all accusations by POTUS and other US officials that Snowden should have followed internal channels instead of going public are out of the window and civil disobedience indeed the only way to reveal illegal or even unconstitutional activities by the USG and IC.
Somewhat related: a short (2 minutes) educational ACLU video why whistleblowers like Ed Snowden and Chelsea Manning under the US Espionage Act aren’t even allowed to argue in court that their disclosures led to public benefit.
Wael • May 22, 2016 10:51 PM
@Dirk Praet,
Somewhat related: a short (2 minutes) educational ACLU video…
Didn’t know that. Probably he left the country either because he knew it, or because an attorney advised him to haul …
Nick P • May 23, 2016 1:33 AM
@ Wael
He left the country because he had whistleblowing documents and dumped about everything NSA had at same time. I’ve already said he blew many of our foreign operations and secrets on top of the domestic whistleblowing. He better leave after doing that given U.S. doesn’t forgive that kind of thing. They actually start acting a little crazy. 😉
Clive Robinson • May 23, 2016 2:02 AM
@ Dirk Praet,
Interesting Guardian read: how the Pentagon deliberately ratted out whistleblowers
What amazes me is that people don’t see the system of “patronage” that is the main cause of this corruption.
Most people understand from their civics classes at school that taxes are –supposadly– raised for “the good of society” in general. That is the money is supposed to be spent on things that benift society as a whole, ie “a rising tide raises all boats”. The simple fact is by and large the tax take benifit’s very few in society, and the only time society gets considered is when it gets close to election time. It’s then that those in power figure out some way to spend tax revenue on staying in power, often by working out who is going to vote and who is not, then promise the “give away” to those who are likely to vote either to enrich them or assuage their fears of a “ravening hord” raised by preceding FUD (ie “War on XXXX”, “Think of the children”, etc etc). We see this in the UK currently with promises made to pensioners, and often the “big lie” also told in the US to “cut government” etc. As for the current US contenders for POTUS I will not pass partisan comment, just note that what both front runners have been saying does not add up or make sense to a non US observer, still I’m sure the flag waves, drums bangs and sabers rattle satisfactorily for them both.
A little bit of thought shows a basic “limited resource” issue, most people regard tax as “theft at the point of a gun”, but also want the tide to rise for them (but not for those they see as being beyond the pale). It’s quite peculiar some times to talk to those who are doing whatever they can to avoid tax complaining about those richer than themselves doing the same thing…
But this bribing of the electorate is in reality just a side show to the “nest feathering” activities that go one the rest of the time. Legislators know that their personal income payed from the tax take is tiny in comparison to their needs both personally and politicaly, and thus they are open to various inducements. But the legislators are also aware that at some point they won’t be in a position to command inducements any more, thus they are looking at ways to future proof their position as well. Likewise their aids and other government officials are looking at their future as GS pensions don’t realy compensate the way they would like.
But what do these people have to trade to get such future benifits, well appart from their supposed integrity, they can control not just how but to whom the tax take gets diverted to, as well as various exemptions tucked into legislation. They also have a degree of control over those who wish to succeed them in office etc.
Thus you have all the basic requirments for a “patronage system” where futures are purchased on an unstated “understanding”. Put simply being a “team player” is a code from some one “with an understanding” to another saying “Don’t p155 in my rice bowl, or I will smash yours”.
The thing is there is quite litteraly billions at stake for all these rice bowl holding government “welfare mothers”. We non GS citizend don’t tend to see it due to the trillions sloshing through the tax system.
One way to see just what is at stake is to count the number of lobbyists and multiply by their average seven figure “real”[1] salary, then multiply by around a hundred. That’s the barest minimum of what those paying expect to get in return one way or another out of either the tax take, or not paying into the tax pot, and often both.
Then of course don’t forget to add in all those sincure jobs as non executive directors that ex legislators and senior GS employees get on early retirment etc. It’s the sort of nest feathering that makes the divertion of aid money in third world countries by tyrants and dictators look like “petty cash”.
For instance take the ex UK Prime Minister “the honorable” Tony Blair, it is said that the reason he did not alow himself to be enobaled and move up to the House of Lords, is that he did not want to take the paycut he would have forced on him by the declaration of income into the public record. Some guestimates put his annual income up in the 10,000,000USD bracket, and that’s before all the other perks, the cost of which would inflate it significantly. All of which derives from his time in office… You could also look at one of his predecessors Neil Kinnock and what his family get out of Europe etc…
In the US you could try and find out what Bill Clinton get’s these days, but it appears to be a well guarded piece of information. However less well protected is knowledge of Chelsea Clinton’s sincure jobs…
But then I could say similar for most ex leaders of any of the G20 countries, their ministers, and senior civil servants.
Which brings me back to the “big lie” which is the disconect between “cutting the size of government” and the size of the tax take. Politicians do not want “big government” these days as it is a liability to them, as it includes all sorts of accounting and controls. What they want is to “outsource” it all into the private sector which gives them both “arms length deniability” and “significant patronage”, thus giving them even more power and nest feathering ability than they ever had before…
[1] By real salary, I mean include not just the direct salary plus the usual health care etc perks, but those “in service” perks as well. Look at it this way if you are taking a legislator to dinner in a very very expensive restaurant, you want to be at the same table, subtly selling the message, which means you have to appear atleast as an equal, thus eat the same food and drink the same wine etc. Thus half the cost of that meal is an “in service” perk, that you would not have been able to experience on your declared salary, likewise much of the rest of the lobbyist “life style”.
Wael • May 23, 2016 2:54 AM
@Nick P,
He left the country because he had whistleblowing documents
True. On a lighter note, why didn’t the US catch him on the way out, ddn’t TSA hear the documents whistling during the security check?
Clive Robinson • May 23, 2016 3:55 AM
@ Nick P,
I’ve already said he blew many of our foreign operations and secrets on top of the domestic whistleblowing.
I’ll be honest, I’ve not seen the evidence to support “he blew many of our foreign operations”. I’ve seen way more of sitting US Politico’s blowing both operations and operatives, by whoring to the press to make themselves look more important than they are (worse they have done it to a number of their allies as well).
What he did do was raise what was already known very much more into the public eye. Whilst this may have woken up Foe as well as Friend is a matter of oppinion as to the harm that can be attributed to it.
As has been noted with the increasing use of encryption by various organisations the trend predated the Ed Snowden revelations. It realy started after a commander using a satellite phone had a cruise missile dropped on him. OBL almost immediately stopped using his and developed older courier type communications. Others realised that you could “game the system” by making meta-data work for them not the US. Thus they used burner phones for just long enough for them to be usefull to them, but not long enough to be of use to the US et al. But worse they used them for “political advantage”, they sold/gave the phones to others and got a fair distance away knowing that very shortly a hellfire would drop on the phone, killing those who had the phone and many around them. Then used the world press to report yet another US et al atrocity. As one senior US person put it “We use meta-data to kill people”, revealing more about the significant US Intelligence Failure than the revelations have.
But there is an issue that is not talked about in the US, and it’s the point the Guardian article highlights, whistle blowers never get the lift, only the shaft downwards. The reason is even though there is legislation to protect them, it’s easily by passed hidding the evidence that supports the whistleblowers statments or making them guilty of espionage etc. Thus if you want to whistleblow you have to “protect your evidence” which automaticaly makes you “guilty of espionage”…
In the UK we saw this back when Maggie Thatcher was in power back in the 1980’s with her use of DORA and OSA to hound journalists and their sources.
The lesson was get your evidence and protect it in a way beyond your control. What happened and is happening to Pte Manning is an object lesson in not doing this the right way, and in that particular case harm to foreign operations and operatives can be shown.
The problem with protecting evidence, is first what is and is not evidence not just at the time you collect it but in the future as well. This means a whistleblower has to adopt the same stratagem as the US Intel Community of “collect it all”. This in turn gives rise to other issues to do with time and resources.
It has been guesstimated that the Ed Snowden trove is of the order of 1-2 million documents (not pages). There is no way a single individual can read let alone take in and check that volume of information, let alone identify key “smoking gun” documents of official malfeasance, or their supporting meta-documents.
Thus you have to find others you can trust to do that job for you. You only need look at the size of prosecution and defence teams in Government cases against the likes of companies for cartel behaviour to realise just how large a team of people you would need to go through the Snowden Trove in any reasonable time frame. That sized team costs real money and has many security issues as well, thus is not the way to go.
Ultimately when talking about harms you get down to the “greater good” argument, that is what level of harm is justified to prevent greater harm. When someone is sitting there with their finger on the button of a small nuclear device, putting one betwen their eyes is not seen by many as much of a choice. But when the greater harm is of the “boil the frog” type it becomes more difficult. For instance there are about 1 billion smokers in the world, of which atleast half will die an untimely and quite unpleasent –for them and their loved ones– death. What if I suggested we kill of the three trillion a year tobacco industry? Many would be in favour of that. But how many would be in favour of putting all the directors, lobbyists and marketers in the industry up against the wall and shooting them? Very few I suspect. But it is easy to argue that per head those directors etc have killed and will go on to kill more people than a serial killer or mad bomber with their finger on the button of a small nuclear device…
Now there are well over 300million US citizens who have had their fundemental constitutional rights taken away from them, can you asses the harm done? How about all those industrial and other trade secrets, that almost certainly have been used to the detriment of the secrets owners? How about the harm done to the US economy by the mind numbingly large tax take these ineffective for stated purpose systems cost?
Personaly I think that the benifits of the Snowden Revelations have so far, far exceeded any harms that people are trying to falsely or otherwise attribute to them. Further some of those supposed harms to foreign operations, might actually be argued to be benifits. As the operations would based on US foreign policy in the ME and other places, probably be to cause major harms to the citizens in those foreign nations, and further directly or indirectly to US citizens as well as a result (nobody looks good being repatriated in a body bag).
The problem we have in judging, is the old “History is written by the victors” issue. It’s already becoming apparent that the US Gov true to form is trying to re-write or destroy the evidence of the few facts that are known, and by and large they are not being challenged on it. It’s thus a matter of guess work what else they have re-written out of existance or repurposed or renamed, or what they have done in the decade following many of the Trove documents.
But perhaps of more interest is how little the Trove or Ed Snowden actually get mentioned in the main stream media these days. After all when did you last see or hear of him mentioned on TV or Radio? How about MSM newspapers?
Thus I get the feeling that for the majority of US Citizens Ed Snowdens name is now rapidly fading in their minds. Which means the USG and IC have in effect got away with it…
tyr • May 23, 2016 4:45 AM
@Clive
Your analysis seems to cover most of it quite nicely.
The real danger according to Paretos sociology is a
system that has choked off mobility and wants a nice
frozen caste imposed on everything. That coupled with
any crop failure will loose the whirlwind on the
innocent and guilty alike. The idea that any of it is
survivable through any planning is ludicrous to those
who read history.
You can see the moronic mindsets of the past out busy
trying to revive the old enmities for their own mad
plans to stay in what limited control they have been
able to grasp. You can push the rus around and try to
revive the commies but once you get close to their
motherland you are playing with unstable dynamite.
I have real experience with real nuclear weapons so
no amount of wishful thinking convinces me triggering
a nuclear war no matter how limited is a good idea.
Those who lack numeracy also haven’t taken a good
look at the ability of China to field troops. Any
ass who wants to play bumper games in the south
china sea needs to check their numbers and abilities
carefully before igniting a conflict. you can’t
fight in asia with a demoralized population whose
cities are crumbling because of budget cuts while
the entire tax base gets looted by corporations
and crooked banksters as the beltway bandits run
around patting each other on the back for the lovely
messes they’ve made in the world.
If Snowden has managed to drive a wedge between the
Gehlen apparatchiks, the Brit snobbies in IC, and
the NSA he should be applauded for doing a good job.
The last thing the world needs is a five eyes that
are willing to commit treason against their own
countries for the sake of expanded peeping tom on
their own citizens.
Manning, which I find hard to believe given his desire
to be a girly, is the bravest soldier we have produced
in the twentyfirst century. When I was in we were told
to disobey unlawful orders and report atrocities when
aware of them. Doing what is right against all the odds
makes you a hero. Any coward can toe the line and tug
the forelock hoping for the later reward of being a
discard by society. The saddest part of this is to see
Snowden in exile, Manning in jail, Lovecruft and Jake
expatriates and Aaron hounded to death when trying to
do something right. Whatever wrongs they may have
done pale before the shabby treatment they have suffered
at the hands of the people who should be on their side.
Yes the corrupt and cowardly can ruin everyone who is
able to raise a stink, but none of those who want a
better society has ever had a sleepless night worrying
that their bad behavior will bring them to justice.
Eric • May 23, 2016 5:57 AM
@ 65535:
“Any comments on Gibson’s “Never 10″ free download?”
Yes, where is the source code?
Dirk Praet • May 23, 2016 6:41 AM
@ Clive, @ Nick P
I’ve already said he blew many of our foreign operations and secrets on top of the domestic whistleblowing.
From an international perspective however, the entire world owes Snowden for exposing not just the unparalleled scale of 5 Eyes global mass surveillance, but also the formidable collusion between the USG and its dominating tech/telco industry.
However much one may argue under classic espionage doctrine that anything foreign is fair game, for many US allies and partners Snowden’s revelations were the equivalent of a man finding out that both his wife and his grocery store were tracking his every move. And which unfortunately has consequences. Blaming Snowden for the deterioration of the relationship between the US, its tech industry and all affected parties ultimately is no different than shooting the piano player instead of the composer.
From a moral and ethical vantage, Snowden was right in taking documents on the NSA’s foreign activities as well. The combined package is nothing less than a blueprint for an Orwellian world, and whether this is being implemented by the Chinese, the Russians or the so-called leader of the free world in the end makes no difference whatsoever except to die-hard believers in American exceptionalism.
Infovore • May 23, 2016 7:01 AM
These long squid comment threads are always fascinating reads, but swipe-scrolling to the new posts gets tedious on my phone. Is there a quick link to jump to the page bottom that I’m not seeing?
Clive Robinson • May 23, 2016 9:11 AM
@ Dirk Praet,
It looks like the Austrian vote is going to the wire.
If Norbert Hofer get’s in then it will be the first far right government in Europe since befor WWII… Many of his main policies are similar to the more crazy suggestions from Donald Trump.
The fact the vote looks so close is rather worrying in it’s own right, irrespective of who actually gets in.
We have seen this “turn to the right” get worse over the past decade, and what comes with it is rather unpleasent and is already putting people in fear of their lives.
It would be terribly bad for Europe if those fleeing from the violence of middle east conflicts were to meet with violence and death in the heart of Europe. It’s bad enough that some EU politicos are pandering to the current Turkish Government.
Yevgeny Zamyatin • May 23, 2016 9:27 AM
‘he blew many of our foreign operations and secrets on top of the domestic whistleblowing.’
An incidental point of neuro-linguistic programming: you slip and call these operations ‘ours.’ Don’t recall anybody asking my opinion about any of these perfidious clusterfucks. State propaganda drills the population with us-and-them and ours-and-theirs. To the criminal enterprise we call a state, you and I are them.
Frank Hissen • May 23, 2016 10:23 AM
IT Security for Project Managers: About implementing security in IT projects properly – A Guideline
https://www.linkedin.com/pulse/security-project-managers-frank-hi%C3%9Fen
@Dirk, the president should give Snowden a medal. Snowden’s now the government’s excuse for each new fiasco. Now that Hezbollah caught that CIA ape commanding ISIS outside Khan Toman, Brennan will just blame Snowden, because NSA was trying with little success to get CIA under control.
Nick P • May 23, 2016 11:52 AM
@ Clive
“I’ll be honest, I’ve not seen the evidence to support “he blew many of our foreign operations”.”
Let me give you a list of each classified operation and spy along with specific damage done or not done. See the problem with that statement? 😛
The damage should be obvious. The leaks contain about every tech they use, including specifics, to defeat their targets. They contain not just what it takes to counter them but also attribute them. This was done in Equation Group case using Snowden leaks. We can be sure all kinds of teams we using those tech and data. This includes legal attacks like FISA backdoors. Now, a number of foreign targets are closing up vulnerabilities in legal and technical areas. That’s the damage that’s done. Also exclusively to U.S. spies since Snowden didn’t leak everyone else’s stuff.
“OBL almost immediately stopped using his and developed older courier type communications.”
His terrorist cell was a step ahead in avoiding electronics altogether. He was also trained by CIA in covert communications. He was also connected indirectly to foreign intelligence serviecs. You could say he’s an exceptional case. Some others are following suit but SIGINT still killing plenty of targets.
“Thus if you want to whistleblow you have to “protect your evidence” which automaticaly makes you “guilty of espionage”…”
Dirk’s 2 minute video did a great job explaining that. It needs to change.
“There is no way a single individual can read let alone take in and check that volume of information, let alone identify key “smoking gun” documents of official malfeasance, or their supporting meta-documents.”
That’s not true. I originally thought and posted that myself. In interviews, he said he read all of them. Greenwald said they were even incredibly organized. Snowden also knows the codenames by heart as we see with instant recall in interviews. So, there goes that idea. He can definitely tell if it’s a slide related to domestic collection due to visuals or code words. He definitely had time to filter it down to just that stuff since it’s only a subset of effort he put into reading and organizing all of them. He just didn’t do it. No excuse.
Note that other whistleblowers did limit what they published despite the fact that they undoubtedly knew about other, foreign stuff. Snowden and Manning both lazily or recklessly used an approach I’m calling Dump It All (TM) instead of selectively releasing wrongdoing. This doesn’t just do damage and justify espionage charges. It also weakens ability to get public support to cancel stuff in the first place since he did something heroic and other stuff that’s unjustifiable. Gets public fighting each other over him instead of fighting together against government. He failed his own objective given right-winger support could’ve been had and was critical here.
“Now there are well over 300million US citizens who have had their fundemental constitutional rights taken away from them”
No they didn’t. This is inaccurate as I fought for those rights here while fighting voters, too. The Americans, post-9/11, willingly gave up a bunch of their rights to a secret state. They did it in the past to the LEO’s in response to drugs, bombings, whatever. Each year, abuses happened and they didn’t do shit. The original revelations showed massive surveillance of phones. Americans didn’t do shit. I still blame them. When you stand by and let it happen, you’re a part of why it’s happening esp if government is designed to need your involvement. No, pre-Snowden, Americans knew everything they needed. Most were apathetic with tens of millions supporting surveillance for alleged security benefits.
So, for whistleblowers, they have to realize both the law and a good chunk of voters are totally in support of domestic surveillance. If they’re serving the people, they need to factor that in. They also totally support foreign surveillance. So, what needs to leak out is any abuses that are contrary to the law and damaging to voters. Although they ignored it before, leaking the warrantless collection of data is a valid option here. Leaking that it’s shared with foreign countries is a valid option. For foreign, leaking things contrary to their claims would be valid. Killing with metadata and Belgium situation are good examples. Otherwise, the greater good… that serves public’s interests… is to not leak over 80% of what he leaked.
“Personaly I think that the benifits of the Snowden Revelations have so far, far exceeded any harms that people are trying to falsely or otherwise attribute to them.”
To foreign countries. I’ve seen little to no domestic benefits. If anything, the foreign intelligence services are getting a boost as more data will be within easy range of them through the “Made in (here)” trends. Germany and Switzerland will get economic boost if they haven’t already. They already promote stronger image of privacy, including data. Past that, most Americans are still apathetic and Congress keeps legalizing/expanding on the harms. Plus, many Americans don’t know who Snowden is per Oliver piece and my own questioning of random people. I mean, we’re talking greater good over someone nobody has ever heard of or cared enough to remember. 😉
“Thus I get the feeling that for the majority of US Citizens Ed Snowdens name is now rapidly fading in their minds. ”
Oh darn, you figured it out on your own. I hadn’t read this when I wrote above point. Yep, it’s already happened. Government and media collusion, corrupt politicians, Ed’s mistakes, and shitty marketing by his supporters combined to ensure that would happen.
“The problem we have in judging, is the old “History is written by the victors” issue. It’s already becoming apparent that the US Gov true to form is trying to re-write or destroy the evidence of the few facts that are known, and by and large they are not being challenged on it.”
It’s why I appreciated the TAO leaks. I make an exception for it, too. The reason is it shows them lying about security of government recommendations everywhere with specific risks. Further, it justifies about every technique we’ve ever written here. 🙂
@ Dirk
“From an international perspective however, the entire world owes Snowden for exposing not just the unparalleled scale of 5 Eyes global mass surveillance, but also the formidable collusion between the USG and its dominating tech/telco industry.”
In reply to Clive, I pointed out the only benefit I see from the Snowden revelations is that foreigners will have more privacy… from U.S. spies… due to measures they can take in response. They certainly benefited.
“for many US allies and partners Snowden’s revelations were the equivalent of a man finding out that both his wife and his grocery store were tracking his every move”
Lol. Interesting way to put it. That’s common in America, too. People alternate between being uneasy about it and not caring due to benefits.
“Blaming Snowden for the deterioration of the relationship between the US, its tech industry and all affected parties ultimately is no different than shooting the piano player instead of the composer. ”
Sort of. I said the U.S. is responsible for the damage ultimately because they built all these organizations and collusions with thousands relying on their promise of secrecy. Common sense says that never works. However, of all of them, Snowden was only one to leak every secret he could and to foreign media. He personally did the damage without even having to for most of it. So, I can blame Snowden for the act of reckless betrayal and the scheming-ass I.C. that employed him. They’re both responsible for widespread knowledge of these capabilities.
“From a moral and ethical vantage, Snowden was right in taking documents on the NSA’s foreign activities as well. ”
The thing that gets me is people keep saying that but miss an important component: public’s responsibility. The publics in most countries involved have passed or allowed legislation giving the police and spy agencies way too much power. Certain countries, esp in Europe and Asia, straight up grew their industries on this sort of thing. Each revelation has not led to a revolution for the most part. So, people keep telling me about how it’s morally right to leak surveillance secrets in states that endorse or tolerate surveillance and secrets like that. Doesn’t match. Something is wrong there.
Truth is Snowden didn’t have a responsibility to anyone. He personally could’ve lived a happy life letting it go on. He could’ve ignored America and the world like it ignored him. Or, if more virtue-driven, he could spot wrongs then try to get knowledge of them out there. I still support a more limited leak given most countries bitching at us are doing the same things. Nonetheless, there’s no clear, moral imperative to leak evidence of surveillance or government abuse in a country that promotes/tolerates both surveillance and government abuse. I predicted nothing would even happen for most part. I was right.
Milo M. • May 23, 2016 12:03 PM
One of the saddest parts of the Guardian story on Crane and the whistleblowers is the implied loss of the IG’s independence and integrity.
“Crane could not believe his ears. ‘I told Henry that destruction of documents under such circumstances was, as he knew, a very serious matter and could lead to the inspector general being accused of obstructing a criminal investigation.’
[Henry Shelley, the general counsel – the office’s top lawyer – ]replied, according to Crane, that it didn’t have to be a problem if everyone was a good team player.”
A government of men, and not of laws.
Richard • May 23, 2016 5:51 PM
@ Nick P
He left the country because he had whistleblowing documents and dumped about everything NSA had at same time. I’ve already said he blew many of our foreign operations and secrets on top of the domestic whistleblowing.
Sorry Nick, I think this is just flat out wrong on all counts.
First – we STILL haven’t seen ALL the Snowden files, which proves he didn’t just “dump about everything NSA had at same time.”
There may still be things that he knows but has chosen to not release out of concern for the damage that they would do.
For example, suppose that the NSA only does nasty things like mounting these man-in-the-middle attacks, and implanting malicious malware, to avoid the effort of cracking AES – but that they CAN crack it when they need to.
Releasing that information would not only be HUGELY disruptive to the world economy (as everybody scrambled to find an alternate encryption algorithm) but would also throw away YEARS of effort on the part of the NSA (and their shills at NIST) to find an algorithm with a subtle NOBUS (NObody-But-US) flaw that only they have the resources to exploit.
Second, just because SOME of the Snowden revelations that have been released, proved inconvenient or problematic to the intelligence community, doesn’t mean that we can automatically assume that their NET IMPACT on our national interests was negative.
Let’s think about this…
Is PRIVACY important to the average American?
If it is NOT important, then there are LOTS of things that would have a larger impact with a lower privacy footprint.
For example, some U.S. insurance companies like GIECO, now offer a little dongle that you attach to your car’s diagnostic monitoring plug, and which monitor your speed, and acceleration profile.
Why not MANDATE that EVERYONE install one of these, and ADD a radio link that automatically calls the nearest cop to issue you a ticket (or just sends you one in the mail) whenever it sees from your GPS coordinates and velocity, that you exceeded the local speed limit – or that you rolled through a stop-sign without coming to a full stop. Probably HUNDREDS of LAWS we could automatically enforce with full-time electronic monitoring if we want to.
This would NOT involve PERSONAL info like your emails – only impersonal “driving-metadata” and would beyond doubt save THOUSANDS OF LIVES every year.
Sound pretty STUPID to think that Americans would EVER accept something like this?
Ok, how about allowing the collection of EVERYTHING they do online. All their Tweets, Facebook posts, Blog posts, personal Emails – and if the NSA can manage to install a scanning exploit ( or you install Windows 10 😉 -then your Hard Drive contents as well… And what do we get for that?
Well… maybe, just maybe – perhaps – if we are lucky (very lucky) – they catch the NEXT ‘San Bernardino attack’ (or NOT since they missed the LAST ONE) – and save a grand total of 18 lives.
I am not denigrating the losses of those who lost their loved ones in the San Bernardino attack, but as a society, but when we are talking about something that people value like their privacy, and trying to set national priorities, let’s be realistic- more people in the United States died in 2015 from lightning strikes than in terrorist attacks.
Nick P • May 23, 2016 6:32 PM
@ Richard
“First – we STILL haven’t seen ALL the Snowden files, which proves he didn’t just “dump about everything NSA had at same time.””
Wrong. He said he gave them to the journalists so it wasn’t his burden. Without the files, he couldn’t be tortured or whatever for them. The journalists promised to be careful and selective in their releases rather than dump it all unredacted. That’s what they’re doing. Although, careful in U.S.’s national interest isn’t the same as in Greenwald, Guardian, Der Spiegel, and so on. 😉
“There may still be things that he knows but has chosen to not release out of concern for the damage that they would do.”
Hard to imagine at this point. These were the tech he used to do his job day to day. He said so regarding stopping Chinese hackers in Oliver interview. Snowden files contain about every physical and remote attack strategy they have including used over there. So, he might know something, but it’s hard to imagine how much worse it would be.
“to avoid the effort of cracking AES – but that they CAN crack it when they need to.”
You’re replacing reality, esp his statements, with pure speculation. It’s unwarranted. Besides, one of the slides specifically deals with that in Sentry Eagle. It says they invest money in supercomputers to counter foreign ciphers. Most of ours use AES, though. For that, the ECI leak says they try to get cooperation or compelled help to backdoor it. Implies they can’t just crack AES or it’s so hard that they risk backdoors being spotted in U.S. encryption products.
“doesn’t mean that we can automatically assume that their NET IMPACT on our national interests was negative.”
I’m not assuming anything. Tell me what NSA programs have been terminated, who did prison time, what committee is overseeing things, which Facebook pages millions of Americans on left + right are still talking outrage, what laws Americans are pushing in to protect Constitution/privacy, and who was voted into office based on government accountability and protection in Congress or Presidency. You can show your hand on those because it’s empty. There was no proven net positive so far. Lots of net loss, though.
“Sound pretty STUPID to think that Americans would EVER accept something like this? ”
It is but they did. The Patriot Act has been reinstated or expanded every year. Not enough opposition to do anything about it. Matter of fact, Congress didn’t care enough to pass that outside recess and Americans re-elected them. 😉
“but when we are talking about something that people value like their privacy, and trying to set national priorities, let’s be realistic- more people in the United States died in 2015 from lightning strikes than in terrorist attacks.”
This I totally agree with. Americans don’t. Instead, they’re talking about some shooting on Facebook and in my local news right now. The stuff they’re feeding their kids or their choice of car will kill more of them. Jobs are being lost over surveillance and its revelation. Treatiest that will strip our freedoms and opportunities further in the works or done by now. San Bernardino, what Trump/Hillary is smearing other with, and some recent thug are much more important. I rest my case.
Dirk Praet • May 23, 2016 7:13 PM
@ Clive
It looks like the Austrian vote is going to the wire … The fact the vote looks so close is rather worrying in it’s own right, irrespective of who actually gets in.
It absolutely is. Although Van der Bellen won with 50.35% (a difference of 31,026 votes on a total of 6.4 million), it is telling that the battle went down between a populist and an independent candidate supported by the Green Party, rendering the political centre entirely irrelevant. A similar scenario is looming in France with Marine Le Pen. In Hungary, they already have Orban.
Hover’s party, the FPÖ, has been strongly established in Austria for decades, but it would appear that Angela Merkel’s open border policy has given them the final push. The problem here is that in following her moral compass and taking a humanitarian approach to the refugee crisis, she took a unilateral decision both at home and in an EU context and which is now backfiring all over the place.
IMHO, the only way forward for the EU is as a political union. But we’re far from there and Merkel totally overstepped her authority in single-handedly deciding for the entire EU and in striking a very controversial deal with Turkey, ultimately one of the key players in the Syria situation. Politically, the EU today is a new incarnation of the German Weimar Republic: completely divided and unable to take decisions or even protect its outer borders. The previous century has shown us that this the perfect breeding ground for popular parties and other extremists, so unless Brussels starts getting its act together real soon, I’m afraid the worst is yet to come.
@ Clive,@ Nick P.
The leaks contain about every tech they use, including specifics, to defeat their targets. They contain not just what it takes to counter them but also attribute them.
The main crime Snowden can be accused of in this context was that he indeed revealed all of this stuff to the public at large. But there is little doubt in my mind that, given the Swiss cheese NSA’s security apparently was (like OPM’s etc.), many, if not most of that information, was already known by the IC of other nations like China and Russia too.
In interviews, he said he read all of them. Greenwald said they were even incredibly organized.
I don’t know. Since it really is a substantial stack of documents, that would depend on whether he collected them over a large period of time and how he did it or just took everything in one go. If he did take everything in one go, it would be rather counter-intuitive to assume he first took his time to go through the lot and then contact Greenwald. We should ask him some time.
It also weakens ability to get public support to cancel stuff in the first place since he did something heroic and other stuff that’s unjustifiable. Gets public fighting each other over him instead of fighting together against government.
I concur. In catering for an international audience, they kinda totally blew the internal US marketing strategy. Which had probably everything to do with Snowden’s take that what he found out about was not just a US, but a global problem. And which, as a non-US citizen, I totally agree with.
The Americans, post-9/11, willingly gave up a bunch of their rights to a secret state.
That’s debatable. It’s fair to say that the general public was blissfully unaware of what Congress had enacted and how the executive had interpreted it. Even Jim Sensenbrenner, one of the authors of the Patriot Act, said the NSA’s surveillance was a total abuse of it. So to quote our man James Clapper, I don’t think they did so “wittingly”. It stands to reason that the average Joe has no problem with terrorists, child molesters and crime syndicates being spied upon, but what Snowden revealed was of an entirely different magnitude and which both the USG and friendly mainstream media to date keep downplaying.
The same is true in other countries that passed similar legislation or already had it. The public at large in general is completely deceived by the same disingenuous representations by politicians and mass media: “We’re doing this to protect you and if you haven’t done anything wrong, you have nothing to hide.” I think The Netherlands are one of the few exceptions were there was actually a real public debate with regards to a new surveillance law.
Past that, most Americans are still apathetic and Congress keeps legalizing/expanding on the harms. Plus, many Americans don’t know who Snowden is per Oliver piece and my own questioning of random people.
I concur that most Americans and even Europeans in the end didn’t give a flying f*ck. The best strategy for the next whistleblower IMHO would be to hook up with Kim Kardashian and Kanye West, then spill his guts during some popular TV or award show, scantily clad and visibly under the influence of something. Now that would send real shock waves through society.
People alternate between being uneasy about it and not caring due to benefits.
I guess it’s the human condition. In past times, people were domesticated with religion and traded their lands and their rights for beads, tin foil, fire water and small arms. By the time they realised what they had done it was too late and any opposition was crushed for not respecting previously concluded treaties. In the process taking away anything they had left.
Truth is Snowden didn’t have a responsibility to anyone. He personally could’ve lived a happy life letting it go on.
Absolutely true. But the same can probably be said about many of your Founding Fathers who could have lived totally happy lives siding with the British establishment. They just decided to take the hard road because the dreamed of another and better society.
Tell me what NSA programs have been terminated, who did prison time… You can show your hand on those because it’s empty.
You are unfortunately spot-on. So far, only PA 215 was struck down as illegal, but immediately replaced by the USA Freedom Act, CISA etc. Clapper is still in office. There’s still some lawsuits going on filed by ACLU, EFF and the like but they’re all uphill battles. My intermediate conclusion at this time is that the US no longer is a functional democracy and for which its own uncaring citizenry is one of the main causes.
Dani • May 23, 2016 7:40 PM
@ Nick P, Clive Robinson
“He left the country because he had whistleblowing documents and dumped about everything NSA had at same time. I’ve already said he blew many of our foreign operations and secrets on top of the domestic whistleblowing.” – Nikc P
Err, no Snowden did not dump all nor did he hand pick documents to be released. The entire “Snowden trove” is in the hands of journalists headed by Greenwald who handpick and, consequently, censor document release.
Supposedly, this was all done in the name of protecting individuals by crossing out their names and locations, if mentioned, but the group of journalists will obviously have their names.
Which leads to the question, can “journalism” be trusted? Having been thru academia and seen the press, I would have to say, no.
Nick P • May 23, 2016 7:44 PM
@ Dirk
“many, if not most of that information, was already known by the IC of other nations like China and Russia too. ”
I think Russia and China knew a lot of it but not necessarily all. Remember that NSA also competes with dozens of other intelligence agencies, organized crime, terrorist groups, and so on. Now, they all know it in detail.
“If he did take everything in one go, it would be rather counter-intuitive to assume he first took his time to go through the lot and then contact Greenwald. We should ask him some time.”
John Oliver and others already did. Here’s what he said:
“Oliver: How many of those documents have you actually read?
Snowden: I’ve evaluated all the documents that are in the archive.
Oliver: You’ve read every single one?
Snowden: Well, I do understand what I turned over.
Oliver: There’s a difference between understanding what’s in the documents and reading what’s in the documents.
Snowden: I recognize the concerns.
Oliver: Right, because when you are handing over thousands of NSA documents, the last thing you want to do is read them.”
Interpret it how you will. He indicates he read most or all of them while also understanding what all of them meant. Greenwald said they were very organized, which would require reading and understanding them. So, that’s two of them saying it.
“Which had probably everything to do with Snowden’s take that what he found out about was not just a US, but a global problem.”
It might have been. I understand that non-U.S. people are glad he did that. I would be in your position. Thing is, it’s largely a Five Eyes problem that has to be stopped in the Five Eyes countries. Heroes vilifying themselves in their own country while professing to do it for that country and try to get change in that country. Just not effective. Thing is, he thought it was going to be effective and was working until Oliver showed him otherwise. I wonder what news outlets he reads thinking America was constantly battling in Congress and courts over his leaks instead of ignoring them.
“It’s fair to say that the general public was blissfully unaware of what Congress had enacted and how the executive had interpreted it.”
National security letters, turning spies onto America, indefinite detention, and comparisons to Enemy of the State. These were all in early debates. One side said do anything to stop the risk. One said be more careful or hold off. Most didn’t show up for bill. Most Americans didn’t oppose it. Kept relecting those voting for it while griping at them about other stuff mostly. I’d say that’s their implicit support or tolerance.
Dirk, you actually know more about that bill and it’s interpretation than almost every American I know. None of them know who Sensenbrenner is. Most don’t know who Clapper is. Most forgot what exactly Snowden did. This is the general public that I talk to about these things whenever I see them. At best, some have some concerns but not enough to act. You care more about their freedom than they do. Always been something I respect about you but am disturbed with average American about. I rarely meet Snowden supporters at least here in the South because most don’t know what he did despite knowing almost everything else going on, esp in politics.
“The best strategy for the next whistleblower IMHO would be to hook up with Kim Kardashian and Kanye West, then spill his guts during some popular TV or award show, scantily clad and visibly under the influence of something. Now that would send real shock waves through society. ”
LOL. That’s a great idea. Although, I think Oliver bringing it to their level with Dick Pics Program was best I’ve seen so far. Combine it with a celebrity receiving a photo of their dick from someone claiming to be NSA. They tell audience they refused to be blackmailed by NSA or anyone. End the surveillance! Blah blah.
” But the same can probably be said about many of your Founding Fathers who could have lived totally happy lives siding with the British establishment. ”
True enough. Glad they made their choice of ripping off Iriquos Confederacy so white landowners could have votes and freedoms. Not ideal beginnings but vast improvement on prior, British work. 😉
“My intermediate conclusion at this time is that the US no longer is a functional democracy and for which its own uncaring citizenry is one of the main causes. ”
Now you know why I seem hopeless and depressed. That’s my analysis. Anyone on the shit list from prior operations or activism will be a bigger target with no lasting impact for good deeds. I’m eyeballing other democracies right now. I’d be interested in your take on major democracies such as the Nordic countries (esp Sweden), Germany, Switzerland, and China. Ability to defend myself and business in public trial is probably number one. Privacy or data protection is number 2. Cost of living is Number 2 or 3. 🙂
Nick P • May 23, 2016 7:50 PM
@ Dani
“Err, no Snowden did not dump all nor did he hand pick documents to be released. The entire “Snowden trove” is in the hands of journalists headed by Greenwald who handpick and, consequently, censor document release. ”
He dumped them into the hands of foreign jounalists. They proceeded to release all kinds of stuff many Americans think foreign countries should never have. Alternative was selectively releasing what Americans needed to know that was criminal or going against what they expected. Whistleblowing 101. Dumping all the programs and foreign ops onto foreign journalists who publish much of it is not whistleblowing lol.
“Having been thru academia and seen the press, I would have to say, no.”
I have mixed feelings about it. They’re mostly doing a good job at least of damage minimization for individuals involved. Just damaging at a national level. Their biases and interests are worth considering. Der Spiegel and The Guardian seem OK as they report on all kinds of issues. Greenwald has a sensationalist flair. On Hacker News, I pointed out to his fans that he constantly posts all sorts of dirt on U.S. about corruption and civil rights violations but almost nothing on Brazil. I believe, but could be wrong, that Brazil is much worse on one or both. Especially for journalists. He later published one story or something.
Now, journalists do have specialities and “beats” they run. Yet, what they don’t cover can often mean something about their fairness or character. Not talking about things is U.S. corporate media’s main strategy for complicity in corruption or censorship of paths to change. Gotta wonder why, outside of fear, Greenwald smears U.S. issues constantly while usually ignoring Brazillian and staying in there despite similar abuses.
Clive Robinson • May 23, 2016 9:01 PM
@ Nick P,
I’d be interested in your take on major democracies such as the Nordic countries (esp Sweden), Germany, Switzerland, and China.
Curious you put China in with major democracies…
As for European countries especially Germany and Sweden, you as an American would not be popular, nor would your business. Oh they’d smile and take your money and do as they are paid to do up to a point, but… The US is not popular in Europe currently, Donald Trump and Hillary Clinton and Obama’s TTIP are doing you a lot of harm and as my early discussion with Dirk may have shown you right wing nationalism is very much on the rise.
A friend of mine spotted early signs of it a decade or so ago and was warning about it. I thought he was over reacting, it would appear not. He was especialy worried about what he was seeing in Sweeden, where he was studying. Other friends in Germany were likewise raising red flags about nationalism.
People in Europe blaim “Mummy Merkel” for mass immigration thus job loses etc if they are working class, whilst the middle clase blaim the US for what is going on in the ME which has caused a large part of both the refugees and the economic migrants who are using them as cover. Which in turn has put ISIS in the back garden of the EU’s political house in Brussels.
Having studied in Sweeden myself, I’m very much aware of their and Belgiums disproportionately large (against population size) interest in ICTSec. Interestingly northen European countries that were significantly effected by Germany or Russia during WWII developed a very strong interest in signals intelligence which they have retained through the cold war through to today. The thing is that their signals directorates tend to see themselves as being above politics and the elected representatives and the legal process which Germany has been shocked to find is true for them as well. The reality is it is nolonger the BRUSA relationship of the US bringing industrial resources and the UK bringing the brains and Commenwealth WASP nations. Five Eyes is no more than a fading memory that died in the 80’s and 90’s when fiber took over from satellites and mobile phones started replacing land lines. A new IC federation was born, the countries involved can be identified by looking at a map of undersea cables and GSM equipment manufacturers and the way traffic is routed. Thus whilst one or two old eyes are fading (NZ in particular) there are keen new second tier entrants like Germany, Sweeden, Israel and one or two others. In some their politicians are very aware of the relationship and allegiances (Israel) in others less so, and in atleast one case (Germany) they appear on the surface to be totaly shocked. But worse as UK and US politicians have found out their own ICs actively spy on them and selectively report back to them whilst alowing “full take” to circulate within the IC Federation…
If you are looking for European countries I would look outside the political union –of full EU members– and outside of any NATO members, which realy does not give you much in the way of choices.
Oh and keep your fingers crossed that nationalism quickly peaks and wanes, otherwise we could see what happened in the 1930’s start up again, irrespective of trade agreements.
tyr • May 24, 2016 12:45 AM
@Clive
What happened in the 1930s was mostly economics in action.
Fascists are quite capable of solving economic problems
but those who cause the problems are very unhappy about
their methods. Japans military developed a habit of
assassinating their finance ministers to improve their
understanding of economic pressures.
That example is to deflect anyone foolish enough to still
think fascism has to be antisemitic in nature.
Seeking safe havens is best illustrated by the guy who
saw WW2 coming, located an island that had absolutely
no political, economic or strategic value and moved to
avoid the war. The Island was Guadalcanal.
Moving is something to be done for positive reasons
negative ones never pan out in the long run.
@Nick P. et al
Tor project has a nice article on software bugs and
ideas on fixing the processes that create them.
Dirk Praet • May 24, 2016 7:08 AM
@ Nick P.
He indicates he read most or all of them while also understanding what all of them meant. Greenwald said they were very organized, which would require reading and understanding them.
We can probably assume that he indeed had a good understanding of what he took based on operational and content knowledge of the servers/shares he pillaged it from. Which may also explain how they were organised. But this is pure speculation on my behalf.
Thing is, he thought it was going to be effective and was working until Oliver showed him otherwise.
Indeed. But I still think of him as an idealist who meant well. There were certainly a number of errors in his assumptions and approach and which he shot himself in the foot with, but the great book of whistleblowers remains a works in progress. It would seem he had learned from what happened to Manning, Drake and the like, and hopefully the next whistleblower will learn from his mistakes.
Kept re-electing those voting for it while griping at them about other stuff mostly. I’d say that’s their implicit support or tolerance.
Just like you I am still baffled by how in the end the general public didn’t really care and silently moved on. I guess the majority simply refused to believe that the US had slowly been turning itself into a police state, with a legislative and executive branch wholly owned by corporate America and the military-industrial complex. And for which government friendly MSM are also at least partially to blame.
For me, it is hard to fathom that in some not so distant past a president almost got impeached over an affair with an intern, whereas most people basically just shrugged their shoulders over the revelation of an emerging surveillance state.
I’d be interested in your take on major democracies such as the Nordic countries (esp Sweden), Germany, Switzerland, and China.
I mostly agree with @Clive. Russia and China can hardly be called democracies. They are authoritarian states combining the worst elements of both communism and capitalism. Sweden for all practical purposes is a US subsidiary. The Assange case made that pretty clear and it’s probably no coincidence that a US shill like Cecilia Malmström is leading TTIP negociations for the EU. Norway is not much better and the Baltics and Finland will take any deal the US will offer them as long as it guards them from Russia.
The UK in terms of privacy, civil liberties and surveillance arguably is even worse than the US. France has recently passed some draconian surveillance legislation and that was even before the November Paris attacks. Germany is a bit of a special case. Although the reactions of the powers that be there to Snowden’s revelations were mostly political theatre, they did resonate through the general public that remains extremely sensitive to all sorts of surveillance. BND chief Schindler was recently fired, most probably over the depth of the secret BND-NSA collaboration that was going on behind the back of the Chancellery. Worth noting is that while the BND is essentially operating in a legal vacuum, aiding and abetting foreign spy agencies is expressly forbidden by the German Constitution.
However much He-Who-Must-Not-Be-Named may regret it, there is a very strong privacy movement in Germany, and which explains why folks like Jake Appelbaum and recently Isis Agora Lovecruft have sought refuge there. Laura Poitras also stayed in Berlin for quite a while.
Next to Germany, Iceland and Switzerland are good picks too. Even Belgium is. Despite being a bit of a failed state in many regards, we do have reasonably strong privacy legislation and the IC and LEA’s are generally too overworked and too understaffed to follow up anything in an adequate way. We have a business-friendly tax climate (especially for large enterprises) and being sentenced to effective jail time is quite difficult as all prisons are full anyway. Prison guards have been on strike for nearly a month now and judges have even started to set folks free because the crimes they are suspected of or convicted for do not measure up to the extremely poor circumstances they are being held in.
Greenwald smears U.S. issues constantly while usually ignoring Brazillian and staying in there despite similar abuses.
But which has recently changed. Most of his recent articles are about the Brazilian coup and he has profiled himself as a fierce defender of impeached president Roussef. He has been relentlessly digging up dirt about those who have voted her away and replaced her, pointing out that many of them have equally been accused or convicted of corruption and the like.
I kinda get his previous apprehension about writing too much about Brasil. In exposing the Petrobras spying, he scored big time with the previous administration that in exchange quietly protected him and his Brasilian partner David Miranda from US retaliation in the wake of his Snowden revelations.
Angry Grandpa • May 24, 2016 11:44 AM
In what concrete way does surveillance negatively affect a person who is utterly shameless and immodest, and is too busy finding ways to afford food, medicine, and shelter than to spend time and energy caring about opaque and abstract global politics?
This is the question that must be answered if you want change to come from ordinary people, and particularly from ordinary Americans. Most of them don’t care if you know their exact location 24/7 or how they like to have sex. They barely care about their dick pics because their popular culture loves celebrity sex tapes and Jerry Springer freak shows. They’re accustomed to living loud and proud, and they just don’t give a feck about privacy when their local factory is closing and they can’t afford their hospital bills, let alone their rent.
As long as the consequences of surveillance are, at most, a problem for the future, no ordinary people are going to make sacrifices to stop it. It’s pointless to lay blame on them for being “complicit” when they can neither see any direct consequences to themselves nor a practical way to fix the problem without making unrealistic changes to their daily lives.
tl;dr:
How does the NSA hurt Honey Boo Boo?
Sancho_P • May 24, 2016 4:21 PM
@Nick P (et al) re Snowden
It seems in short you say Snowden’s revelations merely helped the “foreigners” because Americans are to dense to realize that they already are under the bus.
I don’t think so.
From some of my posts you know I’m convinced that we are in the end run, the last 25 years, never more than 50.
We may not see / read in the media but the US elite knows about and is preparing to fight (- not for their underdogs, of course), increasing power, military, LE, surveillance and control.
They got a lot out of Snowden and the resulting discussion, not only in money and laws. Controlling the mind is key.
Americans somehow “feel” that brutal strengths is needed and follow / support their elite (see Donald the Pony).
The “foreigners” (namely the EU) on the other hand may now increase their struggle to keep freedom and privacy, pushing their nations back in the global run to survive.
But in reality no one can win the race of endless growth in limited space and resources.
@gramps,
Now wait a second old timer before you start digging your grave… Allot of those ‘freaks’ on the p.t. barnone show are constitutionally protected both by our ‘freedom of expression’ and civil rights laws.
I wonder if the whole ‘freedom of expression’ concept covers intentionally sweating out zika viroids…
Or coughing/sneezing/bleeding out in public…
If code is speech, then genetic engineering and selective breeding are too.
Dirk Praet • May 24, 2016 6:28 PM
@ Angry Grandpa
In what concrete way does surveillance negatively affect a person who is utterly shameless and immodest, and is too busy finding ways to afford food, medicine, and shelter than to spend time and energy caring about opaque and abstract global politics?
That’s the traditional “If you aren’t doing anything wrong, what do you have to hide?” fallacy. You may wish to start here: Busting eight common excuses for NSA mass surveillance
It’s pointless to lay blame on them for being “complicit” …
No it isn’t. I guess it’s time for Edmund Burke again: “All that is necessary for the triumph of evil is that good men do nothing.” Or to put it in a 20th century context: “Wir haben es nicht gewusst”.
@dirk,
You ruined it, I was going to advocate self castration and setting one’s self on fire next. 🙁
My body my right!
Clive Robinson • May 24, 2016 7:32 PM
@ Sancho_P,
But in reality no one can win the race of endless growth in limited space and resources.
Yes they can, by stealing the resources one way or another in a winner takes all fashion, then by eliminating the competition, the race is then over. What happens then is what you might call “The Soylent Green Recycling” option.
Have a look at the very long histor of Water Rights and the ensuing bloodshed and slavery. Oh and Russian Cannibalism in the 20th Century where food became unavailable in outlying areas due to political mismanagment etc. It might give you “food for thought” (or nightmares deepending on your viewpoint).
Then consider the end game of US activities such as control over energy and TTIP. Russia also practices political subjugation by energy control but in a much more obvious and brutal way. China has used access to things like rare earth metals to force manufacturing and more importantly leading edge IP into China (way way more than APT has but you don’t get to read it in newspapers because it can not be dressed up to have the sexyness of spys and secret agents fighting titanic battles in the unseen darkness like the James Bond franchise).
The end game of such activities is of course state brutality followed bloodshed and the culling of the population and falling of empires. Then it all starts again as long as there is the energy available to industrialize. It’s why I would rather we spent the excess energy to move resourse gathering and industrialization outside of our gravity well, but that also sets us up for more water rights wars…
@Clive,
Have I told you lately that I love you?
https://www.news.slashdot.org/story/15/04/14/0325206/can-civilization-reboot-without-fossil-fuels
Double plus plus what you say fits exactly into the chimp foraging / war / human farming thread.
WhiskersInMeno • May 24, 2016 8:26 PM
Infrastructure protected by obscurity.
“Smart-meter vendor says that if we know how their system works, the terrorists will win”
http://boingboing.net/2016/05/24/seattle-smart-meter-vendor-say.html
What could go wrong?
Obscurity ignores this question.
Clive Robinson • May 24, 2016 10:05 PM
@ r,
Have I told you lately that I love you?
Hmm not sure what to say to that, especially as my singing voice is not what it once was 🙂
On a more serious note, about lack of available petro-chem to a rebuilding civilization. If you look at history, the fundementals of industrialization has been metal working. Man kind then spent a few thousand years developing it without using petro-chem, they used charcoal in the main derived from trees.
What few historians ever talk about is the contribution of beer and tea to industrialization, and also that of religions. Which is a shame because it’s fairly clear that industrialization almost happened by chance as an outgrowth of religious iconography using excess wealth to promot artisanal classes of white smiths.
The thing to note about beer is that it requires a large energy input to boil the mash, and this needed a group of people to collect the fuel, grow the ingredients etc, the result however was a “safe drink” free from waterbourn pathogens. Beer is known to have been made by two major civilizations (Rome Egypt) but neither managed to get past the pre-industrialization stage befor falling. Similar can be said for other civilizations that developed beer or it’s equivalent.
Various arguments have been put forward, but one is interesting because it involves getting over the side effects of beer –stupor– with a new safe drink “tea” which again involved the removal of pathogens from water by boiling, but importantly unlike coffee had an aditional antibacterial effect, alowing towns to become cities of more than fourty thousand people.
This alowed the merchant classes to expand and utilize people as machine attendents, thus vastly increasing the spare wealth, and it was this wealth that alowed a middle class to develop that could devote time to study, research and thus gave rise to science and the technicians that replaced the artisans, and gave us the kick forwards to more efficient utilisation of energy thus economicaly viable industrialisation. It was then that high energy portable fuels at the begining of the twentieth century gave rise to transportation that was not tied to water, wind, animals or rails, which alowed further economic industrialization.
The question is though does the same “by luck” path have to be followed? History shows us that in general when an empire falls it is not entirely destroyed, the politics may die, but the art and science tends to remain at some level.
During WWII the Germans developed methods of turning coal into liquid fuels and lubricants, by the process of “gassification”. We also now know how to do the same with most bio-masses. I’ve experimented with methane generation by bio-digestion and been able to run a generator on it. I’ve also experimented on gasification of wheat waste (bran, straw) and got viable “town gas” for running generators.
So with that knowledge and a some remaining technology then yes we could re-industrialize without having the use of fossil fuel petro-chemicals. But the real problem is would there be sufficient excess energy for the size of population to get the spare economic capacity to then get back to the ability to have altetnative reliable energy sources.
And this is the real 21st Century issue. The UK for instance has sufficient available “wind power” to run on average most of Western Europe. But it is not reliable energy, to make it so requires economic storage systems, which we currently do not have…
If we can work out a way to efficiently use what are now called alterative/green energy sources into generation of petro-chemicals then yes we could make our economy independent of finite fossil fuels.
The reason why it needs to be petro-chemicals and not just batteries is the second issue with industrialization which is “feed stock”. The first step of any industrial process is gathering the raw materials required to make a product. Even in the twentieth century we were not pulling sufficient raw materials out of the earth to maintain economic growth, iron and aluminium products get upto 75% of the feed stock from recycling not mining. Similarly with other metals. In the twentyfirst century, it’s fairly obvious to those who want to look, is that nearly 90% of non metalic feed stock is from petro-chemicals, and this includes food and medicines. We are thus limiting our future by using petro-chemicals for fuel rather than feed stock. However unlike metals petro-chemicals are not as easily recycled, thus we have a pressing need to be able to turn bio-mass into petro-chemicals via alternative energy sources. The resulting petro-chemicals could be used not just for closed cycle energy storage but feed stock as well. But we do not have sufficient land surface to grow bio-mass to meet more than around 10% of our transportation needs, so we need to look at making transportation very much more efficient or change back from personal independent transportation to public transportation methods. But the freedom of personal transportarion is a Pandora’s box issue and is already showing the polarisation we see in other areas.
But when all is said and done one thing is clear, we are currently consuming energy at unsustanable rates. That is it exceeds the amount of utilizable energy that gets to the earths surface. Thus we have the limited options of getting higher efficiency, or reducing our energy consumption. There is however another option which is get more energy from the sun, and the easiest and ultimately most economic way is to move industry out of earths gravity well and into space.
Clive Robinson • May 24, 2016 10:40 PM
@ All in USA,
You might find this of interest,
http://boingboing.net/2016/05/24/after-the-precariat-the-unnec.html
Nick P • May 24, 2016 11:04 PM
@ Clive
It’s really bad. My area was hit with more devastation by economic ripples than most. I knew people personally that turned to that. It’s one of worst drugs ever invented. It just mentally destroys the person plus attempts to physically destroy them if they try to get off it. “Withdrawls” doesn’t do it justice. Incidentally, the Mr Robot show I’ve been praising for it’s realism in hacking has a scene where a person is going through withdrawls on a strong drug and struggling to make it off. Weird episode but the parts about the addict did decent at showing how rough it was. One person I showed it to, who was an ex-addict, barely made it through the episode. Their past and probable effect totally slipped my mind else I might have skipped that one.
I expect it to continue getting worse, along with meth and crack, as people have nothing else to turn to to calm down facing hopelessness or get a boost facing 2-3 jobs at once to make ends meet.
Jacob • May 25, 2016 1:58 AM
Implanting a backdoor into a chip during the fab phase. This evades detection by all known chip testers.
Richard • May 25, 2016 3:12 AM
@ Angry Grandpa
In what concrete way does surveillance negatively affect a person who is utterly shameless and immodest…
How about when they screw up their surveillance, gathering just enough info to be STUPID and dangerous…
Dangerous in this case to a totally innocent property owner who’s 200 acre ranch the government decided would be a nice target for a nice tasty juicy ‘civil forfeiture’ case – because aerial photography showed some trees that they fondly hoped were hiding a pot plant or two (cus everone know da only reson yo would have a tree on a ranch is so yo could hide a pot plant uner it).
An if they could find something ANYTHING (even jus a joint or two left behind by a gardener) then ho-leee-sheyet what a pay-day!!!
… because then they could seize the WHOLE RANCH worth scrillions of dollars!
You see, our wonderful legal system lets law enforcement KEEP money they seize for their department budgets – so they can all buy new toys – and all get nice big juicy raises.
But sadly for the heroic law enforcement types who cooked up this nifty plan, after blowing away the home owner in front of his wife, alas, there wasn’t a single pot plant to be found anywhere on the whole 200 acres (not even a joint left behind by a gardener) – and this guy turned out to not be a drug dealer at all – How embarrassing.
Don’t you hate it when people will do ANYTHING (even DIE) jus to make cops look bad?
So if you don’t care about your privacy for privacies sake – and don’t care that the governments stupid botched surveillance might result in them wrongly sizing your assets, ruining your life, and possibly GETTING YOU KILLED – then you probably have nothing to worry about.
Richard • May 25, 2016 3:22 AM
@ Angry Grandpa
In what concrete way does surveillance negatively affect a person who is utterly shameless and immodest…
How about when they screw up their surveillance, gathering just enough info to be STUPID and dangerous…
https://en.wikipedia.org/wiki/Death_of_Donald_P._Scott
Dangerous in this case to a totally innocent property owner who’s 200 acre ranch the government decided would be a nice target for a nice tasty juicy ‘civil forfeiture’ case – because aerial photography showed some trees that they fondly hoped were hiding a pot plant or two (cus everone know da only reson yo would have a tree on a ranch is so yo could hide a pot plant uner it).
An if they could find something ANYTHING (even jus a joint or two left behind by a gardener) then ho-leee-sheyet what a pay-day!!!
… because then they could seize the WHOLE RANCH worth scrillions of dollars!
You see, our wonderful legal system lets law enforcement KEEP money they seize for their department budgets – so they can all buy new toys – and all get nice big juicy raises.
But sadly for the heroic law enforcement types who cooked up this nifty plan, after blowing away the home owner in front of his wife, alas, there wasn’t a single pot plant to be found anywhere on the whole 200 acres (not even a joint left behind by a gardener) – and this guy turned out to not be a drug dealer at all – How embarrassing.
Don’t you hate it when people will do ANYTHING (even DIE) jus to make cops look bad?
So if you don’t care about your privacy for privacies sake – and don’t care that the governments stupid botched surveillance might result in them wrongly sizing your assets, ruining your life, and possibly GETTING YOU KILLED – then you probably have nothing to worry about.
Undereavesdropper Blassenkash • May 25, 2016 5:10 AM
The Grauniad article points out that teh first casualty of the surveillance state is truth. An interesting result of this internal surveillance of the US’s National Intelligence Community will be that nobody has any incentive to report the truth. So, no feedback on major matters, leads to no feedback on minor matters, no accountability; no accountability is synonymous with endemic corruption.
Hmmm … we saw how that wound up in the Soviet Union, didn’t we?
Not to worry, the karma police will find my memoirs in the bathtub. Excuse me, I gotta fade out again …
JG4 • May 25, 2016 5:57 AM
@Clive, and others
The unsustainability of the present era’s energy source has been recognized for a long time.
http://www.hubbertpeak.com/Hubbert/1956/1956.pdf
Hubbert concluded that fossil fuels can only be a stepping stone to nuclear power. I am concerned that your species does not have the intellectual capacity to manage nuclear power (much less nuclear weapons), but I am enthused about renewables. It isn’t that difficult to store surplus renewable energy as hydrogen and burn it in existing fossil fuel infrastructure. I am puzzled why the use of hydrogen in existing infrastructure (after simple refitting) doesn’t seem to show up in the scientific literature or public discussion surrounding renewables. The thermal efficiency haircut would be more than covered by the capital savings. There simply isn’t enough platinum on spaceship earth for all of the fuel cells that would be required to convert hydrogen to electricity at point of use. Nor is there enough lithium available to let everyone fill their basements with batteries sufficient to ride out days without wind and sun. Nor is there anywhere near enough biomass on the planet of unintended consequences to fuel even the easy-motoring utopia, much less Asia.
Rickover came at it from a different angle, but I am convinced that this is based in part on the Hubbert paper.
There is a lot more to say on the energy security topic, but I have to go produce more unintended consequences.
65535 • May 25, 2016 6:04 AM
@ Eric
“Where is the source code…”
Not on Gibson’s site. In the past he as done a lot coding projects in Assembly and doesn’t give that out. I guess you either trust Gibson or you don’t.
Clive Robinson • May 25, 2016 7:00 AM
@ JG4,
Re Silicon valley getting radical over encryption.
The reality is they are not, they have looked at what Apple spent fighting the Feds and made a simple financial risk analysis. And have worked out it is going to cost them a lot less in the long run if,
1, They have no user data in their systems.
2, Cannot provide access to user data on user systems.
Whilst the likes of Google and Facebook can sell user data at a premium, smaller companies can not command anywhere near the same money.
Thus they are looking at a small return for a very big company killer sized risk.
It does not matter what the FBI’s Comey says, he and the other psychos at the DOJ have made it clear by their actions they are going to try every which way to get what they want, if there is the slightest chance they can get it.
So the only rational stratagem is as made clear in a cult 80’s film, “not to play” so texh companies are turning their tech into “no way, no how, no chance” systems.
This will not stop thr DOJ psychos wasting tax payer money, but it will reduce the liability to the companies, who simply demonstrate to a judge “the system can not do it”.
Oddly it’s a stratagem @Nick P and myself have independently investigated and talked about here some years ago over the thorny issue of crossing borders with laptops.
So the idea is far from new, It’s just that the FBI/DOJ psychos have moved the tipping point so far by their very stupid very public machismo game play, that it’s no longer a far left field idea.
@Nick P,
My area’s been hard hit like that too it may be unrelated to the current over-prescription/heroin epidemic but thankfully my area also overlaps with one of the housing crisis’. It’s not too hard to ‘catch a break’ and ‘ride the wave’ if you’re aware and prepared.
Nick P • May 25, 2016 12:29 PM
@ All
BOOM! My forays have been validated! 🙂 Originally inspired by our hardware guru telling us about people embedding analog in digital cells to do sneaky things. He also suggested leaking or messing with bits in CPU’s. Probably saw it in the field. Leveraging MULTICS work, I further speculated digital, analog, and RF trojans would be put into MMU’s, IOMMU’s, PCI, TRNG’s, and some other things. Now, we’re seeing both of our predictions in action with this attack knocking out CPU protection.
Note 1: My framework I described here and on Hacker News would’ve prevented it as it uses only validated digital and analog cells vetted by mutually, distrusting parties. I mean, the attacker would have to be really clever.
Note 2: Memory problems made me forget and re-discover something even better: Thompson attack isn’t Thompson’s. It was yet another find in MULTICS Security Evaluation by founders of INFOSEC, Schell and Karger. See p17 in this paper. The looking back paper made later specifically mentions that the work inspired Thompson’s paper. Thompson’s fanboys kind of leave that part out and ignore rest of MULTICS work. Too bad since another thing in paper… reason I dug it up… was that they inserted a software trap door that waited for failures in HW, esp MMU, to escalate their privileges. People should’ve learned. 😉
Note 3: Maybe Thompson should’ve ripped off reverse stacks, prefixed strings, and safer-by-default language that prevented many vulnerabilities in MULTICS. Would’ve been helpful for UNIX later on. Today. Five years from now. 🙂
Nick P • May 25, 2016 1:06 PM
@ Clive, Dirk
“Curious you put China in with major democracies…” (Clive)
“I mostly agree with @Clive. Russia and China can hardly be called democracies.” (Dirk)
Wow, you people are slow sometimes for otherwise bright fella’s. I thought dropping China in a list of democracies would give someone a laugh as it was clearly a joke. Serious conversation could use a light-hearted moment. Bombed that one… Here’s another try that was almost applicable to all programming language wars until [spoiler] happened. You’ll know since you’ll die laughing when you see it.
@ Clive
“As for European countries especially Germany and Sweden, you as an American would not be popular, nor would your business. ”
I was worried about that sort of discrimination.
“Donald Trump and Hillary Clinton and Obama’s TTIP are doing you a lot of harm and as my early discussion with Dirk may have shown you right wing nationalism is very much on the rise. ”
We’re aware of it. Even in the South, there’s a number of people that once voted Republican but joke they’ll leave the U.S. if Trump is elected. They won’t but I’ll consider it.
“Other friends in Germany were likewise raising red flags about nationalism.”
Their solution was Made in Germany. I warned them it didn’t matter. The BND leaks were very amusing to say the least. 🙂
“The thing is that their signals directorates tend to see themselves as being above politics and the elected representatives and the legal process”
Well, the concern is more about “can they force me to backdoor stuff, indefinitely detain me, or murder me?” Idk about Belgium as they’re tight with U.S. spooks. So, was looking into Sweden. They’d be a choice worth considering if they don’t have or enforce the equivalent of the Patriot Act. 😉
“Five Eyes is no more than a fading memory that died in the 80’s and 90’s when fiber took over from satellites and mobile phones started replacing land lines. A new IC federation was born, the countries involved can be identified by looking at a map of undersea cables and GSM equipment manufacturers and the way traffic is routed.”
I disagree. Five Eyes is still dominating in intelligence collection and capabilities. The others are competing for more access to the club. That alone tells us it’s valuable. The expanded Eyes federation has less access and mostly serves Five Eyes’ interest for promises of handouts valuable to them on occasion. They’re lapdogs. Five Eyes still needs a big challenger. Chinese, Russian, or other Asian competition in secure chips and products is best bet.
“I would look outside the political union –of full EU members– and outside of any NATO members, which realy does not give you much in the way of choices.”
That’s what I was worried about.
@ Dirk
“But I still think of him as an idealist who meant well… he had learned from what happened to Manning…”
He didn’t learn from Manning, who did a big dump with big consequences. They all need to stop doing that if aiming for domestic action. He did learn from Tice, Drake and Binney. So, next one is ideally more like Drake or Binney with press approach Snowden took.
“I guess the majority simply refused to believe that the US had slowly been turning itself into a police state, with a legislative and executive branch wholly owned by corporate America and the military-industrial complex. ”
I don’t know. Many of them know it and even talk cynically about it. Then, in another conversation, their mind has totally switched gears to go back to talking Obama, Trump, Hillary, whatever. Or shootings. Or football. I think MSM has finally mastered conditioned response on these issues.
“For me, it is hard to fathom that in some not so distant past a president almost got impeached over an affair with an intern”
Yeah, the contrast is shocking. Amazing how far away from democracy they went in such a short time.
“Sweden for all practical purposes is a US subsidiary. The Assange case made that pretty clear ”
It might be. Part of my research goes that way. Assange case doesn’t tell me anything, though, as most of the data shows he might not have been honeytrapped at all. His later actions showed he was a psychotic, domination/control-freak. Especially toward Berg. I could easily see him preying on some fangirls then not stopping when asked. Regardless, Assange is an exceptional case that we shouldn’t read too much into given his organization was a threat to U.S., Sweden… everyone with damaging secrets. Everyone wanted him gone.
“The UK in terms of privacy, civil liberties and surveillance arguably is even worse than the US. ”
You now know why I’m staying away from it. 🙂
“France has recently passed some draconian surveillance legislation and that was even before the November Paris attacks. ”
Powermongers are exploiting the deaths. How is it doing otherwise outside rampant I.P. theft?
“Germany is a bit of a special case. ”
It really is. I have a hard time analyzing it. On plus side, they already dealt with a surveillance state which resulted in stronger Constitution on that and resistance from public. The bad thing is their BND’s schemes are like NSA and CIA put together. Hard to say a person truly threatening to them would be safe there. They’d come up with something.
“which explains why folks like Jake Appelbaum and recently Isis Agora Lovecruft have sought refuge there. Laura Poitras also stayed in Berlin for quite a while.”
They’re taking educated guesses. Switzerland would seem safer given they’re one of only three resisting NSA cooperation. But, Germany has political asylum that could benefit Appelbaum, etc. Hard to tell. I think they’re there for the beer, dates, parties, and CCC. Or maybe I’m projecting my own reasons for visiting Germany in the future.
“Iceland and Switzerland are good picks too. ”
Near top of my list. I fear Iceland could be made to cave to pressure. Switzerland is very strong. Their last fight, the tax fight, had an interesting result where they just said no to American accounts rather than thoroughly cave to demands. I expect they’d do something similar about data privacy given business going their way. Swiss money, selfishness, and faux neutrality are a great combo in this situation.
“Even Belgium is.”
So, you must not believe that one woman always talking about NATO and terrorist connections. She always references the operations in Belgium supporting it all. They’re also NATO headquarters. They also front our covert, financial battles against Russia and China. Quite frankly, I’d not feel safe in Belgium if U.S. wanted my ass.
“we do have…”
Those all sound good. I just fear they also have the capability to prioritize when it counts. 🙂
“But which has recently changed. Most of his recent articles are about the Brazilian coup”
That’s good. I can’t call him on that now.
“In exposing the Petrobras spying, he scored big time with the previous administration that in exchange quietly protected him and his Brasilian partner David Miranda from US retaliation in the wake of his Snowden revelations. ”
Bingo! Heroic indeed. I bet Snowden got asylum in a police state or something, too. 😉 I don’t blame them so much as saying they’re just people. They do a mix of selfish and selfless things. So, we can call out or credit each.
Nick P • May 25, 2016 1:12 PM
@ tyr
The Tor post was actually a good write-up. They’re discovering some of the things QA people and high-assurance been telling them for years. I’m not following up with them as they’ll just ignore it. I’ll keep the article, though, as it nicely lists prevention/detection techniques along with specific issues they addressed. It will be good for empirical studies later on. Maybe directly usable for some C coders, too.
Milo M. • May 25, 2016 3:58 PM
@Nick P:
“Quite frankly, I’d not feel safe in Belgium if U.S. wanted my ass.”
Or some other country or group.
Sancho_P • May 25, 2016 4:43 PM
@Clive Robinson
Re:
[Sancho_P]: But in reality no one can win the race of endless growth in limited space and resources.
[Clive Robinson] “Yes they can, …”
Nah, mankind will lose, nature will succeed.
I’m afraid you are at the wrong end of that stick, technics is not the solution, it’s the problem.
You are spot on with the energy issue, but whatever we think (renewable, hydrogen storage, increasing efficency) it only will shift the problem into the near future, probably by years, however, the outcome would be the same or even worse.
Good article regarding your fellow citizen W. S. Jevons (Jevons Paradox, 1865) at the monthly review http://monthlyreview.org/2010/11/01/capitalism-and-the-curse-of-energy-efficiency/
Growing population and access to commodities are at the other end of the stick.
Wait until people have to flee coastal regions and dry land.
Dirk Praet • May 25, 2016 6:44 PM
@ Nick P.
I thought dropping China in a list of democracies would give someone a laugh as it was clearly a joke.
I figured that much but seized the opportunity to state on record what I think of them. @Skeptical has previously suggested I’m some kind of Russian agent.
He didn’t learn from Manning, who did a big dump with big consequences.
I believe both Manning and Snowden’s targeted audience was the entire world. But I do understand why many Americans interpret that as treason.
Then, in another conversation, their mind has totally switched gears to go back to talking Obama, Trump, Hillary, whatever.
Politics indeed is the entertainment branch of the military-industrial complex 😎
Assange case doesn’t tell me anything, though, as most of the data shows he might not have been honeytrapped at all.
There’s few people denying that Assange is a narcissistic git. But Sweden could have ended the stand-off in the Ecuadorian embassy in London years ago by sending someone to interrogate him. Which they have done for lots of other cases too. His detention in London has even been found “arbitrary detention” by a UN panel. This has never been about the alleged rape case but about Sweden doing the US’s bidding to extradite him for his role in Wikileaks. Sweden is definitely the last European country I’d go if I were planning to or had done anything to hurt US interests.
How is it (France) doing otherwise outside rampant I.P. theft?
The country is currently a bit of a mess with significant parts of the population involved in nationwide protests and strikes against controversial new labour legislation. Hollande is probably the least popular French president ever and there’s a fair chance that the extreme right will win next year’s presidential elections.
The bad thing is their BND’s schemes are like NSA and CIA put together.
That’s because so far they have been operating in a legal vacuum. One of the positive outcomes of Snowden’s revelations is the parliamentary NSA Untersuchungsausschuss committee thoroughly investigating what the BND had been up to. It is rumoured that chief Schindler’s dismissal was at the request of Angela Merkel herself. Which would indicate that some folks were less than pleased with what they found out was going on.
Switzerland would seem safer given they’re one of only three resisting NSA cooperation.
It’s also horribly expensive (like Sweden) and much more boring unless you’re working at CERN. You really need to check out Berlin some time. It’s by far my favourite European city and I can show you around.
I fear Iceland could be made to cave to pressure.
Their PM recently had to step down in the wake of the Panama Papers. The Pirate Party is now going very strong, and they won’t cave in to any US pressure. They’ve told US officials to go take a hike before and they’ll do it again.
So, you must not believe that one woman always talking about NATO and terrorist connections.
Sibel Edmonds? She’s totally right in that there’s a lot of shady stuff going on here, the main reason for which being that, whoever you are or whatever you’re up to, there is little you can’t get away with in this country when operating outside of the system. I think Molenbeek made that abundantly clear to the entire world. Or take Nisar Trabelsi, a Tunesian-born terrorist who got only 10 years in jail and after serving his sentence it still took more than three years to extradite him to the US.
I bet Snowden got asylum in a police state or something, too.
I think the only way of maintaining a stable regime anywhere in South America is by installing some kind of a police state. Otherwise you just get one coup after another. Same thing in the Middle East and North Africa. It’s a persistent western myth that democracy works everywhere. Replace Putin with the Russian equivalent of Bernie Sanders and the entire country falls apart in the blink of an eye. Democracy can only work if the entire citizenry is behind it and willing to do what’s necessary to keep it going.
Dan3264 • May 25, 2016 9:04 PM
@Nick P,
I guess you should make your ASICs implement a simple microcode processor rather than directly do what you want them to do. That would make it a lot harder to backdoor(I am assuming that it would be hard to make a useful backdoor for a unknown program that has an unknown behavior). It might also be interesting to have the ASIC output the current microcode instruction every clock cycle. This would allow you to have a device that verifies that the ASIC does what the microcode says it should do(the auditing device should preferably also be a general purpose device, or at least be made at a different time than the main ASICs). This would make it less secure(arguably), but you should at least have some way of preventing the attacker from having physical access to the device(assuming you care about your security that much). I have no experience with custom circuits, I just like over-thinking things.
Figureitout • May 25, 2016 9:43 PM
Nick P RE: malicious analog circuits
–Very nice paper. Not sure why your forays been validated when someone else did the work lol. Also don’t know why you mentioned Thompson (oh it’s a chance to rag on C again rather than come up w/ a better solution yourself, right) when this is an analog attack in hardware. And why you mentioned microcontrollers in you HN comments all giddy like you’re happy they’re being attacked, it’s an already very well known threat. Also not sure about your claims of “that’s my idea!” again and again for known classes of attack that don’t take much imagination (I supposedly experienced an “attack” of a bit necessary for putting the chip in programming mode being set by the speed of the comms somehow creating the right signal to set the right bit to 0 or 1, I forget now, preventing the chip from going into programming mode, I don’t believe that’s what actually happened, but was told that by the manufacturer FAE), do you have a patent or paper where you’re the sole author of these ideas, or what? Do you have prototypes of these devices on your desk or even know how to build a basic one off-hand? Just curious.
One question, aren’t these “privilege bits” in flip-flops, like control registers? Various “flags” are just bits in control registers too. We set and can read those in software, at least one time w/ the help of an additional toolchain and external programmer/debugger.
So either these can be set by software, and/or set/reset by hardware at will, or there’s completely separate control registers being added in that can literally not be touched by software since it’s not in original design?
It’s a practically speaking impossible vector to 100% defend against when your boards are very non-trivial (worse, what if you wait until after you verify the boards, when you go into production to launch the attack). I’ve got some practical experience w/ capacitive touch chips, and could implement an obvious form of this attack on one of my products too w/ a counter in software lol. Would never do it of course. W/ the right antenna (this is very exaggerated on what you have in normal boards), you can extend the electric field close to 3ft outside the target chip. That is, 3ft of a complete sphere of where capacitively coupling could take place, this would cover most PCB’s. The capacitance values at those lengths were so trivially small we couldn’t even measure them w/ any equipment, yet we could detect it w/ a COTS chip easy. That’s extreme though, w/ a huge “antenna”. In this instance, I think we’re talking centimeters at the most. Also why I say, unless this is purely in an IC, that layout of a board is an important engineering decision, due to all the inductive and capacitive coupling that goes on all around a board (any engineer knows this but it’s impossible to eliminate it all).
Easiest defense so far: Eliminate unused space (perhaps for a defense-marketed chip since this appears to have some heavy costs of course). Force attack to work around chip design, making much more likely to be easily detected if certain features just fail to work, chip will be thrown out.
@Nick P,
Thank you for both documents linked today. I understand completely how you feel when something you suspect or intuitively feel is validated independently. Again I’m not EE but I did read it and the novelty of that attack with it’s time based depletion of trigger ‘value’/current is such a sexy way to undermine the reliability of a system.
It reminds me of rowhammer with the way the timer/trigger works in recurrent saturation.
I hope that in knowing iopl and others can be directly subverted on such a small scale will lead to greater examination of that part of the circuit.
As for post-print, GOOD LUCK LOL. NOBUS it’s too late anyone would have to start ALL over at 50um?
I hope we got this first.
The torblog I made note of their soft asserts comment in contrast to reading about hard asserts for safety somewhere else… OpenBSD?
It’s a great document to peruse and examine, thanks for pointing them both out.
Nick P • May 26, 2016 12:01 AM
@ Dan3264
Good thinking. The microcode for obfuscation strategy was in a private proposal to NSF for a grant. I couldn’t get University partnership for the real proposal. That was first part, though. There’s a better technique I came up with for microcode that, if performant implementation is possible, gave attack costs similar to symmetric cryptography on per instruction basis without using cryptography. I haven’t published it yet as it might be a dud or hit. I liked it gave me microcoded processor as a side effect for obfuscation you mentioned. Extra benefits included building abstract machines (eg Java, Oberon) via microcode to use with safer OS’s like JX OS or A2 Bluebottle.
@ r
“NOBUS it’s too late anyone would have to start ALL over at 50um?”
We actually don’t have to. The circuits stop being visually verifiable at 250nm. That means existing fabs at 350nm can be used. I’ve collected lots of techniques to be used with them to max out what they can do. Additionally, one might be able to use ebeam workstations to print trusted chips or masks for lower nodes. There’s ways to obfuscate and counter some risks there. Not publishing that for now in case opportunities arise.
@ Figureitout
“Not sure why your forays been validated when someone else did the work lol. ”
People say I worry about and look into analog stuff too much for a person not building analog. How you can represent computing, cells, etc for attacks or enhancements. I figured it would be combined with CPU’s cells (or crypto accelerators) to destroy their security. That’s exactly what happened. So, it’s good I stayed focused on that risk plus developed partial framework for dealing with it. That framework would’ve pre-empted this attack.
“Also don’t know why you mentioned Thompson”
The HN link you’re referring to originally was titled based on his paper with tons of Thompson-related comments. Moderator changed it due to others’ gripes. I was sure the first, HW risks were in MULTICS paper. They were. I also re-discovered that they backdoored a compiler to add backdoors to compilers upon recompile with nothing in the source. Looked like the “Thompson attack” to me. Second paper noted that it inspired Thompsons work afterward. Confirmation. So, people keep dropping “Thompson” attack and paper on all kinds of threads when he didn’t even come up with it. It was actually Schell and/or Karger that invented it, use of HW failures, and many other techniques that got repeatedly reinvented because people didn’t read the darned paper. Citing Karger et al would’ve gotten INFOSEC students much further given they’d independently re-invent buffer overflows, string attacks, hardware attacks, etc since it was already demonstrated by that one project under different names.
So, just another attempt to destroy that meme that focuses people on a rare attack Thompson himself didn’t even come up with. They’re better off focusing on what actually compromises them in software and hardware. Plus reading older works that teach them way more.
“it’s an already very well known threat”
I’m following what attack papers I come across. Most of them aren’t about defeating MCU functionality by adding analog circuits. Most other work attacks crypto and other stuff. Also, MarkH discussed here with Clive and I the same topic as he couldn’t see how you’d unnoticeably backdoor such a tiny circuit with no cache or almost any transistors. Please share links to any analog subversions on MCU’s that lead to full, stealth compromise as I’d like to have them in my collection.
“Also not sure about your claims of “that’s my idea!” again and again for known classes of attack that don’t take much imagination”
INFOSEC has mostly been blindsided by these risks despite them being discussed on this blog, in MULTICS evaluation in terms of HW effect on security, in safety-critical field, and, for different reasons, in EMSEC literature for decades. You might be right: most security engineers might have no imagination or just exclude HW from their thinking entirely. Or a few of us were clever. Who knows. (shrugs)
“Easiest defense so far: Eliminate unused space (perhaps for a defense-marketed chip since this appears to have some heavy costs of course). Force attack to work around chip design, making much more likely to be easily detected if certain features just fail to work, chip will be thrown out.”
Mine is just to make it correct by construction with a trustworthy flow. You have to do that anyway to make sure you security functionality is correctly translated to transistors. Further, you have to have empty space all throughout the sucker for meeting DRC checks on a decent node and ensuring regular shapes for the gates to ease layout. Eliminating all empty space some analog components can be stashed in could… sort of… be done only if it’s custom-level ASIC on older node. We’re talking early Forth chips and stuff. Almost unusable today.
Richard • May 26, 2016 1:05 AM
@ Nick P
“Note 1: My framework I described here and on Hacker News would’ve prevented it as it uses only validated digital and analog cells vetted by mutually, distrusting parties. I mean, the attacker would have to be really clever.”
Sorry Nick, but the whole point of the paper was that they were able to manipulate just the kind of ‘vetted’ structures you described in very subtle ways by simply adding leakage capacitances in the interconnects – which can be done by manipulating the mask layer process in virtually undetectable ways during the fabrication of the silicon.
What this DOES prove is that all the suckers who think that they can ‘open-source’ some magically ‘vetted’ design are basically WASTING THEIR TIME, because the FAB that makes the chips can still easily backdoor the design in hundreds of virtually undetectable ways.
The authors then go on to state that field detection of such a backdoor, even if you knew EXACTLY what you are looking for, is virtually impossible, because even a thorough scanning electron microscope examination of the actual silicon wouldn’t be sufficient. You would need to do a complete de-layering of the chip while performing a super accurate layer by layer audit, and I am not sure that such a sophisticated layer-by-layer audit is even within the state of the art at this time.
… And even if you successfully layer-by-layer-by-layer verify a few chips up front – how can you make sure that the fab doesn’t insert the required subtle process variation at a later date? Answer – YOU CAN’T. You are utterly and completely at the mercy of whoever fabricates your silicon.
Actually, trying to do a ‘beat-it-to-death-validation’ on the chip and then manufacture that silicon by the millions would be just about the WORST approach, because then the attacker would have a high incentive, and minimal effort, to subvert your fab process and insert just the kind of back door the authors of the above paper described.
This is why I proposed the approach of a design using vetted open-source CPU-CORE firmware with a GENERIC high-performance FPGA.
YES, this will involve a big fat cost-performance hit – no one said security is cheap…
But NO, it would NOT be subject to most of the kinds of silly-ass ‘backdoors’ that were mentioned in response to my post.
The thing that makes most attacks on GENERIC hardware impractical, is that that even if we assume that adversary has the exceptional resources to subvert EVERY FPGA supplied through the commercial supply chain, it is almost impossible to embed a ‘generic backdoor’ that could subvert EVERY possible embedded SOC CPU design without a LOT of embedded malware code – and that would stick out like a sore thumb.
This is because, if we chose an FPGA which uses an external Serial Flash chip to load it’s configuration – then it would be very difficult to HIDE the required massive amount of exploit code on the chip’s mask without it being noticeable with even a cursory microscopic examination of the chip. (you think no one is going to notice a FEW BILLION extra flash cells).
The idea that such an exploit could be ‘very simple’ and still effectively backdoor EVERY possible SOC design that might be loaded into a generic FPGA is pretty ludicrous, and hiding a complex multi-gigabyte exploit in plain site on EVERY FPGA would be quite challenging.
In any case, such an attack would be many, many, many orders of magnitude harder than hiding the simple subtle mask layer defect backdoor exploit mentioned in the above paper if we were working with a known ‘vetted’ ASIC.
So, ultimately, the saving grace for GENERIC FPGA hardware is the fact that no matter how sophisticated the attacker is – THEY DON’T HAVE A TIME MACHINE.
So AFTER you implement your design – the attacker can’t go FORWARD in time, break the chips AES firmware encryption, examine the firmware code – then RETURN TO THE PAST and insert a tailor-made hardware exploit at mask level in all the FPGAs you purchase BEFORE you purchase them.
I can see at least ONE generic attack that you would have to guard against on FPGA chips, especially those with internal FLASH. On such chips, if the foundry embedded the equivalent of a backdoor ESP8266 core, the chip could easily be programmed to find an open wifi, bypass it’s internal code protection and dump an unencrypted version of it’s current firmware to the attackers Internet site – where the attacker would be able to analyze it at leisure – then do an over-the-air update to subvert your chip.
This is why I specified an FPGA which loads its firmware image (optionally AES encrypted and signed) from a jumper controlled write protected external serial flash, and which has a simple enough flash-less chip design – so that it would be much more difficult to hide a sophisticated WiFi style backdoor. Not impossible (so this is still a concern) but much more difficult, and thus highly unlikely for a randomly selected generic commercially supplied FPGA.
To avoiding problems AFTER your design is public, you would simply make a lifetime buy of the critical FPGAs components BEFORE the design is made public.
Dirk Praet • May 26, 2016 5:45 AM
@ Richard, @ Nick P.
To avoiding problems AFTER your design is public, you would simply make a lifetime buy of the critical FPGAs components BEFORE the design is made public.
Now this is the stuff why I keep coming back to this forum. Thanks for these very educational posts, guys.
CabbageControl • May 26, 2016 6:45 AM
http://www.romania-insider.com/man-escapes-bucharest-police-arrest/171569
(it is a high turnover jail rather than prison)
@Nick P,
I was going to mention virtual CPUs yesterday on one of these threads with respect to profiling attacks on software, r/e work on heavily ‘protected’ software… I think it was about somebody only assembling projects and them not being “open source”. Thanks for expanding my understanding of virtual cpu technology into the realm of hardware application?
JG4 • May 26, 2016 9:10 AM
the second thing that sprang to mind is the question “how to create a malevolent government?”
Unethical Research: How to Create a Malevolent Artificial Intelligence
https://arxiv.org/ftp/arxiv/papers/1605/1605.02817.pdf
https://www.technologyreview.com/s/601519/how-to-create-a-malevolent-artificial-intelligence/
Maybe part of the problem with tinyness of such attacks as what Nick presented is in the connotation of using ‘backdoor’ ?
With such a small powerful subversion like that would trapdoor be better?
Nick P • May 26, 2016 11:45 AM
“Sorry Nick, but the whole point of the paper was that they were able to manipulate just the kind of ‘vetted’ structures you described in very subtle ways by simply adding leakage capacitances in the interconnects”
No, the point of the paper was manipulating unvetted structures produced by digital HDL at two specific points in manufacturing: RTL-handing firm and fab. The paper, in Threat Model section, admits it’s really difficult to apply any attack to fab level due to “limited information and ability to modify the design.” So, paper focused on RTL firm (“back-end phase”) as the threat model. Which is covered in my methodology as you don’t have to trust the RTL firm. 😛 Fab-level part is an open problem for all chips.
“because the FAB that makes the chips can still easily backdoor the design in hundreds of virtually undetectable ways. ”
The paper itself contradicts that as I show above. It gets more difficult the further one goes down due to all the effects the backdoor has to counter in a design they don’t know shit about. There’s over 2,500 design-rule checks in play with crazy sophistication at 28nm. It’s why a hardware genius here used to say the best route was probably using most cutting-edge tech as it barely works in the first place. 🙂
“This is why I proposed the approach of a design using vetted open-source CPU-CORE firmware with a GENERIC high-performance FPGA. ”
Ok, lets start with FPGA. I’ve already pushed creating a continuously-vetted FPGA at 28nm with common logic just to allow obfuscation strategy and HW experimentation. So, the system becomes a moving target they have no knowledge of. They can’t hit what they can’t see. Win, right?
You could say the same thing of a desktop, commercial router, any number of things that get compromised regularly. They just focus on the common, privileged components. So, they’d just backdoor how you got the bitstream in, the I/O, the SRAM, the trusted loader, final stage of synthesis tools… many attacks on FPGA’s to the point that DARPA & NSF still fund defenses. So, you’ve just shifted the problem. Matter of fact, your design falls to your own risk: they know exactly how your FPGA works and can tune attacks for it. It’s almost always going to rely on storage or host computer they can hit, as well, given FPGA vendors only support stuff they have 0-days for.
That’s not the only problem. You specified a vetted, open-source CPU core. That’s exactly what they attacked in the paper! You’re talking about how FPGA’s let you hide what you’re doing but using variations on the same exact thing. Kind of defeats the point to a degree. You’re better off with a model like No Instruction Set Computing or Tensilica that auto-generates CPU’s for you’re application. Then randomizes RTL for them.
So, your recommendation has a lot of the same problems as trusting an ASIC. Then some. Any issues that apply to one apply to the other. Except that the ASIC is fixed. That reduces what they can do to one on a day to day basic. If you want obfuscation & ASIC benefit, then best bet is vetting an anti-fuse FPGA that can be loaded through an interface not requiring a Windows or Linux PC. You can keep burning new designs into them for obfuscation without host or memory attacks.
JackC • May 26, 2016 6:41 PM
@65535,
I recently ran Steve Gibson’s program on a half-dozen Win 7 and Win 8.1 machines. It’s a bit too soon to tell, but so far so good. Reading his description of the program, it sounds like a fine approach. Source code is always preferred, but I think Gibson is one of the Good Guys so I trust him. Certainly more than I trust that bunch from Redmond.
Clive Robinson • May 26, 2016 6:55 PM
@ Nick P,
I’ve had a fast flick through the paper, then went back over their three claims.
Appart from the last (we’ve built it) I don’t see anything that RobertT and myself have talked about ad nauseam in the past.
Look back for RobertT talking about buried via’s and close running traces to use capacitive coupling. That covers the papers pick ups.
I’ve talked about the problems with “test harnesses” acting as security bypass mechanisms. As RobertT noted on a chip these are generaly not put in by the foundry customer (SoC designers) but the mask producers of the foundry themselves as it can be very technology dependent.
I’ve also talked about the use of “matched filters” which are effectively what the papers authors are doing with the input to their leaky integrator (the correct name for their voltage charging discharging capacitor).
As for the dead space on SoC devices, I’ve mentioned before that there is the “heat death” issue, which is one of a number of reasons for having dead space on the chip.
I’ll give the paper a fuller read tomorrow on my way upto the hospital for the “frying alive nurological checks, 30mA DC being applied to you f3cking hurts as does the slow heat “soldering iron” like probe, so it will give me something to take my mind off of it all).
Wael • May 26, 2016 8:14 PM
@Clive Robinson, @Nick P,
Didn’t have a chance to read it yet…
I’ll give the paper a fuller read tomorrow on my way upto the hospital for the “frying alive nurological checks, 30mA DC being applied to you {expletive} hurts…
Well, don’t know what to say. Do this to the doctor… hurt him back 🙂
so it will give me something to take my mind off of it all
I doubt that’ll take your mind off it.; it’ll remind you of it.
Anon10 • May 26, 2016 9:26 PM
@dirk
But I do understand why many Americans interpret that as treason.
Giving Snowden asylum came at a huge diplomatic cost to Russia, and remember this was before Ukraine. The Russian government would never have agreed to give Snowden asylum unless they got something very valuable in return, likely a trove of classified documents never made public and probably never given to any journalist.
ianf • May 27, 2016 2:08 AM
Braindump(“null”) by @Anon10:
Giving Snowden asylum came at a huge diplomatic cost to Russia
Given rare chance to appear as a benevolent, civilized society by granting the “American spook” Snowden temporary humanitarian asylum, what diplomatic cost EXACTLY was that to the Russian state? The opportunity to flip the Yanks the bird was priceless prestige in itself, and came for free.
The Russian government would never have agreed to give Snowden asylum unless they got something very valuable in return, likely a trove of classified documents never made public
You don’t know dick, yet you sound like you knew them all. Had Ed Snowden so much as disclosed a.n.y.t.h.i.n.g. of value or classified to the FSB (which interviewed/ “debriefed” him extensively while he was in airport limbo), he’d never again see the light of the day, as they’d made damn sure he divulges the rest of what he knows (and then has a sudden heart attack or something.) He arrived in Moscow without any physical or digital documents on him precisely in order not to have to give up what he didn’t have. He probably told them about NSA unlisted (but to FSB long known) network access points and passwords, all of which would have been changed by the time he left Hong-Kong anyway. So he could not have provided them with any viable operational data, at best only corroborative and peripheral knowledge.
ianf • May 27, 2016 4:02 AM
@ Jacob “Implanting a backdoor into a chip during the fab phase. This evades detection by all known chip testers.”
I won’t comment on the cited paper itself because I do not consider myself competent to opine on factory-perverted microcode etc similar matters.
However, if the chip(s) in question are of generic type, for general consumption (rather than, say, targeted at some specific narrow subversion-worthy application—like the Stuxnet in silicon), the macro-economic point of view speaks against them being “adulterated” in that fashion. Because if X million of them were to be sold & soldered-in/ deployed in OEM products, and then it’d transpire that they’re all back-doored, the survival of the chip maker, and its parent company, would be at stake. Though perhaps Intel could still get away with it—what we gonna do, exchange their ICs for what?
Nick P • May 27, 2016 4:28 AM
@ Anon10
That’s speculative and inconsistent with history. The Russians have been more than happy to put resources inyo pissing off US with publicity stunts. Putin made a habit out of trolling US Presidents from motorcycle parades to bigger dogs. They spent over $10 billion securing the Olympics for national pride.
Further, the US has constantly warned of Russian hackers and backdoors. Government agencies often bought American-made since we had moral high ground. Snowden leaks turned that on its head. Russians hiding him all the more shameful for all-powerful US. They have plenty motivation.
Dani • May 27, 2016 5:38 AM
@ Clive Robinson, Nick P
“Curious you put China in with major democracies…”
China is by definition a major democracy because it is in the state of mob-run, as do other fascist nations where a small group control choke points from the shadows giving the rest a false sense of communism, or socialism depending on your polarity.
“Five Eyes is no more than a fading memory that died in the 80’s and 90’s when fiber took over from satellites and mobile phones started replacing land lines.”
Likewise, without mentions of Echelon, the Snowden trove is just a bunch of PDFs.
Dirk Praet • May 27, 2016 7:04 AM
@ Anon10
The Russian government would never have agreed to give Snowden asylum unless they got something very valuable in return, likely a trove of classified documents never made public and probably never given to any journalist.
In a court of law, we would call that speculation. There is no evidence whatsoever that Snowden ever gave the Russians anything. Him coming over to Russia in itself was already invaluable propaganda for Putin. Imagine a US dissident seeking refuge in Russia. Totally unheard of.
Snowden has admitted on several occasions that he has broken the law indeed and is willing to return to the US to defend himself if he would get a fair trial. Which under the current circumstances (the Espionage Act) is impossible, whatever POTUS, Shillary and other officials are claiming.
@anon10,dirk
To reinforce what dirk is saying, maybe they viewed him as a potential trading card.
ianf • May 27, 2016 11:23 AM
@ rrrrrrr
Snowden – a potential Russian “trading card” for their own in the U.S. incarcerated spies for exchange on the Glienicker Brücke as during the Cold War?
(FYI, Cold War of that type is over. Had Snowden ended up in Cuba, his once destination, he might have become an uncomfortable asset during the Cubans’ recent wish to normalize relations with the USA—but what would Russia stand to gain by forking this U.S. citizen over, when every day of Ed S. in Moscow is an undeniable PR-proof of how civilized and humanitarian that robber country really is?)
JG4 • May 27, 2016 2:23 PM
unfortunate that they weren’t fired.
https://www.yahoo.com/news/us-secret-agents-disciplined-over-congressman-052254029.html
Washington (AFP) – The US authorities have disciplined 41 Secret Service personnel for improperly accessing and leaking the personal information of a congressman who had scrutinized the agency, the Department of Homeland Security said.
Anon10 • May 27, 2016 4:32 PM
@ianf
He arrived in Moscow without any physical or digital documents on him precisely in order not to have to give up what he didn’t have.
This is pure speculation.
Nick P • May 27, 2016 4:54 PM
@ Anon10
What isn’t speculation is that they made him stay by cancelling his passport while he was over there. Leaves two options:
A. Negotiate asylum in country you’re stuck in that’s immune to US rendition teams.
B. Take your chance somewhere else that isn’t plus get there with no passport.
America forced the decision. Third option is returning for a fair trial. Their handling of Manning and others showed that wouldnt happen. Plus Patriot Act still exists. So, off the table without writtrn guarantees.
B.
ianf • May 27, 2016 7:50 PM
@ rrrrrrrrr too cute.
Well, I tend to think in story arcs, movie high-concepts… how else am I to stay on top of my frustrated screenwriter’s habit?
@ Anon10
[Snowden] arrived in Moscow without any physical or digital documents on him precisely in order not to have to give up what he didn’t have.
This is pure speculation.
Nope, it’s a on-BBC-camera verbatim quote from ES relayed here last November. Speculation is that your clutching at straws in defense of earlier unsubstantiated accusatory statement. In the end, however, it boils down to whom one believes: Snowden, or his USG adversaries like Hayden, who are boiling mad inside because not only has he evaded their counter-intel, but also did everything right AND has no skeletons in the closet (save his yearning for yucky Hot Pockets). The only big question mark for me is whether ES has figured out in advance that, come what may, the Russians would harbour him in exchange for the PR value that fell into their lap. It sounds far-fetched, but not entirely implausible, esp. as the H-K Chinese seemed not very happy with his temporary presence there.
Incidentally, once asked where ES has learned how to successfully “self-exfiltrate himself” (as John Le Carré would have put it), I came up with the analogy of Robert Redford’s clean-cut computer boffin character in “Three Days of Condor.” The same question was answered there with “He reads.” READS WHAT? “Everything.” Now, that’s a speculation to behold.
tyr • May 28, 2016 3:12 AM
Re Ed Snowden
The rus have always been paranoid for historical
reasons. So unless he was a Russian plant to begin
with they have no reason to trust him. Lavrov on
the other hand has no flies on him and diplomatic
opportunities like Snowden are made to be milked
for every bit of juice. It costs them nothing to
appear as benign and wonderful internationally.
On the other hand Brit IC has been meddling with
the rus forever (and vice versa), while the US
is the most inept diplomatic corps on earth.
Kissinger was insane since WW2 ended and some
fools decided he should be allowed to tamper with
any number of things he knew nothing about. The
cost of his adventures in lives and suffering
can not be counted. The murderous behaviors of
the detractors of Snowden are a matter of public
record.
Thoughtmaybe has the documentaries of Snowden
you can watch them and decide for yourself what
happened instead of buying into a secondhand
narrative.
If you want to see how dumb the rus are watch
RT news, in addition to seeing the host here on
occasionally you will notice they don’t run any
commercials except plugs for their own programs.
The only other folks smart enough to do that are
the evil empire (Disney).
Anon10 • May 28, 2016 4:55 PM
@ianf
Nope, it’s a on-BBC-camera verbatim quote from ES relayed here last November.
What proof does ES have that he did that?
ianf • May 28, 2016 7:58 PM
@ Anon10,
are you familiar with the concept of semantics? (=”the branch of linguistics and logic concerned with meaning”). Because you don’t seem to have understood that “verbatim quote from ES” means (ES=) Ed Snowden said so l.i.t.e.r.a.l.l.y (in the referenced BBC interview).
What other “proof” of that being the case + the fact that he’s not in Russian custody, had you had in mind… a lie detector test from Gitmo made public to allay specifically your “concerns”?
Anon10 • May 29, 2016 2:44 AM
@Nick P
Government agencies often bought American-made since we had moral high ground.
I’m not sure what you’re referring to here, but governments around the world buy American hardware and software for the same reason commercial companies do. The US has a near monopoly on the laptop/desktop OS market with MacOS/Windows and for CPUs with AMD/Intel. Whatever money you might save switching to a Linux variant, a company or government would probably lose to increased tech support costs while trying to retrain their non-tech savvy user base to a new OS.
Clive Robinson • May 29, 2016 3:21 AM
@ Anon10,
Whatever money you might save switching to a Linux variant, a company or government would probably lose to increased tech support costs while trying to retrain their non-tech savvy user base to a new OS.
There is sufficient evidence to show that the “retraining of non-tech savvy user base” is infact little different than re-training due to the likes of MS doing a full point upgrade on an OS or Office app.
The real reasons are a little more prosaic, firstly there is the “Nobody ever got fired for buying IBM” and for those that went against it, accusations made,to their seniors that they were technicaly delinquent / naive / irresponsible. Secondly and quite importantly user data lock in via proprietary file formats etc. Thirdly the users themselves realising that training on an unknown system had no future employment prospects in the job market. Forthly along with the “Nobody got fired…” attitude is the implicit “to big to fail” mentality that the major US Corps fight to maintain, and most users fail to realise is mainly irrelevant, because of the full point upgrade issues. That is to big to fail is compleatly irrelevant if what you business depend on is nolonger supported by the Corp anyway (think XP etc). It’s why people talk of the “Upgrade Hamster Wheel of Pain”.
Anon10 • May 29, 2016 4:30 PM
@ianf
Stay calm. You’re taking this way too seriously.
@Clive
All true to a point, and government bureaucrats take the cake in being risk adverse.
Anon10 • May 30, 2016 2:17 PM
@dirk
Him coming over to Russia in itself was already invaluable propaganda for Putin.
The propaganda value of Snowden is far less than might appear from a superficial glance. Russian propaganda is directed first and foremost at its domestic audience. You can only talk about Snowden for so long before the debate shifts from is the US in the wrong to is government surveillance harmful? The Russian government definitely doesn’t want the Russian people even to discuss the latter question.
Dirk Praet • May 30, 2016 6:42 PM
@ Anon10
The Russian government definitely doesn’t want the Russian people even to discuss the latter question.
The Russian people have been used to 24/7 surveillance for quite a while. The kicker here was that “the land of the free” was actually doing it too. Its primary domestic propaganda value was Putin – contrary to most of the rest of the world – standing up to the USG in welcoming Snowden.
Anon10 • May 30, 2016 8:10 PM
@dirk
Its primary domestic propaganda value was Putin – contrary to most of the rest of the world – standing up to the USG in welcoming Snowden.
If Putin just wants to be perceived as standing up to the US, there’s usually a thousand different ways he could accomplish that at any given point in time.
Nick P • May 30, 2016 8:35 PM
@ Anon10
A thousand ways they could ignore vs one that would drive them nuts plus generate tons of press making America look incompetent. He chose that route. You’re starting to appear as purely a troll if you’re missing or selectively ignoring things this obvious.
Anon10 • May 30, 2016 10:15 PM
A thousand ways they could ignore vs one that would drive them nuts plus generate tons of press making America look incompetent.
By them, I assume you mean the US. I think you’re missing the obvious. Russia’s primary goal is not actually to drive the US “nuts” in your words, but only to appear to drive the US “nuts” for its domestic audience. If you’re them, you put on a show of embarrassing the US, but in a way that you know the US can easily ignore. That way, great power diplomacy can continue uninterrupted by the demands of Russian internal propaganda.
Clive Robinson • May 30, 2016 10:48 PM
@ Anon10,
If Putin just wants to be perceived as standing up to the US, there’s usually a thousand different ways he could accomplish that at any given point in time.
Possibly, but how much do they cost? Ed Snowden was cheap real cheap, after all he’d paid his own air fare, and how much does it cost to keep him there?
The US would be nuts to go after Snowden, in any way whilst he’s in Russia, the political capital it would give Putin would be like winning the lottery a hundred times over. So the cost of having Ed in Russia is on balance negligible compared to the potential gains.
ianf • June 1, 2016 2:40 PM
@ tyr,
As to the rest of it: […] Thoughtmaybe has the documentaries of Snowden… decide for yourself what happened instead of buying into a secondhand narrative.
I’ve seen them all, and more besides. Basically everything we view on screen is secondhand, so even opposing opinions are of value because they provide a counter measure for our own instinctive biases/ leanings. And, in Snowden’s case, that would be the vicious BBC HARDtalk interview with Gen. Hayden, who will ensure that Ed dies of old age in Moscow (for illustration: think Mary Steenburgen lawyer’s courtroom character assassination in “Philadelphia” whispered with angel-like smile).
[…] “If you want to see how dumb the Russians are, watch RT News, […] you will notice they don’t run any commercials except plugs for their own programs.”
That only means that they don’t need outside funding because they’re someone’s agitprop tube, here Russia’s, of which they make no secret. I know of several EU public TV channels that do not carry advertisements (other than various NGOs and authorities’ campaigns to not drink and drive, say), even though they may permit in-view ads at sports events etc. So that’s no proof of/for anything.
Later: […] the US is the most inept diplomatic corps on earth.
I don’t know about “inept,” at least where visible geopolitical FX of last decade ‘n half are concerned. Spontaneous global post-2001/9/11 sympathy for the USA frittered away: [✓], freeing the US to again do as it pleases. In Central Europe both Hungary and Poland experiment with autocracy and Putin saber-rattling: [✓], never been a problem for the USA. In the Meddle East, the Muslim Shias kill the Muslim Sunnis en masse, and vice versa—what’s not to like; the ISIS keeps up the demand for ordnance; Egypt has reverted to being a Pharaoh-led autocracy, while also American vassal state—Hallelujah!; half the Palestinian Arabs think they’ll conquer US-pal Israel, the other half think the first nuts, but for nostalgic reasons can not even play this aloud on a Patephone; the oily sheiks bask in the leverage they get in exchange for doing as they’re told; and so on. What were the intended goals of that your inept American diplomacy again?
[…] “Kissinger was insane since WW2 ended and some fools decided he should be allowed to tamper with any number of things he knew nothing about. The cost of his adventures in lives and suffering can not be counted.”
Not “insane,” drunk with too much American Can-Doism, and Global Playerism (think Zbig was much better? Only too short in office to do as much damage). They, transplanted Euro intellectuals all (incl. your oft-quoted Hannah Arendt), had one advantage over home-grown policy makers: they had experienced something that can not be learned at Harvard, and which provided them with a halo of infallibility in foreign-policy matters. On the other hand, look at the caliber of conservative thinkers in the 60s, when Kissinger caught Nixon’s eye… wasn’t much of a match, and mere fact that Kissinger essentially told Nixon to kiss up with Mao, made a hell of an impression (whereas a few years earlier LBJ scuttled his Great Society because he wasn’t going to be the one to have “lost us Vietnam”).
Too bad that David Halberstam, whose “The Best and The Brightest” showed how clueless the Kennedy Dems really were, never followed it up with similar dissection on the Republican heavy-duty-thinker side. Hitchens’ J’Accuse! was pretty good, but I can’t wait for Niall Ferguson’s second volume of authorized Kissinger biography… the first, ending in pre-Nixon era, is already that masterfully offside-hagiographical, which holds lots of promise.
Dirk Praet • June 1, 2016 7:25 PM
@ tyr, @ ianf
If you want to see how dumb the rus are watch RT news
I’ll raise this with “If you want to see how dumb the yanks are watch Fox news”.
I know of several EU public TV channels that do not carry advertisements
Correct. Us here in Belgium, for example, have several publicly funded national TV channels with excellent news and no ads whatsoever. And we get to watch the EU football championship without any commercial breaks. We also have affordable health care for all and a Privacy Commission bashing Facebook hard. Today, they even accused them in court of sending customer data directly to US intelligence services. But I am digressing …
Anon10 • June 5, 2016 11:02 PM
@Clive
Ed Snowden was cheap real cheap, after all he’d paid his own air fare, and how much does it cost to keep him there?
If nothing else, there is the opportunity cost. What could they have negotiated in return for Snowden in June 2013 from the US? Depending on how much you think the US wanted Snowden’s proverbial head on a pike, the US might have been willing to concede quite a lot to get Snowden back. Now, he’s yesterday’s news and probably not as valuable as he once was. President Obama is already in the lame duck phase of his presidency, and has probably already started writing off issues as the next administration’s problem.
Gerard van Vooren • June 6, 2016 12:04 AM
@ Anon10,
Depending on how much you think the US wanted Snowden’s proverbial head on a pike, the US might have been willing to concede quite a lot to get Snowden back. Now, he’s yesterday’s news and probably not as valuable as he once was.
Things just don’t work that way. First of all I doubt it whether people who know all about the ins and outs of the various programs really want Snowdens head on a pike (after the initial rush was over). Second, how many fair trials have you seen about intelligence whistle blowers? The FBI / DOJ rather makes deals, that is what they are good at. With trials, you don’t know the outcome. The dirty laundry will be shown to the public, which they don’t like at all. I think that Snowden has a very good case. He blew the whistle after first hand witnessing the NSA was acting unconstitutional at multiple levels. Third, he is yesterdays news all right for the media but I don’t think that he is for the guys in his sphere of expertise.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
albert • May 20, 2016 4:35 PM
DoD Biometric Collection, and More Military Doctrine
https://fas.org/blogs/secrecy/2016/05/dod-biometric/
“…The data are stored in multiple databases, including the Biometric Identity Intelligence Resource, or BI2R. That system “is designed to provide the DOD, intelligence community, and coalition communities with authoritative, high-pedigree, biometrically base-lined identities, and advanced tools and technologies necessary to analyze, collaborate, produce, disseminate, and share biometric identity intelligence….”
. .. . .. — ….