Friday Squid Blogging: Baby Ichthyosaurus Fed on Squid

New discovery: paper and article.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on October 6, 2017 at 4:21 PM • 81 Comments

Comments

Ridiculous Lack of Common Sense for Privacy & Security October 6, 2017 5:22 PM

The number of daily USA privacy and security incidents has reached a fever pitch. It’s all too overwhelming. Do NSA personnel realty use Russian software at home???

Repeated intense successful attacks against security-cleared Americans throughout the world using stolen raw security data and techniques while leveraging off common vices and addictions.
Now Americas adversaries are using NSA weapons against the USA. Unbelievable and outrageous!

Leveraging Sources
The basis for these targeted attacks is extensive data analytics of 22 million detailed OPM SF86 security clearance data for every cleared USA govt employee, official, soldier and contractor.
Combine this vast knowledge with the Russian anti-virus data mining of incompetent clearance holders personal computing devices.
Americas adversaries are confirmed successful beyond their wildest dreams. Heartbreaking guys!

Convenient Personalized Targeted
Remotely targeting of unsecure smart-phones for cleared employees, officials, soldiers and contractors and those living within the household. Remotely targeting of connected household networks and IOT.

Solutions
1) Prioritize national defense over limitless big-data analytics collection by advertisers and Wall St
2) Wean the economy off of limitless big-data analytics collection by advertisers and Wall St
3) Prevent adversaries from hacking big-data dossiers by reducing their breath and scope
4) Make a condition of employment to severely limit IOT’s eavesdropping for those holding clearances
5) At political, military and economic sensitive sites revert to leaving smart-phones in the parking lot or at home. Use Silicon Valley best practices like Apple
6) Study China and Russia defenses against cyberattacks and cherry pick best practices
7) Enact similar laws like national security code reviews for foreign software
8) Cherry pick the European Union’s new privacy data protection laws
9) Replace and redesign unsecure communication networks (like SS7)
10) Health insurance coverage for smart-phone, Internet and porn addiction
11) Leaders of White House, Congress and Pentagon wage PR campaign to demonstrate how they personally restrict and manage smart-phone usage to improve American security. Led my brilliant Jared Kushner
12) Design equipment and networks to function after EMP
13) Hire former data-mining engineers (those with a conscience) to advise lawmakers
14) Don’t allow new personalized technology to keeping everyone ignorant through vague one-sided terms-of-service. Be explicit. Owners have a right to examine their own data.
15) forbid public institutions and schools from being data-mined by for profit advertiser analytics
16) change age of data-mined informed consent to 17 or upon high-school graduation
17) forbid medical facilities from being data-mined by advertiser analytics
18) teach data-mining techniques and privacy protections to our children at school
19) prevent data collected for one purpose then used for another
20) classify an IP address as personal sensitive data when combined or aggregated
21) allow streamlined civil fines and bounties of intentional fake news sources based upon income
22) tax breaks for open source software
23) use 5000 anonymous test cases to audit big-data social media algorithms for subtle voter steering and public policy shaping
24) Regulate large public social media corporations as public utilities with public hearings
25) be explicit in Privacy Policies. List third parties not just say third parties
26) list the current URL at the top of browser to help from being duped or scammed
27) create university degrees majoring in Common Sense

Argue all you want while incoherent America is further corrupted by the big-data lobbyists and analytics.
The facts are Russia and China’s evolving national security actions are effective (thanks go to NSA)
They grow stronger while the USA is staggering largely from a self-inflicted death of a thousand cuts.

True Smart Technology
We must innovate, control and regulate unchecked greedy technology before it consumes our very existence.
Can you tell an addicted person they need help?

Tamper TentroomOctober 6, 2017 5:40 PM

First rule of vx club?

Keep your development systems separate from the production environment.

Somebody missed class in the 90s.

Jonathan WilsonOctober 6, 2017 6:18 PM

Foreign countries and entities get limited access to the source code for US-made software (to review it) all the time. The ArcSight story a few stories below this one is one such example. Why doesn't the US just say that it needs the same access to the source code for Kaspersky and if it gets it (and can be satisfied its clean the same way the foreign governments are satisfied Windows or ArcSight or whatever is clean) it will allow its use again within the government.

If Russia (or Kaspersky) refuses to play ball, it would indicate there is something to hide.

Offense DefenseOctober 6, 2017 6:21 PM

" Do NSA personnel realty use Russian software at home??? "

Contractors. And there's really nothing exceptionally nefarious about Kaspersky.

Almost all AV flavors have been pwnable at one time or another.

https://www.wired.com/2017/03/clever-doubleagent-attack-turns-antivirus-malware/

https://www.wired.com/2016/06/symantecs-woes-expose-antivirus-software-security-gaps/

http://www.zdnet.com/article/research-shows-antivirus-products-vulnerable-to-attack/

Surfer GuyOctober 6, 2017 7:49 PM

I just came off a one year subscription to a highly regarded VPN and must say I do not share the wonderfulness of it.

For example, re: the "no logging" guarantee:

The VPN used two analytics trackers, google and optimizely which of course log a ton. Also, the website ran through Cloudflare which without doubt DECRYPTS and logs data. At all times the VPN maintained two connections to Cloudflare to what purpose I do not know, but suspect, no good. Their own privacy statement notes they use several cookies to 'improve service'. Hmmmm. Last, at times my device seemed to get a blast of unwanted ads from imr-worldwide, originating from the VPN. I think I managed to firewall a lot of the nonsense, but also allow I likely didn't stop it all. Trust score = 0.

I now have another expensive and highly secretive VPN subscription that seems a bit better, but:

They use virtual servers so that although you may think you are connecting to particular country/server, in reality you are connected to some other place, likely quite distant than what you think. Also, when checking ip address locations the public address NEVER goes to what you clicked, but some other place, although the DNS might where you think it is. Meanwhile, two .exe 'helper' programs keep spitting data outbound whether you are connected to the VPN, or not. Their explanation is less than convincing ....a bug.

A third VPN tells you straight up they log everything and have an open door policy with police and govt. agencies. WTF? It too uses Cloudflare for it's site thus opening a classic MITM or even real time access point for agencies.

Now I have a cheap droplet set up and use SSH for surfing. Everything seems straight up and legit with it. It uses very solid encryption and I can see no funny stuff at all going on with network monitors. It beats me why everyone is being herded into VPNs...I think they may, on whole, be worse than surfing with your home IP service on an UN-encrypted connection. At least you would know you are standing there naked.

If VPNs are so cool, why aren't the TLA's screaming bloody murder about them?

Anyway, for plain vanilla web surfing my view is SSH can be trusted, VPNs cannot.

GrauhutOctober 6, 2017 7:59 PM

@Jonathan Wilson "Why doesn't the US just say that it needs the same access to the source code for Kaspersky"

Kaspersky already publicly offered source code access in july. :)

E.K.: “If the United States needs, we can disclose the source code,” he said, adding that he was ready to testify before U.S. lawmakers as well. “Anything I can do to prove that we don’t behave maliciously I will do it.”

https://apnews.com/37f7f26c48ec4c31bd01ed24704aaba6

GodelOctober 6, 2017 8:21 PM

@Ridiculous Lack of Common Sense for Privacy & Security, As to most of the items on your list, you've got about as much chance of that as you would getting sensible gun control.

Money talks.

WoodrowOctober 7, 2017 12:01 AM

This week, Purism passed $1M in its crowdfunding campaign towards building a FOSS Linux phone:

https://fossbytes.com/linux-smartphone-librem-5-million-funding/

As of this posting, the campaign is more than 85% of the way towards its $1.5M goal, and it’s virtually guaranteed to succeed at this point. What this means is that the market will soon see yet another attempt at a secure smart phone alternative to Apple/Android.

My initial skepticism was that despite Purism being a hardware company, the planned hardware specs for the Librem 5 phone were lackluster, especially compared to iPhone and Google Pixel, but recent developments indicate they’ll be using much more recent processors. Although security is the major selling point, good hardware specifications are still vital, so this is welcome news. Purism explains their development roadmap here:

https://puri.sm/posts/librem5-roadmap-to-imx8/

Another area of skepticism that still remains is if this project is economically viable and scalable. Mozilla failed with Firefox OS, Canonical failed with Ubuntu Phone, and Silent Circle failed with Blackphone. With only a handful of cash compared to those much larger projects, how will Purism pull this off? I don’t know, but I will say I’m pressed they were able to suddenly turn this crowdfunding campaign into a clear success when the early trend lines projected failure. I’m hoping for more surprises from Purism.

There’s just one thing I wish Todd Weaver and his team understood: they have the potential to make Librem 5 truly massive and global, bolstering security for tens of millions of people, IF they prioritize delivering what the masses actually need. Like it or not, many of us depend on some proprietary apps for work or other such purposes. As much as I would like to only use FOSS 100% of the time, it’s not practical in 2017, and it’s certainly not practical for the vast majority of internet users around the world. If Purism wants Librem 5 to really go gangbusters, it will have to deliver a reliable and stable FOSS OS (PureOS), with the ability to run proprietary apps from Google Play or other Android stores inside a secure sandbox compartmentalized from the rest of the OS. To its credit, Purism does at least generally recognize this and listed it as a goal for its campaign, but unfortunately put it as a $10M stretch goal (which is laughable). It must be an absolutely necessary goal if the Librem 5 is going to win people away from Apple and Google. At present, the Librem 5 won’t even accept Wire, Telegram or Signal in PureOS despite their being open source. This overly-restrictive attitude is going to turn off the overwhelming majority of the market unless Purism allows a way for people to get the apps the want and need.

The market is begging for a reliable and secure alternative, and Purism could be that alternative and grow into a huge Silicon Valley company while doing it and making great strides for FOSS, but Purism needs to realize that it has to reach the consumer where they are, not where developers think they should be. My exhortation and hope is that Purism hire a developer experienced in building Linux sandboxes to make this a priority; perhaps someone from the Firejail project would be ideal. Next, hire or collaborate with a developer who knows the ins and outs of securing Android code, ideally someone related to the CopperheadOS project.

If Purism can create a reliable, highly-secure, well-performing FOSS phone that can actually run the apps most people need in a secure sandboxes environment, then it will be able to break the Apple/Google duopoly and save us all from the miserable experience of trusting the untrustworthy to secure our mobile lives. Weaver would be all over the tech and even mainstream press with a narrative like that. I hope Purism realizes that firmly enough to make sure it happens.

65535October 7, 2017 12:15 AM

@ Clive and others

I agree with the basic thrust of Clive's in-depth post that there are probably too many individuals with rather high security clearances in the USA. I will note that from one article in Bruce's last post about 60 percent of NSA's budget/manpower is from outside contractors who many not be totally aligned with the NSA [potential leakers].

Yes, Rogers has a lot to do with this. This is a multi-failure problem which the NSA is mostly responsible [Not to mention that little problem we had in Las Vegas, were the perp, seems to be a mil contractor and has no facebook or cell phone records].

I also agree with Clive that blaming Kaspersky products that phone home with a lot of "metadata" and probably does SSL/TLS stripping is no a single vendor problem. The same could be said about Symantec. Clive is right about taking what the Wall Street Journal says with a large grain of salt. All of the WSJ report includes unnamed sources - and all of its accusations could be applied to USA AV providers [they too are probably are loaded with ex-intelligence employees and their product phone home with a lot of metadata or worse].

To the specifics of file-less malware. As Morphisec explains [and others such as Arstechnia] this malware does have an initial file such as a rich text word document that is booby trapped with malicious JavaScript and other items. The fist thing is to accurately target a person with the correct spear fishing bait and get her/him to open the document and then by-pass the Office/word warning system for exe blobs in the document.

Then using stages, further parts of the malware kit are delivered sometimes with Task Scheduler, the infamous metasploit, or Mimikatz or powershell to setup more stages of malware [encrypted blobs that may call out to DNS for a C2 server] for more downloads.

http://blog.morphisec.com/fin7-attacks-restaurant-industry

[and]

https://arstechnica.com/information-technology/2017/02/a-rash-of-invisible-fileless-malware-is-infecting-banks-around-the-globe/

[Arstechnica poster]

Nilt Ars Legatus Legionis

Fatesrider wrote:

"Is this, or is this NOT simply an MS Word exploit?

"The question has some importance since the vector seems to target vulnerabilities in MS Word, so it begs the question of whether or not it would be mitigated by simply changing the default program for .rtf files to Notepad, or installing another word processor like WordPerfect or LibreOffice or even Open Office?"

****

"The initial infection vector in this case is a Word exploit, yes. It needn't be in order to be successful, however. That's nothing more than a convenient vector due to the prevalence of that application. It could just as easily be an exploit in any other software, including the OS itself.

"Furthermore, if you think it's tough to get folks to stop disabling Protected Mode, try and get them to accept the changes inherent in switching to another application, even assuming that's a viable option to begin with. Often enough, it simply is not."

"Moreover, we need to stop thinking about these things as a single exploit. The really clever bad actors are almost always using multiple stages nowadays. I've seen a few instances of something getting in via Adobe Acrobat, triggering a Word exploit from there (OCR is a common tool to accomplish this) and then moving into a local privilege escalation after that. Mix and match the various stages and you avoid being shut out by someone closing any one hole."

See:
https://arstechnica.com/information-technology/2017/06/fileless-malware-attack-against-us-restaurants-went-undetected-by-most-av/

The question is how to best stop this timed or stage loading of malware instead of blaming Kaspersky or other AV vendors. As Clive has indicated in past posts the "supply chain" hole in the software and hardware is big.

Anybody care to explain this fileless injection of malware, please do.

Gunter KönigsmannOctober 7, 2017 1:52 AM

My personal theory on the Kaspersky NSA hack;

1) Man took exploits home to continue working after hours
2) exploits were meant to be NOBUS but were detected by Kaspersky's program => virus scanner sends the newly detected virus home so the experts can analyze the still-unknown virus.
3) The experts suspect that this is a state-governed attack on their poor client and ask the government for help.

Result: government gets exploits gratis perhaps along with source code of spionage software.

Family reunionOctober 7, 2017 5:34 AM

Ever wonder about those 'in the wild' infographs? It's not like IKX would just randomly plan to have a shotgun wedding in Virginia, who's family tree is this?

Cousins on cousins on cousins, even God wouldn't be amused. Keep that type of ludity behind closed doors millennials wtf.

Do No Evil?October 7, 2017 6:36 AM

Google Trade Secrets Racketeering Lawsuit

'In an explosive new allegation, a renowned architect has accused Google of racketeering, saying in a lawsuit the company has a pattern of stealing trade secrets from people it first invites to collaborate.

“It’s cheaper to steal than to develop your own technology,” Buether said. “You can take it from somebody else and you have a virtually unlimited budget to fight these things in court.”

Attia’s technology automates certain aspects of building design, to save time and money and allow architects and designers to focus on creative elements, Buether said.

This week, a judge in Santa Clara County Superior Court approved the addition of racketeering claims to the lawsuit originally filed in 2014.

Attia’s legal team uncovered six other incidents in which Google had engaged in a “substantially similar fact pattern of misappropriation of trade secrets” from other people or companies, according to a July 25 legal filing from Attia.'
http://www.mercurynews.com/2017/10/06/google-accused-of-racketeering-in-lawsuit-claiming-pattern-of-trade-secrets-theftt/

Our Minds can be HijackedOctober 7, 2017 7:19 AM

An absolutely stunning Guardian article:

There is growing concern that as well as addicting users, technology is contributing toward so-called “continuous partial attention”, severely limiting people’s ability to focus, and possibly lowering IQ. One recent study showed that the mere presence of smartphones damages cognitive capacity – even when the device is turned off. “Everyone is distracted,” Rosenstein says. “All of the time.”
...
One morning in April this year, designers, programmers and tech entrepreneurs from across the world gathered at a conference centre on the shore of the San Francisco Bay. They had each paid up to $1,700 to learn how to manipulate people into habitual use of their products, on a course curated by conference organiser Nir Eyal.
...
It is not just shady or bad actors who were exploiting the internet to change public opinion. The attention economy itself is set up to promote a phenomenon like Trump, who is masterly at grabbing and retaining the attention of supporters and critics alike, often by exploiting or creating outrage.

Williams was making this case before the president was elected. In a blog published a month before the US election, Williams sounded the alarm bell on an issue he argued was a “far more consequential question” than whether Trump reached the White House. The reality TV star’s campaign, he said, had heralded a watershed in which “the new, digitally supercharged dynamics of the attention economy have finally crossed a threshold and become manifest in the political realm”.

Since the US election, Williams has explored another dimension to today’s brave new world. If the attention economy erodes our ability to remember, to reason, to make decisions for ourselves – faculties that are essential to self-governance – what hope is there for democracy itself?

“The dynamics of the attention economy are structurally set up to undermine the human will,” he says. “If politics is an expression of our human will, on individual and collective levels, then the attention economy is directly undermining the assumptions that democracy rests on.” If Apple, Facebook, Google, Twitter, Instagram and Snapchat are gradually chipping away at our ability to control our own minds, could there come a point, I ask, at which democracy no longer functions?

“Will we be able to recognise it, if and when it happens?” Williams replies. “And if we can’t, then how do we know it hasn’t happened already?”

New form of Attention Deficient
Witness the repeated Navy's failures and Silicon Valley requirement to import managers & engineers. Or the British officer launching a 9ft missile at the shipyard...

Can a distracted dumbed-down USA win any war? Simply seize control of American Big-Data corporations then reprogram the new goals. No one will notice or even care... Then Bruce won't have to worry anymore about moderation!

https://www.theguardian.com/technology/2017/oct/05/smartphone-addiction-silicon-valley-dystopia


cou-couOctober 7, 2017 7:45 AM

Another data leak: the regional government in Catalonia purportedly stole personal data from databases belonging to Spain's central government in order to put together a voting census that they could use in last week's independence referendum, which had banned by Spain's equivalent of the supreme court. The Catalan government botched an app that leaks data, making it trivial for anyone to recover the ID numbers and home addresses of everyone in that census.

https://elpais.com/tecnologia/2017/10/05/actualidad/1507196018_140173.html

SubreeceOctober 7, 2017 8:04 AM

Re Librem's phone, I guess it's a step in the right direction, but nowhere near solving the biggest privacy problems of smartphones. These problems are baked into the system, so using a handset that's clean as a whistle and more impenetrable than Fort Knox wouldn't do much to save us from problems like the cough, cough... "bugs" of the SS7 protocol, or triangulation, or IMSI catchers. Our biggest worry is not necessarily with the handset itself (which, to be fair, is a mess).

Winston SmithOctober 7, 2017 12:11 PM

@Ridiculous Lack of Common Sense for Privacy & Security

Consider that these problems will be resolved by an authoritarian, one world government. Dissenters will be converted or "disappeared", everyone else will be happy and safe. Defensive security measures will be considered a threat-- transparency and complicity will be rewarded with longer leashes. I'm not OK with it, but it will eventually happen. Perhaps we've already passed the technological, moral, and political rubicon.

https://en.wikipedia.org/wiki/Crossing_the_Rubicon

----------------------------------------------

@Woodrow

"If Purism can create a reliable, highly-secure, well-performing FOSS phone that can actually run the apps most people need in a secure sandboxes environment, then it will be able to break the Apple/Google duopoly and save us all from the miserable experience of trusting the untrustworthy to secure our mobile lives."

Well said. Loooong way to go yet, but I applaud the efforts. And I'd rather see them completely fail than to be bribed or coerced into the IC fold.

----------------------------------------------

Ironic Headline: "For real Windows 10 privacy, you need the China Government Edition"

https://www.computerworld.com/article/3200375/microsoft-windows/for-real-windows-10-privacy-you-need-the-china-government-edition.html

Money makes the world go 'round.


Deep breathOctober 7, 2017 12:20 PM

"Cousins on cousins on cousins, even God wouldn't be amused. Keep that type of ludity behind closed doors millennials wtf."

"Ludity" isn't a word, and millennials aren't known especially for incest/inbreeding.

At risk of you being called weird, you are being weird.

chavoscriptOctober 7, 2017 12:37 PM

"Anybody care to explain this fileless injection of malware, please do."

It's not really fileless, but the final payload is only decrypted in memory and not written to disk. They tend to use Windows services against itself for cover, 'hollowing' out legitimate svchost.exe calls that are then free to do whatever. There are hooks to re-initialize after a reboot, re-decrypt, and re-launch in ram. They can also hide re-init code in hardware now where nobody would see it from userland.

All of this is possible from a single javascript drive-by seed.

RachelOctober 7, 2017 3:22 PM

Surferguy
i dont use or need protonmail but more recently they do offer a vpn facility that would probably lack the deficiencies you describe

JG4 and Clive (cc. albert, Bob Paddock)
OT pardon
atlasprofilax.ch/eng
it's really quite extraordinary. goodbye difficulties. note the method only takes 5 minutes, once. You really need to watch the 7minute video rather than read everything unless your name is Clive

Lawrence D’OliveiroOctober 7, 2017 5:43 PM

Any proponent of the “guns-for-self-defence” ideology might like to think about the Las Vegas shooting and contemplate the well-known maxim that any security system is only as strong as its weakest point.

Any questions?

65535October 7, 2017 8:52 PM

@ chavoscript

“It's not really fileless, but the final payload is only decrypted in memory and not written to disk. They tend to use Windows services against itself for cover, 'hollowing' out legitimate svchost.exe calls that are then free to do whatever. There are hooks to re-initialize after a reboot, re-decrypt, and re-launch in ram. They can also hide re-init code in hardware now where nobody would see it from userland.”

That is pretty good but a quick description. What do you mean by hollowing out svchost exe’s [is this done by a dll or by a script or a call to C2 servers?]. How are the hooks re-initialize after a reboot, From a file hidden or encrypted? If in the init code is hidden in hardware what would be the location? It still would look like some data structure is on the HDD somewhere.

@ Gunter Königsmann

“My personal theory on the Kaspersky NSA hack;
1) Man took exploits home to continue working after hours
2) exploits were meant to be NOBUS but were detected by Kaspersky's program => virus scanner sends the newly detected virus home so the experts can analyze the still-unknown virus.
3) The experts suspect that this is a state-governed attack on their poor client and ask the government for help.”

That makes some sense. I assume you are talking about on going Martin case where terabytes of data and exploits where brought to his personal residence. Your right that Kaspersky AV would flag it and find the files for inspection or send off for further inspection. It looks like KAV did its job… but terabytes of files – that is a lot of data.

Jared HallOctober 7, 2017 10:33 PM

@All: I wrote a Sieve auto-responder script that echos back to the sender the details of their Email's secure (or not) transport. This way an Email sender can get a reasonable expectation that their Emails to me will arrive over TLS/SSL encrypted links. This isn't a panacea, nor is this a perfect solution. It is, however, a good first step. There probably should be an RFC written to address the expectation of Email security, from the sender's perspective. For my part, I've learned that Sieve scripting is a PITA.

You can see it in action by sending a blank, or minimal email to: autotest@jaredsec.com. The script itself can be downloaded here: https://www.jaredsec.com/wp-content/uploads/2017/09/roundcube.sieve_.txt

BahbahOctober 8, 2017 4:16 AM

"Equifax Amassed Salary Details for People at 7,100 Companies"

https://www.bloomberg.com/news/articles/2017-10-02/equifax-has-amassed-salary-details-for-people-at-7-100-companies

"The database was the brainchild of Smith, who sought to diversify Equifax from a regional credit-reporting agency into a full-fledged data and analytics company."

"Bloomberg News contacted the 40 largest U.S. employers .....None said they will sever existing ties."

I am giving up saying there ought to be a law against stuff like this. Equifax is a vast secret mass surveillance machine for big business, and it's very profitable. Meanwhile, obviously, there is no person or government agency capable of standing up to the Mass Surveillance Opticon. Literally, resistance is futile.

No wonder IRS won't quit them. Indeed, no company will quit them. Their data is priceless to keep us wage slaves in economic chains.

Citizen 20938741October 8, 2017 4:16 AM

Australia continues to further its surveillance agenda "for our safety". The latest idea is to harvest existing passport and driver's licence photos for broader use[1]. It is declared that these images will not be used for real-time surveillance, but can we ever be sure?

For those not familiar, Australia is part of the cushy "Five Eyes data sharing arrangement". A recent history of changes in Australia include data retention for 2 years[2].

A majority of people need to start to give a damn about computer security and free society. This site and others like it is but a beacon of hope in a darkening world. I have become quite disillusioned by the utter indifference to all of this, but brightened by some of the sharp discussions here, fighting the good fight.

The irony is not lost on me that it would be difficult to protest publicly in the shadow of "The Capability"[3]. For example, cops were filming the 2006 APEC protests from atop Sydney Town Hall. It would not be much of a stretch to feed this into a modern facial recognition system to facilitate retrospective profiling.

Face coverings at protests are also now illegal in at least one Australian state. (This has happened in the past month or so - timing can be fun!). Unfortunately some people attend rallies mostly to cause harm. Due to this, legitimate peaceful protesters can no longer protect themselves from rights-busting profiling. Some may simply stay away, which is the "chilling effect" at work. Ideally with things in balance, covering your face at public protests would not be necessary.

I understand that you can't be weak on National Security, but also I can't understand why there is not allowed to be any public discussion on the matter if such changes are considered necessary. I am reasonable, but never get a sense of reasonableness from the establishment. Snowden's revelations after all were to foster a public discussion. Surveillance is fine if it is justified, proportional and has stringent independent oversight. Four years on and I feel that we still haven't been given the opportunity for thoughtful public discussion of existing and proposed surveillance systems.

If I were to predict... the latest development is one of the final steps towards a Digital National ID within the next five years, in which government-run Australia Post has a vested interest[4]. It will be "sold" as a combination of National Security and as an attempt to prevent identity fraud. More biometric points will be added, and it will quickly become law. Furthermore, Australia will beat the US and UK "to the market" on this mostly due to paucity of human rights law in Australia.

---

[1] Our casual acceptance of terrorism measures endangers liberty (Oct 2017) https://www.theguardian.com/australia-news/2017/oct/07/casual-acceptance-terrorism-measures-endangers-liberty

[2] ref. Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015

[3] The Capability: Facial recognition, privacy and regulating new technology (May 2017) https://australiansecuritymagazine.com.au/the-capability-facial-recognition-privacy-and-regulating-new-technology/

[4] Australia Post bolts digital ID service onto DTA platform (May 2017) https://www.itnews.com.au/news/australia-post-bolts-digital-id-service-onto-dta-platform-462284

HermanOctober 8, 2017 7:05 AM

What boggles the mind is that a NSA system administrator would run and unsecured Windows machine at home, plugged into the internet and then load NSA utilities on it.

However, since I am not an American and therefore potentially on the opposite side of the NSA, I find it strangely reasuring that NSA personnel is this inept.

Clive RobinsonOctober 8, 2017 7:36 AM

@ Herman,

What boggles the mind is that a NSA system administrator would run and unsecured Windows machine at home, plugged into the internet and then load NSA utilities on it.

I'm not sure the person was a Sys Admin, and to be honest reports in the public conflict. One gives the impression that person had worked in TAO but either as a tool operator or tool developer.

The thing is I've worked in development organisations, engineering, embbeded and bespoke and you get a different vibe in each. Trained engineers are usually quite aware of safety in systems, and makeing the step over to thinking about security is usually minimal. Embbeded designers come from three backgrounds, trained engineers, self taught engineers and self taught software developers, most have proffessional qualifications in other engineering or science subjects, and self taught to do their degree and above projects and similar. They are generaly as concerbed about safety and security if not more so than engineers. It's when we get to software the issues start, I've said it before but even many who have done CS or similar degrees are more artist in outlook than engineer. For quite a few "code is the thing", and self taught is not uncommon or transferred from softer sciences or non science degrees. Some have a "bl@@dy d1va" attitude and have neither sense of safety or security, just a desire to appear master of the latest language or methodology. With the stress on "appear" as they often job hop. They "talk the talk at interview" then once in post where the others have not yet got to the starters gate/tape they hit the ground running building up sufficient experience in a few months by working all hours that they can jump to a more senior role for a couple of years at most before "rinse wash and repeate" in a new language or method. They never realy make it from apprentice level to journyman and almost never become master of anything. They are frankly dangerous as we will see with more IoT development etc.

Thus I suspect the person does not think about safety or security, just cutting code and getting on to a new gig where they see more money etc.

DennisOctober 8, 2017 10:14 AM

@ 65535 wrote, "I agree with the basic thrust of Clive's in-depth post that there are probably too many individuals with rather high security clearances in the USA. I will note that from one article in Bruce's last post about 60 percent of NSA's budget/manpower is from outside contractors who many not be totally aligned with the NSA [potential leakers]."

While this may be true, one should assume there are many levels of opsec at work here, including those against insider threats. No given employee or contractor may be fully aware of the larger implications of their work. I expect them to be highly segregated with watch stops placed at every joint and people looking over each other's backs.

Unsuspecting employees taking stuff home or work in a remote office may not be fully aware of the implications of their actions, or they may place too much trust in the Mass Surveillance's ability to protect them. Afterall, if everything is throttled and filtered at the link layer, they could very well filter out the sensitive joints, especially if they know who the end point belongs to, because I wouldnt be surprised if the folks with clearance register first and early on their mass radar.

Bad habitsOctober 8, 2017 12:59 PM

@clive
May I add complacent enforcement and oversight the master has duties and responsibilities of a Sherpa for the apprentices and must weed out any dangerous sorts incapable of being corrected. Zero tolerance for complacency is just one layer of the safety system onion

Nosir PrizeOctober 8, 2017 4:54 PM

The proposed USA Liberty Act "reauthorizes Section 702 of the Foreign Intelligence Surveillance Act (FISA) – which allows American snoops to scour communications for information on specific foreign targets."

https://www.theregister.co.uk/AMP/2017/10/05/usa_liberty_act/

The bill pretty much fits the pattern of recent laws written to make legal what used to be illegal and/or unconstitutional.

Basically, the proposal will give US law enforcement access to NSA data for general law enforcement purposes. Supervisor approval and forms will be required, however.

CassandraOctober 8, 2017 4:54 PM

@Clive

It appears one of your magna opera has gone for a Burton, which is a cause for regret. Is there another locus away from οἱ πολλοί where your insights can be appreciated in their totality?

tyrOctober 8, 2017 8:40 PM


@Clive

It isn't just too many people with too
high of an access. The entire spooks nest
and those who feed them have choked the
entire process with random crap that is
not worthy of being classified in any
way. Tacking the mess of computerness
on top has not made anything better.

I see USA has decided the Turks are now
questionable people to have a visa. At
some point our enemy list is going to
be the entire roster of the UN. No one
has a plausible explanation for that.

Clive RobinsonOctober 9, 2017 2:16 AM

@ Cassandra,

Were you by any chance a choirister in earlier times?

It's where I first came across ο πολλοί.

As for "other places" no I do not have my own blog, I've mentioned a few of the reasons in the past.

Not least of which these days is I would not want "the fame" that would be one of the "few defenses" against the privations of certain oppressive government types.

Clive RobinsonOctober 9, 2017 3:23 AM

@ tyr,

It isn't just too many people with too high of an access. The entire spooks nest and those who feed them have choked the entire process with random crap that is not worthy of being classified in any way.

It's certainly an indicator that the process is "not competent", which gives rise as to "Is it a people or technology problem?"

There is the "400 man-hours to make a house" issue. The reality is it will take one man very much more than 400 hours to build a house because he can not be in two places at the same time. Likewise it will take a lot lot longer than one hour for 400 men to build a house in part because they will be tripping over each other and in each others way and thus coordination is impractical.

The implication is there is an optimum size for a team carrying out any given task. Solving more tasks by multiple teams looks at first like the solution and with just one or two independent teams working on independent tasks it appears to work and scale linearly.

The problem is the tasks are not actually independent of each other therefore the teams can not be independent of each other. Thus people start tripping over themselves trying to do the same task as another team and assuming other teams are doing related activities that impinge on their task when they are not.

Throwing technology at such a mess is not realy going to solve anything, even in the highly unlikely event the technology is appropriate to a function within the tasks.

Put simply humans can not deal with complexity in a timely fashion. And with a push for "instant results" high levels of randomized complexity can not be in any way managed.

Look at it this way if the universe is some kind of computer, the state in every part of it would have to be known to be able to predict with certainty what was going to happen next. The problem is you can not know all of those states as they are both dynamic and to some degree random. Therefore to make a predictive device you would need one many many times larger and faster than the universe to get an approximation of what was going to happen next.

Ultimately the inteligence game is one of failure, not success.

The reason it has sort of worked in the past is it's realy only dealt with macro events of nation states, not the minutiae of individuals.

That is the number of tasks has been small and slowly evolving thus the teams could give predictions that were close enough to take action upon.

That is nolonger possible with individuals of which there are a very large number, their activities often evolve very very rapidly and above all chaotically to inputs some of which are in effect random.

Wesley ParishOctober 9, 2017 5:55 AM

A lighter side of "security by obscurity", and a take on programming languages, a (relatively) big topic of discussion here:

ht tp://lolcode.org/

for the discerning programmer who can haz cheezburger, and for the hapless addicts of a certain set of books written by one EL James:

ht tp://www.theregister.co.uk/2017/10/09/fetlang_erotic_programming_language/

In theory a complete program written in fetlang would cause a hapless TLA agent intercepting said program to fall into an uncontrollable unstoppable fit of laughter, and thus terminate said TLA agent with extreme prejudice at their own (hands).

Putting Others FirstOctober 9, 2017 7:40 AM

@ Clive,
History validates that who suffer from afflictions are given special gifts of pure inspired thought informing the rest of us of our shortcomings.
We gain insights of those pushing security type technologies in their lust to gain the powers of omnipresence, omnipotence and omniscience over mere mortals.
The participants in this blog document the daily ramifications not published elsewhere.
As you state ‘Ultimately the inteligence game is one of failure, not success.’
The lies and deception do indeed take a fatal toll.
Thanks to both Clive and Bruce.

Clive RobinsonOctober 9, 2017 8:50 AM

@ All,

I was asked this today,

    Do you think the writing is on the wall for Win 10? given that it is supposed to be cross-platform, and mobiles just been killed and PC usage is going down?

They included this BBC News link in the message,
http://www.bbc.co.uk/news/technology-41551546

I thought for a few seconds before sending my reply of,

It's not just the use of PCs it's also that MS has been using it to force people into their cloud so they can be "data raped" by the USG as well as Micro$haft making big bucks on the users habits via Win10 telemetry.

Further forcing users from XP/7/8 against their will and then terminating the contracts / support so they are all forced to buy Win10 long before they would have been with 7/8 backfired as the UK NHS got hit badly due to this MS policy and the whole shabby charade became a public spectacle of shame.

But also People just don't want "MicroShit inside" nor for that matter Intel ME and other Ring-3 technology. Even though they will put up with Android and similar walled gardens.

Then when Bilk Gates and other seniors say they've transitioned to Android / GNU / Linux in various forms and get a better experience, it does not inspire confidence full stop.

To a certain extent MS has been adopting BSD / Possix/ GNU / Linux for a number of years, to the point they are now in effect building it in and telling developers to use it, it does suggest that MS is moving away from personal use OS's.

Anyone think there is more I should add or perhaps something I should take away?

WaelOctober 9, 2017 11:06 AM

@Clive Robinson,

Anyone think there is more I should add or perhaps something I should take away?

Yes! Hard to predict the future and events that will influence the path of evolution.

bigmacbearOctober 9, 2017 12:57 PM

@tyr:

I see USA has decided the Turks are now questionable people to have a visa. At some point our enemy list is going to be the entire roster of the UN. No one has a plausible explanation for that.

From what I've heard, the reason for the visa suspension (which Turkey has reciprocated) was the arrest of a US consular official in Istanbul due to alleged ties with exiled Turkish cleric Fethullah Gulen, who Turkey is demanding be extradited from the US. So this is a diplomatic standoff, not necessarily a security problem.

http://www.cnn.com/2017/10/09/politics/turkey-us-visa-diplomacy/index.html

CassandraOctober 9, 2017 2:48 PM

@Clive

No, I wasn't a chorister myself, but hung around with a few in my time. I had the dubious advantages of a broad and privileged education.

I understand perfectly about not wanting a blog. I just wondered if you might be posting elsewhere. I've mentioned Soylentnews before as a possible alternative venue - it should be Tor accessible at http://7rmath4ro2of2a42.onion/ - it is a site I would dearly love to see flourish: no advertising, no javascript, and open source.

tyrOctober 9, 2017 4:40 PM


@Clive

LOL I wondered how long it would take
to crap up windows so badly that Linux
would suddenly become a better experience.
I predict the next leap will be to ditch
the GUI and mouse and go back to MSDOS
6.22 to let the user be in control of
their computing experience.

I see Amber Rudd has decided that Britain
needs thought police to go after all the
hate on the Net. I heard it mentioned as
a truism that you can't legislate morality.
It seems there is always someone trying it
in hopes humans will suddenly change course.

In line with your explanations of indeterminacy
I see some economists have discovered that the
idea of aggregates of human desires have turned
out to be false. The idea that you can quantify
things to make them easily manipulatable sounds
good on the surface but has no factual basis.
You can see the same thing in figures used to
measure suffering. There are things that are
individual by their very own nature and can't
be expressed as additives.

ByeOctober 9, 2017 9:18 PM

Do I have to say bye to all my Russian-made software, Abbyy please don't say you are Russian!

gordoOctober 9, 2017 9:24 PM

Off-topic.

What is filter-bubble frothing? Though a bit redundant, I suppose it's like yelling fire in a filter bubble, or two, or three, or four, and on it goes. . . .

I doubt it's possible, among other reasons, given that much of it's proprietary, but it would be nice to see social media data of more recent vintage subject to open and thorough study.

From the cable-news era:

Stefano DellaVigna, Ethan Kaplan; The Fox News Effect: Media Bias and Voting, The Quarterly Journal of Economics, Volume 122, Issue 3, 1 August 2007, Pages 1187–1234, https://doi.org/10.1162/qjec.122.3.1187

Abstract

Does media bias affect voting? We analyze the entry of Fox News in cable markets and its impact on voting. Between October 1996 and November 2000, the conservative Fox News Channel was introduced in the cable programming of 20 percent of U. S. towns. Fox News availability in 2000 appears to be largely idiosyncratic, conditional on a set of controls. Using a data set of voting data for 9,256 towns, we investigate if Republicans gained vote share in towns where Fox News entered the cable market by the year 2000. We find a significant effect of the introduction of Fox News on the vote share in Presidential elections between 1996 and 2000. Republicans gained 0.4 to 0.7 percentage points in the towns that broadcast Fox News. Fox News also affected voter turnout and the Republican vote share in the Senate. Our estimates imply that Fox News convinced 3 to 28 percent of its viewers to vote Republican, depending on the audience measure. The Fox News effect could be a temporary learning effect for rational voters, or a permanent effect for nonrational voters subject to persuasion.

http://econweb.umd.edu/~kaplan/foxnews.pdf

Nick POctober 9, 2017 11:29 PM

@ Clive, Wael, people w/ hardware experience

New story making the rounds. I haven't seen confirmation elsewhere. What you all think of veracity of this resonance claim? I'm skeptical when I see the word since a lot of nonsense attaches to it but we're all aware of active attacks on computers ranging from electromagnetic to sonic/ultrasound to use imagination. Worth at least looking into I thought.

WaelOctober 10, 2017 12:57 AM

@Nick P,

So the reading head glides over the plates and is attached to a flexible arm. Sure, it can act like a microphone. Probably a really bad one, for many reasons: it’s surrounded by several enclosures, the environment is noisy, ... and reading the sound vibration through software will lose some fidelity due to other reasons.

The resonance part... every enclosure has a resonance frequency. Not all drives will have the same one. So yes, sound can have an effect on a drive. Drives also have vibration dampening components to reduce the effect of shocks on drive life.

The claim doesn’t violate the laws of physics. Get an SSD!

WaelOctober 10, 2017 1:37 AM

@ Nick P,

I don’t know how a piece of software would extract sound information out of a reading head that only conveys zeroes and ones from magnetic media. Not clear how needle vibration due to sound could be captured by software only components. I say that part is unlikely. Here... it pegged the scale. The other part requires some experimentation, and may not pegg the scale, but it’s high on the reading. Either case, it's not a vector I’d worry about.

Purism exceeds $1 million in funding for Librem 5 Linux-based smartphoneOctober 10, 2017 2:15 AM

"The most popular mobile operating system on the planet, Android, is already based on Linux, but with Google in charge of it, many consumers cannot depend on it for privacy. With that said, Purism is planning to fight the impossible fight against Android and iOS with the "Librem 5" smartphone. This is a device that will run a privacy-focused Linux-based OS called "Pure OS," but the hardware is wide open for any OS, really. Purism is trying to raise $1.5 million through crowdfunding, and earlier today, it reached a significant milestone -- $1 million! Maybe the fight isn't impossible after all..." - via BetaNews

In the news:

https://puri.sm/shop/librem-5/
https://news.ycombinator.com/item?id=15436716
https://news.ycombinator.com/item?id=15090156
https://www.reddit.com/r/linux/comments/74cl80/purism_librem_5_has_surpassed_1000000_raised_in/
https://www.reddit.com/r/linux/comments/75bjmp/librem_5_funded_hooray/

Clive RobinsonOctober 10, 2017 6:20 AM

@ Nick P, Wael,

New [hardware] story making the rounds. I haven't seen confirmation elsewhere. What you all think of veracity of this resonance claim?

As I keep telling people "many transducers are bi-directional" and "as long as the laws of physics alow" then somebody is going to investigate / do it.

This one appears to be a bit more interesting, as far as I can tell it's using the servo control loops in the hard disk. The nearest most people come to an intentional servo control loop being used to make measurments are those "weigh your letters" scales. Put simply you lift a magnetic pole with a pan on it by using the equivalent of a speaker coil. Only instead of having the cone hold the coil at the right depth. The coil is lifted by the DC current flowing in the coil. A feed back mechanism such as a blade moving through an opto sensor is used. You can tell the displacment of the pan by either measuring the current or by measuring the frequency the loop oscillates at.

Hard drives have several servo loops in them, the head positioning servo is usually oscillating by seeking either side of the data track. It will also "gate data" if the head is too far off, which would effect the response time of the HD on read requests.

Now if you can get the sound to somehow work in a phase related way to the servo resonance then yes there would be a risk of damage. But how much I have no idea as I've never tried to measure a hard drive that way.

Any way there is a different article saying similar,

https://www.extremetech.com/computing/233602-hard-drive-sounds-used-to-steal-data-from-air-gapped-computers

Bob PaddockOctober 10, 2017 7:39 AM

@Clive Robinson

"Therefore to make a predictive device you would need one many many times larger and faster than the universe to get an approximation of what was going to happen next."

Problem is such experiments, that have been replicated many times, show that it is possible to make such predictions. See Dean Radin et.al.

I've discussed International Consciousness Research Laboratories and their predecessor PEAR Labs in the past here.

These are some of the other methods for which there is no known shielding today because no one knows for sure how they work yet, and those in the Deep State that probably do are not sharing.

Related to the Guardian article and this topic see Mind/Brain Effects links to some of the government related papers.

There is lots of work going on in the area of Parapsychology, alas it is in places most don't look. Nor consider its real world applications to things like Security.

WaelOctober 10, 2017 7:46 AM

You can tell the displacment of the pan by either measuring the current or by measuring the frequency the loop oscillates at.

That requires privileged access, which negates the original claim, that's number one. Number two, this is nothing short of bovine excrement. Not a viable attack vector. An interesting demo, though. Tipped both scales on different directions...

WaelOctober 10, 2017 11:24 AM

@Clive Robinson, @Nick P,

Number two, this is nothing short of bovine excrement.

Just to clarify, the above statement references the original article - not your explanation.

Clive RobinsonOctober 10, 2017 2:34 PM

@ Wael,

That requires privileged access, which negates the original claim

Err not of necessity, think a little sideways... Try this thought experiment,

If the unprivileged program does enough write/flush/read cycles then if the OS has a low enough latency it will have a bandwidth of a few hundred Hertz.

Thus if the external sound does effect the tracking loop of the read/write head, it will in turn effect the read write timing.

If you can establish a rolling average on the read/write times, by say integration in a digital lowpass filter, you can then get a delta function on the time delay which is in effect after a little more digital trickery (see the way CELP works) the sound waveform with a frequency defined phase difference.

WaelOctober 10, 2017 4:10 PM

@Clive Robinson,

If the unprivileged [..] if the OS has a low [...] if the external sound does [...] If you can establish a rolling average on the read/write times...

This CELP?

How many "ifs" do you have there? I can add a few more. Here:

if the computer enclosure does not attenuate sound too close to the noise floor
if the Hard drive enclosure does not attenuate the sound further
If the Hard drive noise and ambient computer fan noise do not increase the noise floor too much
if the reading head does respond to the right audio range

Try this thought experiment,

Try this thought experiment: get a hard drive and insert a sensitive microphone inside it. Then the computer on and see how much sound you can capture. Then progressively assume the other "ifs" are true... Please tell me you don't believe this is a viable attack vector that's worth further discussion! I really meant the second link above with the give-a...-o-meter ;)

@Nick P,

Wadda ya say?

Clive RobinsonOctober 10, 2017 11:25 PM

@ Wael,

Please tell me you don't believe this is a viable attack vector that's worth further discussion!

There are two parts to that question, the second part of "worth further discussion" I think it is.

Let me explain,

Based on the little information we have then my gut like yours is saying "to much sound proofing" and "way to much close in noise".

So the question of "If it is viable or not?" resolves to both yes and no...

That is I can see how it might work, but I don't think it will work well enough to pick up people speaking more quietly than the noise inside the same computer case.

That said though I think the potential methods should be looked at to see if their are similar channels available.

For instance years ago people kind of talked down the use of the Delta on the master XTAL on a motherboard. However I found a way to use it via a very simple "brain dead script kiddy" attack to find computers with shared resources that could be indicative of use of a honey pot trap. So someone with a nice new shiny zero day could avoid a honey pot, without raising any real alarm with the sys admin of the honey pot.

WaelOctober 11, 2017 12:18 AM

@Clive Robinson,

That is I can see how it might work, but I don't think it will work well enough to pick up people speaking more quietly than the noise inside the same computer case.

I see. I usually disregard so called "Security holes" or "Attack vectors" if: 1) They are not practical; 2) Not expected to work as advertised; 3) More practical methods exist. But... ok, I'll bite. But here is some of the challenges:

1- Can we use a speaker that's already playing sound to capture a conversation taking place in it's vicinity (full-duplex with a single transducer plus the output signal is 20+ dB above the input signal?) This is an easier problem to solve than exploiting a hard drive reading-head assembly to capture the same. See, the hard drive spins at a constant speed. Other software components are doing things to the drive. Things are going into context and out of context, swapping in and swapping out is happening and a ton of other things that cause the reading head to constantly move.

2- Suppose the drive was able to capture the surrounding low level sound.Now the software that runs to characterize patterns in some file it's constantly thrashing (to sample the sound) and then run some algorithm, encoding or otherwise, to extract the sound pattens from the file. Then it needs to filter the noise out, and that includes error correction and probably another component algorithm that uses noise cancellation to remove the "common denominator" noise, perhaps from another adjacent drive reading-head....

3- Then the non-privileged software will need to send this information "home" through other channels that may very well require permission.

That was the "OK, lets analyze how it could work part"

Now let's talk about "How it was deployed" part. Malware? Social engineering? what other channels are there? Can't we use that channel to deploy something a little more efficient?

That was the practicality and viability part. I don't mind discussing it from an academic perspective. But as an attack vector, it fails spectacularly.

This algorithm is much more impressive, and perhaps can be utilized instead.

Clive RobinsonOctober 11, 2017 4:37 AM

@ Wael,

1- Can we use a speaker that's already playing sound to capture a conversation taking place in it's vicinity (full-duplex with a single transducer plus the output signal is 20+ dB above the input signal?)

Yes, I've mentioned how before. You've done RF engineering, so know about "circulators" well at audio frequencies that is done with a two wire to four wire converter in the Plain Old Telephone system, and put to use for years in POTS modems. Provided you can stop your input circuit being overloaded then you can do the same with DSP tech.

The reason it will work with a speaker is that just like a DC motor they produce a back EMF. Which will be due to a combination of things that cause the speaker diaphram resistance thus require work to overcome. Back EMF motor speed controlers have been around since the 1960's in model railway model engines and you can find not just germanium tranistor (OC71 etc) circuit diagrams and circuit descriptions in books and magazines from then onwards Elektor magazine has published updated ones to account for any technology changes including those using DCC more recently.

It's believed that the Russian's used Theremin[1] to design exactly this sort of device. It was put into the passenger cab of vehicles carrying the likes of diplomates and other people who might have secret information. Back then the belife in the US was that if you had to talk in such a vehical constantly retuning the radio to noise or noisy signals would confuse microphones put in the upholstery of the seat backs. Whilst it did confuse the seat back microphones it did not effect Theremin's device (I'm fairly sure I've mentioned this before).

With regards clean up,

2- ... Now the software that runs to characterize patterns in some file it's constantly thrashing (to sample the sound) and then run some algorithm, encoding or otherwise, to extract the sound pattens from the file. Then it needs to filter the noise out,

Right as I've explained befor with "random" noise you need to understand the difference between determanistic noise and true random noise, the latter is usually only a very small component of what the human brain thinks is noise.

Also as you know band filtering removes not just unwanted signals which in aggregate are determanistic noise, it will when done sufficiently tightly reduce true random noise as well as the bandwidth decreases.

You might also know about "matched filters" and "tracking filters" as well as synthetic filtering by cancelation with signal estimation subtraction.

The bulk of the noise inside a PC is very much determanistic, and because it's largely invarient you can predict it. Motor noise is basically a noisy harmonic generation of the angular frequency of it's rotor. It's noise output is fairly invarient across a full rotation (it's a weighted sum of the harmonics) and can be mapped using averaging. You can use a tracking filter to get a very good lock on the rotor frequency then use that to drive a "determined noise map" to produce a synchronised cancelation signal. There have been graduate level books discussing it since the mid 1980's I have several on my book shelves. Modern DSP makes this a lot easier for various reasons.

But those text books also talk about wanted signal estimation to lift signals out of noise. In a way our brains do this which is why we get the old jokes about "Send three and four pence I'm going to a dance" being heard rather than "Send reinforcments I'm going to advance".

One method is to do "line folowing". If you have a fairly noisy signal you can use the likes of a loose locked oscillator to get a lock on the lowest regular frequency component. You can then use that to drive two other oscilators one slightly high the other slightly low in frequency. By using a product detector at the output of multiplying the oscillator with the input signal you get a low frequency difference signal that will track the input signal frequency and phase. This can be used to drive parametric narrow band filters that in effect cancel the signal out to get a DC component and noise. The human voice is in essence an oscillator that changes frequency quite slowley, it is then envelope modulated by various parts of the vocal cords very very slowly. In the germanic origin languages nearly the entire information content is in the very very low frequency changes in the envelope. By using the signal estimation techniques you can have a very narrow band set of filters tracking the rate of change signals then use those via the likes of a vocoda to synthesize the signal as a fresh clean copy.

As for "sending it home" I think we can safely say that is a solved problem with a plethora of continuously evolving techniques in the cracker toolbox. Each of which can if used discreetly have an average life of seven years if other research on malware is correct.

[1] Soviet inventor, Léon Theremin, who patented the musical device that baers his name in 1928, was also pressed into secret design work for their security services. It's known he was the designer of "The Thing" or "Great Seal Bug" but he did other work and it's believed he also designed the passenger cab radio bug, used against foreign diplomates for many years.

Nick POctober 11, 2017 12:04 PM

@ All

Nice article from Hacker News on Electromagnetic Compatibility Testing. A few, good comments too. The author goes into depth about his experience trying to assess and certify a product. Talks about some of the modifications he had to do. Really, messy stuff. Expect to see similar things if you want to do TEMPEST-style shielding on the cheap. Assuming that would even work when active attacks are so cheap, even incidental, due to ubiquitous deployment of wireless.

Nick POctober 11, 2017 1:30 PM

@ people into crypto

One problem implementations of crypto face is side channels due to how they're coded. One technique to help reduce those issues is constant-time execution of crypto. There's all kinds of problems doing it in a language such as C. Here's a new work that creates a language specifically for those parts of a cryptosystem:

FaCT: Flexible, Constant-Time, Programming Language

As the paper notes, most of the app will be done in a mainstream, programming language with a DSL such as this one used for just the primitives that might be hit with side channels.

Sancho_POctober 11, 2017 6:03 PM

@Wael, Clive Robinson re HD microphone

SW aside, we’d need more info regarding the HW that is actually driving the coil. This is nowadays completely integrated IP. And it is kind a technical miracle, not similar to what we were playing with in the good old days (remember the krrrk - krrrkkkk - clack - krrrrk or drive washing “virus”?).
To move the head exactly by requesting data is tricky because of the huge internal RAM, to compromise the drive FW would be prerequisite.
+ The inside of the drive is probably the worst place to listen for voice.
The beeper / speaker would be better, again the HW …

WaelOctober 11, 2017 8:22 PM

@Sancho_P, @Clive Robinson,

to compromise the drive FW would be prerequisite.

Good point.

The inside of the drive is probably the worst place to listen for voice.

Or the inside of the power supply :)

gordoOctober 11, 2017 10:47 PM

infrastructure and termites. Considering some of what's in the headlines these days, a maybe useful lens.

Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation
by Ted G. Lewis

The simplicity of the Termites experiment and its relatively complex result is surprising. Indeed, these termites are not as sentient as real-life termites, and yet the computer model produces a result that is much like the stockpiling of chips by insects in the real world. This example illustrates one of the fundamental ideas of self-organizing systems: emergent behavior. And, as we shall see, the termite system emulates what seems to happen in critical infrastructures—from randomness comes self-organization. And from self-organization comes concentration of assets. These concentrations are where the sector's vulnerabilities can be found and fixed.

p. 74

ymmv

Clive RobinsonOctober 12, 2017 2:34 AM

@ Sancho_P,

The inside of the drive is probably the worst place to listen for voice.

I must admit I'm wondering how those high capaciry "Helium" filled drives would sound.

After all who has not breathed in the helium from a balloon to get a silly voice ;-)

JG4October 12, 2017 7:22 AM


@all - Thanks for the excellent discourse and ideas.

@Rick - that is Clive's bailiwick - sidechannel RF input can be used to collapse the wavefunction to a much smaller space than fully random. an output side channel could be monitored to assess state and set phase of the disruption signal. it's an n player game.

@Clive - Thank you very much for your helpful comments. Excellent points as always. btw, if it isn't obvious, I'm a sucker for a good conspiracy story. I'd be OK with applying a model to the linear output of the encryption to tailor it for a ride through the codec. One limiting case of encryption is that the content is voiced ito a stream of gibberish words that fit cleanly through the codecs. An alternative point of view is that the codec problem is one of system identification, where the optimum set of orthogonal Shannon symbols must be found. that could be done with a soundcard generating all possible phonemes and related sounds to identify which symbols utilize the avialable bandwidth optimally or near-optimally. all of the other desirable features of channel metrics and error correction can be piggy-backed on top. the symbols may be words that can be selected as a subset of the dictionary aimed at maximum intelligibility for optimum utilization of the availlable (tailored) bandwidth.

Bruce's writing and viewpoint are worth reading, but a lot of the value is provided by the Titans.

https://www.wired.com/story/actually-do-read-the-commentsthey-can-be-the-best-part/amp

"it's all a giant scam." Thanks for the links to the addiction issue.

https://newrepublic.com/article/145213/facebooks-promise-community-lie
...
Indeed, Facebook’s maximum leader has begun to register this critique in his own public statements—albeit in his own stunted and distorted way. In his 2017 message carrying his resolution for the new year, Zuckerberg acknowledged the mounting sense that Facebook is no longer purely a force for good. “For decades, technology and globalization have made us more productive and connected,” he wrote. “This has created many benefits, but for a lot of people it has also made life more challenging. This has contributed to a greater sense of division than I have felt in my lifetime. We need to find a way to change the game so it works for everyone.”
Like many of Zuckerberg’s statements, this was bewilderingly vague—a sign, perhaps, of the great social-media impresario’s near-total detachment from the conditions of public life in twenty-first-century America. In what sense is globalization a “game,” exactly—and who’s chiefly benefitting from all these storied gains in productivity and connectivity?

couldn't happen to nicer or more ethical people.

https://arstechnica.com/information-technology/2011/10/exclusive-computer-virus-hits-drone-fleet/

Planet B in the news. I don't believe that terraforming is the best use of resources in the short term. it is using local materials to build closed environments.

http://www.visualcapitalist.com/terraforming-101-mars-habitable-planet/

interesting times on the old blue marble of fundamental tradeoffs; may ours be more favorable than theirs

GrauhutOctober 13, 2017 12:42 PM

@clueless: "Yet earlier this year, looking at Facebook's "People You May Know" recommendations, Leila (a name I'm using in place of either of the names she uses) was shocked to see some of her regular sex-work clients. Despite the fact that she'd only given Facebook information from her vanilla identity, the company had somehow discerned her real-world connection to these people"

Tough luck, bad opsec.

WTF do people think those facebook and twitter share icons everywhere are good for?

You need at least separate browsers and separate networks (proxy/vpn/tor) in order to maintain multiple online identities.

Using a tor browser for her sex worker identity would have been minimum opsec.

RatioOctober 13, 2017 2:56 PM

The scientists persuading terrorists to spill their secrets:

Each interview had to be minutely analysed according to an intricate taxonomy of interrogation behaviours, developed by [Laurence Alison, chair of forensic psychology at the University of Liverpool, and his wife Emily Alison, a professional counsellor]. Every aspect of the interaction between interviewee and interviewer (or interviewers – sometimes there are two) was classified and scored. […] When the process was complete, Laurence passed on the data to Paul Christiansen, a colleague at Liverpool University, who performed a statistical analysis of the results. The most important relationship he measured was between “yield” – information elicited from the suspect – and “rapport” – the quality of the relationship between interviewer and interviewee. For the first time, a secure, empirical basis was established for what had, until then, been something between a hypothesis and an insider secret: rapport is the closest thing interrogators have to a truth serum.

[…]

Despite its reputation among elite practitioners, “rapport” has been vaguely defined and poorly understood. It is often conflated with simply being nice – Laurence Alison refers to this, derisively, as the “cappuccinos and hugs” theory. In fact, he observes, interviewers can fail because they are too nice, acquiescing too quickly to the demands of a suspect, or neglecting to pursue a line of purposeful questioning at a vital moment.

The best interviewers are versatile: they know when to be sympathetic, when to be direct and forthright. What they rarely do is impose their will on the interviewee, either overtly, through aggression, or covertly, through the use of “tricks” – techniques of unconscious manipulation, which make the interviewer feel smart but are often seen through by interviewees. Above all, rapport, in the sense used by the Alisons, describes an authentic human connection. “You’ve got to mean it,” is one of Laurence’s refrains.

MarcNovember 6, 2017 8:19 AM

@Surfer Guy Hidemyass was probably under the scrutiny of the NSA. I also believe most of the traffic of major VPN provider such as Hidemyass is being targeted and decrypted in real time. There has been an article about this published on https://anonymster.com

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.