The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

Senator Ron Wyden asked, and the NSA didn’t answer:

The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others.

These so-called back doors enable the NSA and other agencies to scan large amounts of traffic without a warrant. Agency advocates say the practice has eased collection of vital intelligence in other countries, including interception of terrorist communications.

The agency developed new rules for such practices after the Snowden leaks in order to reduce the chances of exposure and compromise, three former intelligence officials told Reuters. But aides to Senator Ron Wyden, a leading Democrat on the Senate Intelligence Committee, say the NSA has stonewalled on providing even the gist of the new guidelines.

[…]

The agency declined to say how it had updated its policies on obtaining special access to commercial products. NSA officials said the agency has been rebuilding trust with the private sector through such measures as offering warnings about software flaws.

“At NSA, it’s common practice to constantly assess processes to identify and determine best practices,” said Anne Neuberger, who heads NSA’s year-old Cybersecurity Directorate. “We don’t share specific processes and procedures.”

Three former senior intelligence agency figures told Reuters that the NSA now requires that before a back door is sought, the agency must weigh the potential fallout and arrange for some kind of warning if the back door gets discovered and manipulated by adversaries.

The article goes on to talk about Juniper Networks equipment, which had the NSA-created DUAL_EC PRNG backdoor in its products. That backdoor was taken advantage of by an unnamed foreign adversary.

Juniper Networks got into hot water over Dual EC two years later. At the end of 2015, the maker of internet switches disclosed that it had detected malicious code in some firewall products. Researchers later determined that hackers had turned the firewalls into their own spy tool here by altering Juniper’s version of Dual EC.

Juniper said little about the incident. But the company acknowledged to security researcher Andy Isaacson in 2016 that it had installed Dual EC as part of a “customer requirement,” according to a previously undisclosed contemporaneous message seen by Reuters. Isaacson and other researchers believe that customer was a U.S. government agency, since only the U.S. is known to have insisted on Dual EC elsewhere.

Juniper has never identified the customer, and declined to comment for this story.

Likewise, the company never identified the hackers. But two people familiar with the case told Reuters that investigators concluded the Chinese government was behind it. They declined to detail the evidence they used.

Okay, lots of unsubstantiated claims and innuendo here. And Neuberger is right; the NSA shouldn’t share specific processes and procedures. But as long as this is a democratic country, the NSA has an obligation to disclose its general processes and procedures so we all know what they’re doing in our name. And if it’s still putting surveillance ahead of security.

Posted on October 28, 2020 at 9:40 AM27 Comments

Comments

me October 28, 2020 9:52 AM

From snowden documents we can remember their motto: “collect it all, exploit it all, partner it all”
TL;DR: ALL, they will backdoor all what they can.

Matt October 28, 2020 10:28 AM

At the very least, they’re legally obligated to answer any questions that the congressional intelligence committees have, even if that information is kept classified and restricted only to the committee members themselves. Congress can subpoena them and punish them if they don’t give straight answers.

Clive Robinson October 28, 2020 11:49 AM

@ Bruce,

the NSA has an obligation to disclose its general processes and procedures so we all know what they’re doing in our name.

The problem is where do you draw the line between “general processs and procedures” and “specific processes and procedures”.

For instance there were discussions about the NSA developing attacks agsinst Random Number Generators(RNG), long before “DUAL_EC PRNG” reared it’s ugly little head.

That is it was seen from failures in products, going back at lrast as far as the Netscape Browser more than a quater of a century ago, that at the very least attacking an RNG was a very powerful attack vector that could be hidden easily.

In fact it was probably trying to work out how you would do such a thing as a visable algorithm rather than as a hardware modification to the unseen internals of a chip that gave rise to people thinking about the specifics thus DUAL_EC PRNG amongst several others[1][2].

Thus how would you describe the method using “general processs and procedures” that would not lead to people working out the “specific processs and procedures” as happened with not just with the DUAL_EC PRNG?

But many mechanical crypto systems that could be “used” or “copied” from captured equipment.

[1] As I’ve argued for a long time attacks on “random” in “keyspace” go back to equipment used by frontline millitary during and after WWII and into the Korean war at the begining of the 1950’s. And as we know know was one of the things Crypto AG did to their equipment under guidence from befor the NSA existed from William Friedman. That is mechanical cipher machines were in effect algorithmically compromised and had few strong keys in their key space amongst many other keys some of which were excedingly weak. Those who produced the daily key schedules that were “in the know” could use only the strong keys randomly selected. Those not in the know randomly selecting from the key space would get a range of keys including all the weak keys in proportion to their existance in the key space. Such weak keys would not just give up occasional messages, they would also give rise to message formats in use to use in a form of “Known Plaintext Attack”. This would give more messages, which in turn would give rise to names and other details that would give further “Known Plaintext” that when combined with variations on “traffic analysis” would enable most if not all messages to have sufficient “known plaintext” to break them.

[2] As we also know it was not just algorithmically mechanical crypto devices were compromised. They were also axhosticaly compromised. That is each pirce of equipment that was compromised was compromised in more than one way some atleast three ways when you know what you are looking for. In the acoustic attack the crypto key generator was “tuned” like a “nightingale floor”[3]. That is key components clicked etc at different audio frequencies. So that with a little analysis via a “telephone tap” or “spike mike” into a “crypto cell” the key settings would be heard as the equipment was in use. As with the issue of pullin and pullout timing on relays, even what should br perfectly secure “One Time Pad” super encipherment machines leaked keying information to the line which made some TEMPEST type attacks so devastating.

[3] A “nightingale floor” is a floor that makes noises as you walk across it. Legand says these sounds are deliberatly made and are different in diferent parts of the floor. So that if you know the pattern you know the location of an intruder even if there is no light to see them by. That is the floor “sings out in the night” just like a nightingale and in so doing betrayed a persons presence and location. It’s unknown who came up with the idea but creaky and squeaky floors of this type have been around for several millennia in China and Japan amoungst other places.

https://en.m.wikipedia.org/wiki/Nightingale_floor

Michael October 28, 2020 2:11 PM

Back in the 90s, I was approached once by NSA and twice by the Canadian equivalent (CSE) about placing a backdoor in our security products. They wanted me to reduce the entropy of the random number generator used for selecting keys so that search would be easy. In return, we’d get easy approvals for export licenses, something that was a big hassle at the time. I refused, but who knows if others in my company agreed and made the necessary changes in secret. None of the discussions I had were official in any way. Nothing was written down, and all three discussions were one-on-one, so I can’t prove anything.

xcv October 28, 2020 2:19 PM

I really hate to say it, but …

The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others.

… it sounds like a vicious network of extreme left-wing national socialist (or Nazi) military fraternization from which Edward Snowden defected and found refuge in Russia.

Things are not what they appear here. Vladimir Putin is too conservative to offer asylum and permanent residency to a “leftist.”

“City Hall” in Russia, the various jurisdictions of kraya and oblasti, are still not friendly to Snowden.

metaschima October 28, 2020 4:01 PM

@Michael
Thanks for sharing. Yeah, that’s what they do. That’s definitely one of the main reasons you should never use closed source crypto, and closely scrutinize and understand open source crypto before using it.

kai October 28, 2020 4:29 PM

I had this discussion with a Government client of mine. We are helping them arrange a new fibre internet connection. The government’s security engineer asked what kind of CPE we would be using. The ISP said that their standard Fibre NTU is Huawei. They then asked if there was any alternative, and were told that a Cisco unit could be installed as well. Half-jokingly, they said that was OK, they didn’t mind the NSA spying on them, but they didn’t want the CCP spying on them.

xcv October 28, 2020 4:45 PM

@Michael

Nothing was written down, and all three discussions were one-on-one, so I can’t prove anything.

That sounds more like FBI or CIA jailbait rather than NSA. Those people have collaborators or comrades in different departments of the government.

@metaschima

never use closed source crypto, and closely scrutinize and understand open source crypto before using it
That rules out MS Windows and Apple OS, and points us toward OpenBSD, which is highly secure, but not for everyone in all cases.

“Chromium OS” is open source, based on Gentoo, and Google got served, unjustly, it would seem, with an anti-trust lawsuit for that. (Or did Google open-source the OS as a popular defense strategy against the lawsuit?) The proprietary vendors of course were complaining that they couldn’t compete with free, but the anti-trust laws were never intended to handcuff consumers with lockdown intellectual property trickery like that.

SpaceLifeForm October 29, 2020 12:03 AM

@ uh, Mike

TrickBot is not completely down.

hXXps://twitter.com/MalwareTechBlog/status/1319016893299052544

Lorena October 29, 2020 9:45 AM

The article goes on to talk about Juniper Networks equipment, which had the NSA-created DUAL_EC PRNG backdoor in its products. That backdoor was taken advantage of by an unnamed foreign adversary.

That’s a misleading statement. They “took advantage” of it in the sense that the modified the code (probably just replaced the key), so that the product would use their backdoor instead of the NSA’s. The NSA’s backdoor wasn’t actually broken—it would be big news if they couldn’t keep a key secret. Had the backdoor not been there, the adversary could have modified the PRNG anyway. History shows it’s not too hard to change and weaken OpenSSL’s PRNG, for instance, and for this to go unnoticed for years.

But as long as this is a democratic country, the NSA has an obligation to disclose its general processes and procedures so we all know what they’re doing in our name.

This is an organization that refused to disclose or confirm its existence for a surprisingly long time. I don’t disagree with you, but until the lawmakers force their hand (e.g., tighten up the vague “national security” FOIA exemptions), “the NSA is refusing to disclose” should not surprise anyone.

Chris Nagy October 29, 2020 9:59 AM

Personally, In my opinion I believe Ultra Top secret spy agencies with a mission to defend the country from enemy nation states is well within its boundaries to try and do anything and everything at their disposal to defend. However, I am speaking about NSA and CIA. NOT every agency with three letters, NOT state and local police, NOT contractors and corporations. To me, the real issue is NSA and CIA not being able to keep a secret. Every other agency and authority hears about what might be possible and feels entitled to use those assets to solve whatever is on their plates. From drug dealers to purse snatchers.

Yes, it is certainly a gamble partnering with tech companies in such a capacity as stated in recent news. The issue being, other agencies or authorities that didnt work hard to secure those partnerships, don’t give a moments care to putting everything at risk to leverage the capabilities they somehow seem to have access to. Its not their jobs to worry about Apple or Microsoft’s well being, its their job to solve

Winter October 29, 2020 10:32 AM

“Personally, In my opinion I believe Ultra Top secret spy agencies with a mission to defend the country from enemy nation states is well within its boundaries to try and do anything and everything at their disposal to defend.”

But we see a distinction between institutions that “defend the country” and those that “defend the people”. TLA’s are known to “defend the country” to the last citizen, against the interests and lives of the very people of the country.

In the current context, this means that the security and safety of the people of the country are sacrificed to defend the security and concerns of the “state”, whomever that be.

Which means that we get the paradox that the people who defend their own lives and welfare against criminals and foreign agents are the enemies of the TLA’s that defend the “Country” of these same people against criminals and foreign agents.

xcv October 29, 2020 3:36 PM

People are doing drugs in the free and open source software world, and this is a security issue vis-à-vis OpenBSD.

https://www.openbsd.org/

The current release is OpenBSD 6.8, released October 18, 2020.

https://man.openbsd.org/unveil.2

The unveil() system call first appeared in OpenBSD 6.4.

Is unveil() a “new and improved” chroot()? Or does unveil() call chroot() internally to implement its functionality? Why isn’t this documented in the man page?

https://www.openbsd.org/mail.html

Other mailing lists
The insomniac at benzedrine.ch maintains the pf list for people using the OpenBSD packet filter. To subscribe, send an email with the message body of “subscribe” to pf-request@benzedrine.ch.

I don’t know if we need a Higher Power, or 12 steps or something like that, but at some point we need to say no to drugs without saying no to freedom, security, or free and open source software.

The alcoholic wino shouldn’t have to say no altogether to fresh grape juice, unfermented grape juice from concentrate, vinegar for cooking, grape jams and jellies, and raisins in moderation.

vas pup October 29, 2020 4:06 PM

@ALL:

NSA as I know is within DoD, not separate Agency as CIA which is subordinated to President directly through DCI.

DoD is responsible for protecting US citizens from foreign threats. So, I am fine with any tool NSA as part of DoD using for this particular purpose outside US, but when those tools are used inside US and not against foreign threats, but rather domestic threats, that is out of their functions and responsibilities.

There is DoJ with all subordinate LEAs, DHS with all subordinate functions, State and local LEAs for the latter.

I am against ANY overlapping responsibility because in overlapping area you can’t find any responsible structure in the case of failure. That is not exclude close cooperation, but rather required it like JTTFs.

@Bruce: I have a question related to collection blogger information during posting,
i.e. does this blog collect and store IP address, type of browser and location when post is made and if ‘Yes’, who get access to this information and usage?

I am asking because (bleeping) Google do this when you access gmail account every time and you do not have any opportunity to delete it after session ends – just for information of all bloggers having gmail account. Thank you!

David October 30, 2020 2:49 AM

Even the NSA should have a policy of retiring by disclosure known vulnerabilities after say 12 months. Nobody can keep secrets forever and as time goes by the likelihood of other states independently finding the same vulnerability also rises

name.withheld.for.obvious.reasons October 30, 2020 4:20 AM

@ Clive, vas pup,
In the United States we are anxious about how faithful DoD military and federal officers are to their oath. It seems it doesn’t mean a thing out in the large. Anyone who has visited this place for more than a few years knows that the government routinely gives lip service to its charge and charter. NSA is one of the best examples of an agency gone rouge. Internally the folks at NSA see themselves above the courts and legislators (See Bates FISC, FISCR & Clapper NSA) for whom they answer to.

An agency that “instructs” the courts and senior directors tell Senators to take a flying leap shows a level of discordant behavior respecting the citizenry by that agency. When Wyden asked Clapper if the NSA was collecting information on millions of Americans (poor phraseology–is that North, South, Central?), and that is after they’d discussed the substance of the meeting before hand, Clapper was telling Wyden to mind his own business. Wyden was unable to form a referential question in the moment and Clapper already knew the question was coming. Leaving Wyden to put up a defense after the punch had been thrown…TKO. If not for Snowden, the hypocrisy on display would likely not been disclosed. Another case were the improper management of an agency exposes itself to ridicule and derision. Kind of like a New Yorker journalist on a Zoom call

Clive Robinson October 30, 2020 5:36 AM

@ David, ALL,

Even the NSA should have a policy of retiring by disclosure known vulnerabilities after say 12 months.

They won’t do it, and you can see the argument they will use against it altrady in industry especially in Pharmaceuticals.

Some years ago now I worked in a “citation database” producing company, that produced their databases on CD and DVD. We were looking at moving to an Internet based delivery model that would be updated more frequently and errors would be corrected faster.

You would be surprised at just how resistant some of our customers were. These were mainly the industrial research organisations, and I went to visit a couple personally to discuss what they wanted and why.

It turns out their greates worry was loss of Intellectual Property(IP) by security leaks. Each of their research groups were effectively siloed from each other with inyer group communications done in ways that reminded me of similar systems I run into when wearing the green.

The reason they purchased so many subscriptions was not a “capacity issue” but a “search history issue”. It provided whst they saw as a high value information channel out of a group silo into other silos or worse outside the organisation.

And you will get a similar argument from the NSA which boils down to,

“Knowledge of past direction, indicates furure direction.”

Thus it provides a leak into the highly secret “Methods and Sources” which they will not budge on (hence when a US politico mouths off it’s always an M&S from another countries Intelligence Agencies).

They know that “technical methods and Sources” will leak eventually but in most cases not for two or more working generations. As an example consider the works of William Friedman, who was about the most senior cryptographer the US had long before the NSA was a gleam in somebodies political eye. Much of what he did is still officially secret, even though others have worked it out (for instance the key weakness tricks in mechanical ciphers that Crypto AG built in for the NSA and GCHQ to make “listening in” more than a little bit easier).

Ismar October 30, 2020 3:38 PM

Lure of the ring of power is too much for us mortals to resist- Tolkien was right.
But remember also that the Dark Lord does not share the power as Saruman refused to see …

Dan Loops October 31, 2020 1:47 AM

As long as law enforcement, or any other department with access to sensitive information, practices poor security, and politicians ignore credible threats,
‘owning all’ will continue.

Either someone looks over their shoulder (they aren’t) and we put up with backdoors getting discovered, or the vast majority of civilization miraculously finds security both interesting and important all of a sudden.
At least one person will not find even basic personal security remotely important in each organization (or household), likely their password and practices will suffer for it.

Ignorance, corruption, complacency & cowardice are age old weaknesses that espionage has thrived upon for centuries (and keeping you in the dark about all those backdoors we put in your swag). Would you like a swanky new watch?

David October 31, 2020 5:00 AM

“And you will get a similar argument from the NSA which boils down to,

“Knowledge of past direction, indicates furure direction.”

Thus it provides a leak into the highly secret “Methods and Sources” which they will not budge on”

Which is useful for the general public, but naive if you believe that the other super-powers are not also quietly researching in the same direction.

The “other country” using the Juniper weakness is just one example where this has been shown to have happened

The DSA DES S-box change is an example of where the vulnerability was fixed without explanation why, improving the crypto for everyone

Clive Robinson October 31, 2020 7:45 AM

@ David,

Which is useful for the general public, but naive if you believe that the other super-powers are not also quietly researching in the same direction.

I pointed out what the NSA or any other IC agency would probably say.

But it’s not “naive” to believe other super powers are doing things in different ways. There’s very clear evidence they do.

Take the race into space, whilst the overal mission was the same, the aproaches and thus the research was very different as we now know.

The thing is an “effect” can have a multitude of “causes” and there are even more reasons to go different ways to achive the same goal.

Take getting to work, some drive SUV’s some cars, some trucks, others motorbikes or even bycicles, whilst others walk, ride share, get on a bus, train, take a taxi or even airplane[1]. The result is the same, they get from where they are to where they work.

That is technology has given rise to a multitude of options to reach a given goal, and under some circumstances knowing the technolog of others is more important than the goal.

[1] I even used to catch a ferry some decades back and at one time when I was little more than a teenager even took my own boat to work when working on an island as it was more reliable than the “chain ferry”.

Curious November 1, 2020 3:55 AM

According to a local news article about this where I live, it is pointed out that NSA in 2018 supposedly notified Wyden’s staff that NSA had made a report/document about what was learned of the Juniper event, but then that this document is nowhere to be found now at NSA according to the news article where I live.

Spooky November 9, 2020 2:33 PM

@ David,

“The DSA DES S-box change is an example of where the vulnerability was fixed without explanation why, improving the crypto for everyone.”

This observation tends to show up every year or so, although these days we actually have a pretty good idea of why the changes were made. In a nutshell: the default values they had selected for the DES s-box, while being perfectly random, were still capable of introducing correlatable structure in the enciphered output, which would have made it more vulnerable to attacks like differential cryptanalysis (a technique which would have been considered classified at the time). Because of this, some sets of random values make better substitution boxes than others and the only way to gauge the effectiveness of a given set is empirical testing, i.e. actually performing extensive differential cryptanalysis against every single candidate s-box. At the time (1970s) NSA may have been the only US organization with the technical and computational resources to perform this testing at the level required. As I recall, they only changed a single value but it must have made a considerable difference in the resulting output cascade (for a given number of rounds).

Others have probably presented the historical details better than I have, here is a nice post on stack exchange:

Stack Exchange discussion

And if you want to take a deep dive, here is a link to the Coppersmith paper (pdf) from the Internet Archive:

Coppermsith paper

Cheers,
Spooky

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.