Comments
vas pup • April 28, 2023 5:32 PM
WATCH LIVE: House Judiciary subcommittee holds hearing on FBI use of Foreign Intelligence Surveillance Act
https://www.washingtonexaminer.com/news/house/watch-live-house-judiciary-hearing-foreign-surveillance-act
Video of 53 minutes inside!
AlanS • April 28, 2023 7:11 PM
Roy Saltman, election expert who warned of hanging chads, dies at 90
Saltman, R. (1988), Accuracy, Integrity, and Security in Computerized Vote-Tallying, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD
ResearcherZero • April 28, 2023 10:32 PM
“The Department of Justice detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds.”
“A month later, the DOJ purchased the Orion system, suggesting that the department was satisfied that there was no further threat posed by the Orion suite.”
“A US National Security Agency spokesperson expressed frustration that the agency was not also notified.”
In November 2020, months after the DOJ completed the mitigation of its breach, Mandiant discovered that it had been hacked, and traced its breach to the Orion software on one of its servers the following month. An investigation of the software revealed that it contained a backdoor that the hackers had embedded in the Orion software while it was being compiled by SolarWinds in February 2020. Mandiant itself got infected with the Orion software on July 28, 2020.
Around the same time of the department’s investigation, security firm Volexity, as the company previously reported, was also investigating a breach at a US think tank and traced it to the organization’s Orion server. Later in September, the security firm Palo Alto Networks also discovered anomalous activity in connection with its Orion server. Volexity suspected there might be a backdoor on its customer’s server but ended the investigation without finding one. Palo Alto Networks contacted SolarWinds, as the DOJ had, but in that case as well, they failed to pinpoint the problem.
‘https://www.wired.com/story/solarwinds-hack-public-disclosure/
Dec 15, 2020
“None of the 23 agencies fully implemented all of the SCRM practices and 14 of the 23 agencies had not implemented any of the practices. The practice with the highest rate of implementation was implemented by only six agencies. Conversely, none of the other practices were implemented by more than three agencies.”
‘https://www.meritalk.com/articles/gao-highlights-supply-chain-practices-amid-solarwinds-hack/
Clive Robinson • April 29, 2023 2:05 AM
@ ResearcherZero, @SpaceLifeForm, ALL,
“The Department of Justice detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds”
@SpaceLifeForm, briefly mentioned this under “Supply Chain Attack” on last weeks Squid a few hours ago,
And I replied to the subject there.
ResearcherZero • April 29, 2023 6:59 AM
“FOX was more concerned about short-term ratings and market share than the long-term damages of its failure to tell the truth.”
‘https://www.nbcnews.com/media/rupert-murdoch-fox-corp-board-members-sued-investor-stolen-election-cl-rcna79267
Rupert Murdoch thought all the noise spewed by former President Donald Trump during his “stop the steal” hoax was “bulls*** and damaging.” However, the thought of curbing the spread of an incredibly dangerous conspiracy wasn’t at the top of his mind back then. He said the company apparatus was focused on keeping the Fox News money machine rolling.
‘https://gizmodo.com/rupert-murdoch-fox-news-trump-dominion-voting-1850170272
Several firms are eying derivative action against Fox Corp. board members.
‘https://news.bloomberglaw.com/esg/fox-defamation-suits-expose-board-of-directors-to-fresh-risks
Fox News spokespeople did not respond when asked about the discrepancy between the rhetoric from the channel’s top stars and its own internal policies.
‘https://www.cnn.com/2021/07/19/media/fox-vaccine-passport/index.html
A memo from Fox Corp reports that 90 per cent of its full time employees are currently vaccinated against the coronavirus.
‘https://twitter.com/oliverdarcy/status/1437858807854608386
“There is a causal relationship between exposure to Fox News Channel and lower vaccination uptake.”
‘https://cepr.org/voxeu/columns/impact-fox-news-us-covid-19-vaccination-campaign
Clive Robinson • April 29, 2023 9:01 AM
@ ResearcherZero, ALL,
Re : Rupert “the bear faced liar” and suckfish friends.
“Rupert Murdoch thought all the noise spewed by former President Donald Trump during his “stop the steal” hoax was “bulls*** and damaging.” However, the thought of curbing the spread of an incredibly dangerous conspiracy wasn’t at the top of his mind back then. He said the company apparatus was focused on keeping the Fox News money machine rolling.”
You might have noticed over the years I’ve warned about “the bear faced liar” on a few occasions. Including his perjury in front of a UK enquiry into the behaviour of his various organs and those paid to service them, and his reveling in “tits and bums” and defamatory gosip.
Well apparently those that service his organs have been breaking the law and resorting to amoungst other crimes burglary… So the list of his crimes against society grows.
It’s now known he was in the Pocket of Pfizer|US Gov and via various Sky outlets around the world pushed stories agains vaccines that were not the now known to be extreamly harmfull Pfizer vaccine thus ensuring not just Pfizer but the US Government did very profitably from C19.
The “bear faced liar” is a prime example of US Corporate behaviour with,
1, Short term thinking bo matter what the harm.
2, Maximize profit no matter what the cost.
Fox did what the new was wrong to maximize profit and cared not a jot for the long term outcome.
In the past that thinking was responsible for such bad press against the bear faced liar and his organs, that he was forced to close his flagship UK Publication, and very nearly the second.
He is no doubt counting the cost of shelling out 3/4billion USD, and if he’s got any sense thinking how to stop Fox network suffering the same fate as his UK flahship newspaper and having to be disolved/destroyed.
I suspect at the very least people will get sacked, unfortunately not those that should be.
I think maybe those with shares in Murdoch’s organs should perhaps get out whilst there is still some value in them.
It’s clear that now one entity has torn a massive wound in Murdoch’s defences, others are going to jump in and create more damage.
Hopefully Murdoch will live to see the cancer he has built get exorcised not just from the body politic, but society in general. If his elder children end up in jail where the rightfully should be before that so much the better.
I wish all those going for their pound of flesh great success in their endevors and hope their reward is granted swiftly.
Sadly though much as I might wish that it be seen as a lesson to other corporates with the same mentality… I suspect they will instead see it as proof that Murdoch was too soft, not a sufficient hard, man etc and actually get worse.
lurker • April 29, 2023 12:56 PM
@ResearcherZero
re Murdoch, maga, and money …
They made a TV series about it, then somebody wrote a book on it, then they talked on national radio about it …
ResearcherZero • April 29, 2023 8:01 PM
“The western Siberia fields are owned by a joint venture between Wintershall, which is majority-owned by German industrial conglomerate BASF, and Russian state-owned natural gas giant Gazprom. We show how gas condensate from Wintershall’s fields in Western Siberia feeds a refinery in Salavat which sends diesel to Russian military suppliers.”
‘https://www.globalwitness.org/en/campaigns/stop-russian-oil/exposing-the-connections-between-wintershalls-siberian-gas-fields-and-russias-military-supply-chain/
Wintershall’s gas condensate may have been used to produce fuel for Russian Air Force jets.
‘https://www.spiegel.de/international/world/fueling-the-war-a-german-company-s-questionable-involvement-in-russia-a-2ab0fbda-9aa7-4a03-9f26-4f0542dae770
–
Gross domestic product is likely to reach pre-war levels by the end of 2024, policymakers said on Friday. That’s far earlier than many economists had expected and reflects the more-limited impact of the restrictions the US and its allies have slapped on Russia.
‘http://www.cbr.ru/eng/press/pr/?file=28042023_133000Key_eng.htm
Targeting the lawyers, bankers, accountants and other financial experts who manage oligarchs’ offshore wealth would be more effective than imposing sanctions on individuals close to the Kremlin.
Complex systems of secrecy: the offshore networks of oligarchs 28 February 2023
‘https://academic.oup.com/pnasnexus/article/2/3/pgad051/7059318?login=false
Nick Levinson • April 29, 2023 9:24 PM
A satellite’s security was cracked from Earth in a test; the satellite was launched in 2019, so its security was presumably nearly up-to-date; and there were other space cracks: Gizmodo, per https://gizmodo.com/hackers-control-government-owned-satellite-test-esa-1850383452 or https://www.yahoo.com/news/hackers-control-government-owned-satellite-180000261.html.
ResearcherZero • April 29, 2023 10:30 PM
As the initial activity across both instances were initiated from the same public IP address on the same day, it is likely that these incidents were part of a larger campaign.
‘https://labs.withsecure.com/publications/fin7-target-veeam-servers
New malware family we have called “Minodo,” which we assess was created by developers associated with the cybercriminal group FIN7.
‘https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-backdoor/
–
The bypassing strategy involves identifying a conclusion, such as “vaccines are safe,” and figuring out how to bolster that conclusion with accurate information that doesn’t directly refute misinformed claims.
‘https://www.asc.upenn.edu/news-events/news/instead-refuting-misinformation-head-try-bypassing-it
ResearcherZero • April 29, 2023 11:52 PM
“It is commonly used as an emergency device to alert workers of impending danger”
‘https://www.watoday.com.au/national/western-australia/stench-gas-shuts-down-woodside-agm-landing-two-protesters-behind-bars-20230429-p5d49i.html
The Burrup Hub expansions will produce an estimated 6 billion tonnes of carbon emissions over 50 years (about 12 times Australia’s current annual emissions)
~90 per cent of Woodside’s emissions are scope 3
Woodside remains committed to it’s 2021 “climate plan”, saying its “strategy remains consistent” and will use offsets to meet 100% of its restated scope 1 emissions
‘https://cdn-api.markitdigital.com/apiman-gateway/ASX/asx-research/1.0/file/2924-02636578-6A1138126?access_token=83ff96335c2d45a094df02a206a39ff4
Woodside’s climate targets exclude 90% of emissions by not covering scope 3. Woodside’s scope 1 and 2 decarbonisation strategy is dominated by the use of offsets.
‘https://www.woodside.com.au/docs/default-source/asx-announcements/2021-asx/climate-reporting-and-non-binding-shareholder-vote.pdf
“For commercial reasons we are not disclosing the cost or specific transaction details of the carbon credits acquired and surrendered.”
Emissions from Chevron’s Gorgon gas development off Western Australia have increased by more than 50% despite it being home to the world’s largest industrial carbon capture and storage system. Emissions from the Gorgon LNG operation increased from 5.5m tonnes to 8.3m tonne.
‘https://australia.chevron.com/-/media/australia/our-businesses/documents/gorgon-gas-development-and-jansz-feed-gas-pipeline-environmental-performance-report-2022.pdf
Carbon Capture – about 0.1% of global emissions
‘https://status22.globalccsinstitute.com/
“should not proceed”
‘https://www.epa.wa.gov.au/sites/default/files/EPA_Report/B1221.pdf
see fine print at bottom of page 😉
‘https://www.woodside.com/sustainability/climate-change
ResearcherZero • April 30, 2023 4:09 AM
‘https://www.bristol.ac.uk/news/2023/april/record-breaking-heatwaves.html
Heat stored in the Earth system 1960–2020: where does the energy go?
‘https://essd.copernicus.org/articles/15/1675/2023/
Clive Robinson • April 30, 2023 6:47 AM
@ Nick Levenson, ALL,
Re : Security is hard, very hard as distance “goes up”.
“A satellite’s security was cracked from Earth in a test; the satellite was launched in 2019, so its security was presumably nearly up-to-date”
It was not “cracked” and it was in no way secure in the way we talk about on this site in the first place.
Like most satellites, the “European Space Agency”(ESA) OPS-SAT was designed for “availability”. As a “cubesat” it also has significant power limitations, rather more so than an Apple SmartWatch of the same period.
Whilst for obvious reasons I can not go into specifics, the security on most “Space bus frames” is,
“By obscurity not cryptography”.
The reasons are two fold,
1, Cryptography in space is a very bad idea.
2, You can not send a repair technician to fix a space vehicle.
Formally “availability” is based on “Mean Time To Fail”(MTTF) and “Mean Time To Repair”(MTTR). MTTF has a significant inverse relationship with “complexity” in the normal sense[1]. And as already noted with space platforms you can not send a technician up to fix it thus MTTR at it’s basest level is longer than the expected operational life of the platform… So “availability” is a hard problem.
With the issues of a very limited power availability and storage, both of which degrade fairly quickly nobody wants to waste CPU cycles on cryptography. Nor do they want the large silicon real-estate cryptography demands that very very adversely effects “reliability” and can not be “routed around” as that would be an inbuilt security vulnerability…
But consider another aspect. To be secure you are looking at needing “100% correct copy” over 128-16384bits for secure pre-QC crypto and potentially several megabytes for post-QC crypto. This will mean a significant change on the communications “link budget” part of which will be “Power and size” of the platform both of which grow exponentially with getting that “100% copy” over any given bit length message.
The obvious solution is to reduce the “block size” down as much as possible. But unless the unicity issue is addressed a reduced block size will be totally insecure. Worse the requirments for synchronization go up.
So security is an issue for space craft that appears effectively insoluble using currently available technology for several reaaons.
As I’ve noted before I’ve a prototype CubeSat sitting on my desk/bench. Part of the consideration involved is how to make things more secure and it’s far from easy.
For instance one of the many issues involved that you might want to think on carefully before you spend a few million USD putting a platform into space, especially a smaller system like a CubeSat,
All security is based on a “Root of Trust” that needs to be kept securely. In Space there is a lot of hard radiation thus keeping a “Root of Trust” stored “securely against loss” is a very real issue (think bio-metrics and loosing a finger in an accident as a poor aproximation).
How do you recover from this problem, without introducing a significant vulnerability?
[1] Complexity can be used in two ways, the most common or “normal sense” is to increase function or potential function. However as most know a rope whilst it can hold a heavy load requires carefull attachment to the load via various loops and knots. However if the same rope is more more comolexly looped and knoted in a particular way, you end up with a cargo net, which significantly ups the ropes utility as well as making it more reliable in use and longevity. Thus it can be seen that the second use of complexity is to increase reliability. However as with a net -v- rope, such increased complexity has increased costs, not just in it’s manufacture but in it’s operational costs and ongoing maintainablity.
Nick Levinson • April 30, 2023 2:39 PM
@Clive Robinson:
Satellites and other spacecraft are, at least some of them, high-value targets. Thus, any ability to crack whatever passes for security and, using hostility, modify what the target is expected to do is of vital concern.
The security limitations are severe, but encryption has been (selectively) applied to communications between space and Earth, even if expensively and even if only militarily, while some limited repair capabilities have been presupplied on board (if MTTR is inapplicable without hands-on work another metric is likely established for remote repairs). Some of that sort of thing is within the reach of budgets and decisions. Some of the methods likely differ substantially from those on systems entirely located on Earth’s surface, but methods are not entirely lacking. For example, the root of trust being vulnerable to radiation may be addressed by considering how often the risk would likely materialize and designing the whole system, or just a root of trust if redundancy of enough of that is possible with it still being a root of trust, for a lifetime with a duration related to risks of expiration or destruction is not new. One satellite, maybe not militarily critical, worked one way or another in outer space for 38 years.
louist • April 30, 2023 3:59 PM
Clive, re: “All security is based on a Root of Trust that needs to be kept securely”, isn’t that mostly difficult on the ground? Physical access to a distant spacecraft is, after all, not a realistic part of the threat model, which means we don’t need anything like hardware security modules up there. I guess it would be fine to have a 128-bit root (private key or public key hash) in true ROM, or hard-wired, or configured on DIP switches. I’d probably make that a “safe-mode key” used only to program a new key (or full system image), in case the old one was compromised by humans or cosmic rays. Use a different key in most pre-launch development and testing, of course.
Realistically, isn’t a satellite already going to be spending a lot of effort on aggressive error detection and correction? I can’t imagine an HMAC would be so costly as to be impractical, considering many of the recent hashes were designed for efficient hardware implementation in things like smartcards. Spy satellites have been using encrypted communications for decades; though I suppose we, the public, have little idea how well that works.
lurker • April 30, 2023 5:18 PM
@Nick Levinson
Ah, GOES3 was the first internet connection to NZ, or DARPAnet as it was then. Security? In those days the hardware to talk to a satelite was available only to approved purchasers from government vetted suppliers. Problem solved.
Clive Robinson • April 30, 2023 5:25 PM
@ Nick Levinson,
There is a fair bit of difference between a 1970’s design and launched satellite ~1.4m at the widest in geo-stationary orbit and weighing in at a third of a ton and a CubeSat you could easily pick up and hold.
So “apples with apples” comparisons are important especially as the industry is going for ever increasing numbers of smaller lower earth orbit satellites. It’s not just Hellon Rusk creating problems, a falling out between the US and India over Space utilisation caused the US a very rude awakening. When India’s demonstrarion of a working “Anti-Satellite”(ASAT) Missile in August last year under it’s “Mission Shakti” stuck a quite,large “Keep of our grass” sign in the ground and the message behind it is still reverberating.
But… One of the things not being talked about much outside of closed doors is “Active Denial Of Service”(ADOS) attacks against satellites, which has come to the fore since the incidents to the East of Europe.
The problem originally was the various “Autonomous Decommissioning Control”(ADC) systems that are desired to be put,in new satellites as a pre-condition of launch, to augment the “Post Mission Disposal”(PMD) satellites should undergo within 25 years. The problems are two fold, firstly is such requirments are voluntary not mandatory[1] hence the pre-condition for launch, and secondly the desire for them to be as fully autononous at the satellite as possible, and especially if command and control is lost…
Well the world has changed a lot in the aerospace and satellite industries in the last year or two and it’s not just Hellon Rusk’s StarLink creating news headlines…
As you might be aware from not just Astronmers being up in arms over StarLink’s light polution, others are much more obviously talking about the issue of “space junk” with Hellon Rusk’s failure to orbit and in orbit issues. Stopping the build up of space junk is becoming a major concern along with ongoing research into de-orbiting either into the Earth’s atmosphere, or in the case of geo-stationary sats moving them upwards into “parking orbits” (which at best is only a short term solution).
Less well known is sats can go catastrophicaly wrong and do very strange things and sometimes this causes them to break up into a lot of bits (NOAA-16 for instance in Nov 2015 broke into around 200 parts that we know of from a presumed on board explosion, with 136 large enough to be tracked thus “a significant hazard”). These bits then spread out over a larger and larger volume due to simple orbital mechanics. Eventually they will hit other space platforms causing a cascade or chain reaction that could “close space” to mankinds use.
So over a period of years increasing disposal requirments have been added to a set of recomendations[1]. Which is where ADC systems have been proposed with intent to make them a pre-condition to launch by the UN.
The nasty issue that is coming up is the duality of “autonomous action”. The crux part of which is loss of “stay alive signals” triggers ireversable self deorbiting…
After a moments thought you will realise that simply jamming the stay alive signals is all that would be required to have a 1/4billon USD investment to be irretrievably lost.
Further what is not publicised is that such jamming equipment can be built by an individual at home on a relatively modest budjet. Worse such systems already effectively exist for the likes of “Earth-Moon-Earth”(EME) communications. Also known as “moon-bounce” Amateur operators have very high gain antenna systems to focus RF energy at the Moon to use it as a reflector which enables the signal to be received over the entire Moon facing side of the Earth and similarly most satellite orbits as well.
The only thing stopping such systems being used for ADOS is the supposed RF power limit Amateurs are supposed to obay (voluntarily as enforcment by the FCC etc is effectively nill). However in some parts of the world 1.5kW amplifiers are common and making 5kW amplifiers with LDMOS devices whilst not exactly trivial is fairly easily done (you can already easily find adverts for 5kW “boots” for “truckers” CB…). But… With a little care you can also build “phasing harnesses” that will combine the outputs of several amplifiers in various ways. If the antennas are driven in independent ways then it’s not that difficult to build a “Phased Array” antenna system that can provide a very much more sharply focused beam.
Such things are suddenly becoming talking points in the Space Industry after the recent attacks by Russia on Ukrainian space communications. After all, you can not realistically build an ASAT in your garage and launch it from your garden, but you can make an effective jamming system. Which means any small nation can get in the “Space-Wars” game for less money than they pay individual civil servants and military officers…
[1] The “United Nations Committee on the Peaceful Uses of Outer Space”(UNCOPUOS) along with other agencies such as “Inter-Agency Space Debris Coordination Committee”(IADC) input came up in 2002 with the “Space Debris Mitigation Guidelines” that were further updated in 2007. Which gives us the “25-year rule” which requires satellites undergo “Post Mission Disposal”(PMD) within 25 years maximum, with the prefrence of “immediate removal from Earth orbit”, which has already caused issue in US Courts.
Unfortunately these guidelines are voluntary and only reflect the aims and objectives by several national and international space administration organisations. What some regard as “Over zelous” behaviour by the likes of the US, has led them to ignore other voluntary guidelines, and as more launch capable nations and entities proliferate such voluntary rules are going to be increasingly flouted in part for short term gain as PMD adds significant weight and cost requirments to any mission.
Clive Robinson • April 30, 2023 5:53 PM
@ louist, ALK,
Re : Space weather is not a breeze.
“Physical access to a distant spacecraft is, after all, not a realistic part of the threat model, which means we don’t need anything like hardware security modules up there.”
The threat of concern is not humans stealing the Route of Trust, but as I mentioned various forms of hard radiation which is way more plentiful in space than it is on Earth, destroying it…
Where the loss / change of a single bit would render the entire system unworkable if block crypto where in use…
Yes there are methods of duplication but they all have their failings in one way or another, just as all “Error Correcting Code”(ECC) systems do. So yes you do need an HSM up there but not quite of the type you were thinking about.
So even with HSM techniques you are still building in a vulnerability in the system that you realy could do without. Worse trying to mitigate it takes up a lot of CPU cycles and thus electrical power. Which has all sorts of knock on effects including significantly shortening a space mission as it makes the “Mean Time To Fail”(MTTR) figures far worse.
As for just how bad the radiation from the Sun and even very distant super nova etc are, have a look at the likes of “Coronal Mass Ejection”(CME) and the effect it has on the Earth’s ionasphere and “satellite black outs” that can and have been caused on quite a regular basis. Also how CMR are considered a risk to those traveling in aircraft (the same concern as with X-Rays but on a broader spectrum of ionization).
Oh and how it’s possible that a star can self destruct and put out high energy beams of such destructive force that even from many light years away they would destroy all life on Earth…
Nick Levinson • April 30, 2023 7:05 PM
@lurker & @Clive Robinson:
@lurker:
If the solved problem was that that old satellite had adequate security for the time, I don’t disagree, but that doesn’t mean that modern satellites can’t be made relatively secure in order to preserve their intended capabilities against modern threats (I’m not sure you meant that). The problem has evolved and the solutions must also, or partly have and must continue to improve.
Solutions that are available only to authorized persons is part of today’s practice. The key to a typical inexpensive door lock in the U.S. is available to anyone but only if they acquire enough different keys and I don’t remember hearing of break-ins using the technique of carrying large boxes of possible keys, just like thefts from ATMs are not usually done by brute-force attacks on PINs under cameras by thieves likely to need lunch while typing.
@Clive Robinson:
Satellite security may not matter much for some satellites, e.g., CubeSats, but some other satellites are valuable targets and so security will matter for those; and then resources will go into better security for them to keep them valuable, as has already happened.
Mission Shakti was back in 2019 and is technologically interesting but not legally major or a military first, since P.R. China had already done something like it and the target was within Earth’s atmosphere when hit and thus within India’s sovereign air-space boundaries, assuming the latitude and the longitude were within them, too.
You’re right that some low-tech low-cost attacks disable some high-tech high-priced targets; but that tends not to last long if the targets’ owners care about it and put resources into it, which is likelier for high-value targets. That’s the history of the world and it likely applies as well to satellites. Often, the low-end attacks succeed against high-end targets because the feasibility of the low-end attack method is newer than the target, so the target’s designers either didn’t think of it or weren’t given the resources to implement what was once thought by managers to be too unlikely to justify the expense. There are always risks like that. For example, Mars could crash onto Earth next week, and this would be painful down here; but the likelihood is not worth spending fifty cents to prevent that particular prospective crash.
ResearcherZero • April 30, 2023 8:51 PM
“The free market will produce defense and intelligence technology at a lower cost.” ~ politicians (30 odd years ago)
Obviously each and every one of them was a certified genius.
–
“As things stand, there’s a good chance that Australia won’t receive a cent for its gas from some projects that will operate into the second half of this century, thanks to a tax that ushered in frenzied investment in the sector but delivered little to government coffers.”
Regular company tax is a 30 per cent levy on revenue minus operating expenses and depreciation, a percentage of past capital costs. After a large investment like a multibillion-dollar liquefied natural gas (LNG) plant little company tax would be paid for some years until those annual depreciation deductions shrink.
The PRRT calculation is similar but with a devilish difference that destroys government revenue in the long term: the pot of deductible capital costs grows with time, even when there is no more spending.
Chevron discovered the Gorgon field in 1981, but gas was not produced for another 35 years.
Competition instead of co-operation wasted ten of billions of dollars before construction began. Shell’s’ Prelude gas field off the Kimberley coast is just 20 kilometres from the Ichthys field run by Japan’s Inpex. Instead of a joint development, Inpex laid a 900-kilometre pipeline to Darwin and Shell built the world’s largest and most complex vessel to process the gas offshore. urther south, Chevron’s Wheatstone field was similarly close to Woodside’s Pluto, but the two companies could not agree to work together.
‘https://www.smh.com.au/business/companies/why-the-oil-and-gas-tax-is-a-dud-and-a-gift-to-the-industry-20230427-p5d3rs.html
“Five new offshore gas projects are coming online: Gorgon, Wheatstone, Ichthys, Pluto and Prelude. When these are running at full production capacity they are unlikely to pay any PRRT for many years to come – the companies themselves concede it will be 2029 – and no royalties apply.”
Billions each year in profit from extracting Australia’s natural resources will be funnelled offshore. It is a giveaway of immense magnitude.
The world’s biggest oil companies – Chevron, Exxon, BP and Shell – will pay very little in income tax too.
‘https://theconversation.com/senate-inquiry-told-zero-tax-or-royalties-paid-on-australias-biggest-new-gas-projects-77479
update
BP will increase its stake in Browse to 44%, overtaking operator Woodside Energy Group’s (WDS.AX) 30.3% stake. Woodside, BP and Shell are also all stakeholders in the North West Shelf LNG plant.
‘https://www.reuters.com/markets/commodities/shell-agrees-sell-australian-browse-gas-stake-bp-2023-04-29/
“LNG industry contributes just 1% of the WA state budget and two thirds of Western Australia’s gas is effectively given away by the Western Australian and Australian Governments with almost no royalties or tax being paid. The gas industry creates few jobs, with less than 1% of WA workers engaged in oil and gas extraction.”
‘https://australiainstitute.org.au/wp-content/uploads/2022/01/P1077-Gas-fired-robbery-WEB.pdf
ResearcherZero • April 30, 2023 9:06 PM
Since the 1980s, a large offshore wealth management industry has developed…
‘https://gabriel-zucman.eu/offshore/
Trends in Income From 1975 to 2018 (Tax system after 1980)
‘https://www.rand.org/content/dam/rand/pubs/working_papers/WRA500/WRA516-1/RAND_WRA516-1.pdf
2003 tax act reduced the top tax rate on dividend income from 38.6% to 15%.
‘https://eml.berkeley.edu/~yagan/DividendTax.pdf
This one has a graph
‘https://itep.org/federal-tax-cuts-in-the-bush-obama-and-trump-years/
spot the trend
ResearcherZero • April 30, 2023 9:21 PM
Building new manufacturing lines is going to take years…
‘https://www.janes.com/defence-news/news-detail/australia-allocates-funds-to-acquire-long-range-missiles
‘https://www.sipri.org/news/2023/world-military-expenditure-reaches-new-record-high-european-spending-surges-0
–
‘https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-update-guides-to-target-ukrainian-govt/
‘https://www.bleepingcomputer.com/news/security/hackers-target-russian-govt-with-fake-windows-updates-pushing-rats/
meh • April 30, 2023 9:26 PM
@ResearcherZero
Thanks. Apparently it is the C-suite at BASF that should be targeted with sanctions. But they are probably protected by the German government.
Clive Robinson • May 1, 2023 12:05 AM
@
“Satellite security may not matter much for some satellites, e.g., CubeSats, but some other satellites are valuable targets and so security will matter for those; and then resources will go into better security for them to keep them valuable, as has already happened.”
Satellite security matters for all satellites that have function that requires any level of command and control. Thinking otherwise is a very dangerous tging to do.
The cost of even low earth orbit is over 10,000USD/kg and rising. However the size of payload and max orbital hight is increasing, but ~30,000,000 is what you would be looking for after the cost of the payload to get it up. It’s why some people are looking at systems to launch 5,000 or more CubeSats in one launch with potentially 10,000 CubeSats being possible.
As I said I’ve a prototype siting in my “work area” that could after moderate testing be launch ready. It’s current payload line up is a “Low Probability of Intercept”(LPI) multichannel transponder as well as StarFix optical system. The same payload less the StarFix is also good for attachment to low cost drone or balloon systems.
The smallest usefull Sat I’ve designed as a demonstrator is not much bigger than a large diameter rechargable coin cell. It has been tested to the point we know it can be launched from a flare launcher and drift down over a period of about half a minute, certainly long enough for it’s high bandwidth transponder to get quite a volume of data in both directions.
So the size of satellites is realy not important to function, but is to power systems and longevity.
Which brings us to,
“some low-tech low-cost attacks disable some high-tech high-priced targets; but that tends not to last long if the targets’ owners care about it and put resources into it, which is likelier for high-value targets.”
But what do they do when the rules prevent them from puting in resources?
As I noted earlier the “autonomous deorbit” rules are based on certain assumptions, like the length of time loss of “keep alive” or just “no valid commands” will cause the autonomus action to “kick in”.
Back in the 1980’s every one was talking about “brown out” or “watchdog” circuits.
Essentially they were a single IC like a CMOS 4060 wired up as a self oscillating resetable timer. If you did not reset it it kicked the CPU reset pin, so supposadly causing a restart of the code… That was the idea but it was quickly found to have a whole lot of problems, so became almost obsolete by the turn of the century, with some Microcontrolers having way more reliable Watchdog timer circuits built in. The primary issue that people bumped into was that to often they did not test their software correctly so the watchdog would either not get reset, or not reset correctly, thus fail to work as expected.
One big aspect of not working properly was with communications. We talk about asynchronous and asynchronous communications, but as a rule of thumb that only matters at the bit or byte level. At the high level all communications is asynchronous. That is you can not guarantee getting a data communications packet in any time frame.
This does not mean that the receiver in the satellite is at fault, but loss of communications generally does imply something is at fault somewhere. From the perspective of those making the rules this is a “loss of command and control” thus the satellite should be autonomously deorbited…
The question thus boils down to when should the autonomous system kick in?
From an operators perspective “never” as it’s a high value asset, from the space agencies perspective as shortly after an assumed fault as possible, with some talking 12hour or less.
A big problem is Space Weather can cause knock-outs that can last atleast a week, maybe more we just don’t know. Further terestrial weather can cause ground stations to be out of action routienly for a week or so. Unexpected hurricanes, lightning storms etc can cause grid outages for two or more weeks are not unknown with a couple of months not unknown (ask people in Auckland NZ, back in 98, the city was out for five weeks, and there have been similar since with Henderson). There is some evidence that some types of space weather can cause tetestrial weather to follow after a few days. But likewise you get one failure throws excessive load onto other circuits/systems and fault after fault happens, sometimes as a chain of failures other times as a growing cascade that increases rapidly (ask customers of PEG in California about their deliberate shut downs when the wind blows just a little). In a laughable series of events a solar observatory used for making predictions for space weather predictions for US grids, got shut down by a power cut for quite some period of time, because the prediction data became unavailable…
So LOS could be a month or more… But from an agencies perspective how much damage could be done in as little as a couple of hours without a Command and Control channel?
With Crypto based security the chances of LOS goes up significantly, irrespective of the size of the satellite, or length of time it can operate on batteries with only partial charging and the like.
The realy bad habit of people in managment waving issues away with the false optimism of “It will be alright on the night” or equivalent, is not sonething responsible engineers will willingly tolerate. But managment cut their pay checks and hire and fire in ludicrous ways and politicians just take a back hander from managment to look the other way… Which is why we have so many “Acts of God” that cost so much.
Clive Robinson • May 1, 2023 12:41 AM
@ no comments,
“Classic McEliece”
I’ve always liked McEliece crypto, but it was not popular with others, especially in the 1990’s and 2000’s…
The reasons,
1, The cipher text was larger than the plaintext[1]
2, The key size is enormous.
3, It was assumed for quite some time it could not do signitures.
However if you looked at an over all communications system that needs error correction to function McEliece could in some cases give less expansion than seperate error correction and encryption and was certainly quite a bit faster and more efficient than RSA.
However McEliece does not solve the “Route of trust” loss issues, it actually makes them worse due to overall key size. AES needs 128/256 bit, RSA is assumed to need atleast 8192 bits and McEliece well a thousand times that at 8 megabits…
[1] Finding info on McEliece was not easy untill well into this century due to this unpopularity. It was not untill it was generally realised McEliece could give QC proof PubKey that information on it became more available.
ResearcherZero • May 1, 2023 1:14 AM
@meh
There are penalties for evading sanctions.
“To those companies and individuals thinking of evading international sanctions…”
‘https://www.justice.gov/opa/pr/united-states-obtains-629-million-settlement-british-american-tobacco-resolve-illegal-sales
“We’re sorry.”
‘https://www.bat.com/group/sites/UK__9D9KCY.nsf/vwPagesWebLive/DOCR8FJZ#
the tobacco industry is deliberately producing misleading data on illicit tobacco trade
‘https://tobaccocontrol.bmj.com/content/28/3/334
“The black market in tobacco involves criminal gangs smuggling across borders, engaging in large-scale tax evasion and producing counterfeit cigarettes. With weak penalties for perpetrators, poor border controls, low arrest rates and tobacco taxes creating disparity between neighbouring countries, it’s a problem that’s set to grow.”
‘https://www.bat.com/theman
In War Zones…
“No customs. You basically pay your tax to the local militias on the airfield where you are landing.”
‘https://www.bbc.co.uk/news/world-58517339
British American Tobacco and cigarette smuggling in Asia
‘https://tobaccocontrol.bmj.com/content/13/suppl_2/ii104
lurker • May 1, 2023 1:57 AM
Supply chain curiosity: 70% of world production of Gum Arabic comes from Sudan. Exports have effectively ceased with the current conflict. Gum arabic is widely used in the confectionery and cosmetic industries.
ResearcherZero • May 1, 2023 2:09 AM
Most commercial airlines today are still flying over hazardous areas such as northern Iraq, large parts of Syria, southern Yemen, Somalia, northern Pakistan and parts of Afghanistan. Diverting routes around these regions may involve greater fuel costs—one reason the airlines are reluctant to do it—but greater security doesn’t come cheap.
“If you’re unsuspecting enough, and buy a SkyTeam codeshare ticket — you’ll actually overfly Syria on the Honey Badger airline of the region, Middle East Airlines.”
‘https://medium.com/@markzee/why-are-we-still-flying-airline-passengers-over-war-zones-6da43acdbe08
“Korean Air Lines Flight KE007 was on its way from New York to Seoul via Anchorage, Alaska, when it entered Soviet prohibited airspace due to a navigational mistake. The USSR forces mistook the unidentified 747-200 for a US spy plane and took it down with air-to-air missiles. All 246 passengers and 23 crew on board were killed.”
‘https://www.nytimes.com/1991/05/19/world/soviet-pilot-insists-downed-korean-jet-was-spy-plane.html
“In these conditions the USSR had to mount a propaganda counter-offensive.”
The Soviets lied until Yeltsin returned the real flight recorders…
‘http://www.jamesoberg.com/09012003commentarymikhailkal.html
MarkH • May 1, 2023 3:21 AM
All, re satellite control
As Clive observes, satellites are built in a vast range of sizes and capabilities. The risks are quite diverse, including
• loss of economic value of the satellite
• potential debris hazard (for satellites capable of maneuver)
• national security compromise
Satellites of major economic or security importance tend to be large with abundant electrical and processing power.
It seems to me that the listed difficulties of communication security should be eminently practical to overcome, with solutions varying according to the satellite type and application, though the limitations of tiny cubesats likely preclude doing much.
no comment • May 1, 2023 5:48 AM
Re: McEliece
Generally his books, papers, videos of talks are very insightful, instructive, inspiring.
Some notions that might be interesting to look at from the information theory point of view – undecidability, the infinite, Occam’s razor, etc. These are all situations where there is missing information but nevertheless where we want to say as much as is possible.
Dusapin • May 1, 2023 10:31 AM
Re. Satellite command uplink security
I have been involved in the specification and design of the TTC systems of some (big) satellites. None of them military but most of them would be considered ‘critical infrastructure’. Without exception, they all had their command uplink encrypted. Some of them can also encrypt telemetry, although this is rarely done. Of course this adds complexity, at all levels down to management procedures.
But compared to the complexity of some payload systems, this is not as significant as it seems.
The crypto subsystems usually have an hierarchy of keys, with built-in fallbacks for some and upload procedures for others.
Some sats (e.g. those of the Galileo system) additionally use spread-spectrum modulation on the command uplink to provide more resilience against DOS attacks.
Even without encryption, integrity of the command uplink is essential, so it will use a conservative link budget and extensive error correction and checking. Authenticated encryption just adds another layer.
Also most commands will not be executed on reception but stored for later use. They are only executed by a separate ‘activation’ command after the sat has confirmed correct reception, e.g. by sending back a cryptographic digest. The activation commands contain almost not data, so they can be highly redundant and very well protected.
Some sats have been lost [1] as a result of being sent the wrong commands. But I don’t know of any incident where uncorrected errors on the command uplink caused such an incident.
Cubesats may have their limits, but they don’t apply everywhere.
[1] and recovered as well, the most prominent case probably being SOHO. You can read all about that here: ‘https://soho.nascom.nasa.gov/about/Recovery/
Clive Robinson • May 1, 2023 11:40 AM
@ Dusapin,
SOHO was a quater of a century ago.
The thing it proved more than anything else was the redundacy of unnecessary hardware.
That is it was built with gyroscopes it did not need.
But it waa a large system and it’s command channels were not exactly secure even by 1980’s standards.
But I’m not sure you actually understand the issues of lost “Root of Trust” and built in vulnerabilities when you say,
“The crypto subsystems usually have an hierarchy of keys, with built-in fallbacks for some and upload procedures for others.”
…
MarkH • May 1, 2023 2:00 PM
@Dusapin:
Thanks for your comment, it’s most valuable to learn from those who have relevant experience.
@All:
For clarity of communication, I try to use standard terminology (when I know it!). Where Clive writes “Root of Trust” in this context, I infer this to mean what cryptographers call a “shared secret.”
For satellites with at least a few watts for uplink hardware, present technology enables a broad range of solutions.
Obviously, if a shared secret is lost, then control of the satellite can be lost also. What can be done to prevent that?
MarkH • May 1, 2023 2:09 PM
continued:
• manufacturers have decades of experience making radiation-hard memories rated at dozens (or hundreds) of kilorads
• there’s no difficult in keeping multiple copies — even hundreds! — of crypto keys; today’s memory chips have good capacity
• each time a key is retrieved, a modest algorithm can verify that redundant copies match, and correct any that are corrupted
• most satellites necessarily process error-correcting codes (Reed-Solomon or its successors); crypto keys can be stored in the same form, with ability to recover large numbers of corrupted bits or bytes
Integrity of crypto keys can be robustly maintained.
Clive Robinson • May 1, 2023 5:18 PM
@ MarkH, ALL,
Re : Post QC world orbiting.
”
• there’s no difficult in keeping multiple copies — even hundreds! — of crypto keys; today’s memory chips have good capacity• each time a key is retrieved, a modest algorithm can verify that redundant copies match, and correct any that are corrupted
“
You are talking the Pre-Quantum not Post-Quantum computing security world. Those putting satellites into service now and in the very near future need to consider the much increasing posability that the 25year mission life will cross over the “Quantum Computing Epoch” thus into potentially a world of hurt. Every bit as much as they now have to consider the issues of “staleness” with symmetric crypto “Key Material”(KeyMat).
Have a look at the Key sizes involved with “Post Quantumn Computing”(PQC) cryptographic algorithms and the sorts of microcontrollers that are being used in CubeSats (which are going up at a way faster rate than many consider traditional Satellites),
“Classic McEliece Implementation with Low Memory Footprint”
(Enterprise Resource Security)
‘https://m.youtube.com/watch?v=I1ZQ6DbpdKg
So the storage of such Roots of Trust are by no means trivial as you are looking at 8 megabits, not 128/256 bits.
Which brings us onto,
“Obviously, if a shared secret is lost, then control of the satellite can be lost also. What can be done to prevent that?”
First off it’s now considered “good if not best practice” to change symmetric keys on a fairly frequent baisis in part based on usage, as well as in part lifetime in use. So if an asymmetric key becomes “stale”, known to an attacker, or lost to an operator then you need to upload new symmetric keys. In a Post-Quantum world that currently needs a big matrix solutions.
With regards,
“Where Clive writes “Root of Trust” in this context, I infer this to mean what cryptographers call a “shared secret.””
There is a good reason why I do so, it’s named by it’s actuall function, not some spurious attributes a subset of it might have by tradition.
In traditional symetric cryptography the “shared secret” is an alphabet keyed in some way by information that reduces down to an integer or equivalent (KeyMat), that has to be known only by the communicating parties and is called a “key”. As such it is a concept that is giving way to various key negotiation mechanisms/protocols.
In asymmetric systems two or more secret integers are combined in various alledgedly “one way functions” with “backdoor algorithms”. One of which does not have to be a “secret” in any way and is in fact made “Public”. The other is secret and it does not have to be shared in any way…
So “shared secret” does not realy apply. Whilst “Root of Trust” is a more general term which you could claim “shared secret” is a subset of.
@ ALL,
For those that want to know more about the McEliece system which is based on “Error Correcting Codes”(ECC) Mary Wootters who is a fairly smart cookie[1] when it comes to ECC[2] has a nice video on McEliece crypto that will give you a good feel of how it works,
‘https://m.youtube.com/watch?v=fLwMvbfr76g
Her other videos are worth a watch as well.
If you want to dig deeper,
“PDF White Paper on McEliece with Binary Goppa Codes”
‘https://www.hyperelliptic.org/tanja/students/m_marcus/whitepaper.pdf
Gives a more indepth as well as practical “next step”.
Howrver a cautionary warning, it needs to be noted that whilst the McEliece system works for multiple coding systems. Currently some of those that don’t use Binary Goppa Codes tend to have security weakness. Even though they look like they should not,
‘https://inria.hal.science/hal-00870932/document
The reasons for this may well make one or more PhD thesis’ in the future now that PQC cryptography has sparked a more significant interest.
[1] Used in the English non gender usage, not any of the US various sexist / derogatory usages.
[2] Her PhD thesis is titled, “Any errors in this dissertation are probably fixable: topics in probability and error correcting codes”.
MarkH • May 1, 2023 6:53 PM
@Clive:
My attention is focused on large spacecraft with greater resources than cubesats. Their command/control uplink is not like the public internet. They’ve no need for public key cryptography.
PK signing algorithms (for example) have a public key which enables anyone to verify a signature. For uplink, only the spacecraft needs to be able to validate incoming messages … and NOBODY ELSE.
Only the spacecraft operator needs to be able to form messages the spacecraft will validate … and NOBODY ELSE.
Without a “public key” to analyze, Shor’s algorithm is useless.
ResearcherZero • May 2, 2023 12:06 AM
The CCP has developed a sophisticated, persistent capability to sustain coordinated networks of personas on social-media platforms to spread disinformation, wage public-opinion warfare and support its own diplomatic messaging, economic coercion and other levers of state power.
“Those actions include a range of state-sanctioned activities targeting foreign countries (sometimes individually or as a region) that seek to guide and interfere in their public discourse, to promote disinformation and to threaten and harass individuals and groups.”
“Those activities are typically conducted on social-media platforms, where they’re also referred to by industry and national security stakeholders as coordinated inauthentic behaviour, information operations, cognitive domain operations, information warfare or public opinion warfare.”
That capability is evolving and has expanded to push a wider range of narratives to a growing international audience with the Indo-Pacific a key target.
‘https://www.aspi.org.au/report/gaming-public-opinion
Police officers from China’s Ministry of Public Security (MPS) were charged with creating ‘thousands of fake online personas on social media sites, including Twitter, to target Chinese dissidents through online harassment and threats’ and for spreading ‘propaganda whose sole purpose is to sow divisions within the United States’.
‘https://www.justice.gov/opa/pr/40-officers-china-s-national-police-charged-transnational-repression-schemes-targeting-us
Markc • May 2, 2023 2:30 AM
@Clive
Re: Sat crypto
You might consider encryption using CFB mode. It’s light weight and self-correcting especially with single bit feedback, it can even recover from phase errors (bit shift).
Clive Robinson • May 2, 2023 3:00 AM
@ MarkH,
Re : Questions in order.
You asked the primary question,
“Obviously, if a shared secret is lost, then control of the satellite can be lost also. What can be done to prevent that?”
It’s a question that has to be answered to satisfy the issue of prevention of erroneous operation of the autonomous deorbiting requirment being pushed into all new spacecraft designs.
So your view of,
“Their command/control uplink is not like the public internet. They’ve no need for public key cryptography.”
Is incorrect in this respect, as the problem is the same for both,
“Establish a trust mechanism without a face to face ‘physical’ meeting to exchange the ‘root of trust’ / ‘shared secret’ or obviate the need for such”.
But also your,
“My attention is focused on large spacecraft with greater resources than cubesats.”
Can be seen as irrelevant in this context as again the problem is the same.
Further in the case of Satellites from the smallest that can communicate to the largest that are semi-autonomous entities the issue of symmetric keys and third parties exists as they all require an executive function command and control channel.
Clive Robinson • May 2, 2023 3:33 AM
@ Markc,
Re : Cipher Feedback mode.
“You might consider encryption using CFB mode. It’s light weight and self-correcting especially with single bit feedback, it can even recover from phase errors (bit shift).”
It is something that I’ve looked at in the past “as part of the solution”. That is it can be used like a “matched filter” sychronizer in Spread Spectrum and other “Low Probability of Intercept”(LPI) systems.
However it has two problems,
1, It does not protect against tampering.
2, It still requires a root of trust.
The first indicates why it’s only “as part of the solution”[1] as it requires further processing via some form of detecting / “correcting codes”.
And the requirment for a fragile “root of trust” still persists.
The solution I suspect will have to involve the use of matched filters and error correcting codes and the equivalent of ‘building a reputation”.
[1] From Wikipedia,
“The block cipher modes ECB, CBC, OFB, CFB, CTR, and XTS provide confidentiality, but they do not protect against accidental modification or malicious tampering. Modification or tampering can be detected with a separate message authentication code such as CBC-MAC, or a digital signature.”
Dusapin • May 2, 2023 4:45 AM
@Clive Robinson
… it’s command channels were not exactly secure even by 1980’s standards.
I just mentioned it as one of the most fascinating recovery operations. And anyway what happend with SOHO was not the result of malicious hacking.
But I’m not sure you actually understand the issues of lost “Root of Trust”
Well, you can’t reduce the full rationale and risk analysis as presented in a few thousand pages of design documents to a few lines posted in a blog, or can you ? Whatever is discussed here will always be a gross simplification of reality, with all the dangers that entails.
What I can tell you is that the biggest risks are usually not of a technical nature but are related to how secrets are managed on the ground, and how this can be aligned with operational requirements.
No real systems will ever be perfect in the sense that you can prove they will never fail. That applies to a ‘root of trust’ in whatever form as well.
Jumping from that to suggesting that all existing system are fatally flawed because their designers failed to ‘understand the issues’ is rather cheap rhetoric.
MarkH • May 2, 2023 5:11 AM
@Clive:
From my reading, “operators in low-Earth orbit” will be required “to dispose of their satellites within 5 years of completing their missions.”
This applies only to U.S. operators.
ESA is planning to make its own rule “in a couple of years.”
In either case, the spacecraft operator is responsible for deorbit, and nobody else.
There is nothing about this that requires the control channel to be accessible to any party other than the spacecraft operator.
Further, eligible spacecraft could be designed to autonomously deorbit as a “backstop” in case control access is lost.
Clive Robinson • May 2, 2023 8:17 AM
@ MarkH,
“From my reading…”
If it was a Wired article[1] you did not read it very well it’s the US FCC making a point “because they can” rather than for other more important reasons (like their failures to act).
But importantly I gave you the information regarding the UN agency which formulated and has updated what is called the “25 year rule” in my posting above dated
April 30, 2023 at 5:25 PM,
So you should not have had trouble finding it…
In it I carefully laid out what I was talking about, with nearly everything you have said outside that by even your own admission.
As for the US and ESA rules, they are actually contractual rules to be met for a launch, from their facilities (of which there are very many rules[2], including one about image resolution that is less than from consumer equipment available in high street shops).
Those rules are rather different to UNCOPUOS and IADC rules which all UN member nations are supposed to respect. Further the last time I checked over half the UN member nations are party by signiture to the constitution of international space law. Which was the 1967 Outer Space Treaty, that contains environmental cleanlyness requirments amongst other things.
The fact that the US and ESA have lost their effective governmental control of space in the “Old Space” way is why as I mentioned the fact that US Gov agencies were very upset when India “thumbed the nose” at them and showed that not just “New Space” was the game, so was “disrespecting the elders”. Because it made both the US and EU realise their cosy little monopoly thus ability to make arbitary rules at their whim for civilian and commercial launches and thus missions was over[2]. In part it’s why we have the “new space” and “old space” tags where “new space” represents the rapidly growing civilian and commercial sector and utilisation of space.
It would appear the US has atleast moved forward with the current adminstration via VP Harris saying no more ASATs.
However the issue of deorbiting is fairly fraught, as it increases quite a number of risks. Along with the fact it actually comes under the broad “traffic managment” issues from launch onwards which also involves other agencies such as the “International Civil Aviation Organisation”(ICAO). This spread of responsabilities is growing at an ever increasing pace and will become more than somewhat interesting as commercial operators move out of Near Earth Space. After all how do you deal with “mining rights” issues where ownership is not alowed (there was an indirect refrence to this in the film “The Martian” where they talk about “Mark Watney Space Pirate”.
As for,
“In either case, the spacecraft operator is responsible for deorbit, and nobody else.”
Actually, no. A US Court has already made it clear it believes it had the right to decide if satelites should be deorbited and when over two decades ago.
[1] The Wired article,
‘https://www.wired.com/story/the-fccs-rules-on-space-junk-just-got-stricter/
Points out,
“The FCC’s rule applies mainly to US companies, or at least to anyone who wants to launch a satellite that needs a license from the agency to use a slice of the electromagnetic spectrum for communication. The rule doesn’t have the force of law, and it doesn’t yet have backing from NASA or Congress.”
NASA commented that the rule would have near negligable effect on space junk for the next two centuries at least…
That said the alocation for frequency spectrum actually falls under the UN ITU and for many political reasons they “dropped the ball” a long time ago. Look up ITU Regions and why using certain Mobile Phones in France was technically illegal. As for the FCC many think they don’t have eyes to see a ball, or working hands to even fumble it with.
[2] For those that have worked in the industry for a while it is well know that you should follow “U.S. satellite regulations” before you even start the project. You can find online several primers on US requirments on,
1.1, Ownership limitations.
1.2, Traffic / orbit.
1.3, Propulsion system types.
1.4, Link/control command encryption.
1.5, Link freqencies.
1.6, Resolution of imaging optics.
1.7, The use of lasers even tri-corner reflectors.
To get around 1.5 a number of owner / operators have used Amateur Radio allocations on spurious grounds. Which has caused considerable complaint and failure by agencies Which is in part reason for the FCC doing a nodding dog impersonation.
[3] The UN held a “working group meeting” on “Reducing Space Threats” and it did bot go that well. Konstantin Vorontsov of the Russian delegation gave notice that in effect Russian considered commercial satellites “open season” in the near future when he said,
“The use by the United States and its allies of the elements of civilian, including commercial, infrastructure in outer space for military purposes… It seems like our colleagues do not realize that such actions in fact constitute indirect involvement in military conflicts. Quasi-civilian infrastructure may become a legitimate target for retaliation.”
As history shows, Russia will shoot down any commercial flights they please and then claim they were being used for “spying”… So we can assume the same rules apply for satellites.
Nick Levinson • May 2, 2023 9:14 AM
@Clive Robinson:
Yes, all satellites need some security, but some need more than others do, and therefore some need less than others do. Even a satellite whose function is only to bounce unamplified a signal coming from and to Earth has the security that consists of having nothing to alter in the ability to bounce other than being hit by something other than a signal and for that there might be redundancy or lower criticality to Earth with its role of bouncing.
On rules preventing the putting in of resources, what to do about them will have much to do with what the rules are and why the rules were put into place. I’m not disputing the specific cases you describe. In general, however, what you’re talking about are either challenges in designing or implementing consistently with security goals, and certainly many challenges can be difficult to overcome or even to identify before an attacker has implemented such an attack, or exceptions to high-value targets meeting security goals, like nuclear-warheaded ICBMs being untested because no one wants the costs, political, economic, and other, of a test failure, like of a missile going 50 feet up, tipping over, and exploding in, say, Kansas (a version of that risk was described by Henry Kissinger in his book Diplomacy). One story (in the disputed book Red Star Rogue) about a Soviet nuclear-warheaded submarine missile was that it blew up after being intentionally launched but before completely leaving the sub. But these, the failures to secure and rules restricting resources, aren’t enough to end the overall trend: in the larger scheme of things, societies tend to protect their high-value targets from being entirely disabled and rendered useless.
The ongoing disputes between engineers (and other people) and their supervisors about how much to do is often based on costs. Sure, some costs are cut too much from above. But, on the other hand, some costs are pushed too high from below. I encounter this in health care, where, as a patient, I develop a low-cost method with efficacy equivalent to that from doctors (and I tell appropriate people about my solution so it can be shared). The dispute over costs is secondarily a dispute over where else money should go,and it’s inadequate to argue that the money is just going to profit if the same argument is that therefore the money shouldn’t go there.
A court having the authority to order the deorbiting of a satellite would apply to a party that can cause the deorbiting only (in general) if the court and the party, including a private party, are of the same nation. No nation, including its courts, has worldwide jurisdiction over all nations (you can imagine the chaos that would result otherwise).
By the norms of international law, if a nation intentionally destroys another nation’s commercial flight without good justification and perhaps even with good justification, that can be an act of war, and that can lead to war being waged in response.
Wikipedia, like, in general, user-generated user-edited content absent prior moderation, is not a reliable source, and that’s according to Wikipedia. Generally, its sources are, so Wikipedia should be read as a gateway to its sources.
Petre Peter • May 2, 2023 1:01 PM
Web forms and wizards do not give you a copy of what you wrote. With email you retain a copy of what you wrote but the problem with email is that we still cannot secure it.
MarkH • May 2, 2023 2:26 PM
@Clive:
Maybe we have different understandings of the word “responsible.” Yes, states and international organizations promulgate guidelines or rules for deorbit.
The spacecraft operators are the ones who are encouraged or required to execute deorbit.
And nobody else. I find nothing in UN or IADC documents stating or suggesting otherwise.
In the un-cited US court case, I’ll bet you £1,000 that the ruling was more along the lines of “you must deorbit when ordered to” than “you must place a pushbutton on the judge’s bench so we can deorbit without your participation.”
MarkH • May 2, 2023 5:04 PM
Observations on Security of Remote Spacecraft Control
[0] My scope is security of the command and control (CC) channel intended for control of spacecraft from Earth stations.
[1] Because remotely controlled spacecraft have an enormous range of values, purposes, and capabilities, no one security regime would be appropriate for all.
One way to define security engineering is the tailoring of security techniques to the application, taking account of plausible threats and the value to be protected.
[2] In the typical case, the channel is one-to-one: there is only one entity authorized to originate CC messages, which are intended to control one individual spacecraft.
MarkH • May 2, 2023 5:17 PM
Observations on Security of Remote Spacecraft Control, 2
[3] The fundamental cases for PK crypto are (a) enabling anyone to send a confidential message with only one receiver can decrypt; and (b) enabling one entity to sign arbitrary files, such that anyone can verify the signature.
For a one-to-one channel, neither case applies, so such PK crypto has no application to channel security.
[4] Additionally, key agreement schemes are available to establish session keys. A CC channel can be designed and operated so that key staleness is not relevant, so session keys are not needed.
MarkH • May 2, 2023 5:28 PM
Observations on Security of Remote Spacecraft Control, 3
[5] Accordingly, hypothetical vulnerability of PK and key agreement algorithms need not affect CC channel security.
[6] As I explained above (timestamp May 1, 2023 2:09 PM), spacecraft can robustly store considerable volumes of key material, sufficient for numerous block cipher keys.
[7] Block cipher keys can be pre-loaded in the spacecraft prior to launch. A CC channel can be secured using only those pre-loaded keys, so no procedure for loading or creating new keys is necessary.
MarkH • May 2, 2023 5:37 PM
Observations on Security of Remote Spacecraft Control, 4
[8] To my understanding, the primary concern about session key staleness is that the longer a key is used, the greater the risk that an attacker can recover a large amount of data by snooping the key from either end of the session.
For a CC channel, the spacecraft can be designed not to disclose or leak key bits, and well-established precautions in the ground control system can likewise protect the Earthly copy.
For extreme precaution, the spacecraft could sequence its stored keys according to an established timetable.
MarkH • May 2, 2023 5:46 PM
Observations on Security of Remote Spacecraft Control, 5
[8] The CC channel is a most benign application for block ciphers. With reasonable precautions, attackers don’t have any known plaintexts, and can’t benefit from chosen plaintexts. Volumes of legitimate channel data are very low.
The system can be kept many, many orders of magnitude away from the conditions needed for cryptanalysis even at greatly reduced rounds.
The channel could use a very strong cipher like TwoFish or Serpent (at their 256-bit levels), which are not expected to yield even when imagined quantum computers are available.
For extreme precaution, double encryption etc. could also be applied.
MarkH • May 2, 2023 11:38 PM
Though I haven’t followed these stories, I know there have been some topics on schneier.com about police extracting messages from specialized (and costly) “secure” messaging networks beloved of organized crime.
Readers may recall an especially droll case in which the “crook phone” system was actually created by police.
This long article:
https://www.newyorker.com/magazine/2023/04/24/crooks-mistaken-bet-on-encrypted-phones
summarizes the exploits, but is mostly devoted to what law enforcement learned from intercepted traffic. A memorable example: the police who sent “selfies” of their torture of suspects.
lurker • May 3, 2023 12:51 AM
@MarkH
“[2] In the typical case, the channel is one-to-one: there is only one entity authorized to originate …”
Errm, in the typical case the physical layer of the channel is broadcast, which is why we need to consider security of the upper layers.
“Authorization to originate” is based on possession of keymat. We hear quite publicly of the exfiltration of PII and commercial secrets from “secure” servers. An exfiltrator of satelite CC keymat might not want us to hear of that, and just because we haven’t heard doesn’t mean it isn’t happening.
MarkH • May 3, 2023 1:41 AM
@lurker:
To my knowledge, computational information security (as distinct from “quantum crypto”) always requires that secrets (keymat) be both
• guarded from exfiltration, and
• retained for some period, up to decades depending on the application
I just don’t know any way around that. Entities either adequately secure their secrets, or they don’t.
There appear to be a lot of secrets that are well guarded, and abundant public information on how to do so. It can consume a lot of attention and cost lots of money.
If the spacecraft is important enough, the investments can be made.
MarkH • May 3, 2023 1:52 AM
@lurker, continued:
Examples of high-value secrets include PIN codes for banking, root keys for TLS, identities of foreign agents for national intelligence organizations, and nuclear authorization codes.
There’s been quite a lot of discussion here about safeguarding against highly resourced attackers. See especially Clive on the subject of “energy gapping.”
Ross Anderson’s book “Security Engineering” offers a good introduction to some of the methods for protection of high-value secrets.
Lots of PII and financial stuff is stolen from commercial-standard computers connected to the public internet … security folks don’t put high-value secrets in such places!
ResearcherZero • May 3, 2023 3:16 AM
“This is bigger than any one profession. It will affect everyone.”
‘https://www.wired.com/story/comedian-kunal-kamra-india-censorship-law/
“The unprecedented ability to tamper with content is being used to undermine those who embody quality journalism and weaken journalism itself.”
‘https://rsf.org/en/2023-world-press-freedom-index-journalism-threatened-fake-content-industry-0
India rank slides to 161, 11 spots behind Afghanistan
‘https://rsf.org/en/index
–
The terrain has been favourable for an increase in propaganda by Russia (164th), which has fallen another nine places in the 2023 Index.
Prigozhin is believed to have been at the forefront of Russia’s disinformation apparatus since at least 2013.
‘https://www.justice.gov/file/1035477/download
“We have interfered, are interfering and will continue to interfere. Carefully, precisely, surgically and in our own way.”
‘https://vk.com/concordgroup_official?w=wall-177427428_1404
“Prigozhin likely will further entrench his network in multiple countries,” one of the intelligence documents concludes, “undermining each country’s ability to sever ties with his services and exposing neighboring states to his destabilizing activities.”
‘https://www.washingtonpost.com/world/2023/04/23/wagner-russia-africa-leaked-documents/
Concord has demonstrated its intent to reap the benefits of the Court’s jurisdiction while positioning itself to evade any real obligations or responsibility.
‘https://www.scribd.com/document/451961479/USA-v-Concord-Motion-to-Dismiss
“It is very, very eerie to see how closely that movie’s narrative tracks with the story being pushed by the Russian state right now.”
The propaganda effort has coincided with the Kremlin’s recent crackdown on Russia’s independent news media.
‘https://www.buzzfeednews.com/article/deansterlingjones/russia-yevgeny-prigozhin-ukraine-trump-giuliani-films
The FSB, GRU, and SVR operate a network of websites that obscure their Russian origin to appeal to Western audiences.
SouthFront, NewsFront, Strategic Culture Foundation (SCF), InfoRos
‘https://home.treasury.gov/news/press-releases/jy0126
–
Alexander Malkevich, whose employees were detained in Libya, is part of Moscow’s efforts to create a “concert of chaos” around the globe.
‘https://www.nbcnews.com/news/us-news/man-running-russia-s-newest-propaganda-effort-u-s-or-n883736
‘https://rsf.org/sites/default/files/medias/file/2023/04/The%20Malkevitch%20Propaganda%20Machine_EN.pdf
ResearcherZero • May 3, 2023 4:02 AM
Russia’s penal system has not been reformed since the late-Stalinist period and is essentially managed by the FSB.
Lefortovo prison was built as a military penitentiary in eastern Moscow by Czarist authorities in 1881.
‘https://www.washingtonpost.com/world/2023/04/06/lefortovo-gershkovich-russia/
Not since the Cold War, the Kremlin noted, has an American journalist been charged with espionage in the former Soviet Union.
‘https://theconversation.com/russias-legal-interpretation-of-espionage-has-broadened-since-the-soviet-era-as-the-case-of-evan-gershkovich-shows-204083
Novikova herself pleaded with the court to send her to prison rather than the alternative: a fine of at least 700,000 rubles ($8,700) that the law allowed. She said she didn’t have the money to pay a fine of that size. The court in Seversk, Novikova’s hometown, imposed a fine of 1 million rubles (over $12,400)
‘https://abcnews.go.com/International/wireStory/russian-court-fines-war-critic-asked-prison-98957730
Now lame in his right leg, Pelin says he has filed a legal complaint against IK-2 over the prison’s alleged failure to provide him with medical treatment.
“The only advantage there was that you could lie down,” he added.
‘https://www.reuters.com/investigates/special-report/russia-politics-navalny-gulag/
ResearcherZero • May 3, 2023 4:10 AM
“How do we avoid polluting 21st century democracy with prejudice, misinformation and bias?”
‘https://siliconangle.com/2023/05/01/bruce-schneiers-plan-reinvent-democracy/
Experts are concerned that people will rely on these systems for medical advice, emotional support and the raw information they use to make decisions.
Experts are also worried that people will misuse these systems to spread disinformation. Because they can converse in humanlike ways, they can be surprisingly persuasive.
‘https://www.nytimes.com/2023/05/01/technology/ai-problems-danger-chatgpt.html
Populist rhetoric transforms the facts of social issues into divisive metaphors and symbols.
“Stories shape our feelings toward others and ourselves, toward what is right and wrong, and populist security narratives grip voters through their deep-seated emotional appeal. Populists use fantasies of humiliation to mobilize their voters, appealing to emotions of anger and resentment in society to overturn the political status quo.”
Populist appeals to victimhood are used to assign blame with elites in politics, businesses, and media for a sense of loss and marginalization, for national decline from past imagined glories, and to foster political conflict. It erupts when people feel disconnected and disrespected.
‘https://academic.oup.com/isagsq/article/1/1/ksab002/6185295
“The health and state of political parties, the health and state of professional news organizations, all those play a role. It’s not just about the psychology of either the leader or individual citizens.”
“We certainly do need to strengthen institutions, but not just the obvious textbook institutions of democracy. We also need to strengthen those which, I think it’s fair to say, ever since the nineteenth century, proved to be indispensable to actually make representative democracy as we know it work.”
“So political parties and professional news organizations. It’s conventional wisdom that especially the latter are in crisis and that there are big transformations happening and that this somehow might have something to do with broader political pathologies, but too rarely do we actually think about how these institutions might have to look different, what standards they should fulfill to play a positive role in democracy as a whole.”
‘https://www.newyorker.com/news/q-and-a/redefining-populism
Clive Robinson • May 3, 2023 5:02 AM
@ MarkH, lurker,
Re : 20,000ft views miss detail.
“[2] In the typical case, the channel is one-to-one: there is only one entity authorized to originate CC messages, which are intended to control one individual spacecraft.”
Actually it’s not one-to-one in most practical cases.
The Earth as far as the satellite is concerned is a circle. Which means for “full time command and control” the effective coverage angle for link control needs to be aproximately 120degres or a minimum of three ground stations around that circle (due to geography that may need to be four or more).
With various “safety people” getting in the game, it effectively means that symmetric encryption KeyMat for AuthN of C&C needs to be shared with every ground station as a “back-stop” to increasing terrestrial communications failures.
I’m not going to go further into this for reasons that should be apparant, but that devolved communications model has been around for about the same length of time as maned space flight of longer that three or four terestrial orbits has been.
Dusapin • May 3, 2023 6:43 AM
@MarkH
Re. Observations on Security of Remote Spacecraft Control
[2] : Usually at least two entities or involved:
A. Station keeping, power and thermal management, …
B. Dynamic configuration of the payload (telecom or scientific).
These will be kept well separated.
[7] : See below.
[8] : The main concern here is replay attacks, but there are standard ways to protect against these. Also modern block ciphers (when used correctly) can handle large amounts of data without leaking key bits.
In the end this is a classic game of positive vs. negative control.
The following is just a simple example of how things could be organised.
Real system can be considerably more complex.
X. Keys for routine operations [A] and [B] as above. These are loaded into the equipment used and can be replaced and uploaded. Session keys are derived from these.
Y. Separate keys required and used only for uploading new keys [X]. The [Y] keys are never transmitted on the channel, but the satellite has a number of them built-in. Only the current one is available routinely to anyone in the ground segment and using it requires special procedures, e.g. inserting an additional harware module which is otherwise stored securely.
Z. A procedure to obtain the next [Y] and a key needed to activate it on the satellite. The procedure will require several entities to cooperate, and is used only when there is reason to assume that the current [Y] is compromised. Activating a new [Y] on the satellite can’t be disabled, and doing so also invalidates all current [X] keys. This is the ‘ultima ratio’ allowing to regain control when everything else is compromised.
iAPX • May 3, 2023 8:24 AM
I have to post this.
I criticized a subject about security, with an “expert” dubbing Tor as secure.
Then someone presenting itself as “IT expert”, a young security “expert”, using authoritative argument, explained that Tor + Proxychain is safe.
And I was dumbfounded!
There are the new “experts” in the field, with beliefs that are contradictory to long-time experience, contradictory to US Agencies being able to trace and arrest Dark Web operators when they chose it.
And the importance of meta-information on a TCP flow, Proxies hides input from output (and vice-versa) but they have a hard time to hide meta-information, that are present or you could inject in a TCP flow, such as delays (if OSI 4+).
Delays, Rythme…
Winter • May 3, 2023 9:15 AM
@iAPX
I criticized a subject about security, with an “expert” dubbing Tor as secure.
What is your definition of “secure”? It seems to me this is a straw man argument as 100% security nor anonymity are not obtainable for living people. Tor helps in some cases, not so in others. Where it helps, there are few alternatives for non experts. Where it does not help, it is for people that already know they thread on dangerous grounds.
Even a cursory glance at your favorite search engine will tell you that Tor is not infallible by far. Wikipedia comes with a lot of caveats about the anonymity:
‘https://en.wikipedia.org/wiki/Tor_(network)
Like all current low-latency anonymity networks, Tor cannot and does not attempt to protect against monitoring of traffic at the boundaries of the Tor network (i.e., the traffic entering and exiting the network). While Tor does provide protection against traffic analysis, it cannot prevent traffic confirmation (also called end-to-end correlation).[70][71]
A 2009 study[by whom?] revealed that Tor and the alternative network system JonDonym (Java Anon Proxy, JAP) are considered more resilient to website fingerprinting techniques than other tunneling protocols.[72]
The reason for this is that conventional single-hop VPN protocols do not need to reconstruct packet data nearly as much as a multi-hop service like Tor or JonDonym. Website fingerprinting yielded greater than 90% accuracy for identifying HTTP packets on conventional VPN protocols versus Tor which yielded only 2.96% accuracy. However, some protocols like OpenSSH and OpenVPN required a large amount of data before HTTP packets were identified.[73]
Researchers from the University of Michigan developed a network scanner allowing identification of 86% of live Tor “bridges” with a single scan.
JonKnowsNothing • May 3, 2023 9:30 AM
@Winter, @iAPX, All
re: Secure v Safe
TOR is neither Secure nor Safe.
If you are using TOR to provide plausible anonymity, which one might suppose would be due to fear of retaliation by authorities or businesses, you are AT RISK 100%.
You are AT RISK 100% because any failure, is a fatal failure. It doesn’t matter where the failure occurs, there are plenty of places in the chain where is can fail.
TOR gets promoted because of the perception is is Secure and Safe. It is not.
It is disingenuous to propose otherwise.
Winter • May 3, 2023 10:16 AM
@JonKnowsNothing
TOR is neither Secure nor Safe.
Neither is your door lock, nor your safe, nor your bank. That is hardly a reason not to lock your door, safe, or bring your money to your bank.
I do not think “specialists” who claim everything is insecure (except paper and pencil OTP) do make anyone more secure. If you do dangerous stuff, the point is knowing the risks of what you do, not avoiding all risks and do nothing. Doing nothing can be just as dangerous.
TOR has saved people. If Edward Snowden advises to use Signal and TOR [1], I take this seriously. If anyone, Snowden has real field experience and insight.
[1] ‘https://www.privacyjournal.net/edward-snowden-nsa-prism/
MarkH • May 3, 2023 10:23 AM
@Clive:
I suspect that many satellites that “move” (geostationary is a different case!) can be adequately controlled once per orbit.
Where a network of ground stations is needed, how often does it happen now that internet packets can’t reach one country or another?
If necessary, control can be duplicated, but if terrestrial communication has failed, how do they coordinate in a crisis?
MarkH • May 3, 2023 10:27 AM
continued:
U.S. manned missions have always been controlled from Houston TX, though in the earliest days they had astronauts at remote ground stations “just in case.” They didn’t have the 21st century telecomm network.
Even with multiple ground stations, they could only reach low-orbit astronauts for a few minutes at a time; life got very much easier when they started using satellites for radio relay.
If it’s necessary to duplicate the control setup, this can be done with good security. For example, if message encryption is done in a Hardware Security Module, clones (with appropriate physical safeguards) can be stationed where needed.
MarkH • May 3, 2023 10:31 AM
@Dusapin,
Again, your voice of experience is much appreciated!
Though I didn’t mention this above, I assume that sequence numbering or time stamps would be used to frustrate replay attacks. Probably those techniques have been in use longer than I’ve been around … and I’m an old man.
Clive Robinson • May 3, 2023 10:34 AM
@ iAPX, JonKnowsNothing, Winter, ALL,
Re : Tor is not what it claims, not even close.
“I criticized a subject about security, with an “expert” dubbing Tor as secure.”
Anyone who thinks Tor is giving them security of any real use is “wrong”, sometimes “dead wrong”.
Our host @Bruce once used an analogy of a young girls diary with a lockable clasp on it. It might keep her little brother out[1] but nobody else. Well that’s kind of a reasonable description of Tor.
“Tor might keep the script kiddy next door out, but if even the FBI can succeed at exploiting it’s weaknesses and they have, how secure is it against say a SigInt agency?”
Over the years I’ve listed many failings of Tor on this site and got a lot of kick back from Fan Buois who probably new more than your,
“young security ‘expert'”
Who was apparently anything but…
I’ve even described how to fix some of Tor’s many failings, and still got kick back…
Over the years the failings became more widely known and the kickback less.
But one thing that will never ever go away with Tor in the current way it works is you are painting a big red target on your back by using it.
So as @JonKnowsNothing indicates,
“TOR gets promoted because of the perception is is Secure and Safe. It is not.”
It’s traffic is obvious and almost all of it will have been hoovered up by “collect it all” and put in storage untill they need to break it in any of a number of interesting ways that probably do not need the cryptography side of things to be broken.
Which brings us to @Winters point,
“Tor helps in some cases, not so in others. Where it helps, there are few alternatives for non experts. Where it does not help, it is for people that already know they thread on dangerous grounds.”
What @Winter does not mention is the huge asymmetry between “helps in some cases, not so in others”. It’s actuall level of “helps” is just a tiny tiny fraction compared to the “not so”.
Even after a decade of knowing what needs to be fixed and they realy are not difficult fixes, they’ve largely not happened so a valid question to ask the developers is,
“Why not?”
The answer to which appears to be something along the lines off,
“The users want low latency for their naughty video watching.”
And that just about covers it…
[1] Sadly not all little brothers… Even though my big sister did not keep a diary she did have a lockable jewel box. As I’ve mentioned I knew how to pick those sorts of locks by the time I was eight… So moving her jewlery around in the box was a way of reminding her I was not happy with her behaviours towards me. Our parents did not believe her stories untill a couple of years later when they actually saw me pick a car door lock after the keys got locked inside by mistake in the middle of nowhere, lets just say it was a “stony silence” day proving to a young lad that “No good deed gos unpunished”… The reason they did not suspect before that is all I was interested in was picking the lock and then locking it again, so most of the time I never touched anything behind the door, let alone move it about etc.
Winter • May 3, 2023 10:57 AM
@Clive
What @Winter does not mention is the huge asymmetry between “helps in some cases, not so in others”. It’s actuall level of “helps” is just a tiny tiny fraction compared to the “not so”.
What the FBI et al. break is the .Onion services. They do this the classical way, by logging into the services as clients and then escalating and break in to the servers. When they succeeded, they use their access to the server to get the location and hover up the user data. They also might add code to the web sites to de-anonymize the users of the website.
Is this “breaking TOR”? That is debatable.
What is clear is that identifying and breaking onion servers is a huge undertaking that requires international cooperation on a grande scale. If that is your threat model, yes, you should take additional precautions.
But that is only a few % of the traffic.
‘https://theconversation.com/how-tors-privacy-was-momentarily-broken-and-the-questions-it-raises-52048
But looking back at a “real” case posted by @Bruce, the discussion shows that it was more like the person was already under heavy surveillance. In case they already bugged everything you use, TOR won’t help you.
‘https://www.schneier.com/blog/archives/2023/01/the-fbi-identified-a-tor-user.html
Dusapin • May 3, 2023 3:36 PM
With various “safety people” getting in the game, it effectively means that symmetric encryption KeyMat for AuthN of C&C needs to be shared with every ground station as a “back-stop” to increasing terrestrial communications failures.
Originating commands at a ground station would be very exceptional. Almost all of them are in fact remotely controlled and whatever technical staff they have is there mainly for maintenance and supervision. Most of them are also shared between national space agencies and used for many missions.
Encryption for the command uplink is done at the mission control center, not at ground stations. Data and orbit parameters are sent to the ground station well ahead of the scheduled transmission time, so a failed terrestial link at that time is not an issue.
Dusapin • May 3, 2023 5:58 PM
@MarkH
If it’s necessary to duplicate the control setup, this can be done with good security. For example, if message encryption is done in a Hardware Security Module, clones (with appropriate physical safeguards) can be stationed where needed.
Some other things to consider:
- For many missions there will be a backup mission control. To operate this much more than just the encryption keys is required – operational data, very specific software, and mission specialists.
- Depending on the type of orbit, many satellites will be visible at any particular ground station for only a short time. Which means there is no advantage at all in placing mission control facilities at such places.
- Many ground stations are at remote locations, often literally ‘in the middle of nowhere’, e.g. ESA’s Kiruna station. Physical security at such places is an issue.
- Ground stations are themselves networked by satellite links.
MarkH • May 3, 2023 5:58 PM
Although the potential for emergency or crisis intervention in spacecraft control might seem beneficial, my understanding is that commands to spacecraft — especially commands able to alter their trajectory — are usually made with extreme care and deliberation, due to the risk of losing the spacecraft, or creating a hazard to other spacecraft (or even persons on the ground).
So, “rapid reaction” capability doesn’t seem appropriate.
Further, for a typical spacecraft, there is one and only one organization that has the knowledge base to safely maneuver it.
Other folks coming in and “grabbing the steering wheel” would be somewhere between nearly infeasible and “Russian roulette.”
SpaceLifeForm • May 3, 2023 5:59 PM
Re: Satellite KeyMat Radiation Hardening
Remember Core Memory?
You lose your Private Key, you lose.
SpaceLifeForm • May 3, 2023 6:08 PM
Re: Twitter implosion
It’s not just NPR anymore.
‘https://www.techdirt.com/2023/05/03/goodbye-twitter-techdirt-will-soon-end-our-automated-posting/
MarkH • May 3, 2023 8:20 PM
PS
From IADC space debris mitigation guidance, on the topic of LEO deorbit:
The probability of success of the disposal should be at least 90%. For specific operations such as large constellations … a higher probability of success may be necessary.
Those familiar with space operations are highly aware of failure rates. Deorbit with high probability will gradually improve low-orbit safety … it doesn’t need to be perfect, nor is 100% a plausible standard.
ResearcherZero • May 3, 2023 10:11 PM
“Adani proposed coal ventures to sanctioned Myanmar military despite public vow to cut ties, leaked documents show”
‘https://www.abc.net.au/news/2023-05-04/adani-coal-projects-myanmar-military-junta-leaked-documents/102291036
“In late February, as questions mounted and Adani Group’s share prices plunged, Vinod stepped down as director of three companies connected to the family’s coal mine in Australia, on which it has staked billions of dollars. Adani Group representative said Vinod, aside from being a shareholder of certain entities, had no management role in the development of the Carmichael mine or its related infrastructure.”
‘https://www.smh.com.au/business/companies/adani-s-billionaire-brother-starts-to-retreat-as-scrutiny-builds-20230426-p5d3e6.html
“Time and again, the paper trail leads back to Vinod Adani.”
The three entities allegedly entered into several investment transactions with unlisted units of the ports-to-power conglomerate founded by billionaire Gautam Adani over the last 13 years, said the sources with direct knowledge of the matter.
‘https://www.reuters.com/world/india/india-regulator-probing-some-adani-offshore-deals-possible-rule-violations-2023-04-01/
India’s top court set up a six-member panel to probe allegations against the Adani Group, after a bombshell report from an American short seller wiped out more than $140 billion off the conglomerate’s market value. Vinod Adani resigned from three key companies days before the Supreme Court set up a committee.
These companies that Vinod resigned from were responsible for bailing out the Adani Carmichael mining project in Australia through a complex set of financial flows, around 2013 and then after 2018, through jurisdictions where public disclosure is hard to come by, Mauritius, Cayman Islands and UAE.
‘https://www.bloomberg.com/news/articles/2023-03-02/top-india-court-sets-up-panel-to-probe-allegations-against-adani
“[Vinod Adani] moved billions of dollars in and out of Adani Group companies, seemingly to embellish share prices and financial results.”
‘https://hindenburgresearch.com/adani/
Adani is building a $290m port in Yangon on land leased from the military-backed Myanmar Economic Corporation (MEC)
‘https://www.aljazeera.com/economy/2021/4/13/sp-index-to-remove-adani-ports-on-its-ties-with-myanmar-army
‘https://www.acij.org.au/wp-content/uploads/2021/03/Port-of-Complicity-Report-FINAL-Low-Resolution-Version.pdf
JonKnowsNothing • May 3, 2023 10:14 PM
@Winter, @Clive, All
re: [If A] person was already under heavy surveillance. In case they already bugged everything you use, TOR won’t help you.
You are pushing turtles all the way down and another column all the way up.
In the USA, all you have to do is type the word “TOR”, like we are doing now. The NSA switchboard lights up like a Christmas Tree.
If you use a search engine and type the word “TOR” in the query, the NSA, the FBI will be starting a file on you, and as you indicate, they may already have a file on you (1) so they will adding to it.
If you attempt to download a copy of “TOR”, you might find you got a “Salty Tor”. From that point on you are not only On the List, Everything you do will be Part of The List.
If you recall the stories about how difficult it was for ES to get GG to install a “secure” OS on an non-NSA hacked system, it would be clear, that the only possible installation would be one done by someone extremely knowledgeable and even that fails.
The FBI doesn’t need all that fancy stuff anyway, as they can just snatch the laptop from you after you type in your PW.
Today it’s even easier, they arrest you on Espionage Counter Terrorism Obstruction of Justice charges, for not coughing up your PWs and Codes at their Demand. You go to jail, They don’t have to prove anything.
===
USA New Jersey Mayor with 17 years in office, was invited by the White House to an Event there. The Secret Service denied them entry without stating any reason. A civil liberties group found the person’s name and id information was on One of the Lists. No information on how it got on that list, or notice to provide a method to remove it from The List. The Secret Service is mum’s the word.
htt ps://www.theguardian.c o m/us-news/2023/may/02/muslim-mayor-blocked-white-house-eid-event-mohamed-khairullah
(url fractured)
JonKnowsNothing • May 3, 2023 10:25 PM
@Clive, @SpaceLifeForm, All
re: Def Irony: When the CDC hands out COVID
A très amusant article about the CDC hosting a conference in April and as a bonus gave COVID to the attendees.
===
Georgia Atlanta CDC hosted the 2023 Epidemic Intelligence Service (EIS) Conference Apr 24-27 2023 and started a COVID outbreak
ht tps://arstechnica.c o m/science/2023/05/disease-detectives-gathered-at-cdc-event-a-covid-outbreak-erupted/
(url fractured)
ResearcherZero • May 3, 2023 10:37 PM
In the absence of a federal data privacy law and despite multiple state privacy regulations, the multibillion-dollar data broker industry is collecting and selling extensive personal data on Americans, including physical and mental health information on older adults, veterans and kids.
‘https://www.seattletimes.com/business/lawmakers-eye-response-to-brokers-collecting-selling-personal-data/
“wearables, social media platforms, and many other technology companies … can most often legally share, license, and sell users’ health data (in addition to other data) to third parties without users’ knowledge or consent”
‘https://techpolicy.sanford.duke.edu/wp-content/uploads/sites/4/2023/02/Kim-2023-Data-Brokers-and-the-Sale-of-Americans-Mental-Health-Data.pdf
“This is why ‘do not sell my data’ provisions are not a real solution to data brokerage. Such provisions require users to sift through hundreds of registered data brokers and use individual forms to opt out of tracking and sale of data by each company.”
Congress should “flip that on its head” and create a process that would require brokers to seek users’ permission to collect and sell data, Sherman said.
‘https://madison.com/news/national/govt-and-politics/lawmakers-eye-legislation-to-protect-americans-data/article_7d9599b0-987b-55c4-94fb-900d152393cf.html
“Technological innovation and advancement will further optimize the performance of the product, enabling it to acquire a wider range of applications in the downstream market.”
‘https://www.marketgrowthreports.com/2022-2029-global-data-broker-service-professional-market-20636823
ResearcherZero • May 3, 2023 11:26 PM
“several indicators” suggest the attack was staged, noting that Russia recently enhanced “domestic air defense capabilities” while arguing it was “extremely unlikely” that Ukrainian drones could have thwarted “multiple layers of air defense” and be destroyed “in a way that provided spectacular imagery caught nicely on camera.”
‘https://www.understandingwar.org/backgrounder/russian-offensive-campaign-assessment-may-3-2023
New guidelines sent by the Putin administration to Russia’s pro-government media outlets and obtained by Meduza confirm that the Kremlin is preparing for multiple scenarios. Meduza explains how the Russian authorities plan to use their propaganda apparatus to prepare citizens for what’s to come.
‘https://meduza.io/en/feature/2023/05/03/if-ukraine-succeeds-it-should-be-explainable
Former bodyguards Putin have gained immense power in exchange for their unquestioned loyalty.
‘https://www.occrp.org/en/investigations/8922-putin-s-bodyguards-rewarded-with-land-and-power
The FSO’s functions and control
‘https://www.rbth.com/politics_and_society/2016/06/01/putins-people-the-mysterious-agency-that-guards-the-presidents-life_599181
The FSO is much better organised than the FSB
‘https://twitter.com/sumlenny/status/1518624438358626304
Weeding out moles in the president’s circle…
Russian Intelligence Services run a number of channels that pump out disinfo
‘https://twitter.com/OlgaNYC1211/status/1570074814651535361
Winter • May 4, 2023 1:48 AM
@JonKnowsNothing
If you use a search engine and type the word “TOR” in the query, the NSA, the FBI will be starting a file on you, and as you indicate, they may already have a file on you (1) so they will adding to it.
Why not? There are already 550k daily TOR users in the USA. Any excuse is a good excuse to open a file on a subject.
‘https://metrics.torproject.org/userstats-relay-table.html
Still, if they already have a file on you, why not make surveillance more costly?
It is the same arguments “they” used against using https. If everyone uses a service, it does not work as a signal to single you out anymore. [1]
And you have perfect plausible deniability as Clive already alluded: Dirty files.
[1] Remember when being gay or smoking pot made you sensitive to blackmail? And the FBI made a file on you? That was over when there were to many people openly gay and nearly everyone and their mother had smoked pot (and the president had used cocaine).
SpaceLifeForm • May 4, 2023 4:32 AM
@ JonKnowsNothing, Clive, ALL
Re: CDC Covid outbreak
Most of the participants at the conference, probably
wait for it
took a plane flight to get there.
JonKnowsNothing • May 4, 2023 9:16 AM
@Winter, @Clive
re: perfect plausible deniability
OK I think you are having me on here…
When dealing with Security Services, Policing, Intelligence Community, plausible denial only works if you are within a defined legal system. In the cases of people using TOR because of the perception that it is Secure & Safe, there isn’t any defined legal system, anywhere that will protect you.
You can hear the screams from the torture chambers of the USA and other 5EY countries. The screams from torture chambers in non-5EY countries are just as loud.
Prisons globally are filled with “plausible deniability” and those screams take 30 years to be noticed, if they are noticed at all.
Of course, maybe you are writing a movie ending where the Heroes win over the Villains. We are the villains and no one is coming to your rescue. In fact, no one will even know you are in need of rescue. (1)
====
1) There used to be a hard to find document on the USA State Department site you could fill out when you traveled overseas or outside USA boundaries.
The part about being outside the USA boundaries is important because if you are traveling by plane or crossing a territorial border you enter a no-mans-land where no laws exist. Picking up the boarding ticket and walking down the gangway to the plane puts you in no-mans-land where you remain until you successfully pass through immigration at your destination.
This document was important because without it, the USA State Department would not tell anyone, your family or even your lawyer, about your whereabouts. Often they know where you are, you are screaming in English in lands where English isn’t spoken, at the USA’s behest.
The document simply granted the right for people listed on the document, to be informed by the State Department of where you are, in case you didn’t arrive at your destination as arranged.
The document was well hidden, and people have been told they don’t need to fill it out. Without it, the US State Department will say nothing and do nothing and hear nothing.
Winter • May 4, 2023 9:26 AM
@JonKnowsNothing
You can hear the screams from the torture chambers of the USA and other 5EY countries.
With 550k daily users in the USA, they won’t start torturing all.[1]
TOR does not protect you when they’re already suspecting you
But TOR makes it more difficult to find you in the first place.
[1] In the USA and 5EY, torturing precludes a court case. That was the whole point of Guantanamo bay and dark prisons. They will be kept outside the legal system entirely.
Who? • May 4, 2023 10:43 AM
Disabling Intel ME by software.
It seems possible disabling Intel ME by means of an undocumented flag on the Intel Flash Programming Tool (“FPT”):
https://github.com/Dasharo/dasharo-issues/issues/111#issuecomment-1500976958
Can someone confirm it works as expected?
&ers • May 4, 2023 10:51 AM
@Clive
Noticed this book on archive.org.
hxxps://ia800302.us.archive.org/25/items/Secrets_of_a_Super_Hacker/SuperHacker.pdf
How popular it was back then in UK?
&ers • May 4, 2023 1:17 PM
To: Clive
Or was Hugo Cornwall’s book more popular?
From what your path started?
Clive Robinson • May 4, 2023 4:49 PM
@ &ers,
A bit of history for you…
Peter Sommer alias “Hugo Cornwall” wrote only the first three editions of his book “The Hackers Handbook” the fourth edition was written by Steve Gold (of BT Prestel Hack fame and cause of 1990 UK Computer Missuse Act).
Not all the content in the 4th edition was from Steve’s experience, some was from other peoples “practical experimentation” and reporting. Some like Pete and Steve were considered more than a bit paranoid… It came in some cases of having had the Met Police trying to turn them into criminals or directly knowing others who had (as we much later found out it was on the direct command of UK Prime Minister “Mad Maggie” Thatcher who was selling BT off to fill the “war-chest” to “give away” to certain favoured interests and wanted nothing in the press etc that might reduce the haul).
It’s a funny old world but by 1993 I was very definately “A Proffessional Design Engineer” keeping my nose fairly clean developing communications and embedded systems… Some of which was “Intrinsically Safe” stuff for the Off-Shore industry, some for space payloads, other stuff included “Electronic locks and environment” systems for amoungst others the leisure and entertainments industries… Which ment I bumped into Mossad pretending to be an IBM sub-company (and they realy did not like “electronic locks” being used in hotels…). Then there was the “surveillance electronics” and doing a little “Contracting” on the side which was quite fun. Oh and high power transmitters and some “Crypto stuff” some of which was to protect software downloads to very expensive audio equipment for the broadcast industry…
You could say I had “itchy feet” as I did not settle into a “company-man role” as well as having “One eye over my shoulder” much of the time.
Life’s been interesting on and off including doing research and working at a Uni, that became embroiled in a UK Spy case and had MI5 and the Met Police stomping around in big boots making a nuisance of themselves. But hey as the old joke has it,
“When their ain’t much on telly what else are you supposed to do for entertainment…”
Clive Robinson • May 4, 2023 5:29 PM
@ Winter, JonKnowsNothing, ALL,
“But TOR makes it more difficult to find you in the first place.”
Say’s who?
Your computer has to know how to talk to an entry gateway into the anonymizing network.
Most such entry point IP addresses are well known, not just to SigInt Agencies and Law Enforcment Entities, but most Internet Service Providers.
You have to send your traffic from your “public IP addresses” to a Tor Client IP address… As the last time I looked HTTPS etc does not hide either IP addres then your connection is effectively “public”…
Hence “You are painting a target on your back”.
They do not need to know what the message content of your connection is, simple traffic analysis on the meta-data gives them enough to make a realistic guess on what you are doing.
After all downloading a large text file has a different signiture to watching a video/TV show you should not be, likewise using a conferancing or phone system and so on… Points I was making at the begining of this century. But remember “web pages” even with HTTPS if they have pictures and adverts in them have their own nearly unique signiture when you look at traffic timing…
Such are the issues with “low latency”, “lack of packet padding”, “lack of fake traffic” but most of all “connecting to the network rather than becoming part of the network” as I pointed out so long ago. Especially as none of them are difficult to fix…
But hey “Nothing to see, move along…”.
Clive Robinson • May 5, 2023 12:44 AM
@ JonKnowsNothing, SpaceLifeForm,
Re : Atlanta Epidemic Intelligence Service…
What can you say…
I won’t say it’s got the same cachet as the “Hounslow Hilton” with all that luxury feeling of an underground car impound. But when several popular cartoons take the p155 our of it you should take a hint…
Some might ask,
“Atlanta Intelligence, Oxymoron?”
But seriously with a “World of Coca-Cola” in twenty acres given as a top tourist attraction[1]… And of the top 100 worst crime cities in all of North America, Atlanta ties in 12th place with Houstan Texas…
You kind of get a feeling it’s not going to be “fun, fun, fun”…
So you have a quick looksie on the web and what’s almost the first thing that pops up,
https://edition.cnn.com/videos/us/2023/05/03/atlanta-shooting-timeline-police-chief-sot-vpx.cnn
Yup, you have to ask who in their right mind would want to go to Atlanta…
There used to be an expression used when people asked not very bright travel questions which was,
“Hey you wana catch a cold?”
Well I guess it got updated.
[1] Maybe it’s me, but realy does this fill you with glee,
‘https://www.worldofcoca-cola.com
Oh and as for that secret recipe in the vault… We know one ingredient is “gum arabic” from current news on Sudan and it’s hostilities,
‘https://www.wsj.com/articles/key-ingredient-in-coca-cola-chocolate-and-red-wine-is-caught-up-in-sudan-crisis-cf769a87
How long before some ask “Is gum Aribic the new blood diamonds?”
Winter • May 5, 2023 3:25 AM
@Clive
> “But TOR makes it more difficult to find you in the first place.”
Say’s who?
Traffic Analysis Attacks on Tor: A Survey [1]
Lamiaa Basyoni; Noora Fetais; Aiman Erbad; Amr Mohamed; Mohsen Guizani
‘https://www.researchgate.net/publication/341319768_Traffic_Analysis_Attacks_on_Tor_A_Survey
De-Anonymisation Attacks on Tor: A Survey
Ishan Karunanayake; Nadeem Ahmed; Robert Malaney; Rafiqul Islam; Sanjay K. Jha
‘https://ieeexplore.ieee.org/abstract/document/9471821
Onion sites seem to be “easier”
On the gathering of Tor onion addresses
‘https://www.sciencedirect.com/science/article/pii/S0167739X23000651
[1] I consider “needing a Global Adversary” to be synonymous to “Difficult”.
Clive Robinson • May 5, 2023 6:24 AM
@ Winter, JonKnowsNothing, ALL,
The third paper you link via the Science Direct site link of,
‘https://www.sciencedirect.com/science/article/pii/S0167739X23000651
The paper is apparently not due to be published ubtill “August 2023” and the links on the site you give are not functioning for me, so I’ve not read it (have you?).
But from what is available I gather it is not about “finding users” but “Onion Servers” which unlike users are considered by some as part of the Tor “onion network”.
The second paper you give,
‘https://ieeexplore.ieee.org/abstract/document/9471821
What they call “De-anonynising the user”, is not about finding who is connecting to the network from their PC etc but,
“De-anonymising the user is usually conducted with one of two objectives: finding out who is visiting a particular website or finding out what websites are being visited by a targeted user.”
That is tracing backwards the connection inside the Tor “Onion network” from the server to an unknown user. Or by recognising the traffic signiture of the type of information being accessed (that is tracing the signiture backwards from server to user).
But not between the users PC etc and the entry guard a user has connected to.
As I’ve indicated repeatedly, the authorities only need to know you are “connecting” to hang you, and do not need the actual information sent or received or to and from where.
As for the first paper you give,
‘https://www.researchgate.net/publication/341319768_Traffic_Analysis_Attacks_on_Tor_A_Survey
“In low latency anonymity networks such as Tor, an adversary is generally aiming to confirm the source and destination of communication. The current design of Tor’s network assumes the absence of a global adversary that is able to monitor both ends of the communication, entry, and exit guards, and does not provide anonymity against this type of adversaries. Instead, Tor’s threat model assumes an adversary that can observe only a fraction of the communication, and is able to control only a fraction of Tor nodes, either by runningh is own ORs or compromising an already running ORs. Based on the proposed threat model, attacks can be categorized according to how practical their model is, in terms of the assumptions made and the required resources to enabling the attack.”
Is specifically excluding the PC to Guard monitoring by anyone who has access to an Internet “upstream router” etc such as an Internet Service provider between the user PC/device and the entry to the Tor Network “Guard node”.
So again I say,
“Say’s who?”
Oh and please when you respond, don’t just do a quick citation search and give a link based on the title. First actually read the paper and understand what it is they are saying with respect to what I am saying.
As “De-anonynising” to the paper authors may not mean the same as to an agency intent on dragging you in on only minor evidence effectively torturing you debying you legal representation and then “show trialing you” or worse, which appears common even in the US (see previous behaviours of Chicago Police US MSM kept hidden deliberately).
Winter • May 5, 2023 7:38 AM
@Clive
The paper is apparently not due to be published ubtill “August 2023” and the links on the site you give are not functioning for me, so I’ve not read it (have you?).
Strange, I can read the paper. I myself glanced at it, but I see I got the wrong paper. This one is not about de-anonymizing .onion addresses, but on finding them. Can’t find the de-anonymizing paper I had in mind (maybe my memory fails me).
The current design of Tor’s network assumes the absence of a global adversary that is able to monitor both ends of the communication, entry, and exit guards, and does not provide anonymity against this type of adversaries.
I wrote:
“But TOR makes it more difficult to find you in the first place.”
And: later
“I consider “needing a Global Adversary” to be synonymous to “Difficult”.”
I do not see a discrepancy. There is no “Perfect Security”, nowhere. There is only weighing of risks. Unless you are up to a Global Adversary, Tor is helpful. If you are indeed up to a Global Adversary, you know you do run a risk when using Tor.
Clive Robinson • May 5, 2023 9:43 AM
@ Winter, JonKnowsNothing, ALL,
Re : “Global adversary” is kid up the street.
“Unless you are up to a Global Adversary, Tor is helpful.”
Realy?
No, as I’ve said your ISP has knowledge of your connection to Tor. In the US they are legally “encoraged” not just to store it but report it to any “official” agency that thinks it’s official. Oh and they are alowed if not encoraged to sell the information to data brokers, who will sell such information for a few bucks (remember the Priest and the Gay Get Together scandle).
And worse in quite a few cases any half smart script kiddy on the same IP address range sub segment as you as well…
Not sure how these people are “Global Adversaries” just numpties on the make…
So again the question comes back to,
“Say’s Who?”
JonKnowsNothing • May 5, 2023 9:57 AM
@Clive, @SpaceLifeForm, Winter, All
re: Atlanta Epidemic Intelligence Service aka COPCITY
Currently the biggest MSM draw is a project called COPCITY.
The City of Atlanta intends to build a fantasy urban mini-city in the middle of a forest park (which will no longer be a forest or a park) in which to train US Police Agencies (of all sorts) in urban and door-2-door combat.
It’s a huge project, lots of moolah, lots of VEEPS, and a tsumani’s worth of cops, who cannot wait to get their SWAT gear on, so they can play at doing what they really want to do:
- kill people, kick down doors, break windows, bulldoze walls; sniper shooting contests using images or effigies of various politicians as targets, civilian kettle wrangling drives similar to hunting drives where beaters drive the animals into the range of the waiting shotguns, and prolly consume a lot of beer.
I do not think cops drink Coke, except on TV.
===
ht tps://en.wikipedia.o r g/wiki/List_of_breweries_in_Georgia_(U.S._state)
ht tps://en.wikipedia.o r g/wiki/List_of_breweries_in_Georgia_(U.S._state)#Current
(url fractured)
Winter • May 5, 2023 10:29 AM
@Clive
No, as I’ve said your ISP has knowledge of your connection to Tor. In the US they are legally “encoraged” not just to store it but report it to any “official” agency that thinks it’s official.
Why should I care much about how the USA, China, or Russia break their own laws? In any of these countries the police can kill you with impunity for any or no reason at all. Which means that using Tor or not does not really matter that much (in China you cannot even get Tor to work).
Any claims that all 550k daily users of Tor in the USA are regularly rounded up and tortured are obviously bogus. And if you are already on a watch list, using Tor is more safe than not using Tor if you have to access the internet.
In short, if you are a common user who wants to make tracking and interfering with your internet access and communications (very) difficult, use Tor [1].
If you are a high value target or have very powerful enemies, use additional/different OpSec (which could include Tor). There are countless sources on privacy security & OSINT, down to podcasts and if needed, you can hire people to help you.
[1] Quite a lot of Tor using criminals could be apprehended only after making opsec errors, but not because of de-anonymizing Tor.
In 2017, the bounty for a Tor browser zero-day was still set at $1m
‘https://www.csoonline.com/article/3224570/1m-bounty-offered-for-zero-day-exploits-targeting-tor-browser.html
Clive Robinson • May 5, 2023 12:18 PM
@ Winter, JonKnowsNothing, SpaceLifeForm, ALL,
Re : Night follows day.
“Why should I care much about how the USA, China, or Russia break their own laws”
Because those that are breaking those laws are spreading their influance beyond their bounds and into foreign lands, to quell and conquer.
If you think your homeland is not on somebodies list, then you would be very short sighted.
Tyrany views democracy not just as the enemy but as an infectious disease that must at all costs be negated and destroyed.
The clock has been ticking for some time now, in future times historians will probably use 9/11 as the epoch, me I’d go back further and say Reagan and Thatcher, if not Nixon should be the epoch for various reasons.
In 1961, a Wall went up to stop the infections spread, not as many think to keep people in. The fact that I and one or two others here have outlived it does not say what drove it into place is any the less no than it was then, just trying a different tack (back to religion as the base form of politics).
A century ago, the first warning signs of what was to come as WWII, then the Cold War were in place and starting to flourish. I and others see the same symptoms of sickness in the minds of authoritarian tyranny and worse, growing and spreading.
I could say a lot more in that respect but I won’t as it will only cause retaliation.
What I can say is whilst you might cling to the “not 100%” idea on security, I know that nearly every single security product for ordinary consumers to use is irrevocably broken, and the security supposadly offered is not even 1%. As I say it people start to realise that what I say has reason and logic if not truth behind it.
As many almost glibly say “The chain breaks where it is weakest”, but it is authoritarians and their followers that have always used such for “teroristic purposes” against the citizenry and social or “common good”.
So you actually have way way more to fear from your current government, civil servents, and guard labour, than any alleged jihadists can ever inflict on your population.
If you do not realise what is being done in the name of anti-XXXX or War-on-XXXX then perhaps you should take a little time to look whilst you still can.
The Laws being brought in in the UK and Australia should scare you, especially as the EU wants the same or similar. We have the UN on several types of “Power Grab” and the likes of the US controled “World Bank” doing similar.
I’ll let others fill in some more of the blanks for you, but remember that old prayer,
“First they came for the…”[1]
Because 99% or more of us are in an equivalent list already, only we don’t realise it.
[1] The 1946 confession poem by German Lutheran pastor Martin Niemöller, said as a warning to the world. Just as, if not more so, valid today as it was back when first said.
ResearcherZero • May 5, 2023 12:58 PM
Elected in 2017 to the Civic Chamber of the Russian Federation, a secondary institution that functions as a government auxiliary, he attracted attention when he urged Russian media to expand abroad. In 2018, he quit the television channel he was running in Omsk, Siberia, to join Prigozhin’s USA Really media project in the United States.
Malkevich is at the forefront of claims against independent media, so-called “foreign agents”.
‘https://rsf.org/sites/default/files/medias/file/2023/04/The%20Malkevitch%20Propaganda%20Machine_EN.pdf
“Maybe in a few years I can be a Pulitzer Prize winner”
Malkevich admitted that his startup capital came from Federal News Agency, a Russian news outlet tied to the infamous Internet Research Agency.
‘https://www.codastory.com/disinformation/russian-troll-or-clumsy-publicity-hound/
“It’s really just one small part of a much broader ecosystem of disinformation.”
‘https://www.mcclatchydc.com/news/nation-world/national/national-security/article212299529.html
“When Facebook banned us in April,” he said, “we declared that we would respond by establishing a group in America, we called it USA Really.”
‘https://www.nytimes.com/2018/09/25/technology/usareally-russian-news-site-propaganda.html
The FAN once operated out of the same St. Petersburg office building as the IRA, and the news agency took part in a scheme to discredit a New York Times reporter by attempting to link him to Russian neo-Nazis ahead of a Times expose on the IRA.
‘https://www.thedailybeast.com/new-russian-media-venture-wants-to-wage-information-war-in-washington-dc
Under the direction of the Soviet secret police, Bittman was deputy chief of the disinformation division for Czech intelligence called the Department for Active Measures and Disinformation.
One of his significant achievements in disinformation was Operation Neptune, where a falsified list of Nazi spies was obtained by the media and believed as accurate.
‘https://en.wikipedia.org/wiki/The_KGB_and_Soviet_Disinformation
Then in 1967 he [Lawrence Martin-Bittman] was posted, under cover as a press attache, to Vienna, where his job was to direct four or five agents. These were Western European journalists whom the Communists had recruited, and Mr. Martin used them as spies to gather intelligence and to disseminate disinformation to undermine relations between the Western European countries and the United States.
‘https://www.nytimes.com/1986/11/18/us/boston-u-focuses-on-disinformation.html
ResearcherZero • May 5, 2023 1:14 PM
There are some simple rules…
Don’t break into federal buildings yelling, “kill em, kill em, kill em.”
‘https://storage.courtlistener.com/recap/gov.uscourts.ord.173019/gov.uscourts.ord.173019.1.1.pdf
Don’t meet with foreign intelligence agents
‘https://www.courthousenews.com/wp-content/uploads/2019/02/Manafort-Transcript.pdf
‘https://www.4freerussia.org/here-s-how-the-kgb-knew-you-d-be-a-traitor-an-exclusive-look-at-its-recruitment-manual/
“Acquisition and Preparation”
…examines the tradecraft necessary for recruiting American officials in the Middle East and North Africa as well as the necessary network of local agents who might help with their recruitment. (Of particular value as targets were retired U.S. or NATO officials.)
‘https://www.interpretermag.com/kgb-training-manuals-revealed/
JonKnowsNothing • May 5, 2023 3:56 PM
@Clive, @SpaceLifeForm, Winter, All
re: Why should I care much about how the USA … break their own laws
@Clive succinctly explains WHY but there is another aspect to remember
- They are NOT breaking ANY US laws
There are at least 3 aspects to this, and in the vast tomes of legal rulings likely many more, but on the higher level these are:
1) Known Laws, publicly available (to lawyers at least)
2) Secret Laws, in a parallel legal system called FISC with justices appointed by SCOTUS
3) RULES that can be applied Pre/Current/Post activity to define actions under types 1 or 2
They are not breaking any laws.
Even the CIA, well mostly, doesn’t break the laws INSIDE the USA. Technically the CIA are not supposed to do such things inside the USA but are empowered to do whatever they want LEGALLY outside the USA. That means where YOU live.
The FBI, in theory, works inside the USA but it might come as a shocker to learn they work very well outside the USA too. The FBI can do whatever they want, however they want and since they are outside US Jurisdiction in these cases, they are not breaking any US Laws.
The NSA uses the End Points for their mischief, to define which laws they will select to abide by, but they are also not breaking any US laws. If the NSA wants to surveil me, they just bounce the packet RT to Canada and Bob’s your Uncle. If they want to you, well, you are Open Season and no laws are broken. Indeed YOU are their target, 100% approved and ratified.
So, they are NOT breaking US Laws.
There are however, times when they do break the laws and cannot patch it up with Spy-roll-tape (1). The is a Sacrificial Lamb Ceremony, and everyone on the US Senate and Congressional Intelligence Committees all hold hands and sing Kumbaya.
===
1) Spy-roll-tape aka Secret Classification Duration and Retention Periods.
This is an interesting domino process, where the item in question passes through each of the many security agencies. Each agency has a retention period independent of other agencies. The item doesn’t come up for FOIA access until all of the agencies have exhausted their retention periods. Some agencies have 2yr or 5yr periods, but at the end of the line, the Big Dogs hold the longest retention durations. You won’t be seeing any of those items in your lifetime.
SpaceLifeForm • May 6, 2023 3:41 AM
@ Winter, Clive, JonKnowsNothing, ALL
It actually is possible to punch a hole thru the Great Firewall of China.
One needs the tech chops to do so, and users in China are not going to go thru the hassle of punching the hole just to get onto TOR where they will be spotted.
Confused Deputy.
ResearcherZero • May 6, 2023 3:52 AM
@Clive, @SpaceLifeForm, Winter, All
five eyes etc…
If you want to place someone under surveillance (within the US) you need an order, usually from a judge, and you need evidence.
To get a bit of information may be more of a rubber stamp process, but it all has to operate within the rules. If you really wanted, you could open-source some of that information, but it would take a lot more time. Some of the information you could not obtain because it exists offshore (hence the f for foreign in FISA).
‘https://www.npr.org/2023/03/23/1164724089/in-fight-over-key-surveillance-law-officials-look-to-sway-congressional-skeptics
–
“The only thing is that Putin’s situation is a bit different: he does not use the Internet. He doesn’t use a mobile phone. I mean, in all my years of service, I haven’t seen him once with a mobile phone.”
Gleb Karakulov is a captain in the Federal Guard Service. Until mid-October 2022, he worked with Vladimir Putin as an engineer in the Presidential Communications Directorate of the FGS. His duties included provision of secure communications for the President.
‘https://dossier.center/fso-en/#
–
…Medvedchuk himself influenced the Russian president to invade Ukraine by regularly telling him about “pro-Russian sentiments in Ukraine.”
‘https://www.newsweek.com/putin-motive-ukraine-invasion-viktor-medvedchuk-1796774
Since Ukraine’s independence, Medvedchuk manipulated Ukrainian media, strongarmed political opponents, doled out bribes, disseminated fake news and tarnished reputations, and organized opposition parties in his ceaseless efforts to turn Ukraine into Moscow’s vassal.
‘https://www.msn.com/en-us/news/world/putin-s-nato-smokescreen/ar-AA1aAncq
“I don’t want to say I exploit that relationship, but you could say it has been part of my political arsenal.”
To strengthen their bond with the Russian leader, Medvedchuk and his wife, a famous news anchor in Ukraine, asked Putin to be the godfather of their newborn. They holiday together on the Black Sea. They conduct business. They obsess over the bonds between their countries and the Western forces they see pulling them apart.
‘https://time.com/6144109/russia-ukraine-vladimir-putin-viktor-medvedchuk/
Winter • May 6, 2023 6:04 AM
@Clive
Tyrany views democracy not just as the enemy but as an infectious disease that must at all costs be negated and destroyed.
How does me not using Tor now help? If the USA goes down the road of Tyranny and becomes like Russia and China, Tor won’t make a difference.
@JonKnowsNothing
They are NOT breaking ANY US laws
I missed when the USA legalized waterboarding suspects on US soil. When was that? I was still under the delusion that any evidence obtained with torture was inadmissible to US courts.
@Spacelifeform
It actually is possible to punch a hole thru the Great Firewall of China.
But it is difficult to get hold of the Tor browser software. If you bring a VPN with you, that used to work. But getting one while you are inside is pretty difficult. Also, you cannot go online anonymous in China.[1] If they spot that you use anything suspicious, they can always get at you.
Winter • May 6, 2023 8:37 AM
@Clive
What I can say is whilst you might cling to the “not 100%” idea on security, I know that nearly every single security product for ordinary consumers to use is irrevocably broken, and the security supposadly offered is not even 1%.
Security is ruled by economics. It is risk and efforts versus benefits.
My bike lock is not 10%, or 1%, or 0.001%, secure compared to the bank fault that holds our nation’s gold. But it takes time and effort to break open my bike lock. More time, effort, and risk than thiefs think the benefits of stealing my bike delivers.
Tor, Signal, Proton all make getting the data of random consumers more difficult than it is worth it. And that includes your random, employer, criminal, and corrupt LEO. That is what these studies about the use of Tor find.
ResearcherZero • May 6, 2023 8:51 AM
“There was constant surveillance. I can’t prove it, obviously, but with everyone we spoke to there were always the same four or five guys in black pants and leathers shoes around us. I never had any significant problems because I think they saw from the very beginning that I was not buying their crap.”
‘https://www.thestar.com/news/world/2023/04/21/im-a-scientist-academic-denies-helping-russia-spy-on-young-canadians-westerners.html
JonKnowsNothing • May 6, 2023 10:25 AM
@Winter, @Clive, All
re:
Moi: They are NOT breaking ANY US laws
Winter: I missed when the USA legalized waterboarding suspects on US soil…. I was still under the delusion that any evidence obtained with torture was inadmissible to US courts
Then you missed the memo, written by then VP Dick Cheney aka The Gloves Come Off Memo.
Nearly all items in the CIA Torture Manuals were written by 2 civilian psychologists under contract. Of course the agencies had pre-existing manuals but these were updated ones, using the latest information and science which included new methods to test, like head ramming.
Torture was then legally redefined to be Enhanced Interrogation. So officially, no torture took place.
The chain of order was setup to provide “plausible deniability” to everyone and the 2 psychologists were protected by their licensing agency for a long time in regards to any un-ethical practices. More than half of their licensing agency found them to be in good standing and having done nothing wrong.
The first known videos of these sessions were claimed as evidence but destroyed anyway. One of the persons involved and absolved of destroying the evidence became the head of the CIA. She recently retired.
In relation to “US Soil”, while torture can happen here by various policing agencies and under varying degrees of group-participation, you are likely to be referring to GITMO. GITMO is in Cuba. Cuba is not the USA. The USA has a base in Cuba: Guantanamo. While it maybe that any US Military base is considered USA, GITMO has an entire section that belongs only to the CIA.
Additionally, Congress passed numerous laws that declare people held in GITMO are not eligible for any US Legal protections and prevents people incarcerated there from having any redress except through the Military Tribunal System. That’s complicated but the way the laws were enacted means the people there are SOL.
The other aspect that you might have missed, is nearly all the torture was done outside of GITMO. It was done in Europe (Poland, Romania) and Thailand (the retired head of the CIA ran the show there) and in other participating countries. So no torture took place in the USA.
Beyond that, the CIA created Jurisdiction Hopping Rendition and Torture Centers provided by Friendly Governments. These areas included the UK, more places in EU, Middle East and portions of Afrika. The configuration and participation is fluid in those areas, some more than others and fluctuates with current events.
As far as Admitting Evidence Obtained Through Torture, this remains a very active idea in the USA. It is done regularly but very under-the-table, not always by waterboarding, but using psychological methods. It’s use is pretty well hidden, especially from the courts who prefer to Not Get Involved. In fact, the US Court system was and is directly involved daily on what’s In and what’s Out. Most of it is In, but hidden in Ex-Parte proceedings.
These programs remain active. They have not ended. There’s no intention of ending them. There’s every intention to expand them. Every year, the US Military holds special training for foreign military personnel, to learn these techniques. Those trained officers are expected to return to their countries and implement these methods.
Winter • May 6, 2023 11:03 AM
@JonKnowsNothing
In relation to “US Soil”, while torture can happen here by various policing agencies and under varying degrees of group-participation, you are likely to be referring to GITMO. GITMO is in Cuba.
I know why GITMO is on Cuban soil and is used to illegally detain and torture kidnapped people (eg, under supervision of Ron DeSantis [1]). But the subject is “torturing USA citizens on US soil” for using Tor or other secure communication means.
I have yet to see reports of US citizens being tried after having been waterboarded on evidence obtained from such interrogation. However, I am not following US legal matters much so I probably have missed that if courts nowadays do accept evidence obtained from torture.
Torturing illegally detained suspects outside the USA is different as US law does not protect non-Americans against war crimes or crimes against humanity by US citizens outside the USA.
[1] ‘https://www.theguardian.com/us-news/2023/apr/28/ron-desantis-guantanamo-bay-allegations
‘https://www.independent.co.uk/news/world/americas/us-politics/ron-desantis-guantanamo-torture-prisoner-b2300753.html
Clive Robinson • May 6, 2023 1:00 PM
@ Winter,
“But the subject is “torturing USA citizens on US soil” for using Tor or other secure communication means.”
Nope, and you know it’s not as can easily be seen by your previous comments.
I stated quite correctly that using Tor was painting a target on your back. That is your connection is easily seen.
You decided otherwise, when challenged you did a ChatGPT syle Halucination and produced three academic papers that as far as we can see in no way contest my statement.
In fact two of the papers as quoted change their meanings of words and limit the scope by saying that certain types of attacker were ruled out of consideration.
Various facts supporting the connect to Tor issue you’ve failed in any real way to addresss.
If you want to use Tor youself that is your choice but to try and convince others using Tor is a safe thing to do is most certainly not, becausr it is not safe, never has been safe, and the way it’s future course is going it never will be safe.
Your “Nothing is 100%” argument is a typical fake-argument used by people who basically have no rational or logical counter argument. Also what is in effect “it’s Tor or nothing” type argument either.
You keep trying to “move the goal poasts” so that you can claim even your “own goals” are winning moves on your part…
My argument still stands and you’ve provided nothing to the,
“Say’s Who?”
Call for you to provide valid evidence to support your claims.
You’ve put yourself on a hook of your own making, now you are trying to wriggle off…
That is your choice of course, but remember people can see it for what it is…
P.S. With regards bike locks, when at school I could and did open them faster than their owners could especially combination locks. I’ve mentioned this before more than a couple of times on this blog. It got me into trouble not because I stole anything, but because people wanted some one to blaim, therefore they would blaim me even if they knew I was not to blaim. You show a security measure to be not secure, then you are breaking somebodies rice bowl and they are going to use you as an example or an excuse to get themselves out of the hole they created for themselves…
So you could say I’ve experience of having had a target painted on my back on rather more than one occasion, so know how some of it works.
Oh by the way comparing your bike and your nations gold, is unless your country has no gold, not comparing apples with apples… is that a LLM type hallucination or conflation?
lurker • May 6, 2023 2:26 PM
@Winter, I have yet to see reports of US citizens being tried after having been waterboarded …
Nor I. But waterboarding is never entered in the record as a fact. When judges don’t ask, they don’t get told.
If one was a legal purist one might dismiss other evidence of torture as hearsay …
Winter • May 6, 2023 3:12 PM
@Clive
Nope, and you know it’s not as can easily be seen by your previous comments.
Why did you bring it up then?
You wrote:
@Clive
As “De-anonynising” to the paper authors may not mean the same as to an agency intent on dragging you in on only minor evidence effectively torturing you debying you legal representation and then “show trialing you” or worse, which appears common even in the US (see previous behaviours of Chicago Police US MSM kept hidden deliberately).
@Clive
In fact two of the papers as quoted change their meanings of words and limit the scope by saying that certain types of attacker were ruled out of consideration.
Indeed, people generally do not do research into what you must do to defend against the NSA, Mossad et al. as this is rather pointless research. The attacks can be categorized according to being “active” or “passive”. It is quite sensible to limit research to specific topics as you cannot do everything at once. And passive attacks are the dragnet attacks, so I see them as the more urgent ones to study.
The effective attacks in the research involve Global Adversaries which sounds as “Difficult” and “Expensive” to me.
Privacy is knowing who is doing things, but not what is done. Anonymity is knowing what is done, but not who is doing it.
Tor allows you to have privacy at your side of the communication. Your ISP or an eavesdropper knows you are surviving Tor. It allows you anonymity at the public side. Eavesdroppers can see which websites are visited, but not by whom. Tor is not perfect, so it is possible to link both sides and to see who does what. But TOR tries to make this difficult and expensive. Just as bike and door locks make stealing bikes or entering homes difficult.
Arguing that 550k Americans paint a target at their backs every day by using Tor is meaningless as the combined TLAs have little use of that data. Spying on all of them is a massive waste of time and money that will not translate into convictions and promotions.
Meanwhile, those 550k users avoid being tracked and spied upon by the combined big data mafia, employers, stalkers, schools, nosy peers, corrupt LEOs, and GOP politicians hunting young women to kill.
@Clive
If you want to use Tor youself that is your choice but to try and convince others using Tor is a safe thing to do is most certainly not, becausr it is not safe, never has been safe, and the way it’s future course is going it never will be safe.
Convincing people not to use available protective measures because they are not perfect is dangerous too.
If you argue bike locks are not safe and are therefore useless, then the implications are that people should not use a bike if they have to store it out of sight as not using a lock will lead to loss of bike. Especially as all locks can be picked, including the one of the bike shed. Which also makes door and garage locks useless according to your argument.
Moreover, I never claimed Tor is “secure”, as there is no such thing as “security” without a context. Tor can protect most people against common threats. You dismiss it for everyone because it cannot protect all people against all threats.
Your position leaves only a single conclusion: do not communicate as all communication is insecure.
Clive Robinson • May 6, 2023 4:27 PM
@ Winter,
Re : Safe and stupid.
“Convincing people not to use available protective measures because they are not perfect is dangerous too.”
As I’ve clearly stated the use by a user to connect their PC etc to Tor is visable even to a script kiddy on your logal network segment, your Internet Service Provider and any one with access to an upstream router of either your PC or the edge guard you connect to.
Thus
“The effective attacks in the research involve Global Adversaries which sounds as “Difficult” and “Expensive” to me.”
Is neither “Difficult” or “Expensive” and as I’ve already said freaquently sold to data brokers thus anyone with a “pocket change” cost level. We’ve seen similar done by a very low budget Religious Rag, against a person of sufficient seniority in the Church hierarchy for petty political reasons.
Thus you very clearly fail to grasp the level of risk potential, and most certainly how the attacker in no way needs to be a “Global Adversary” just anyone with a grudge and money, not even up to basic Doxing…
But you statment of,
“Convincing people not to use available protective measures because they are not perfect is dangerous too.”
Is actually false. Tor is very clearly a risk not just now but for an indefinate period of time. Thus warning people of that is giving them an opportunity at the very least of “choice” something Tor Fan-buoys don’t give them, and as you are also trying to deny them.
There are many ways to gain very real safety and privacy way above what Tor offers, and unlike the Tor Fan-Buoys and you, I’ve described how to go about not just getting them but also how Tor should improve it’s self.
But no Tor has never realy made any steps in the right direction for user safety and as for user privacy well you can find research papers that tell you how that can be stripped from Tor users.
The thing is everything I’ve said about the lack of safety for Tor users is verifiable, and has been for years… So why do people not fix it (especially as I’ve said how to)?
A question that realy should be investigayed not ignored because it’s an “inconvenient truth” to some, and very usefull to others.
Around a hundred years ago Upton Sinclair made a quite valid observation,
“It is difficult to get a man to understand something, when his salary depends on his not understanding it.”
These days it does not have to be money, it can as well be vanity, status, power, or control in any admixture the Directing Mind or Authoritarian Followers chose to gain by.
Something people should remember when considering what many standard questioning techniques police and similar use. Where the starting assumption is you are guilty and you just have to be made to confess… So absolutly no presumption of innocence by those who’s job is to fairly investigate without bias…
Winter • May 7, 2023 5:32 AM
@Clive
As I’ve clearly stated the use by a user to connect their PC etc to Tor is visable even to a script kiddy on your logal network segment, your Internet Service Provider and any one with access to an upstream router of either your PC or the edge guard you connect to.
Who cares? The same is true for SSL and HTTPS. No one cares, except those who lament they cannot spy anymore on everyone.
We’ve seen similar done by a very low budget Religious Rag, against a person of sufficient seniority in the Church hierarchy for petty political reasons.
That was not breaking Tor. That was bad opsec. Not using Tor would not have helped him as he was using a dating app (if he used Tor at all). You are grasping at straws.
@Clive
There are many ways to gain very real safety and privacy way above what Tor offers, and unlike the Tor Fan-Buoys and you, I’ve described how to go about not just getting them but also how Tor should improve it’s self.
Please educate us. I have asked you many times, but every answer I got was based on not communicating electronically. This is the type of advice for a secure computer encased in concrete at the bottom of the Mariana trench.
But no Tor has never realy made any steps in the right direction for user safety and as for user privacy well you can find research papers that tell you how that can be stripped from Tor users.
Please post links. I am very interested. I already posted several myself and these all involved global actors.
So why do people not fix it (especially as I’ve said how to)?
Tor is FLOSS, feel free to do your thing.
JonKnowsNothing • May 7, 2023 10:24 AM
@Winter, @Clive, All
re: Who cares? … No one cares
Actually some of us do care and we care a lot.
People’s lives are at risk, their freedom of movement, speech, thought are at risk.
Those “Oh Well Shrug” answers fall into the same response category for Social Media uses: Everyone Does. This is untrue, not everyone does, and people who value their freedoms, which ever ones they have, do not use Social Media.
There is a significant difference though.
For Social Media users the adrenaline rush, is part of the program. Social Media is designed to evoke an emotional high and addictive behaviors. Just One More obsessions, along with a host of other “not so good for you” emotions are aspects designed into all of it.
For TOR, the use is based solely on the perception of “Safe and Secure”. Many people using it are not technical, they cannot anticipate all the failure points, nor the consequences of any failure. At many points along the way, the very reasons they are using TOR, become deadly trap points.
Over on krebsonsecurity, that site specializes in detailing the take downs of hidden services, mostly under the heading of criminal activities. These are highly sophisticated operations with best practices. Yet even small breaks of seemingly minor consequence brings down the entire organization. The common denominator is they all think they cannot be found.
I know what my answers would be for anyone asking me if using TOR was safe/secure.
===
ht tps://krebsonsecurity.c o m/
(url fractured)
Clive Robinson • May 7, 2023 10:52 AM
@ Winter, JonKnowsNothing, ALL,
“That was not breaking Tor. That was bad opsec.”
Using Tor “is Bad OpSec”…
You are painting a target on your back by using it.
As I’ve repeatedly said in the past using Tor is a bad idea as you can not hide you are using it. That is just a part of the “Bad OpSec” involved with Tor.
There is also the myth of Tor’s “Mix net by Onion routing”. The low latency and only using an entry guard point and an exit point the network locations are commonly known and a single intermediate point means that there are real issues that need to be considered.
If an adversary can see entry or exit points all the traffic can be mapped thus the intermediate points found. Due to the very bad design of Tor especially the low latency user traffic through that intermediate point can be mapped in both directions.
The fact the “physical network” and the “logical network” of the Internet are far from being the same and there are well known “choke points” on the “physical network” which aid in tracking low latency Tor traffic in the logical network means that “Traffic Analysis” can say a lot about the message content, without needing to see the user message content.
I could go on but it’s becoming increasingly clear you’ve painted yourself into a corner based on incorect assumptions… To the point you are now in effect handing out dangerous information as others not just me are gently trying to tell you.
Winter • May 7, 2023 11:01 AM
@JonKnowsNothing
Actually some of us do care and we care a lot.
But neither the ISP nor the police care whether you use Tor, Https, or SSL.
For TOR, the use is based solely on the perception of “Safe and Secure”.
A young woman searches the web for abortion in some US state. Should she better use Tor or not? You do not have to speculate, there is real data about real women who get real convictions. And the conviction is not for using Tor.
‘https://www.washingtonpost.com/technology/2022/07/03/abortion-data-privacy-prosecution/
‘https://www.mic.com/impact/how-to-hide-your-abortion
‘https://edition.cnn.com/2022/06/24/tech/abortion-laws-data-privacy/index.html
Over on krebsonsecurity, that site specializes in detailing the take downs of hidden services, mostly under the heading of criminal activities.
DuckDuckGo’s onion site is still up. They even have a public street address of the company, in the USA.
Real women have a real life changing need for privacy. Telling them they should not have it is not useful.
And these are from just one “case study”.
Winter • May 7, 2023 11:08 AM
@Clive
Using Tor “is Bad OpSec”…
Which is ridiculous when referring to your example which had no overlap at all with Tor.
If an adversary can see entry or exit points all the traffic can be mapped thus the intermediate points found.
If there is a bridge I can walk from the UK to the USA. But you need entry and exit points to link users to endpoints. Tracing the intermediate nodes is only possible if there is next to no other traffic.
All your examples require a Global Actor like the NSA et al.. Real uses are not those who have to fear the NSA or MOSSAD. See my previous post.
MarkH • May 7, 2023 1:50 PM
.
Tor Debate
I’m agnostic about Tor vulnerability, but wish to address a broader matter.
In security engineering, security is NOT Yes/No. Because real-world systems can generally be defeated, security is a scalar, estimating the of resources needed to overcome the system.
Some tend to assume attack by a wealthy nation-state investing resources commensurate with an urgent national security threat.
All ~8 billion of us need workable protection against lesser threats than that, and limited protections can really enhance our security.
If you’re talking in binary, you’ve lost the plot.
JonKnowsNothing • May 7, 2023 2:56 PM
@MarkH, Winter, Clive, All
re: TOR as a Risk Assessment Tool
Risk assessment is often a sliding scale of what are proposed outcomes. We see this ongoing with SARS-CoV-2. The idea is Risk is Variable. Except it is not all that variable when the risks and costs are not fully divulged.
Across the spectrum of risks, there are benign outcomes (don’t brush your teeth) and there are critical outcomes (breast & prostate cancer screenings). The first gives you bad breath, the second kills you.
- In modern parlance, you are going to die anyway, so it’s no big deal.
The binary part is Live or Die. There’s not much in between.
The technical fallibility of any risk assessment is where all the outcomes are hidden or undisclosed. Some of that falls into social modeling. Getting people to accept risk that they would otherwise not accept.
- Want to eat?
- Forget SARS-CoV-2 and get back to the abattoir
- Want to promote social justice programs and maybe live to see them implemented?
- Do Not use TOR.
TOR is only a marker of risk. It isn’t binary, like purposely loading STUXNET into a device controller, but the outcome is equally predictable.
@Clive and others have long commented on the technical failings of TOR, and these are generally the same failings of everything on the internet. The social failings of TOR gets hidden because the people who can exploit TOR do not want it plastered on the front pages of social media.
- Ever wonder how the US Prosecutors get detailed message exchanges from supposedly secured devices, supposed secure channels, on supposedly auto-delete history apps, going back years?
Parallel construction hides the impact and reduces the awareness of risk.
Knowing the future is far different than guessing the future.
- Guessing the future == Risk assessment
MarkH • May 7, 2023 3:30 PM
@JonKnowsNothing:
Security level and risk assessment are distinct and orthogonal.
Say that unauthorized opening of a safe has an assessed cost in terms of dollars, tools, time, and probability of getting caught. That is an estimate of the safe’s security level.
That level applies whether the safe is empty, or holds a billion dollars of artistic masterworks.
Outcomes matter in risk assessment. They don’t in themselves affect security levels; rather, rational management sets target security levels according to risk.
Clive Robinson • May 7, 2023 6:07 PM
@ Winter,
Re : Binary is not the only selection.
“A young woman searches the web for abortion in some US state. Should she better use Tor or not?”
That is a very silly argument to make as it shows either your lack of understanding or a deliberate presentation of a false argument.
The choice is not “Tor or Nothing” and never has been as I’ve clearly stated in the past there are way way beter ways than Tor with it’s multiple failings.
Which brings us to your assertion of,
“Which is ridiculous when referring to your example which had no overlap at all with Tor.”
It’s a fact of life for every one using Tor as is, so you obviously do not understand what you are talking about.
As for,
“All your examples require a Global Actor like the NSA et al..”
I’m seriously begining to doubt your basic comprehension.
I’ve already explained how anyone from an inefective script kiddy upwards can find out if you are using Tor or not. They do not have to be the NSA or what you call a “Global Actor”. Your ISP knows every primary connection your PC etc makes through their supplied service, and they know who you are through billing etc. That applies where ever you live and have a home ISP you use, it’s not something you can argue against it’s a simple and uncontestable fact based on the way the base protocols of the Internet work.
Further in many countries not just in the US or UK but many other Western/First world nations, there are two things that happen,
1, The Nation State requires such records be kept.
2, There is not a prohibition on such “business records” being sold.
Thus for pocket change your primary connection to a Tor gateway/guard is available to just about anyone.
The fact you are not taking this on board would be rather worrying in of it’s self. But the fact you try to then misrepresent that using Tor in the way most people do is not “Bad OpSec” actually makes it highly alarming.
But I guess you are just going to come back with more factually incorrect statments, or deliberate ignoring of why Tor makes people much more vulnerable than they need to be…
Your choice, but so far you’ve been wrong in what you say, and I somehow suspect if you carry on, then you will carry on being wrong…
JonKnowsNothing • May 7, 2023 6:42 PM
@MarkH, @Clive, Winter, All
re: unauthorized opening of a safe
Cracking a Safe, which holds at best tangible goods or materials, is no comparison to Cracking a Life.
The first, as you noted, may have zero consequence, although the act of cracking the safe, or planning on cracking a safe, or researching methods of cracking a safe by themselves can earn you prison time, regardless of the (nil) contents.
Cracking a life, is a one time deal. Dead is Dead. You might want to argue that there are various stages of dead. Torturers, working for arm-length countries, bank their money on that and stash it in a good strong safe.
The general population doesn’t use words like “orthogonal” to assess risk. They might think you are inviting them to a Harry Potter theme park, with an Orthogonal Alley.
It is perhaps this aspect on which hings the topic:
- Engineering Flaws: which cannot be fixed and only partially mitigated
- General level of Understanding: the level of which is asymptotic
Nick Levinson • May 7, 2023 7:13 PM
@Winter, @iAPX, @JonKnowsNothing, @Clive Robinson, @SpaceLifeForm, & @MarkH:
A Tor experience:
I had been using a shared network for some time. It was shared with someone I didn’t trust.
One day, I tried out Tor. In a couple of days or so, he asked me a security question, I forgot what, but it appeared from the timing alone to have been inspired by my use of Tor. I hadn’t told him about it, but I wasn’t surprised that he could have known. I advised him that he could get Tor, but that using it would draw attention.
Ciphers tend to look like a sender is hiding something. (Example: Djqifst ufoe up mppl mjlf b tfoefs jt ijejoh tpnfuijoh.) To prevent that, one could use a code, but a strong code requires having a codebook or dictionary short enough to be memorized and survive interrogation or so that storing it would not risk adverse discovery (try to have lots of luck if the adversary has major resources to devote to a search) and a weak code, as teens often use to exclude adults, is still relatively easy to crack (police sometimes have to and sometimes recruit someone young to help them).
A one-time pad is uncrackable; if someone copies one of the pads and cracks messages, that’s not a failure of the one-time pad system but is a failure of operational security, and that is important enough that many nations don’t use one-time pads for their most vital spycraft. It may not be practical to separate the pad system itself from the logistical support it needs for security.
There’s no perfect system. Like communicator Mick Jagger said, you can’t have everything you want. But spying still goes on, and, while some of it fails, some of it is apparently spectacularly successful, in various directions. By definition, ultimate success makes whatever methods that were used presumptively good enough.
MarkH • May 7, 2023 7:21 PM
@JonKnowsNothing:
In conversation, both “security” and “risk” may be understood in highly diverse meanings.
Technically, “security” in its comparative sense tends be used narrowly for estimated cost of a successful breach. This is independent of the value (often unknown, anyway) under protection.
Technically, “risk” is framed in terms of consequences of an unwanted event. Isn’t that how you meant it?
The marginal cost of killing a person with a handgun may be less than ten cents. The cost to the victim is infinite.
How does it help to mix these up?
MarkH • May 7, 2023 7:26 PM
PS
Survivalists like to say “you can live 3 days with water and 3 minutes without air.”
Most people don’t know the word “orthogonal,” but if you ask them “how much water do you need to keep from suffocating?” or “how much air will save you from dying of thirst?” …
… they’ll recognize these as senseless questions.
Reasoning correctly is difficult even when we exercise our greatest care.
Mistaking apples for oranges will torpedo the whole enterprise.
Winter • May 8, 2023 4:06 AM
@Clive
I’ve already explained how anyone from an inefective script kiddy upwards can find out if you are using Tor or not.
Every script kiddy can determine that I have a bank account. That is not a security risk for me having a bank account.
Thus for pocket change your primary connection to a Tor gateway/guard is available to just about anyone.
They also know I have a bank account, a job, a doctor, an email address, a mobile phone, a computer, a browser, a place to live, and even a life. So what does this all do to compromise my security? I am alive, so I am vulnerable. The alternative is not a solution to my problems.
Our basic disagreement is that you think that anyone who is know to use Tor is running dangerous risks to life and limb. I think using Tor is inconsequential unless you live in a dangerous context where any action can end your life and freedom. As far as I know, Tor users have not been rounded up en masse in Europe west of Russia et all. yet nor USA. So advising my neighbors or peers to use Tor will not endanger their security.
Winter • May 8, 2023 4:22 AM
@JonKnowsNothing
Cracking a life, is a one time deal. Dead is Dead. You might want to argue that there are various stages of dead. Torturers, working for arm-length countries, bank their money on that and stash it in a good strong safe.
I am still puzzled. Tor has 550k daily users in the USA alone, more in Europe and 100k still in Russia. How many of these have died last year from using Tor?
Compare that to dying from riding a bicycle, or changing a light bulb.
Btw, why are you trying to imply that I would be so irresponsible to advice a person in Russia, China, Syria, or North Korea to use Tor? What did I write to give you that idea?
critical • May 8, 2023 5:23 AM
So why do people not fix it (especially as I’ve said how to)?
Why do you expect people to do everything you say ?
no comment • May 8, 2023 11:43 AM
Re: Tor – Tor – Tor
What about combining LLM CHATGPTx with Tor ?
Is there some way to use chaotic flow on a torus (e.g. [1]) to improve Tor ?
ResearcherZero • May 11, 2023 2:22 AM
Criminals have distinctive behavior and patterns of criminality.
Clive Robinson • May 12, 2023 3:29 AM
@ MarkH,
Re : Orbits and station keeping.
Now this thread has quitened down.
“I suspect that many satellites that “move” (geostationary is a different case!) can be adequately controlled once per orbit.”
The general idea of “station keeping” is to “plan ahead”.
As much of orbital mechanics is predictable over quite a period of time with simple geometry you can make a map and stop watch solution. The time of orbit gives you the satelite “effectctive hight” and what the current sub-satelite point is.
Thus as an orbit decays the satellite orbit time gives an indicator of when the satellite will need to be kicked-up into a higher orbit, by how much and at the most efficient time (often the Hohmann transfer uses the least amount of propellant in moving between orbits, however in some cases bi-elliptic/patabolic transfers are better but at more than double the transfer time…).
However orbit decay in lower orbits is mainly due to friction with the atmosphere. The Earth’s atmospheric hight in the upper regions is due to “Solar Weather” which is a direct result of the output from the Sun.
Solar Weather has a basic 11year cycle, and the Sun output tends to be related to “sun spot activity”. Such activity though appears quite random in the short term and is thus effectively unpredictable. Which can lead to very short decision times on station keeping.
More complicated is the effects of other orbiting bodies… As is fairly well known Kepler got the two body problem fairly well nailed down. However nobody has got the three or more body problems to “play nice”, and our solar system is full of orbiting bodies, that occasionally get stired up by “visitors dropping by” some of which trundle through the space defined not just the Moon’s orbit, but inside Geo-Stationary satellite orbits, with some burning up in the atmosphere or making holes in the Earth’s surface.
Thus the overall effects can be unknown even in very short periods of time, and requiring almost “play it by ear” corrections.
With regards,
“Obviously, if a shared secret is lost, then control of the satellite can be lost also. What can be done to prevent that?”
Well the Chinese have solved part of the problem…
MarkH • May 12, 2023 4:26 AM
@Clive, all:
As a reminder, I offered my own answer to that question in the next comment (timestamp May 1, 2023 2:09 PM).
With the capabilities of present technology, maintaining integrity of key material over a satellite’s lifespan appears to be a matter of careful engineering design.
To repeat myself a little, it’s easy to understand that a tiny cubesat may have resource constraints calling for simpler techniques, and accepting a higher (but still modest) failure probability.
Who would be surprised that a satellite costing more than 1 billion USD incorporates more safeguards than one costing around $100,000?
Clive Robinson • May 12, 2023 7:13 AM
@ MarkH,
“With the capabilities of present technology, maintaining integrity of key material over a satellite’s lifespan appears to be a matter of careful engineering design.”
As I’ve previously noted,
“maintaining integrity of key material”
Is not sufficient especially with Post-QC sized keys and current “staleness” requirments. As I mebtioned in,
‘https://www.schneier.com/blog/archives/2023/04/friday-squid-blogging-more-squid-camouflage-research.html/#comment-421340
As a reply to your Mayday post of 14:09.
But you make a quite invalid assumption of,
“Who would be surprised that a satellite costing more than 1 billion USD incorporates more safeguards than one costing around $100,000?”
Price has little or nothing to do with it, but time does. There are very few 1 billion USD satelites and rhere design / manufacture cycle is long so their specifications are likely to be much older than that of a cube sat.
But in either case the “storage of KeyMat” for 25years is not the solution to the problem.
As I’ve said the Chinese have already solved it in a way that does not require storage of massive quantaties of KeyMat as became evident with the recent “balloon shoot down” incidents.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
vas pup • April 28, 2023 5:29 PM
I am sorry if Bruce already pointed all bloggers attention to it in this blog.
Just found out and be glad to share with all respected bloggers:
Decoding the U.N. Cybercrime Treaty
https://www.eff.org/deeplinks/2023/04/decoding-uncybercrime-treaty
“Rather than focusing on core cybercrimes like network intrusion and computing system interference, the draft treaty’s emphasis on =>content-related crimes could likely result in overly broad and easily abused laws that stifle free expression and association rights of people around the world.
For example, the draft U.N. Cybercrime Treaty includes provisions that could make it a crime to humiliate a person and group or insult a religion using a computer. This potentially makes it a crime to send or post legitimate content protected under international law.
Governments routinely abuse cybercrime laws to !!! criminalize speech by claiming to combat disinformation, “religious, ethnic or sectarian hatred,” “terrorism,” “the distribution of false information,” and many other harms.
=>But in practice, these laws are used to stifle criticism, suppress protests and dissent, and clamp down on free expression and association. This is despite the right to free expression—including the right to insult and offend—being protected under the Universal Declaration of Human Rights (UDHR) and Article 19 of the International Covenant on Civil and Political Rights (ICCPR)—of which the U.N. Member States negotiating the new treaty are parties to.
Governments may only limit these rights in very narrow circumstances. But the draft U.N. Cybercrime Treaty ignores these permissible limitations, which may lead to the criminalization of legitimate uses of technology that promote access to information and freedom of speech.
=>The U.N. General Assembly has also made it clear that States should refrain from imposing restrictions on discussions about government policies and political debate, participation in election campaigns, peaceful demonstrations, expressing opinions and dissent, and being associated with particular religions or beliefs, including by persons belonging to minorities or vulnerable groups.
Checks and balances on government use of surveillance laws are essential to avoid abuses of power and human rights like freedom of expression and association. We saw how the COVID-19 pandemic incentivized authorities to institute
=>intrusive forms of surveillance without appropriate checks and balances, such as using surveillance technology to track individuals in public and monitoring private communications—
!!! all without legal authorization or oversight. And these laws disproportionately restrict the rights of those already marginalized and targeted in society, with personal data on religious beliefs, political affiliations, and other sensitive information collected in mass without guardrails against abuses.
!!! The circumstances upon which police are permitted to access personal data during criminal investigations should always be subject to robust human rights safeguards and !!! overseen by an impartial and independent oversight mechanism to ensure that individuals’ human rights are not at risk and to prevent police abuse of power.
On top of government attempts to keep human rights safeguards out of the draft treaty, negotiators have proposed a variety of broad, ! vague provisions that expand surveillance powers across borders as well as within each country. EFF is calling for the exclusion of provisions that compel governments to adopt domestic laws authorizing very intrusive surveillance powers.
!!! The draft treaty also oddly refers to allowing authorities to use “special investigative techniques” without ever defining what those are. The current language, indeed, could allow any type of surveillance technology—from malware to IMSI catchers, machine learning prediction, and other mass surveillance tools—as well as any tool or technique that may exist in the future. The use of new surveillance technologies must always be subject to public debate and !!! we must not give law enforcement a permanent blank check to spy on people with methods that haven’t even been invented yet.
!!!The “necessary information to enable” access to secured computers and data could be argued be to include assistance in breaking encryption or other security measures. It could also be interpreted to include government demands for vulnerability disclosures (to be made confidentially to government authorities) =>or even for disclosure of private keys or issuance of false digital certificates.
The measure doesn’t seem to go as far as explicitly requiring tech developers to create backdoors in their security systems, =>but it should precisely define the limits of technical assistance and make clear that it is not authorizing the creation of backdoors or the weakening of encryption or other security measures.”