TEMPEST Attack

There's a new paper on a low-cost TEMPEST attack against PC cryptography:

We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.

We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.

From Wired:

Researchers at Tel Aviv University and Israel's Technion research institute have developed a new palm-sized device that can wirelessly steal data from a nearby laptop based on the radio waves leaked by its processor's power use. Their spy bug, built for less than $300, is designed to allow anyone to "listen" to the accidental radio emanations of a computer's electronics from 19 inches away and derive the user's secret decryption keys, enabling the attacker to read their encrypted communications. And that device, described in a paper they're presenting at the Workshop on Cryptographic Hardware and Embedded Systems in September, is both cheaper and more compact than similar attacks from the past -- so small, in fact, that the Israeli researchers demonstrated it can fit inside a piece of pita bread.

Another article. NSA article from 1972 on TEMPEST. Hacker News thread. Reddit thread.

Posted on June 29, 2015 at 1:38 PM23 Comments

Friday Squid Blogging: Classic Gary Larson Squid Cartoon

I have always liked this one.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on June 26, 2015 at 4:32 PM86 Comments

Other GCHQ News from Snowden

There are two other Snowden stories this week about GCHQ: one about its hacking practices, and the other about its propaganda and psychology research. The second is particularly disturbing:

While some of the unit's activities are focused on the claimed areas, JTRIG also appears to be intimately involved in traditional law enforcement areas and U.K.-specific activity, as previously unpublished documents demonstrate. An August 2009 JTRIG memo entitled "Operational Highlights" boasts of "GCHQ's first serious crime effects operation" against a website that was identifying police informants and members of a witness protection program. Another operation investigated an Internet forum allegedly "used to facilitate and execute online fraud." The document also describes GCHQ advice provided :to assist the UK negotiating team on climate change."

Particularly revealing is a fascinating 42-page document from 2011 detailing JTRIG's activities. It provides the most comprehensive and sweeping insight to date into the scope of this unit's extreme methods. Entitled "Behavioral Science Support for JTRIG's Effects and Online HUMINT [Human Intelligence] Operations," it describes the types of targets on which the unit focuses, the psychological and behavioral research it commissions and exploits, and its future organizational aspirations. It is authored by a psychologist, Mandeep K. Dhami.

Among other things, the document lays out the tactics the agency uses to manipulate public opinion, its scientific and psychological research into how human thinking and behavior can be influenced, and the broad range of targets that are traditionally the province of law enforcement rather than intelligence agencies.

Posted on June 26, 2015 at 12:12 PM50 Comments

NSA and GCHQ Attacked Antivirus Companies

On Monday, the Intercept published a new story from the Snowden documents:

The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.

British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab's software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.

Wired has a good article on the documents:

The documents...don't describe actual computer breaches against the security firms, but instead depict a systematic campaign to reverse-engineer their software in order to uncover vulnerabilities that could help the spy agencies subvert it.

[...]

An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms that were in that spy agency's sights. They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos.

But antivirus wasn't the only target of the two spy agencies. They also targeted their reverse-engineering skills against CheckPoint, an Israeli maker of firewall software, as well as commercial encryption programs and software underpinning the online bulletin boards of numerous companies. GCHQ, for example, reverse-engineered both the CrypticDisk program made by Exlade and the eDataSecurity system from Acer. The spy agency also targeted web forum systems like vBulletin and Invision Power Board­used by Sony Pictures, Electronic Arts, NBC Universal and others­as well as CPanel, a software used by GoDaddy for configuring its servers, and PostfixAdmin, for managing the Postfix email server software But that's not all. GCHQ reverse-engineered Cisco routers, too, which allowed the agency's spies to access "almost any user of the internet" inside Pakistan and "to re-route selective traffic" straight into the mouth of GCHQ's collection systems.

There's also this article from Ars Technica. Slashdot thread.

Kaspersky recently announced that it was the victim of Duqu 2.0, probably from Israel.

Posted on June 26, 2015 at 6:59 AM18 Comments

Yet Another Leaker -- with the NSA's French Intercepts

Wikileaks has published some NSA SIGINT documents describing intercepted French government communications. This seems not be from the Snowden documents. It could be one of the other NSA leakers, or it could be someone else entirely.

As leaks go, this isn't much. As I've said before, spying on foreign leaders is the kind of thing we want the NSA to do. I'm sure French Intelligence does the same to us.

EDITED TO ADD (6/25): To me, more interesting than the intercepts is the spreadsheet of NSA surveillance targets. That spreadsheet gives us a glimpse into the US process of surveillance: what US government office initially asked for the surveillance, what NSA office is tasked with analyzing the intelligence collected, where a particular target is on the priorities list, and so on.

Posted on June 25, 2015 at 12:51 PM70 Comments

Baseball Hacking: Cardinals vs. Astros

I think this is the first case of one professional sports team hacking another. No idea if it was an official operation, or a couple of employees doing it on their own initiative.

Posted on June 25, 2015 at 6:14 AM5 Comments

What is the DoD's Position on Backdoors in Security Systems?

In May, Admiral James A. Winnefeld, Jr., vice-chairman of the Joint Chiefs of Staff, gave an address at the Joint Service Academies Cyber Security Summit at West Point. After he spoke for twenty minutes on the importance of Internet security and a good national defense, I was able to ask him a question (32:42 mark) about security versus surveillance:

Bruce Schneier: I'd like to hear you talk about this need to get beyond signatures and the more robust cyber defense and ask the industry to provide these technologies to make the infrastructure more secure. My question is, the only definition of "us" that makes sense is the world, is everybody. Any technologies that we've developed and built will be used by everyone -- nation-state and non-nation-state. So anything we do to increase our resilience, infrastructure, and security will naturally make Admiral Rogers's both intelligence and attack jobs much harder. Are you okay with that?

Admiral James A. Winnefeld: Yes. I think Mike's okay with that, also. That's a really, really good question. We call that IGL. Anyone know what IGL stands for? Intel gain-loss. And there's this constant tension between the operational community and the intelligence community when a military action could cause the loss of a critical intelligence node. We live this every day. In fact, in ancient times, when we were collecting actual signals in the air, we would be on the operational side, "I want to take down that emitter so it'll make it safer for my airplanes to penetrate the airspace," and they're saying, "No, you've got to keep that emitter up, because I'm getting all kinds of intelligence from it." So this is a familiar problem. But I think we all win if our networks are more secure. And I think I would rather live on the side of secure networks and a harder problem for Mike on the intelligence side than very vulnerable networks and an easy problem for Mike. And part of that -- it's not only the right thing do, but part of that goes to the fact that we are more vulnerable than any other country in the world, on our dependence on cyber. I'm also very confident that Mike has some very clever people working for him. He might actually still be able to get some work done. But it's an excellent question. It really is.

It's a good answer, and one firmly on the side of not introducing security vulnerabilities, backdoors, key-escrow systems, or anything that weakens Internet systems. It speaks to what I have seen as a split in the the Second Crypto War, between the NSA and the FBI on building secure systems versus building systems with surveillance capabilities.

I have written about this before:

But here's the problem: technological capabilities cannot distinguish based on morality, nationality, or legality; if the US government is able to use a backdoor in a communications system to spy on its enemies, the Chinese government can use the same backdoor to spy on its dissidents.

Even worse, modern computer technology is inherently democratizing. Today's NSA secrets become tomorrow's PhD theses and the next day's hacker tools. As long as we're all using the same computers, phones, social networking platforms, and computer networks, a vulnerability that allows us to spy also allows us to be spied upon.

We can't choose a world where the US gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance.

NSA Director Admiral Mike Rogers was in the audience (he spoke earlier), and I saw him nodding at Winnefeld's answer. Two weeks later, at CyCon in Tallinn, Rogers gave the opening keynote, and he seemed to be saying the opposite.

"Can we create some mechanism where within this legal framework there's a means to access information that directly relates to the security of our respective nations, even as at the same time we are mindful we have got to protect the rights of our individual citizens?"

[...]

Rogers said a framework to allow law enforcement agencies to gain access to communications is in place within the phone system in the United States and other areas, so "why can't we create a similar kind of framework within the internet and the digital age?"

He added: "I certainly have great respect for those that would argue that they most important thing is to ensure the privacy of our citizens and we shouldn't allow any means for the government to access information. I would argue that's not in the nation's best long term interest, that we've got to create some structure that should enable us to do that mindful that it has to be done in a legal way and mindful that it shouldn't be something arbitrary."

Does Winnefeld know that Rogers is contradicting him? Can someone ask JCS about this?

Posted on June 24, 2015 at 7:42 AM56 Comments

Hayden Mocks NSA Reforms

Former NSA Director Michael recently mocked the NSA reforms in the recently passed USA Freedom Act:

If somebody would come up to me and say, "Look, Hayden, here's the thing: This Snowden thing is going to be a nightmare for you guys for about two years. And when we get all done with it, what you're going to be required to do is that little 215 program about American telephony metadata -- and by the way, you can still have access to it, but you got to go to the court and get access to it from the companies, rather than keep it to yourself." I go: "And this is it after two years? Cool!"

The thing is, he's right. And Peter Swire is also right when he calls the law "the biggest pro-privacy change to U.S. intelligence law since the original enactment of the Foreign Intelligence Surveillance Act in 1978." I supported the bill not because it was the answer, but because it was a step in the right direction. And Hayden's comments demonstrate how much more work we have to do.

Posted on June 23, 2015 at 1:39 PM25 Comments

Why We Encrypt

Encryption protects our data. It protects our data when it's sitting on our computers and in data centers, and it protects it when it's being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives.

This protection is important for everyone. It's easy to see how encryption protects journalists, human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from criminals. It protects it from competitors, neighbors, and family members. It protects it from malicious attackers, and it protects it from accidents.

Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there.

Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.

This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive.

It's important to remember that encryption doesn't magically convey security. There are many ways to get encryption wrong, and we regularly see them in the headlines. Encryption doesn't protect your computer or phone from being hacked, and it can't protect metadata, such as e-mail addresses that need to be unencrypted so your mail can be delivered.

But encryption is the most important privacy-preserving technology we have, and one that is uniquely suited to protect against bulk surveillance -- the kind done by governments looking to control their populations and criminals looking for vulnerable victims. By forcing both to target their attacks against individuals, we protect society.

Today, we are seeing government pushback against encryption. Many countries, from States like China and Russia to more democratic governments like the United States and the United Kingdom, are either talking about or implementing policies that limit strong encryption. This is dangerous, because it's technically impossible, and the attempt will cause incredible damage to the security of the Internet.

There are two morals to all of this. One, we should push companies to offer encryption to everyone, by default. And two, we should resist demands from governments to weaken encryption. Any weakening, even in the name of legitimate law enforcement, puts us all at risk. Even though criminals benefit from strong encryption, we're all much more secure when we all have strong encryption.

This originally appeared in Securing Safe Spaces Online.

EDITED TO ADD: Last month, I blogged about a UN report on the value of encryption technologies to human freedom worldwide. This essay is the foreword to a companion document:

To support the findings contained in the Special Rapporteur's report, Privacy International, the Harvard Law School's International Human Rights Law Clinic and ARTICLE 19 have published an accompanying booklet, Securing Safe Spaces Online: Encryption, online anonymity and human rights which explores the impact of measures to restrict online encryption and anonymity in four particular countries ­-- the United Kingdom, Morocco, Pakistan and South Korea.

Posted on June 23, 2015 at 6:02 AM35 Comments

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.