NordVPN Breached

There was a successful attack against NordVPN:

Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN's network or for a variety of other sensitive purposes. The name of the third certificate suggested it could also have been used for many different sensitive purposes, including securing the server that was compromised in the breach.

The revelations came as evidence surfaced suggesting that two rival VPN services, TorGuard and VikingVPN, also experienced breaches that leaked encryption keys. In a statement, TorGuard said a secret key for a transport layer security certificate for *.torguardvpnaccess.com was stolen. The theft happened in a 2017 server breach. The stolen data related to a squid proxy certificate.

TorGuard officials said on Twitter that the private key was not on the affected server and that attackers "could do nothing with those keys." Monday's statement went on to say TorGuard didn't remove the compromised server until early 2018. TorGuard also said it learned of VPN breaches last May, "and in a related development we filed a legal complaint against NordVPN."

The breach happened nineteen months ago, but the company is only just disclosing it to the public. We don't know exactly what was stolen and how it affects VPN security. More details are needed.

VPNs are a shadowy world. We use them to protect our Internet traffic when we're on a network we don't trust, but we're forced to trust the VPN instead. Recommendations are hard. NordVPN's website says that the company is based in Panama. Do we have any reason to trust it at all?

I'm curious what VPNs others use, and why they should be believed to be trustworthy.

Posted on October 23, 2019 at 6:15 AM21 Comments

Public Voice Launches Petition for an International Moratorium on Using Facial Recognition for Mass Surveillance

Coming out of the Privacy Commissioners' Conference in Albania, Public Voice is launching a petition for an international moratorium on using facial recognition software for mass surveillance.

You can sign on as an individual or an organization. I did. You should as well. No, I don't think that countries will magically adopt this moratorium. But it's important for us all to register our dissent.

Posted on October 22, 2019 at 10:12 AM7 Comments

Calculating the Benefits of the Advanced Encryption Standard

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard.

From the conclusion:

The result of performing that operation on the series of cumulated benefits extrapolated for the 169 survey respondents finds that present value of benefits from today's perspective is approximately $8.9 billion. On the other hand, the present value of NIST's costs from today's perspective is $127 million. Thus, the NPV from today's perspective is $8,772,000,000; the B/C ratio is therefore 70.2/1; and a measure (explained in detail in Section 6.1) of the IRR for the alternative investment perspective is 31%; all are indicators of a substantial economic impact.

Extending the approach of looking back from 2017 to the larger national economy required the selection of economic sectors best represented by the 169 survey respondents. The economic sectors represented by ten or more survey respondents include the following: agriculture; construction; manufacturing; retail trade; transportation and warehousing; information; real estate rental and leasing; professional, scientific, and technical services; management services; waste management; educational services; and arts and entertainment. Looking at the present value of benefits and costs from 2017's perspective for these economic sectors finds that the present value of benefits rises to approximately $251 billion while the present value of NIST's costs from today's perspective remains the same at $127 million. Therefore, the NPV of the benefits of the AES program to the national economy from today's perspective is $250,473,200,000; the B/C ratio is roughly 1976/1; and the appropriate, alternative (explained in Section 6.1) IRR and investing proceeds at the social rate of return is 53.6%.

The report contains lots of facts and figures relevant to crypto policy debates, including the chaotic nature of crypto markets in the mid-1990s, the number of approved devices and libraries of various kinds since then, other standards that invoke AES, and so on.

There's a lot to argue with about the methodology and the assumptions. I don't know if I buy that the benefits of AES to the economy are in the billions of dollars, mostly because we in the cryptographic community would have come up with alternative algorithms to triple-DES that would have been accepted and used. Still, I like seeing this kind of analysis about security infrastructure. Security is an enabling technology; it doesn't do anything by itself, but instead allows all sorts of things to be done. And I certainly agree that the benefits of a standardized encryption algorithm that we all trust and use outweigh the cost by orders of magnitude.

And this isn't the first time NIST has conducted economic impact studies. It released a study of the economic impact of DES in 2001.

Posted on October 22, 2019 at 5:56 AM7 Comments

Details of the Olympic Destroyer APT

Interesting details on Olympic Destroyer, the nation-state cyberattack against the 2018 Winter Olympic Games in South Korea. Wired's Andy Greenberg presents evidence that the perpetrator was Russia, and not North Korea or China.

Posted on October 21, 2019 at 6:23 AM14 Comments

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on October 18, 2019 at 4:11 PM48 Comments

Why Technologists Need to Get Involved in Public Policy

Last month, I gave a 15-minute talk in London titled: "Why technologists need to get involved in public policy."

In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page, which has pretty much everything I can find in this space. If I'm missing something, please let me know.)

Boing Boing post.

Posted on October 18, 2019 at 2:38 PM13 Comments

Adding a Hardware Backdoor to a Networked Computer

Interesting proof of concept:

At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip in enterprise IT equipment to offer themselves stealthy backdoor access.... With only a $150 hot-air soldering tool, a $40 microscope, and some $2 chips ordered online, Elkins was able to alter a Cisco firewall in a way that he says most IT admins likely wouldn't notice, yet would give a remote attacker deep control.

Posted on October 18, 2019 at 5:54 AM10 Comments

Using Machine Learning to Detect IP Hijacking

This is interesting research:

In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That's unfortunately not very hard to do, since BGP itself doesn't have any security procedures for validating that a message is actually coming from the place it says it's coming from.

[...]

To better pinpoint serial attacks, the group first pulled data from several years' worth of network operator mailing lists, as well as historical BGP data taken every five minutes from the global routing table. From that, they observed particular qualities of malicious actors and then trained a machine-learning model to automatically identify such behaviors.

The system flagged networks that had several key characteristics, particularly with respect to the nature of the specific blocks of IP addresses they use:

  • Volatile changes in activity: Hijackers' address blocks seem to disappear much faster than those of legitimate networks. The average duration of a flagged network's prefix was under 50 days, compared to almost two years for legitimate networks.

  • Multiple address blocks: Serial hijackers tend to advertise many more blocks of IP addresses, also known as "network prefixes."

  • IP addresses in multiple countries: Most networks don't have foreign IP addresses. In contrast, for the networks that serial hijackers advertised that they had, they were much more likely to be registered in different countries and continents.

Note that this is much more likely to detect criminal attacks than nation-state activities. But it's still good work.

Academic paper.

Posted on October 17, 2019 at 6:08 AM16 Comments

Cracking the Passwords of Early Internet Pioneers

Lots of them weren't very good:

BSD co-inventor Dennis Ritchie, for instance, used "dmac" (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose "bourne"; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on "wendy!!!" (the name of his wife); and Stuart Feldman, author of Unix automation tool make and the first Fortran compiler, used "axolotl" (the name of a Mexican salamander).

Weakest of all was the password for Unix contributor Brian W. Kernighan: "/.,/.," representing a three-character string repeated twice using adjacent keys on a QWERTY keyboard. (None of the passwords included the quotation marks.)

I don't remember any of my early passwords, but they probably weren't much better.

Posted on October 15, 2019 at 10:38 AM83 Comments

Factoring 2048-bit Numbers Using 20 Million Qubits

This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk.

We know from Shor's Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum computer. Both of those are currently beyond our technological abilities. We barely have quantum computers with 50 to 100 qubits. Extending this requires advances not only in the number of qubits we can work with, but in making the system stable enough to read any answers. You'll hear this called "error rate" or "coherence" -- this paper talks about "noise."

Advances are hard. At this point, we don't know if they're "send a man to the moon" hard or "faster-than-light travel" hard. If I were guessing, I would say they're the former, but still harder than we can accomplish with our current understanding of physics and technology.

I write about all this generally, and in detail, here. (Short summary: Our work on quantum-resistant algorithms is outpacing our work on quantum computers, so we'll be fine in the short run. But future theoretical work on quantum computing could easily change what "quantum resistant" means, so it's possible that public-key cryptography will simply not be possible in the long run. That's not terrible, though; we have a lot of good scalable secret-key systems that do much the same things.)

Posted on October 14, 2019 at 6:58 AM44 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.