Page 438

Income Inequality as a Security Issue

This is an interesting way to characterizing income inequality as a security issue:

…growing inequality menaces vigorous societies. It is a proxy for how effectively an elite has constructed institutions that extract value from the rest of society. Professor Sam Bowles, also part of the INET network, goes further. He argues that inequality pulls production away from value creation to protecting and securing the wealthy’s assets: one in five of the British workforce, for example, works as “guard labour”—in security, policing, law, surveillance and forms of IT that control and monitor. The higher inequality, the greater the proportion of a workforce deployed as guard workers, who generate little value and lower overall productivity.”

This is an expansion of my notion of security as a tax on the honest. From Liars and Outliers:

Francis Fukuyama wrote: “Widespread distrust in society…imposes a kind of tax on all forms of economic activity, a tax that high-trust societies do not have to pay.” It’s a tax on the honest. It’s a tax imposed on ourselves by ourselves, because, human nature being what it is, too many of us would otherwise become hawks and take advantage of the rest of us. And it’s an expensive tax.

The argument here is that the greater the inequality, the greater the tax. And because much of this security tax protects the wealthy from the poor, it’s a regressive tax.

Tags: ,

Posted on January 24, 2014 at 6:51 AMView Comments

NIGHTWATCH: NSA Exploit of the Day

Today’s item from the NSA’s Tailored Access Operations (TAO) group implant catalog:

NIGHTWATCH

(TS//SI//REL TO USA,FVEY) NIGHTWATCH is a portable computer with specialized, internal hardware designed to process progressive-scan (non-interlaced VAGRANT signals).

(U) Capability Summary
(TS//SI//REL TO USA,FVEY) The current implementation of NIGHTWATCH consists of a general-purpose PC inside of a shielded case. The PC has PCI digitizing and clock cards to provide the needed interface and accurate clocking required for video reconstruction. It also has:

  • horizontal sync, vertical sync and video outputs to drive an external, multi-sync monitor.
  • video output
  • spectral analysis up to 150 kHz to provide for indications of horizontal and vertical sync frequencies.
  • frame capture and forwarding
  • PCMCIA cards for program and data storage
  • horizontal sync locking to keep the display set on the NIGHTWATCH display.
  • frame averaging up to 2^16 (65536) frames.

(U) Concept of Operation
(TS//SI//REL TO USA,FVEY) The video output from an appropriate collection system, such as a CTX4000, PHOTOANGLO, or general-purpose receiver, is connected to the video output on the NIGHTWATCH system. The user, using the appropriate tools either within NIGHTWATCH or externally, determines the horizontal and vertical sync frequencies of the targeted monitor. Once the user matches the proper frequencies, he activates “Sync Lock” and frame averaging to reduce noise and improve readability of the targeted monitor. If warranted, the user then forwards the displayed frames over a network to NSAW, where analysts can look at them for intelligence purposes.

Unit Cost: N/A

Status: This system has reached the end of its service life. All work concerning the NIGHTWATCH system is strictly for maintenance purposes. This system is slated to be replaced by the VIEWPLATE system.

Page, with graphics, is here. General information about TAO and the catalog is here.

In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.

Tags: , , , , ,

Posted on January 23, 2014 at 2:39 PMView Comments

Consumer Manipulation

Tim Harford talks about consumer manipulation:

Consider, first, confusion by design: Las Vegas casinos are mazes, carefully crafted to draw players to the slot machines and to keep them there. Casino designers warn against the “yellow brick road” effect of having a clear route through the casino. (One side effect: it takes paramedics a long time to find gamblers in cardiac arrest; as Ms Schüll also documents, it can be tough to get the slot-machine players to assist, or even to make room for, the medical team.)

Most mazes in our economy are metaphorical: the confusion of multi-part tariffs for mobile phones, cable television or electricity. My phone company regularly contacts me to assure me that I am on the cheapest possible plan given my patterns of usage. No doubt this claim can be justified on some narrow technicality but it seems calculated to deceive. Every time I have put it to the test it has proved false.

I recently cancelled a contract with a different provider after some gizmo broke. The company first told me the whole thing was my problem, then at the last moment offered me hundreds of pounds to stay. When your phone company starts using the playbook of an emotionally abusive spouse, this is not a market in good working order.

This is a security story: manipulation vs. manipulation defense. One of my worries about our modern market system is that the manipulators have gotten too good. We need better security—either technical defenses or legal prohibitions—against this manipulation.

EDITED TO ADD (1/23): More about how cellphone companies rip you off.

Tags: , ,

Posted on January 23, 2014 at 7:03 AMView Comments

NIGHTSTAND: NSA Exploit of the Day

Today’s device from the NSA’s Tailored Access Operations (TAO) group implant catalog:

NIGHTSTAND

(TS//SI//REL) An active 802.11 wireless exploitation and injection tool for payload /exploit delivery into otherwise denied target space. NIGHTSTAND is typically used in operations where wired access to the target is not possible.

(TS//SI//REL) NIGHTSTAND – Close Access Operations • Battlefield Tested • Windows Exploitation • Standalone System

System Details

  • (U//FOUO) Standalone tool currently running on an x86 laptop loaded with Linux Fedora Core 3.
  • (TS//SI//REL) Exploitable Targets include Win2k, WinXP, WinXPSP1, WINXPSP2 running Internet Explorer versions 5.0-6.0.
  • (TS//SI//REL) NS packet injection can target one client or multiple targets on a wireless network.
  • (TS//SI//REL) Attack is undetectable by the user.

(TS//SI//REL) Use of external amplifiers and antennas in both experimental and operational scenarios have resulted in successful NIGHTSTAND attacks from as far away as eight miles under ideal environmental conditions.

Unit Cost: Varies from platform to platform

Status: Product has been deployed in the field. Upgrades to the system continue to be developed.

Page, with graphics, is here. General information about TAO and the catalog is here.

Presumably, the NSA can use this “injection tool” in all the same ways it uses QUANTUM. For example, it can redirect users to FOXACID servers in order to attack their computers.

In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.

Tags: , , , , , , , ,

Posted on January 22, 2014 at 2:15 PMView Comments

Questioning the Efficacy of NSA's Bulk-Collection Programs

Two reports have recently been published questioning the efficacy of the NSA’s bulk-collection programs. The first one is from the left-leaning New American Foundation (report here, and one-page tabular summary here).

However, our review of the government’s claims about the role that NSA “bulk” surveillance of phone and email communications records has had in keeping the United States safe from terrorism shows that these claims are overblown and even misleading. An in-depth analysis of 225 individuals recruited by al-Qaeda or a like-minded group or inspired by al-Qaeda’s ideology, and charged in the United States with an act of terrorism since 9/11, demonstrates that traditional investigative methods, such as the use of informants, tips from local communities, and targeted intelligence operations, provided the initial impetus for investigations in the majority of cases, while the contribution of NSA’s bulk surveillance programs to these cases was minimal. Indeed, the controversial bulk collection of American telephone metadata, which includes the telephone numbers that originate and receive calls, as well as the time and date of those calls but not their content, under Section 215 of the USA PATRIOT Act, appears to have played an identifiable role in initiating, at most, 1.8 percent of these cases. NSA programs involving the surveillance of non-U.S. persons outside of the United States under Section 702 of the FISA Amendments Act played a role in 4.4 percent of the terrorism cases we examined, and NSA surveillance under an unidentified authority played a role in 1.3 percent of the cases we examined.

The second is from Marshall Erwin of the right-leaning Hoover Institute (report here, and summary here).

My conclusion is simple: neither of these cases demonstrates that bulk phone records collection is effective. Those records did not make a significant contribution to success against the 2009 plot because at the point at which the NSA searched the bulk records database, the FBI already had sufficient information to disrupt the plot. It is also unlikely that bulk collection would have helped disrupt the 9/11 attacks, given critical barriers to information sharing and as demonstrated by the wealth of information already available to the intelligence community about al-Mihdhar.

Tags: , , , , , , ,

Posted on January 22, 2014 at 6:41 AMView Comments

LOUDAUTO: NSA Exploit of the Day

Today’s item from the NSA’s Tailored Access Operations (TAO) group implant catalog:

LOUDAUTO

(TS//SI//REL TO USA,FVEY) Audio-based RF retro-reflector. Provides room audio from targeted space using radar and basic post-processing.

(U) Capabilities
(TS//SI//REL TO USA,FVEY) LOUDAUTO’s current design maximizes the gain of the microphone. This makes it extremely useful for picking up room audio. It can pick up speech at a standard, ofice volume from over 20′ away. (NOTE: Concealments may reduce this distance.) It uses very little power (~15 uA at 3.0 VDC), so little, in fact, that battery self-discharge is more of an issue for serviceable lifetime than the power draw from this unit. The simplicity of the design allows the form factor to be tailored for specific operation requirements. All components at COTS and so are non-attributable to NSA.

(U) Concept of Operation
(TS//SI//REL TO USA,FVEY) Room audio is picked up by the microphone and converted into an analog electrical signal. This signal is used to pulse position modulate (PPM) a square wave signal running at a pre-set frequency. This square wave is used to turn a FET (field effect transistor) on and off. When the unit is illuminated with a CW signal from a nearby radar unit, the illuminating signal is amplitude-modulated with the PPM square wave. This signal is re-radiated, where it is picked up by the radar, then processed to recover the room audio. Processing is currently performed by COTS equipment with FM demodulation capability (Rohde & Schwarz FSH-series portable spectrum analyzers, etc.) LOUDAUTO is part of the ANGRYNEIGHBOR family of radar retro-reflectors.

Unit Cost: $30

Status: End processing still in development

Page, with graphics, is here. General information about TAO and the catalog is here.

This one is kind of cool, I think.

In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.

Tags: , , , , ,

Posted on January 21, 2014 at 2:11 PMView Comments

Adware Vendors Buy and Abuse Chrome Extensions

This is not a good development:

To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.

[…]

When malicious apps don’t follow Google’s disclosure policy, diagnosing something like this is extremely difficult. When Tweet This Page started spewing ads and malware into my browser, the only initial sign was that ads on the Internet had suddenly become much more intrusive, and many auto-played sound. The extension only started injecting ads a few days after it was installed in an attempt to make it more difficult to detect. After a while, Google search became useless, because every link would redirect to some other webpage. My initial thought was to take an inventory of every program I had installed recently—I never suspected an update would bring in malware. I ran a ton of malware/virus scanners, and they all found nothing. I was only clued into the fact that Chrome was the culprit because the same thing started happening on my Chromebook—if I didn’t notice that, the next step would have probably been a full wipe of my computer.

Tags: , , , , ,

Posted on January 21, 2014 at 6:33 AMView Comments

CTX4000: NSA Exploit of the Day

Today’s device—this one isn’t an implant—from the NSA’s Tailored Access Operations (TAO) group implant catalog:

CTX4000

(TS//SI//REL TO USA,FVEY) The CTX4000 is a portable continuous wave (CW) radar unit. It can be used to illuminate a target system to recover different off net information. Primary uses include VAGRANT and DROPMIRE collection.

(TS//SI//REL TO USA,FVEY) The CTX4000 provides the means to collect signals that otherwise would not be collectable, or would be extremely difficult to collect and process. It provides the following features:

  • Frequency Range: 1 – 2 GHz.
  • Bandwidth: Up to 45 MHz
  • Output Power: User adjustable up to 2 W using the internal amplifier; external amplifiers make it possible to go up to 1 kW.
  • Phase adjustment with front panel knob
  • User-selectable high- and low-pass filters.
  • Remote controllable
  • Outputs:
  • Transmit antenna
  • I and Q video outputs
  • DC bias for an external pre-amp on the Receive input connector
  • Inputs:
    • External oscillator
    • Receive antenna

Unit Cost: N/A

Status: unit is operational. However, it is reaching the end of its service life. It is scheduled to be replaced by PHOTOANGLO staring in September 2008.

Page, with graphics, is here. General information about TAO and the catalog is here.

We’ve already seen reference to VAGRANT and DROPMIRE. The first collects data off computer screens, the second from printers with “purely proximal access.”

In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.

Tags: , , , , ,

Posted on January 20, 2014 at 2:20 PMView Comments

← Earlier EntriesLater Entries →

Sidebar photo of Bruce Schneier by Joe MacInnis.