Page 20 of 22
I doubt this is true. One, it’s a very risky thing to do. And two, there are more than enough exploitable security vulnerabilities in a piece of code that large. Finding and exploiting them is a much better strategy than planting them. But maybe someone at the FBI is that dumb.
EDITED TO ADD (12/17): Further information is here. And a denial from an FBI agent.
On Monday, The New York Times reported that President Obama will seek sweeping laws enabling law enforcement to more easily eavesdrop on the internet. Technologies are changing, the administration argues, and modern digital systems aren’t as easy to monitor as traditional telephones.
The government wants to force companies to redesign their communications systems and information networks to facilitate surveillance, and to provide law enforcement with back doors that enable them to bypass any security measures.
The proposal may seem extreme, but—unfortunately—it’s not unique. Just a few months ago, the governments of the United Arab Emirates, Saudi Arabia and India threatened to ban BlackBerry devices unless the company made eavesdropping easier. China has already built a massive internet surveillance system to better control its citizens.
Formerly reserved for totalitarian countries, this wholesale surveillance of citizens has moved into the democratic world as well. Governments like Sweden, Canada and the United Kingdom are debating or passing laws giving their police new powers of internet surveillance, in many cases requiring communications system providers to redesign products and services they sell. More are passing data retention laws, forcing companies to retain customer data in case they might need to be investigated later.
Obama isn’t the first U.S. president to seek expanded digital eavesdropping. The 1994 CALEA law required phone companies to build ways to better facilitate FBI eavesdropping into their digital phone switches. Since 2001, the National Security Agency has built substantial eavesdropping systems within the United States.
These laws are dangerous, both for citizens of countries like China and citizens of Western democracies. Forcing companies to redesign their communications products and services to facilitate government eavesdropping reduces privacy and liberty; that’s obvious. But the laws also make us less safe. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in.
Any surveillance system invites both criminal appropriation and government abuse. Function creep is the most obvious abuse: New police powers, enacted to fight terrorism, are already used in situations of conventional nonterrorist crime. Internet surveillance and control will be no different.
Official misuses are bad enough, but the unofficial uses are far more worrisome. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and the people you don’t. Any surveillance and control system must itself be secured, and we’re not very good at that. Why does anyone think that only authorized law enforcement will mine collected internet data or eavesdrop on Skype and IM conversations?
These risks are not theoretical. After 9/11, the National Security Agency built a surveillance infrastructure to eavesdrop on telephone calls and e-mails within the United States. Although procedural rules stated that only non-Americans and international phone calls were to be listened to, actual practice didn’t always match those rules. NSA analysts collected more data than they were authorized to and used the system to spy on wives, girlfriends and famous people like former President Bill Clinton.
The most serious known misuse of a telecommunications surveillance infrastructure took place in Greece. Between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government—the prime minister and the ministers of defense, foreign affairs and justice—and other prominent people. Ericsson built this wiretapping capability into Vodafone’s products, but enabled it only for governments that requested it. Greece wasn’t one of those governments, but some still unknown party—a rival political group? organized crime?—figured out how to surreptitiously turn the feature on.
Surveillance infrastructure is easy to export. Once surveillance capabilities are built into Skype or Gmail or your BlackBerry, it’s easy for more totalitarian countries to demand the same access; after all, the technical work has already been done.
Western companies such as Siemens, Nokia and Secure Computing built Iran’s surveillance infrastructure, and U.S. companies like L-1 Identity Solutions helped build China’s electronic police state. The next generation of worldwide citizen control will be paid for by countries like the United States.
We should be embarrassed to export eavesdropping capabilities. Secure, surveillance-free systems protect the lives of people in totalitarian countries around the world. They allow people to exchange ideas even when the government wants to limit free exchange. They power citizen journalism, political movements and social change. For example, Twitter’s anonymity saved the lives of Iranian dissidents—anonymity that many governments want to eliminate.
Yes, communications technologies are used by both the good guys and the bad guys. But the good guys far outnumber the bad guys, and it’s far more valuable to make sure they’re secure than it is to cripple them on the off chance it might help catch a bad guy. It’s like the FBI demanding that no automobiles drive above 50 mph, so they can more easily pursue getaway cars. It might or might not work—but, regardless, the cost to society of the resulting slowdown would be enormous.
It’s bad civic hygiene to build technologies that could someday be used to facilitate a police state. No matter what the eavesdroppers say, these systems cost too much and put us all at greater risk.
This essay previously appeared on CNN.com, and was a rewrite of a 2009 op ed on MPR News Q—which itself was based in part on a 2007 Washington Post op ed by Susan Landau.
Lock My PC 4 has a master password.
EDITED TO ADD (4:26): In comments, people are reporting that the master password doesn’t work. Near as I can tell, those are all recent downloads. So either they took out the feature, or changed the password.
The United States Computer Emergency Response Team (US-CERT) has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.
That’s actually misleading. Even though the charger is an USB device, it does not contain the harmful installer described in the article—it has no storage capacity. The software has to be downloaded from the Energizer website, and the software is only used to monitor the progress of the charge. The software is not needed for the device to function properly.
Here are details.
Energizer has announced it will pull the software from its website, and also will stop selling the device.
EDITED TO ADD (3/23): Additional news here.
Interesting article from The New York Times.
Because so many aspects of the American effort to develop cyberweapons and define their proper use remain classified, many of those officials declined to speak on the record. The White House declined several requests for interviews or to say whether Mr. Obama as a matter of policy supports or opposes the use of American cyberweapons.
The most exotic innovations under consideration would enable a Pentagon programmer to surreptitiously enter a computer server in Russia or China, for example, and destroy a “botnet”—a potentially destructive program that commandeers infected machines into a vast network that can be clandestinely controlled—before it could be unleashed in the United States.
Or American intelligence agencies could activate malicious code that is secretly embedded on computer chips when they are manufactured, enabling the United States to take command of an enemy’s computers by remote control over the Internet. That, of course, is exactly the kind of attack officials fear could be launched on American targets, often through Chinese-made chips or computer servers.
So far, however, there are no broad authorizations for American forces to engage in cyberwar. The invasion of the Qaeda computer in Iraq several years ago and the covert activity in Iran were each individually authorized by Mr. Bush. When he issued a set of classified presidential orders in January 2008 to organize and improve America’s online defenses, the administration could not agree on how to write the authorization.
I’ve written about cyberwar here.
Three nights ago, my encryption algorithm Blowfish was mentioned on the Fox show 24. The clip is available here, or streaming on Hulu. This is the exchange:
Janis Gold: I isolated the data Renee uploaded to Bauer but I can’t get past the filed header.
Larry Moss: What does that mean?
JG: She encrypted the name and address she used and I can’t seem to crack it.
LM: Who can?
JG: She used her personal computer. This is very serious encryption. I mean, there are some high-level people who can do it.
LM: Like who?
JG: Chloe O’Brian, but from what you told me earlier she’s too loyal to Bauer.
LM: Is her husband still here?
JG: Yes, he’s waiting to see you.
LM: He’s a level 6 analyst too.
…
JG: Mr. O’Brian, a short time ago one of our agents was in touch with Jack Bauer. She sent a name and address that we assume is his next destination. Unfortunately, it’s encrypted with Blowfish 148 and no one here knows how to crack that. Therefore, we need your help, please.
…
Morris O’Brian: Show me the file.
MO: Where’s your information. 16 or 32 bit
wavelengthword length?JG: 32.
MO: Native or modified data points?
JG: Native.
MO: The designer of this algorithm built a backdoor into his code. Decryption’s a piece of cake if you know the override codes.
LM: And you do?
MO: Yeah.
LM: Will this take long?
MO: Course not.
LM: Mr. O’Brian, can you tell me specifically when you’ll have the file decrypted?
MO: Yes.
MO: Now.
O’Brian spends just over 30 seconds at the keyboard.
This is the second time Blowfish has appeared on the show. It was broken the first time, too.
EDITED TO ADD (4/14): Avi Rubin comments.
Many can be opened with a default admin password:
Here’s a fun little tip: You can open most Sentex key pad-access doors by typing in the following code:
***00000099#*
The first *** are to enter into the admin mode, 000000 (six zeroes) is the factory-default password, 99# opens the door, and * exits the admin mode (make sure you press this or the access box will be left in admin mode!)
This is one well-designed piece of malware:
Conficker B++ is somewhat similar to Conficker B, with 294 of 297 sub-routines the same and 39 additional subroutines. The latest variant, first spotted on 16 February, is even more sneaky than its previous incarnations, SRI explains.
Conficker B++ is no longer limited to reinfection by similarly structured Conficker DLLs, but can now push new self-contained Win32 applications. These executables can infiltrate the host using methods that are not detected by the latest anti-Conficker security applications.
[…]
The malware also creates an additional backdoor on compromise machines to create an altogether trickier infectious agent, SRI explains.
In Conficker A and B, there appeared only one method to submit Win32 binaries to the digital signature validation path, and ultimately to the CreateProcess API call. This path required the use of the Internet rendezvous point to download the binary through an HTTP transaction.
Under Conficker B++, two new paths to binary validation and execution have been introduced to Conficker drones, both of which bypass the use of Internet Rendezvous points: an extension to the netapi32.dll patch and the new named pipe backdoor. These changes suggest a desire by the Conficker’s authors to move away from a reliance on Internet rendezvous points to support binary update, and toward a more direct flash approach.
SRI reckons that Conficker-A has infected 4.7m machines, at one time or another, while Conficker-B has hit 6.7m IP addresses. These figures, as with previous estimates, come from an analysis of the number of machines that have ever tried to call into malware update sites. The actual number of infected hosts at any one time is lower than that. SRI estimates the botnet controlled by Conficker-A and Conficker-B is around 1m and 3m hosts, respectively, or a third of the raw estimate.
From the LEET ’08 conference: “Designing and implementing malicious hardware,” by Samuel T. King, Joseph Tucek, Anthony Cozzie, Chris Grier, Weihang Jiang, and Yuanyuan Zhou.
Abstract:
Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses.
We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker,
rather than designing one specific attack, can instead design hardware to support attacks. Such flexible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware. We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including login backdoor that gives an attacker complete and highlevel access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more flexible, and harder to detect than an initial analysis would suggest.
The readers were hacked when they were built, “either during the manufacturing process at a factory in China, or shortly after they came off the production line.” It’s being called a “supply chain hack.”
Sophisticated stuff, and yet another demonstration that these all-computer security systems are full of risks.
BTW, what’s it worth to rig an election?
Sidebar photo of Bruce Schneier by Joe MacInnis.