NSA Spying

BY Herschel Smith
3 months, 3 weeks ago

I’m going to provide a running list of recent reports concerning NSA spying on Americans, and then some commentary at the end.

The NSA Back Door to NIST:

Through the Snowden disclosures, the NIST standard for pseudo-random number generation has fallen into disrepute. Here I describe the back door to the NIST standard for pseudo-random number generation in elementary and mathematically precise terms. The NIST standard offers three methods for pseudo-random number generation [NIST]. My remarks are limited to the third of the three methods, which is based on elliptic curves.

This is a scholarly paper, and I simply don’t have the time to explain how random number generators work (I have seen the coding and have several algorithms).  I also don’t have the time to explain public and private encryption keys and how they work.  Any attempt to explain this would run way past the usual time Site Meter shows that I have readers.  But suffice it to say that random number generators are compromised.  Thus, any communication you use in which you depend on such methods has also been compromised and isn’t reliable.

ExtremeTech:

Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening – yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you’re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data.

This acoustic cryptanalysis, carried out by Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer, uses what’s known as a side channel attack. A side channel is an attack vector that is non-direct and unconventional, and thus hasn’t been properly secured. For example, your pass code prevents me from directly attacking your phone — but if I could work out your pass code by looking at the greasy smudges on your screen, that would be a side channel attack. In this case, the security researchers listen to the high-pitched (10 to 150 KHz) sounds produced by your computer as it decrypts data.

This might sound crazy, but with the right hardware it’s actually not that hard. For a start, if you know exactly what frequency to listen out for, you can use low- and high-pass filters to ensure that you only have the sounds that emanate from your PC while the CPU decrypts data. (In case you were wondering, the acoustic signal is actually generated by the CPU’s voltage regulator, as it tries to maintain a constant voltage during wildly varied and bursty loads). Then, once you have the signal, it’s time for the hard bit: Actually making sense of it.

Without going into too much detail, the researchers focused on a very specific encryption implementation: The GnuPG (an open/free version of PGP) 1.x implementation of the RSA cryptosystem. With some very clever cryptanalysis, the researchers were able to listen for telltale signs that the CPU was decrypting some data, and then listening to the following stream of sounds to divine the decryption key. The same attack would not work on different cryptosystems or different encryption software — they’d have to start back at the beginning and work out all of the tell-tale sounds from scratch.

Hard and a lot of work, but feasible.  My oldest son Joshua responds this back to me concerning this article.

Yeah, saw this on reddit. Physical security is just as important as digital. Also, the Debian distro just released a new version that fixes this by generating pink noise, although if they know the algorithm used to generate the randomness in pink noise they could still filter it.Right now they’re working on using thermal heat/noise generated by PC components as an external factor to seed random number generators.Still, the takeaway is that if the government wants access to the info, they’re going to get it one way or another. Russia just placed an order for typewriters so they could begin archiving sensitive material on paper instead of digitally because paper is more difficult to exfiltrate.

AP:

One of the slides described how the NSA can plant malicious software onto Apple Inc.’s iPhone, giving American intelligence agents the ability to turn the popular smartphone into a pocket-sized spy.

Another slide showcased a futuristic-sounding device described as a “portable continuous wave generator,” a remote-controlled device which – when paired with tiny electronic implants – can bounce invisible waves of energy off keyboards and monitors to see what is being typed, even if the target device isn’t connected to the Internet.

A third slide showcased a piece of equipment called NIGHTSTAND, which can tamper with wireless Internet connections from up to 8 miles (13 kilometers) away.

An NSA spokeswoman, Vanee Vines, said that she wasn’t aware of Appelbaum’s presentation, but that in general should would not comment on “alleged foreign intelligence activities.”

“As we’ve said before, NSA’s focus is on targeting the communications of valid foreign intelligence targets – not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the U.S. government.”

Spiegel (select quotes):

The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of “covert” routers and servers. It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with “implants” that then allow the government hackers to control the computers remotely. (Click here to read a related article on the NSA’s “implants”.)

In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person’s computer. Of course, a cookie doesn’t automatically identify a person, but it can if it includes additional information like an email address. In that case, a cookie becomes something like the web equivalent of a fingerprint.

Once TAO teams have gathered sufficient data on their targets’ habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way. If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service’s covert servers, known by the codename FOXACID.

This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks. Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person’s computer …

At the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals. Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world’s ocean floors.

One document labeled “top secret” and “not for foreigners” describes the NSA’s success in spying on the “SEA-ME-WE-4″ cable system. This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle.

The document proudly announces that, on Feb. 13, 2013, TAO “successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4).” With the help of a “website masquerade operation,” the agency was able to “gain access to the consortium’s management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network.”

It appears the government hackers succeeded here once again using the QUANTUMINSERT method.

The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure …

Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called “load stations,” agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

These minor disruptions in the parcel shipping business rank among the “most productive operations” conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks “around the world.”

Now for my own commentary.  I overheard a television commercial over Christmas state something like “we believe in helping children reach their creative potentials and then creating their own future,” or some claptrap like that.

I don’t believe that, as I’ve explained before.  The thieves stealing your information and invading your privacy were once creative children too.  Creativity can be turned towards good or evil.  The moral rot and decay in America has produced the totalitarianism under which we now suffer.  The NSA is a sign of the wickedness of our society.  I am not giving excuse to individuals inside the NSA who do this, for it is not society but individuals who do these things.  But I’m remarking on the general cultural, religious, theological and moral darkness that pervades our world.

I am not sanguine about our immediate future.  Oh yes, I have guns and ammunition.  And I know how to use them.  So do a lot of my readers.  But regardless of what happens in our near term and far term future, without addressing the moral rot that caused this situation, we cannot move forward – not with a new constitution, not with a constitutional convention, not with a new revolution.  These things don’t change the heart of man.

The nearest I can see to a solution, albeit a temporary band aid, is secession, in part because of the fact that my location, i.e., the South, has not yet so completely thrown off the garments of our orthodox Christian heritage.  This is not so much a solution for other places, which would doubtless devolve into totalitarianism and anarchy in dialectic tension in short order.

I know this is a long way from the original subject of the post, but with no hesitation and no apology, I unequivocally assert that if you believe that all of your training, all of your tactics, all of your firearms, all of your ammunition, and all of your passion for whatever you have passion, are some sort of fix for moral darkness, you are sadly mistaken, and you will eventually learn this.

This country has far greater problems than how many guns I own.  The kind of behavior we are witnessing from the NSA is consistent with Nazi Germany, Communist China, the Soviet Union and North Korea.  The America I once knew has almost faded from memory, and exists no more.  I have hope that one day it will be born anew, but I know that it will not happen within the present moral darkness and relativism.

UPDATE: The Daily Dot.  The NSA has nearly complete backdoor access to Apple’s iPhone.

UPDATE #2: Zero Hedge, How The NSA Hacks Your iPhone.



  • http://mikeaustin.org Mike Austin

    Eloquently expressed, and my thoughts as well. We have three options besides secession: a continued decent into tyranny; military coup; civil war. Any combination of these is possible. Were I a betting man I would wager upon another civil war. At any rate, it seems both sides are preparing for one. And it is absurd almost beyond belief to place any hope or trust in this man or that party or the other program—which renders Mark Levin’s idea an unnecessary diversion and a complete waste of time. The entire political system at the national level has been corrupted. Washington DC reminds me of the Roman Republic during its last century, though with the added bonus of sexual perversion and mass infanticide. The US regime, like its master Lucifer, makes war upon God and Natural Law. It will lose in the end—it lost 2000 years ago on the Cross—and there will be casualties, perhaps tens of millions of them. The Maccabees would understand, as would Jefferson.

  • Paul B

    I too fear the coming inter cine violence. I do not expect entire states to secede, the fault lines seem to run through communities. I am not sure how that could play out.

    The rule of law and the constitution that created a republic are key elements. that and Christians deciding we have had enough.

    Although being forceful is not something the current crop of Christians does well.

    We don’t like to fight till our back is against the wall. And the wall is getting closer.

    It is near time to punch the bully in the nose.

  • amr

    I am for severe penalties for those stealing my personal data and criminally using it. This is not a crime against a person, but one against our society which decreases trust and opens fissures in our economic system. I could even accept the death penalty for those who stole the private info from Target. But since we can’t even give routinely the death penalty for convicted terrorists, there is little chance those who broke into Target’s data base will receive long prison sentences.

  • Neal Evans

    There is nothing new under the sun. St. Augustine wrote his City of God in similar circumstances as (recently-Christianized) Rome collapsed around him. The Kingdom of God persists though the City of Man may crumble. Remember we Christians have dual-citizenship. Let us focus on our true country, new Jerusalem, and our true King, Lord Jesus. New citizens are created by hearing the Gospel of the Kingdom. As Paul says in Romans 10:

    14 How then will they call on him in whom they have not believed? And how are they to believe in him of whom they have never heard?c And how are they to hear without someone preaching? 15 And how are they to preach unless they are sent? As it is written, “How beautiful are the feet of those who preach the good news!” 16 But they have not all obeyed the gospel. For Isaiah says, “Lord, who has believed what he has heard from us?” 17 So faith comes from hearing, and hearing through the word of Christ.

  • Sean

    How true…and how sad that so many don’t see the moral decay for what it is…our core problem.

  • Pingback: Larwyn’s Linx: Where Do We Go From Here America?       Will There Be Anything Left? | Preppers Universe


You are currently reading "NSA Spying", entry #11698 on The Captain's Journal.

This article is filed under the category(s) Intelligence,NSA and was published December 30th, 2013 by Herschel Smith.

If you're interested in what else the The Captain's Journal has to say, you might try thumbing through the archives and visiting the main index, or; perhaps you would like to learn more about TCJ.

26th MEU (10)
Abu Muqawama (12)
ACOG (2)
ACOGs (1)
Afghan National Army (36)
Afghan National Police (17)
Afghanistan (675)
Afghanistan SOFA (4)
Agriculture in COIN (3)
AGW (1)
Air Force (28)
Air Power (9)
al Qaeda (83)
Ali al-Sistani (1)
America (6)
Ammunition (12)
Animals in War (4)
Ansar al Sunna (15)
Anthropology (3)
AR-15s (32)
Arghandab River Valley (1)
Arlington Cemetery (2)
Army (34)
Assassinations (2)
Assault Weapon Ban (24)
Australian Army (5)
Azerbaijan (4)
Backpacking (2)
Badr Organization (8)
Baitullah Mehsud (21)
Basra (17)
BATFE (42)
Battle of Bari Alai (2)
Battle of Wanat (15)
Battle Space Weight (3)
Bin Laden (7)
Blogroll (2)
Blogs (4)
Body Armor (16)
Books (2)
Border War (6)
Brady Campaign (1)
Britain (25)
British Army (35)
Camping (4)
Canada (1)
Castle Doctrine (1)
Caucasus (6)
CENTCOM (7)
Center For a New American Security (8)
Charity (3)
China (10)
Christmas (5)
CIA (12)
Civilian National Security Force (3)
Col. Gian Gentile (9)
Combat Outposts (3)
Combat Video (2)
Concerned Citizens (6)
Constabulary Actions (3)
Coolness Factor (2)
COP Keating (4)
Corruption in COIN (4)
Council on Foreign Relations (1)
Counterinsurgency (213)
DADT (2)
David Rohde (1)
Defense Contractors (1)
Department of Defense (112)
Department of Homeland Security (9)
Disaster Preparedness (2)
Distributed Operations (5)
Dogs (5)
Drone Campaign (3)
EFV (3)
Egypt (12)
Embassy Security (1)
Enemy Spotters (1)
Expeditionary Warfare (17)
F-22 (2)
F-35 (1)
Fallujah (17)
Far East (3)
Fathers and Sons (1)
Favorite (1)
Fazlullah (3)
FBI (1)
Featured (157)
Federal Firearms Laws (14)
Financing the Taliban (2)
Firearms (206)
Football (1)
Force Projection (35)
Force Protection (4)
Force Transformation (1)
Foreign Policy (27)
Fukushima Reactor Accident (6)
Ganjgal (1)
Garmsir (1)
general (14)
General Amos (1)
General James Mattis (1)
General McChrystal (38)
General McKiernan (6)
General Rodriguez (3)
General Suleimani (7)
Georgia (19)
GITMO (2)
Google (1)
Gulbuddin Hekmatyar (1)
Gun Control (173)
Guns (424)
Guns In National Parks (2)
Haditha Roundup (10)
Haiti (2)
HAMAS (7)
Haqqani Network (9)
Hate Mail (7)
Hekmatyar (1)
Heroism (4)
Hezbollah (12)
High Capacity Magazines (10)
High Value Targets (9)
Homecoming (1)
Homeland Security (1)
Horses (1)
Humor (12)
ICOS (1)
IEDs (7)
Immigration (24)
India (10)
Infantry (3)
Information Warfare (2)
Infrastructure (2)
Intelligence (22)
Intelligence Bulletin (6)
Iran (169)
Iraq (376)
Iraq SOFA (23)
Islamic Facism (32)
Islamists (35)
Israel (17)
Jaish al Mahdi (21)
Jalalabad (1)
Japan (2)
Jihadists (70)
John Nagl (5)
Joint Intelligence Centers (1)
JRTN (1)
Kabul (1)
Kajaki Dam (1)
Kamdesh (8)
Kandahar (12)
Karachi (7)
Kashmir (2)
Khost Province (1)
Khyber (11)
Knife Blogging (2)
Korea (4)
Korengal Valley (3)
Kunar Province (20)
Kurdistan (3)
Language in COIN (5)
Language in Statecraft (1)
Language Interpreters (2)
Lashkar-e-Taiba (2)
Law Enforcement (2)
Lawfare (6)
Leadership (5)
Lebanon (6)
Leon Panetta (1)
Let Them Fight (2)
Libya (11)
Lines of Effort (3)
Littoral Combat (7)
Logistics (46)
Long Guns (1)
Lt. Col. Allen West (2)
Marine Corps (229)
Marines in Bakwa (1)
Marines in Helmand (67)
Marjah (4)
MEDEVAC (2)
Media (22)
Memorial Day (2)
Mexican Cartels (20)
Mexico (19)
Michael Yon (5)
Micromanaging the Military (7)
Middle East (1)
Military Blogging (26)
Military Contractors (3)
Military Equipment (24)
Militia (2)
Mitt Romney (3)
Monetary Policy (1)
Moqtada al Sadr (2)
Mosul (4)
Mountains (9)
MRAPs (1)
Mullah Baradar (1)
Mullah Fazlullah (1)
Mullah Omar (3)
Musa Qala (4)
Music (16)
Muslim Brotherhood (6)
Nation Building (2)
National Internet IDs (1)
National Rifle Association (13)
NATO (15)
Navy (19)
Navy Corpsman (1)
NCOs (3)
News (1)
NGOs (2)
Nicholas Schmidle (2)
Now Zad (19)
NSA (1)
NSA James L. Jones (6)
Nuclear (53)
Nuristan (8)
Obama Administration (199)
Offshore Balancing (1)
Operation Alljah (7)
Operation Khanjar (14)
Ossetia (7)
Pakistan (165)
Paktya Province (1)
Palestine (5)
Patriotism (6)
Patrolling (1)
Pech River Valley (11)
Personal (16)
Petraeus (14)
Pictures (1)
Piracy (13)
Police (78)
Police in COIN (2)
Policy (15)
Politics (116)
Poppy (2)
PPEs (1)
Prisons in Counterinsurgency (12)
Project Gunrunner (20)
PRTs (1)
Qatar (1)
Quadrennial Defense Review (2)
Quds Force (13)
Quetta Shura (1)
RAND (3)
Recommended Reading (14)
Refueling Tanker (1)
Religion (64)
Religion and Insurgency (19)
Reuters (1)
Rick Perry (4)
Roads (4)
Rolling Stone (1)
Ron Paul (1)
ROTC (1)
Rules of Engagement (73)
Rumsfeld (1)
Russia (27)
Sabbatical (1)
Sangin (1)
Saqlawiyah (1)
Satellite Patrols (2)
Saudi Arabia (4)
Scenes from Iraq (1)
Second Amendment (132)
Second Amendment Quick Hits (2)
Secretary Gates (9)
Sharia Law (3)
Shura Ittehad-ul-Mujahiden (1)
SIIC (2)
Sirajuddin Haqqani (1)
Small Wars (72)
Snipers (9)
Sniveling Lackeys (2)
Soft Power (4)
Somalia (8)
Sons of Afghanistan (1)
Sons of Iraq (2)
Special Forces (22)
Squad Rushes (1)
State Department (17)
Statistics (1)
Sunni Insurgency (10)
Support to Infantry Ratio (1)
Survival (7)
SWAT Raids (40)
Syria (38)
Tactical Drills (1)
Tactical Gear (1)
Taliban (167)
Taliban Massing of Forces (4)
Tarmiyah (1)
TBI (1)
Technology (16)
Tehrik-i-Taliban (78)
Terrain in Combat (1)
Terrorism (86)
Thanksgiving (4)
The Anbar Narrative (23)
The Art of War (5)
The Fallen (1)
The Long War (20)
The Surge (3)
The Wounded (13)
Thomas Barnett (1)
Transnational Insurgencies (5)
Tribes (5)
TSA (9)
TSA Ineptitude (10)
TTPs (1)
U.S. Border Patrol (4)
U.S. Border Security (11)
U.S. Sovereignty (13)
UAVs (2)
UBL (4)
Ukraine (2)
Uncategorized (38)
Universal Background Check (2)
Unrestricted Warfare (4)
USS Iwo Jima (2)
USS San Antonio (1)
Uzbekistan (1)
V-22 Osprey (4)
Veterans (2)
Vietnam (1)
War & Warfare (210)
War & Warfare (40)
War Movies (2)
War Reporting (17)
Wardak Province (1)
Warriors (5)
Waziristan (1)
Weapons and Tactics (57)
West Point (1)
Winter Operations (1)
Women in Combat (11)
WTF? (1)
Yemen (1)

about · archives · contact · register

Copyright © 2006-2014 Captain's Journal. All rights reserved.