10 months ago
I’m going to provide a running list of recent reports concerning NSA spying on Americans, and then some commentary at the end.
Through the Snowden disclosures, the NIST standard for pseudo-random number generation has fallen into disrepute. Here I describe the back door to the NIST standard for pseudo-random number generation in elementary and mathematically precise terms. The NIST standard offers three methods for pseudo-random number generation [NIST]. My remarks are limited to the third of the three methods, which is based on elliptic curves.
This is a scholarly paper, and I simply don’t have the time to explain how random number generators work (I have seen the coding and have several algorithms). I also don’t have the time to explain public and private encryption keys and how they work. Any attempt to explain this would run way past the usual time Site Meter shows that I have readers. But suffice it to say that random number generators are compromised. Thus, any communication you use in which you depend on such methods has also been compromised and isn’t reliable.
Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening – yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you’re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data.
This acoustic cryptanalysis, carried out by Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer, uses what’s known as a side channel attack. A side channel is an attack vector that is non-direct and unconventional, and thus hasn’t been properly secured. For example, your pass code prevents me from directly attacking your phone — but if I could work out your pass code by looking at the greasy smudges on your screen, that would be a side channel attack. In this case, the security researchers listen to the high-pitched (10 to 150 KHz) sounds produced by your computer as it decrypts data.
This might sound crazy, but with the right hardware it’s actually not that hard. For a start, if you know exactly what frequency to listen out for, you can use low- and high-pass filters to ensure that you only have the sounds that emanate from your PC while the CPU decrypts data. (In case you were wondering, the acoustic signal is actually generated by the CPU’s voltage regulator, as it tries to maintain a constant voltage during wildly varied and bursty loads). Then, once you have the signal, it’s time for the hard bit: Actually making sense of it.
Without going into too much detail, the researchers focused on a very specific encryption implementation: The GnuPG (an open/free version of PGP) 1.x implementation of the RSA cryptosystem. With some very clever cryptanalysis, the researchers were able to listen for telltale signs that the CPU was decrypting some data, and then listening to the following stream of sounds to divine the decryption key. The same attack would not work on different cryptosystems or different encryption software — they’d have to start back at the beginning and work out all of the tell-tale sounds from scratch.
Hard and a lot of work, but feasible. My oldest son Joshua responds this back to me concerning this article.
Yeah, saw this on reddit. Physical security is just as important as digital. Also, the Debian distro just released a new version that fixes this by generating pink noise, although if they know the algorithm used to generate the randomness in pink noise they could still filter it.Right now they’re working on using thermal heat/noise generated by PC components as an external factor to seed random number generators.Still, the takeaway is that if the government wants access to the info, they’re going to get it one way or another. Russia just placed an order for typewriters so they could begin archiving sensitive material on paper instead of digitally because paper is more difficult to exfiltrate.
One of the slides described how the NSA can plant malicious software onto Apple Inc.’s iPhone, giving American intelligence agents the ability to turn the popular smartphone into a pocket-sized spy.
Another slide showcased a futuristic-sounding device described as a “portable continuous wave generator,” a remote-controlled device which – when paired with tiny electronic implants – can bounce invisible waves of energy off keyboards and monitors to see what is being typed, even if the target device isn’t connected to the Internet.
A third slide showcased a piece of equipment called NIGHTSTAND, which can tamper with wireless Internet connections from up to 8 miles (13 kilometers) away.
An NSA spokeswoman, Vanee Vines, said that she wasn’t aware of Appelbaum’s presentation, but that in general should would not comment on “alleged foreign intelligence activities.”
“As we’ve said before, NSA’s focus is on targeting the communications of valid foreign intelligence targets – not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the U.S. government.”
Spiegel (select quotes):
The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of “covert” routers and servers. It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with “implants” that then allow the government hackers to control the computers remotely. (Click here to read a related article on the NSA’s “implants”.)
In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person’s computer. Of course, a cookie doesn’t automatically identify a person, but it can if it includes additional information like an email address. In that case, a cookie becomes something like the web equivalent of a fingerprint.
Once TAO teams have gathered sufficient data on their targets’ habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way. If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service’s covert servers, known by the codename FOXACID.
This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks. Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person’s computer …
At the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals. Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world’s ocean floors.
One document labeled “top secret” and “not for foreigners” describes the NSA’s success in spying on the “SEA-ME-WE-4″ cable system. This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle.
The document proudly announces that, on Feb. 13, 2013, TAO “successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4).” With the help of a “website masquerade operation,” the agency was able to “gain access to the consortium’s management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network.”
It appears the government hackers succeeded here once again using the QUANTUMINSERT method.
The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure …
Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called “load stations,” agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.
These minor disruptions in the parcel shipping business rank among the “most productive operations” conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks “around the world.”
Now for my own commentary. I overheard a television commercial over Christmas state something like “we believe in helping children reach their creative potentials and then creating their own future,” or some claptrap like that.
I don’t believe that, as I’ve explained before. The thieves stealing your information and invading your privacy were once creative children too. Creativity can be turned towards good or evil. The moral rot and decay in America has produced the totalitarianism under which we now suffer. The NSA is a sign of the wickedness of our society. I am not giving excuse to individuals inside the NSA who do this, for it is not society but individuals who do these things. But I’m remarking on the general cultural, religious, theological and moral darkness that pervades our world.
I am not sanguine about our immediate future. Oh yes, I have guns and ammunition. And I know how to use them. So do a lot of my readers. But regardless of what happens in our near term and far term future, without addressing the moral rot that caused this situation, we cannot move forward – not with a new constitution, not with a constitutional convention, not with a new revolution. These things don’t change the heart of man.
The nearest I can see to a solution, albeit a temporary band aid, is secession, in part because of the fact that my location, i.e., the South, has not yet so completely thrown off the garments of our orthodox Christian heritage. This is not so much a solution for other places, which would doubtless devolve into totalitarianism and anarchy in dialectic tension in short order.
I know this is a long way from the original subject of the post, but with no hesitation and no apology, I unequivocally assert that if you believe that all of your training, all of your tactics, all of your firearms, all of your ammunition, and all of your passion for whatever you have passion, are some sort of fix for moral darkness, you are sadly mistaken, and you will eventually learn this.
This country has far greater problems than how many guns I own. The kind of behavior we are witnessing from the NSA is consistent with Nazi Germany, Communist China, the Soviet Union and North Korea. The America I once knew has almost faded from memory, and exists no more. I have hope that one day it will be born anew, but I know that it will not happen within the present moral darkness and relativism.
UPDATE: The Daily Dot. The NSA has nearly complete backdoor access to Apple’s iPhone.
UPDATE #2: Zero Hedge, How The NSA Hacks Your iPhone.