NSA Spying

BY Herschel Smith
10 years, 11 months ago

I’m going to provide a running list of recent reports concerning NSA spying on Americans, and then some commentary at the end.

The NSA Back Door to NIST:

Through the Snowden disclosures, the NIST standard for pseudo-random number generation has fallen into disrepute. Here I describe the back door to the NIST standard for pseudo-random number generation in elementary and mathematically precise terms. The NIST standard offers three methods for pseudo-random number generation [NIST]. My remarks are limited to the third of the three methods, which is based on elliptic curves.

This is a scholarly paper, and I simply don’t have the time to explain how random number generators work (I have seen the coding and have several algorithms).  I also don’t have the time to explain public and private encryption keys and how they work.  Any attempt to explain this would run way past the usual time Site Meter shows that I have readers.  But suffice it to say that random number generators are compromised.  Thus, any communication you use in which you depend on such methods has also been compromised and isn’t reliable.

ExtremeTech:

Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening – yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you’re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data.

This acoustic cryptanalysis, carried out by Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer, uses what’s known as a side channel attack. A side channel is an attack vector that is non-direct and unconventional, and thus hasn’t been properly secured. For example, your pass code prevents me from directly attacking your phone — but if I could work out your pass code by looking at the greasy smudges on your screen, that would be a side channel attack. In this case, the security researchers listen to the high-pitched (10 to 150 KHz) sounds produced by your computer as it decrypts data.

This might sound crazy, but with the right hardware it’s actually not that hard. For a start, if you know exactly what frequency to listen out for, you can use low- and high-pass filters to ensure that you only have the sounds that emanate from your PC while the CPU decrypts data. (In case you were wondering, the acoustic signal is actually generated by the CPU’s voltage regulator, as it tries to maintain a constant voltage during wildly varied and bursty loads). Then, once you have the signal, it’s time for the hard bit: Actually making sense of it.

Without going into too much detail, the researchers focused on a very specific encryption implementation: The GnuPG (an open/free version of PGP) 1.x implementation of the RSA cryptosystem. With some very clever cryptanalysis, the researchers were able to listen for telltale signs that the CPU was decrypting some data, and then listening to the following stream of sounds to divine the decryption key. The same attack would not work on different cryptosystems or different encryption software — they’d have to start back at the beginning and work out all of the tell-tale sounds from scratch.

Hard and a lot of work, but feasible.  My oldest son Joshua responds this back to me concerning this article.

Yeah, saw this on reddit. Physical security is just as important as digital. Also, the Debian distro just released a new version that fixes this by generating pink noise, although if they know the algorithm used to generate the randomness in pink noise they could still filter it.Right now they’re working on using thermal heat/noise generated by PC components as an external factor to seed random number generators.Still, the takeaway is that if the government wants access to the info, they’re going to get it one way or another. Russia just placed an order for typewriters so they could begin archiving sensitive material on paper instead of digitally because paper is more difficult to exfiltrate.

AP:

One of the slides described how the NSA can plant malicious software onto Apple Inc.’s iPhone, giving American intelligence agents the ability to turn the popular smartphone into a pocket-sized spy.

Another slide showcased a futuristic-sounding device described as a “portable continuous wave generator,” a remote-controlled device which – when paired with tiny electronic implants – can bounce invisible waves of energy off keyboards and monitors to see what is being typed, even if the target device isn’t connected to the Internet.

A third slide showcased a piece of equipment called NIGHTSTAND, which can tamper with wireless Internet connections from up to 8 miles (13 kilometers) away.

An NSA spokeswoman, Vanee Vines, said that she wasn’t aware of Appelbaum’s presentation, but that in general should would not comment on “alleged foreign intelligence activities.”

“As we’ve said before, NSA’s focus is on targeting the communications of valid foreign intelligence targets – not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the U.S. government.”

Spiegel (select quotes):

The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of “covert” routers and servers. It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with “implants” that then allow the government hackers to control the computers remotely. (Click here to read a related article on the NSA’s “implants”.)

In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person’s computer. Of course, a cookie doesn’t automatically identify a person, but it can if it includes additional information like an email address. In that case, a cookie becomes something like the web equivalent of a fingerprint.

Once TAO teams have gathered sufficient data on their targets’ habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way. If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service’s covert servers, known by the codename FOXACID.

This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks. Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person’s computer …

At the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals. Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world’s ocean floors.

One document labeled “top secret” and “not for foreigners” describes the NSA’s success in spying on the “SEA-ME-WE-4” cable system. This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle.

The document proudly announces that, on Feb. 13, 2013, TAO “successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4).” With the help of a “website masquerade operation,” the agency was able to “gain access to the consortium’s management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network.”

It appears the government hackers succeeded here once again using the QUANTUMINSERT method.

The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure …

Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called “load stations,” agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

These minor disruptions in the parcel shipping business rank among the “most productive operations” conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks “around the world.”

Now for my own commentary.  I overheard a television commercial over Christmas state something like “we believe in helping children reach their creative potentials and then creating their own future,” or some claptrap like that.

I don’t believe that, as I’ve explained before.  The thieves stealing your information and invading your privacy were once creative children too.  Creativity can be turned towards good or evil.  The moral rot and decay in America has produced the totalitarianism under which we now suffer.  The NSA is a sign of the wickedness of our society.  I am not giving excuse to individuals inside the NSA who do this, for it is not society but individuals who do these things.  But I’m remarking on the general cultural, religious, theological and moral darkness that pervades our world.

I am not sanguine about our immediate future.  Oh yes, I have guns and ammunition.  And I know how to use them.  So do a lot of my readers.  But regardless of what happens in our near term and far term future, without addressing the moral rot that caused this situation, we cannot move forward – not with a new constitution, not with a constitutional convention, not with a new revolution.  These things don’t change the heart of man.

The nearest I can see to a solution, albeit a temporary band aid, is secession, in part because of the fact that my location, i.e., the South, has not yet so completely thrown off the garments of our orthodox Christian heritage.  This is not so much a solution for other places, which would doubtless devolve into totalitarianism and anarchy in dialectic tension in short order.

I know this is a long way from the original subject of the post, but with no hesitation and no apology, I unequivocally assert that if you believe that all of your training, all of your tactics, all of your firearms, all of your ammunition, and all of your passion for whatever you have passion, are some sort of fix for moral darkness, you are sadly mistaken, and you will eventually learn this.

This country has far greater problems than how many guns I own.  The kind of behavior we are witnessing from the NSA is consistent with Nazi Germany, Communist China, the Soviet Union and North Korea.  The America I once knew has almost faded from memory, and exists no more.  I have hope that one day it will be born anew, but I know that it will not happen within the present moral darkness and relativism.

UPDATE: The Daily Dot.  The NSA has nearly complete backdoor access to Apple’s iPhone.

UPDATE #2: Zero Hedge, How The NSA Hacks Your iPhone.

Trackbacks & Pingbacks


Comments

  1. On December 31, 2013 at 4:46 am, Mike Austin said:

    Eloquently expressed, and my thoughts as well. We have three options besides secession: a continued decent into tyranny; military coup; civil war. Any combination of these is possible. Were I a betting man I would wager upon another civil war. At any rate, it seems both sides are preparing for one. And it is absurd almost beyond belief to place any hope or trust in this man or that party or the other program—which renders Mark Levin’s idea an unnecessary diversion and a complete waste of time. The entire political system at the national level has been corrupted. Washington DC reminds me of the Roman Republic during its last century, though with the added bonus of sexual perversion and mass infanticide. The US regime, like its master Lucifer, makes war upon God and Natural Law. It will lose in the end—it lost 2000 years ago on the Cross—and there will be casualties, perhaps tens of millions of them. The Maccabees would understand, as would Jefferson.

  2. On December 31, 2013 at 9:13 am, Paul B said:

    I too fear the coming inter cine violence. I do not expect entire states to secede, the fault lines seem to run through communities. I am not sure how that could play out.

    The rule of law and the constitution that created a republic are key elements. that and Christians deciding we have had enough.

    Although being forceful is not something the current crop of Christians does well.

    We don’t like to fight till our back is against the wall. And the wall is getting closer.

    It is near time to punch the bully in the nose.

  3. On December 31, 2013 at 10:43 am, amr said:

    I am for severe penalties for those stealing my personal data and criminally using it. This is not a crime against a person, but one against our society which decreases trust and opens fissures in our economic system. I could even accept the death penalty for those who stole the private info from Target. But since we can’t even give routinely the death penalty for convicted terrorists, there is little chance those who broke into Target’s data base will receive long prison sentences.

  4. On December 31, 2013 at 10:50 am, Neal Evans said:

    There is nothing new under the sun. St. Augustine wrote his City of God in similar circumstances as (recently-Christianized) Rome collapsed around him. The Kingdom of God persists though the City of Man may crumble. Remember we Christians have dual-citizenship. Let us focus on our true country, new Jerusalem, and our true King, Lord Jesus. New citizens are created by hearing the Gospel of the Kingdom. As Paul says in Romans 10:

    14 How then will they call on him in whom they have not believed? And how are they to believe in him of whom they have never heard?c And how are they to hear without someone preaching? 15 And how are they to preach unless they are sent? As it is written, “How beautiful are the feet of those who preach the good news!” 16 But they have not all obeyed the gospel. For Isaiah says, “Lord, who has believed what he has heard from us?” 17 So faith comes from hearing, and hearing through the word of Christ.

  5. On December 31, 2013 at 11:32 am, Sean said:

    How true…and how sad that so many don’t see the moral decay for what it is…our core problem.

RSS feed for comments on this post. TrackBack URL

Leave a comment


You are currently reading "NSA Spying", entry #11698 on The Captain's Journal.

This article is filed under the category(s) Intelligence,NSA and was published December 30th, 2013 by Herschel Smith.

If you're interested in what else the The Captain's Journal has to say, you might try thumbing through the archives and visiting the main index, or; perhaps you would like to learn more about TCJ.

26th MEU (10)
Abu Muqawama (12)
ACOG (2)
ACOGs (1)
Afghan National Army (36)
Afghan National Police (17)
Afghanistan (704)
Afghanistan SOFA (4)
Agriculture in COIN (3)
AGW (1)
Air Force (40)
Air Power (10)
al Qaeda (83)
Ali al-Sistani (1)
America (22)
Ammunition (285)
Animals (297)
Ansar al Sunna (15)
Anthropology (3)
Antonin Scalia (1)
AR-15s (379)
Arghandab River Valley (1)
Arlington Cemetery (2)
Army (87)
Assassinations (2)
Assault Weapon Ban (29)
Australian Army (7)
Azerbaijan (4)
Backpacking (3)
Badr Organization (8)
Baitullah Mehsud (21)
Basra (17)
BATFE (230)
Battle of Bari Alai (2)
Battle of Wanat (18)
Battle Space Weight (3)
Bin Laden (7)
Blogroll (3)
Blogs (24)
Body Armor (23)
Books (3)
Border War (18)
Brady Campaign (1)
Britain (38)
British Army (35)
Camping (5)
Canada (17)
Castle Doctrine (1)
Caucasus (6)
CENTCOM (7)
Center For a New American Security (8)
Charity (3)
China (16)
Christmas (16)
CIA (30)
Civilian National Security Force (3)
Col. Gian Gentile (9)
Combat Outposts (3)
Combat Video (2)
Concerned Citizens (6)
Constabulary Actions (3)
Coolness Factor (3)
COP Keating (4)
Corruption in COIN (4)
Council on Foreign Relations (1)
Counterinsurgency (218)
DADT (2)
David Rohde (1)
Defense Contractors (2)
Department of Defense (210)
Department of Homeland Security (26)
Disaster Preparedness (5)
Distributed Operations (5)
Dogs (15)
Donald Trump (27)
Drone Campaign (4)
EFV (3)
Egypt (12)
El Salvador (1)
Embassy Security (1)
Enemy Spotters (1)
Expeditionary Warfare (17)
F-22 (2)
F-35 (1)
Fallujah (17)
Far East (3)
Fathers and Sons (2)
Favorite (1)
Fazlullah (3)
FBI (39)
Featured (190)
Federal Firearms Laws (18)
Financing the Taliban (2)
Firearms (1,802)
Football (1)
Force Projection (35)
Force Protection (4)
Force Transformation (1)
Foreign Policy (27)
Fukushima Reactor Accident (6)
Ganjgal (1)
Garmsir (1)
general (15)
General Amos (1)
General James Mattis (1)
General McChrystal (44)
General McKiernan (6)
General Rodriguez (3)
General Suleimani (9)
Georgia (19)
GITMO (2)
Google (1)
Gulbuddin Hekmatyar (1)
Gun Control (1,674)
Guns (2,342)
Guns In National Parks (3)
Haditha Roundup (10)
Haiti (2)
HAMAS (7)
Haqqani Network (9)
Hate Mail (8)
Hekmatyar (1)
Heroism (5)
Hezbollah (12)
High Capacity Magazines (16)
High Value Targets (9)
Homecoming (1)
Homeland Security (3)
Horses (2)
Humor (72)
Hunting (43)
ICOS (1)
IEDs (7)
Immigration (114)
India (10)
Infantry (4)
Information Warfare (4)
Infrastructure (4)
Intelligence (23)
Intelligence Bulletin (6)
Iran (171)
Iraq (379)
Iraq SOFA (23)
Islamic Facism (64)
Islamists (98)
Israel (19)
Jaish al Mahdi (21)
Jalalabad (1)
Japan (3)
Jihadists (81)
John Nagl (5)
Joint Intelligence Centers (1)
JRTN (1)
Kabul (1)
Kajaki Dam (1)
Kamdesh (9)
Kandahar (12)
Karachi (7)
Kashmir (2)
Khost Province (1)
Khyber (11)
Knife Blogging (7)
Korea (4)
Korengal Valley (3)
Kunar Province (20)
Kurdistan (3)
Language in COIN (5)
Language in Statecraft (1)
Language Interpreters (2)
Lashkar-e-Taiba (2)
Law Enforcement (6)
Lawfare (14)
Leadership (6)
Lebanon (6)
Leon Panetta (2)
Let Them Fight (2)
Libya (14)
Lines of Effort (3)
Littoral Combat (8)
Logistics (50)
Long Guns (1)
Lt. Col. Allen West (2)
Marine Corps (280)
Marines in Bakwa (1)
Marines in Helmand (67)
Marjah (4)
MEDEVAC (2)
Media (68)
Medical (146)
Memorial Day (6)
Mexican Cartels (42)
Mexico (62)
Michael Yon (6)
Micromanaging the Military (7)
Middle East (1)
Military Blogging (26)
Military Contractors (5)
Military Equipment (25)
Militia (9)
Mitt Romney (3)
Monetary Policy (1)
Moqtada al Sadr (2)
Mosul (4)
Mountains (25)
MRAPs (1)
Mullah Baradar (1)
Mullah Fazlullah (1)
Mullah Omar (3)
Musa Qala (4)
Music (25)
Muslim Brotherhood (6)
Nation Building (2)
National Internet IDs (1)
National Rifle Association (97)
NATO (15)
Navy (30)
Navy Corpsman (1)
NCOs (3)
News (1)
NGOs (3)
Nicholas Schmidle (2)
Now Zad (19)
NSA (3)
NSA James L. Jones (6)
Nuclear (63)
Nuristan (8)
Obama Administration (221)
Offshore Balancing (1)
Operation Alljah (7)
Operation Khanjar (14)
Ossetia (7)
Pakistan (165)
Paktya Province (1)
Palestine (5)
Patriotism (7)
Patrolling (1)
Pech River Valley (11)
Personal (73)
Petraeus (14)
Pictures (1)
Piracy (13)
Pistol (4)
Pizzagate (21)
Police (659)
Police in COIN (3)
Policy (15)
Politics (985)
Poppy (2)
PPEs (1)
Prisons in Counterinsurgency (12)
Project Gunrunner (20)
PRTs (1)
Qatar (1)
Quadrennial Defense Review (2)
Quds Force (13)
Quetta Shura (1)
RAND (3)
Recommended Reading (14)
Refueling Tanker (1)
Religion (495)
Religion and Insurgency (19)
Reuters (1)
Rick Perry (4)
Rifles (1)
Roads (4)
Rolling Stone (1)
Ron Paul (1)
ROTC (1)
Rules of Engagement (75)
Rumsfeld (1)
Russia (37)
Sabbatical (1)
Sangin (1)
Saqlawiyah (1)
Satellite Patrols (2)
Saudi Arabia (4)
Scenes from Iraq (1)
Second Amendment (687)
Second Amendment Quick Hits (2)
Secretary Gates (9)
Sharia Law (3)
Shura Ittehad-ul-Mujahiden (1)
SIIC (2)
Sirajuddin Haqqani (1)
Small Wars (72)
Snipers (9)
Sniveling Lackeys (2)
Soft Power (4)
Somalia (8)
Sons of Afghanistan (1)
Sons of Iraq (2)
Special Forces (28)
Squad Rushes (1)
State Department (23)
Statistics (1)
Sunni Insurgency (10)
Support to Infantry Ratio (1)
Supreme Court (62)
Survival (204)
SWAT Raids (57)
Syria (38)
Tactical Drills (38)
Tactical Gear (15)
Taliban (168)
Taliban Massing of Forces (4)
Tarmiyah (1)
TBI (1)
Technology (21)
Tehrik-i-Taliban (78)
Terrain in Combat (1)
Terrorism (96)
Thanksgiving (13)
The Anbar Narrative (23)
The Art of War (5)
The Fallen (1)
The Long War (20)
The Surge (3)
The Wounded (13)
Thomas Barnett (1)
Transnational Insurgencies (5)
Tribes (5)
TSA (25)
TSA Ineptitude (14)
TTPs (4)
U.S. Border Patrol (6)
U.S. Border Security (19)
U.S. Sovereignty (24)
UAVs (2)
UBL (4)
Ukraine (10)
Uncategorized (99)
Universal Background Check (3)
Unrestricted Warfare (4)
USS Iwo Jima (2)
USS San Antonio (1)
Uzbekistan (1)
V-22 Osprey (4)
Veterans (3)
Vietnam (1)
War & Warfare (419)
War & Warfare (41)
War Movies (4)
War Reporting (21)
Wardak Province (1)
Warriors (6)
Waziristan (1)
Weapons and Tactics (79)
West Point (1)
Winter Operations (1)
Women in Combat (21)
WTF? (1)
Yemen (1)

December 2024
November 2024
October 2024
September 2024
August 2024
July 2024
June 2024
May 2024
April 2024
March 2024
February 2024
January 2024
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006

about · archives · contact · register

Copyright © 2006-2024 Captain's Journal. All rights reserved.