So if you're a VPN user, you get extra special attention from the NSA.
> In the case of VPN traffic, a system called HAMMERSTEIN identifies the traffic and sends the metadata to a database called TOYGRIPPE. The TOYGRIPPE database is a “repository of VPN endpoints”14 that is used by targeting officers to determine if that computer should be a target for further exploitation 13. The TURMOIL VPN module also looks up the IP information in a database called KEYCARD to determine if the target should be tasked for targeted SIGINT collection or to recover the VPN key. Of special note is that this VPN traffic passes through a system called “TE-VPN PIQ Blade.” PIQ refers to the PICARESQUE ECI marking 38, which is associated with BULLRUN 16. The BULLRUN program is NSA’s effort to weaken and exploit encryption that protects digial SIGINT, whether by finding bugs in cryptographic algorithms or by manipulating standards bodies or companies into weakening encryption tools. It is safe to assume that PIQ is a compartment that contains the details of a cryptologic attack against a specific VPN technology (or technologies), which the NSA/GCHQ either found or paid for.
C.f. stenography, hiding in plain sight, etc. Drawing less suspicion generally, and if you are in the "mainstream" e.g. a crowded place, your signal becomes more difficult to parse out of the chaos.
This is so disturbing. I honestly feel that with every one of these revelations, my interest in the technology world is degraded more and more. The existence of such heinous things as the TAO, and its tendrils, brings on a serious depression. Just who do these people think they are, to defeat our lives so completely, for their own sakes? Despicable.
They have a very pro-end-justifies-the-means attitude. Just listen to DoJ defend most of the illegal spying they get caught with. They keep saying "...but it's effective!". As if that makes it less illegal.
The sad part is the mass surveillance done by the NSA, by and large, isn't even that. Maybe it's effective for economic spying, or spying on political leaders, or hacking into other countries infrastructures, or even helping to assassinate random people in Middle East who happen to be in the area of "terrorists", who may or may not be guilty of terrorism. But it's so easy to just press that drone's button, especially when it happens so far away from home and with nobody to hold them accountable...so who cares, I guess? It's easier and cheaper to kill someone with perhaps 20 percent chance of being a terrorist, than not doing that (I think that's their attitude towards this). Autonomous killer drones will only make this problem 10 times worse, as they can kill many more such people, faster. And with every innocent life taken this way, 10 more people ending up hating America (but not for its freedoms).
But so far there's no evidence that this mass spying would actually help with its promoted and intended goal - "stopping the next 9/11". If anything, there's probably evidence against it. A bigger haystack is just that - a bigger haystack in which to find the needle, and way more false leads, with biased algorithms that lead to the harassment of tens of thousands, if not millions, and without them ever knowing why they are even harassed in such a way.
> and way more false leads, with biased algorithms that lead to the harassment of tens of thousands, if not millions, and without them ever knowing why they are even harassed in such a way.
If there is one thing I feel like people should understand about algorithms and computers, it is about this. Just because something is computed does not make it more accurate. It just means greater precision based on the specifications and initial assumptions. More inaccurate calculations does not equal better. Greater dependency on machines to do our reasoning for us, I am partially concerned, has our species ignoring their own capacity to reason for themselves.
The thing I can't understand is how these people who do spy have any sense of self of which to reason with. The more they focus on that which exists outside of themselves, the harder it is to discern between what they are and what they fight against. I wish people would just honestly, sit down for like a year or something, and take a good long look in the mirror and introspect, rather than everything being action action action. Just because everything looks like it's moving doesn't mean it actually is.
Just as the historical perspective, the automatic data processing was used even before electronic computers, and even by the Nazi regime to support genocide:
That's why it's important to actively care and to organize the society to minimize the potential for the undesired use of the possibilities given by the technology: the technology can amplify both the good and and the bad acts. The society has the chance to influence that easier before the tipping points and only after a lot of harm already being done after them. On another side, once the tipping point is reached, even if some system didn't exist before, it would be implemented fast.
The position of the "consumers" in the digital world is also something that has some interesting comparisons:
In practice, every choice as to how to care and organize society become a question of what to control and what not to control. Who can be trusted, and who can't trusted. Then it just seems to go in a circle. Regulation on top of regulation. People make judgments and claim they are assertions rather than assumptions, based on correlative and observationally biased inferences. The system becomes deterministic based on individual impulse, rather than caution, patience, and 'opened' trust.
With individual impulse, it becomes a question of who decides to shape society, rather than how society is shaped. Whoever makes a move first has an advantage in the short term. But this has the potential to be twisted by greed, selfish desire, and delusions of grandeur, or the idea that "what works for me will work for you". Then things get directed towards tipping points. People start believing in power hierarchies, groups, differing orders and levels of intelligence and ability as intrinsic and permanent properties of their existence. And so the pendulum keeps swinging.
I don't think we will ever be at a point in our existence, where we know what to do before we have to do it.
> It's also a task of every engineer to consider what could go wrong.
Within a reasonably defined threshold. If I have a business making rubber ducks, I don't have to design those rubber ducks with the specification that they withstand temperatures of 200 degrees C.
> Then, not in theory, but in practice, do you think we should care about the topic of the article?
I do care. I choose to not work for places that I disagree with the intent and usage of such things. I know I have the capacity and capability to work at those places. I don't want to contribute my intellect to something I consider destructive, to the best of my knowledge and awareness to do so.
But even given my choices, I never feel like I have the right answers. I always can find perspectives in where I could be wrong. I try to pick the one I consider 'least wrong'. It's not really a lesser of two evils thing, it's more reducing the probability for things to go wrong. I'm also young and probably very naive in many ways.
My take is that there is a pretty even split in the arena on the reasoning. About half of the people involved in this truly believe that the move from a nation-state security model to a single-actor security model creates an environment where mass-surveillance is a requirement, and then they justify all the (il)legality away based on this ends-begets-the-means view, but don't often say it out loud. There is a second set of people though, closer to the top-tiers and involved in the high levels of the military-congressional-corporate-industrital-complex, who view the internet as a threat, not because of cyber-crime or cyber-terrorism, but because it allows a free anarchistic distribution of information, and feel it "Must be brought under control."
Throughout history, every form of communication that has enabled the proletariat open access to information has been brought under control. Printing press, telegraph (remember the Black Chamber for telegraphs?), radio, and television, all privatized and corporatized until they are barely public utilities at all.
The internet got ignored for a long time, and it wasn't until the late 90's that the three letters really started paying attention to it. Here we are now with a balkanization of the internet incoming, with TPP and other measures to ensure corporate profits, and mass surveillance as a tool of security and as a tool to deal with dissidents.
This is why you have seen and will see an increase in talking heads referencing internet-radicalism, because, it's the perfect setup for censorship. "We must prevent radicalism domestically, therefore please vote for legislation X, so we can censor radical information."
A plug here that the promoted and stated goal "stopping the next 9/11" is a politics of fear and not what ultimately justifies the capabilities to each administration.
Reprised from an earlier comment:
If you look at the Snowden documents (and leaks by others) you'll see essentially nothing other than the international nature of the programs. For example, you'll remember from the Snowden leaks that the NSA hacked the Brazilian oil company PETROBRAS to help American oil companies win offshore oil drilling locations. The hacking of Merkle's cell phone was a big deal because it revealed that the US had information from Germany during the Eurozone crisis! Stuxnet was used to destroy Iran's nuclear program.
The US also faces the same sort of pressure from other countries. This year alone the DoD was hacked, Wall Street, NASDAQ and JP Morgan were hacked and hundreds of defense contractors were hacked - all with foreign attribution. Israel's Iron Dome designs were hacked by China.
Take a look at the NSA program HACIENTA, which "is used to port scan entire countries" and which uses other compromised (civilian) computers to disguise attribution.
Look at The Intercept reporting (where Glenn Greenwald is right now). He speaks at length about how the US uses NSA operations to benefit the global bargaining posture and competitiveness of US companies. https://firstlook.org/theintercept/2014/09/05/us-governments...
And take the Inspector General's report from the Boston Bombings - a great example of how and when the NSA domestic programs would be used if they were about terrorism. The NSA is hardly mentioned. The Inspector General investigates the failings of the FBI. (http://info.publicintelligence.net/IC-IG-BostonBombingReport...)
"We focused our review on the entities that were the most likely to have had information about Tamerlan Tsarnaev prior to the bombings – the FBI, the CIA, DHS, and NCTC, which maintains the U.S. government’s database of classified identifying and substantive derogatory information on known or suspected terrorists. We also requested other federal agencies to identify relevant information they may have had prior to the bombings. These agencies included the Department of Defense (including the National Security Agency (NSA)), Department of State, Department of the Treasury, Department of Energy, and the Drug Enforcement Administration."
The report on the failures to anticipate/stop the Boston Bombers barely mention the NSA. This is because the Federal Bureau of Investigation and the National Counterterrorism Center are in charge of counterterrorism, not the National Security Agency.
"The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances."
(Nothing to do with terrorism.)
Lots of news recently has called out Executive Order 12333's role in defining the goal and the means of intelligence capabilities. EO 12333 was passed in 1981. The Five Eyes, the key partnership of the NSA, has its origins in the 40's and ECHELON and other leaked programs (eg CARNIVORE/PREDATOR) predate 9/11 by decades.
The Snowden leaks disclose a list with over thirty countries with competing digital intelligence programs.
The NSA is not about terrorism. Never was. Never will be. The NSA and CSS are the intelligence arm of the United States. Austrilia's programs are similarly not about terrorism. Canada, too. New Zealand? Which terrorists have been attacking New Zealand?!
Digital communications play a huge role in global communications and corporate and international power.
That's not to say there no domestic component to the programs. Domestic programs are also useful to track and disrupt radical ideas and organization within the country (MINERVA), and can also be used to incite discontent in other nations (look up the USAID Cuban Twitter program). Countries are able to manipulate the appearance of consensus within citizens of nations and in this way actually affect this consensus. (Look at the GCHQ programs leaks with BIRDSONG/BADGER/GATEWAY/SLIPSTREAM/ETC.) They also are used to monitor, detect and perform forensics on breaches from other countries.
There's so much to say, but I'll leave the comment with this. Digital communications are so insecure that the attackers always win. Always. And digital communications play a huge role (next to satellite and radio communications) in modern espionage and sabotage. If you just play a defensive game, you lose. The US feels it needs these capabilities for these reasons - not because of terrorism.
> Digital communications are so insecure that the attackers always win. Always. And digital communications play a huge role (next to satellite and radio communications) in modern espionage and sabotage. If you just play a defensive game, you lose. The US feels it needs these capabilities for these reasons - not because of terrorism.
The role of NSA programs like BULLRUN in making digital communications insecure by default complicates the analysis.
I should add here that the NSA has a concept called NOBUS. The concept is that "nobody but us" should be able to exploit the vulnerabilities we add. There isn't a lot of factual data on how successful this concept has been.
> my interest in the technology world is degraded
> brings on a serious depression
Yes I feel this way, too.
It's come a long way from learning GR and HGR in Apple Basic. Telephony modems were fun... Usenet was interesting, the Internet over ethernet was fun but people started to take it seriously... Spam was an amusing nuisance. Around the time of LAMP and RealAudio, circa 1997-2000, things got a little shaky for me. The seriousness level increased. Eternal September then ubiquitous cellphones, business and lifestyles started to depend heavily on the internet. Now, toddlers with tablets, worldwide death threats, mass surveillance, daily international cyberwar, full-on regimented, intense web development and marketing, gate-of-the-month...
It's no longer a strange, miraculous garden full of surprises, but more like other mediums, an appropriated, militarized and polluted playground of propaganda, a staging ground for real-life violence. An electronic Jungian shadow.
I suppose most of the NSA's work is the result of our own base, human natures, a reflection of our failures at international reconciliation. We can't have a naive internet, because the real world is still too violent. With international hatred and war, massive inequality, we can't set up a sweet, pleasant, fun, interesting electronic bridge between one another because too many people want to use that bridge to board and destroy the rest.
But we're so damned determined to have this internet before we civilize humanity, we have to have the NSA build all these paranoiac watch points to prevent our own destruction. It just wears me out...
> I suppose most of the NSA's work is the result of our own base, human natures...
It is in the best interest of the state to cripple the internet as much as possible. This isn't to protect you, it is to control you - ranchers don't build fencing to protect cattle. Why would any state want you to be able to freely communicate with the "violent, hating, warlike, unequal" others? Aside from generating tax revenue through commerce, there is no reason.
I can understand that. For me this is just what I already assumed them to be doing and find it all rather unsurprising. I would rather have your mindset, I think.
This whole thing has made for some interesting people watching opportunities. I think the only people who were completely unsurprised by all this are those who:
1) Understood the technical requirements to pull this level of surveillance off.
2) Understood that the government does not love them.
You combine the two to arrive at the conclusion that if something is within the government's ability, and it furthers its own interests, it will do it. The reaction from the folks in group 1 have been the most entertaining, as it is apparently easier for people in group 2 to adapt to changes in technology.
You had to have been very naive for these revelations to be so shocking to you.
You use Google for email? Don't be surprised that someone else is reading it. You have willingly and continuously divulged your personal data to an unknown number of people.
You use someone else's cables for data transfer? You are willingly broadcasting your information to anyone who's willing to listen.
You're blindly trusting an encryption system made by some strangers? Be aware of the consequences. You're merely trusting someones unwillingness to risk their reputation (if anything at all).
True security and privacy are achievable, but you need to put effort into that. If you're walking around 24/7 with a GPS tracker and listening device in your pocket willingly, don't go crying over someones ability to collect this information for their own gain.
Would love to know more about the "Pairing and Crypt attacks" along with "Cryptovariable management". Probably the pairing here is referring to the pairing between client and server rather than the cryptographic technique of using pairings ... but it seems this hasn't surfaced in any of the other snowden docs. I often wish the journalists working on that story had released more source material.
They're only slides. We don't have audio of the presentations. :)
I did wonder about that, but no "common" internet encryption protocols use pairing-friendly (in the open source cryptographic community sense) primitives. I think you're about right and it probably refers to matching public and private keys for CAs in SSL/TLS, looking up suitable intermediate CAs, for which they may have a few keys stashed away. They don't seem enthusiastic to wave them around much, however.
I believe they probably have long-term cryptologic cracking capability (HPC) including 1024-bit RSA, but probably not 2048-bit. Maybe MD5? Maybe SHA1?
Look at the long list of trusted CAs in a browser, and try to map all the intermediates they've ever signed. You may find a few likely candidates.
* breaking 1024-bit RSA is believed to be well within the resources of the NSA given public research/attacks.[0]
* MD5 is already completely broken in the public research and the NSA has used MD5 collisions in malware attacks that are independent of public methods[1].
* RC4 has been attacked for a number of years, and someone who has seen unreleased Snowden documents claimed that the NSA has the ability to break RC4 in realtime[2]. Plenty of HTTPS traffic is protected by RC4.
[0]:"One estimate is made by Shamir & Tromer (2003) in their hypothetical TWIRL device. They suggested that for "a few dozen million US dollars", a hardware device could be built to break a 1024-bit RSA key within around a year. Franke et al (2005) similarly estimate a cost of 200 million dollars2 for a machine to factorise a 1024-bit number in one year. If these cost estimates are accurate, it's safe to assume that the NSA has built such a machine (unless they have another way of breaking RSA more efficiently). And by Moore's Law alone, we'd assume that their machine takes considerably less than a year." http://www.javamex.com/tutorials/cryptography/rsa_key_length...
Yes - I concur that the "cryptanalytic breakthrough" GCHQ talked about the NSA having a few years ago was most probably some kind of a practical RC4 break, from context. (Schneier thought this one of the likely possibilities too.) It's used enough in TLS (especially at the time these documents were penned, as some advising on BEAST countermeasures actually encouraged people to use it, instead of switching to TLSv1.2 to use the strong AEAD ciphers - awfully convenient for them!) that if they have, say a known-plaintext-prefix attack of reasonable complexity that can be hardware-accelerated, that would be widely leveragable into very real breaks to them - and the structure of such a thing would look remarkably like what we see here.
RC4 is about as good as such a simple crypter can be, but it really is too simple and not good enough now, and I strongly suspect it is already toast and way too late to safely phase out - which is why the IETF are hopefully about to publish an RFC strongly recommending it MUST NOT be used in TLS, at all. (Worse, even if RC4 isn't toast to everyone right now, an attacker who can put your data on ice for a few years - like just about every Nation State Adversary does - may very well make toast with it down the line and read all your data.)
We don't have any second-preimages in MD5, yet; what's demonstrated are techniques for efficient collisons. They might, but collisions are easily enough for practical problems as many have publicly demonstrated. SHA-1 hasn't been publicly demonstrated with a collision yet, but it has all the same underlying problems as MD5 (and the original SHA), just to a lesser extent - I suspect that NSA can produce SHA-1 collisions with enough effort. Don't expect them to spend more effort than they need, however, to save money and avoid revealing capabilities where possible. Several attackers have happily leveraged simpler shortcuts - there's a piece of (probably South Korean) malware that has signing keys co-opted from hapless developers who've somehow been derping around with 512-bit RSA keys. I could break those, so that's completely ridiculous!
By the way - do be on the look out for PGP signatures with 1024-bit DSA signing keys. There's a lot of them. Upgrade to at least 3072-bit RSA, I suggest (or Ed25519).
> I think you're about right and it probably refers to matching public and private keys for CAs in SSL/TLS, looking up suitable intermediate CAs, for which they may have a few keys stashed away.
Compromise of a CA's key does not permit decryption of traffic encrypted by server keys that use certificates (signatures) from those CAs. This is a common misconception.
It would allow for issuing (signing) a rogue, second key that could then be used to silently active MITM a connection - but getting the CA's key does not give you the VPN server's key.
(Remember, a certificate is just a signature by a CA over the hash of the VPN server's public key. The CA never sees the private key of the VPN server, nor is the CA's key used for anything other than signing.)
Yes, but they're man-on-the-side already, and they already have the QUANTUM set of attacks and similar for actively racing an MITM on any TCP/UDP/ESP/etc/IP connection they want - and if they have a CA trusted for the purpose by the relevant endpoint, they can safely man-in-the-middle TLS, IPSec, etc.
That's what the diagram shows, essentially: the front end of that attack.
> In the case of VPN traffic, a system called HAMMERSTEIN identifies the traffic and sends the metadata to a database called TOYGRIPPE. The TOYGRIPPE database is a “repository of VPN endpoints”14 that is used by targeting officers to determine if that computer should be a target for further exploitation 13. The TURMOIL VPN module also looks up the IP information in a database called KEYCARD to determine if the target should be tasked for targeted SIGINT collection or to recover the VPN key. Of special note is that this VPN traffic passes through a system called “TE-VPN PIQ Blade.” PIQ refers to the PICARESQUE ECI marking 38, which is associated with BULLRUN 16. The BULLRUN program is NSA’s effort to weaken and exploit encryption that protects digial SIGINT, whether by finding bugs in cryptographic algorithms or by manipulating standards bodies or companies into weakening encryption tools. It is safe to assume that PIQ is a compartment that contains the details of a cryptologic attack against a specific VPN technology (or technologies), which the NSA/GCHQ either found or paid for.