Me pripadlo tohle hodne uzitecne, neptejete se me proc...
eugen@leitl.org
Re: [cryptography] [Cryptography] Opening Discussion: Speculation on "BULLRUN"

----- Forwarded message from arxlight <arxlight@arx.li> ----- Date: Fri, 06 Sep 2013 00:46:15 +0200 From: arxlight <arxlight@arx.li> To: cryptography@metzdowd.com Subject: Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130620 Thunderbird/17.0.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What surprises me is that anyone is surprised. If you believed OpenBSD's Theo de Raadt and Gregory Perry back in late 2010, various government agencies (in this specific case the FBI- though one wonders if they were the originating agency) have been looking to introduce weaknesses wholesale into closed AND open source software and OS infrastructures for some time. Over a decade in his example. (See: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2) Those of us old enough might marvel at the fact that going back to the late 1980s a huge dust up was caused by the allegations that Swiss firm "Crypto AG" introduced backdoors into their products at the behest of Western (read: United States and the BND) intelligence agencies, products that, at the time, were in widespread use by foreign governments who, one presumes, could not afford to field their own national cryptology centers to protect their own infrastructure (or were just lazy and seduced by a Swiss flag on the corporate domicile of Crypto AG). For the unwashed on the list, Wikipedia (and Der Spiegel) relate the story of (probably) hapless Crypto AG salesman Hans Buehler's 1992 arrest by the Iranian authorities after those allegations came to light, and the fact that Crypto AG paid a $1m ransom for him (but then later billed him for the $1m--you stay classy, Crypto AG). (See: http://en.wikipedia.org/wiki/Crypto_AG) But fear not. Governments and NGOs around the world will be pleased to know that Crypto AG lives on and continues to provide superior crypto and security solutions to foreign institutions of all kinds, including: "National security councils, national competence centres, e-government authorities, encryption authorities, national banks, ministries of defence, combined/joint commands, cyber commands, air forces, land forces, naval forces, special forces, military intelligence services, defence encryption authorities, ministries of foreign affairs and numerous international organisations, ministries of the interior, presidential guards, critical infrastructure authorities, homeland security authorities, intelligence services, police forces, and cyber forces." (See: http://www.crypto.ch/ - The inclusion of a shot of the Patrouille Suisse is an especially nice touch. I often drive by their offices in Steinhausen and was stunned to realize a few years ago that they are thriving- I can only imagine what the mortgage on that place costs). I expect that today many of us feel quite naive at being shocked by those penetration revelations (sorry, allegations) given that it seems highly probable now that anyone using any sort of Microsoft, Cisco, Google, Facebook, Yahoo, YouTube, Skype, AOL or Apple product has now been elevated to a collection priority that seemed confined to the Irans of the world in the 1990s and early 2000s. Perry wondered after the "unpardonable carelessness" of the NSA in giving 50,000 Snowden's access to a Powerpoint with all the Prism partners. I would argue that the NSA had good cause to think no one would notice or care given how many people who should know MUCH MUCH better still send Crypto AG scads of money. And going back to the days of toad.com hasn't this always been the story? Security is expensive. Most people (and some governments) are cheap. There's something about the present political climate in the United States that really interests me. Mere mention of the word "fascism" in any context other than sarcasm seems to brand one quite instantly as a tin-foil nutjob. Granted, I think the world "fascism" is as overused as the word "communism," but it bears mentioning that the usurpation of corporate entities and industry by the state to its own purposes is one of the classic tenants of fascism. I'm sure the list's readers sense where I'm going with this by now. It is hard to escape noticing that the NSA and its sister and orbital agencies have long since broken the traditional firewall and morphed themselves into domestic surveillance agencies. But the United States is late to the party here. In the world of finance it was long understood that certain state-dominated Russian firms were front-running a number of U.S. economic indicators prior to release. The rumor at the time was that this activity stopped cold after a security audit at the offending U.S. agencies. It's possible that the story was apocryphal, but I sort of doubt it. The economic intelligence apparatus of foreign intelligence services was the place to be if you wanted to find yourself in the good graces of your nation-state. (It's not an accident that Nikolay Patolichev, once the Soviet Union's Foreign Trade Minister, led the pack having been awarded the Order of Lenin twelve times). Of course, drafting otherwise independent-appearing private enterprises to the purposes of the state was popular then (the CIA would routinely interview U.S. businessmen and businesswomen after trips to jurisdictions of interest, and leverage their presence in foreign lands to their own advantage), and appears even more popular now. I won't belabor the point (made long ago and loudly by Kate Martin, only to fall upon decidedly deaf ears) that U.S. Courts generally refuse to examine the legality of collection of inculpatory evidence that is dropped into their lap- but it is important to at least acknowledge. Again, those of us shocked by those revelations (that evidence of domestic crimes "accidentally" collected by intelligence agencies would not necessarily be inadmissible) might feel awfully stupid now that it seems that the NSA expressly retains or passes on evidence of crimes unrelated to foreign intelligence activities or terrorism, and that the DEA (presumably among others) routinely engages what could fairly be called wholesale perjury to conceal the source of such evidence from courts and defense counsel when it is presented in support of criminal prosecutions. Finally returning to the original topic (please forgive the diversion) I think what is the most important element to understand is that what was once opportunistic synergy between national intelligence agencies and law enforcement agencies (here the War on Drugs was clearly the camel's nose) has become Fusion Center level integration- and bilateral information flow. Don't take my word for it, just read some of the Fusion Center testimony to various congressional committees- this is their bread and butter. Whichever asshole it was who first blamed 911 on a lack of cooperation between law enforcement and intelligence did a great deal of damage to the United States, but the trend was already pressing forward. What seems even more daunting is the new path of information from the bottom up. Now that you have local law enforcement humming around in cars collecting position and "metadata" on every license plate within 20m of a cop car prowling around on its beat, federal agencies are just a "Fusion Center query" away from access to... well... nearly everything. Look at this model (local collection at local expense re-purposed to federal exploitation), basic "exception processing," and the impact of the last decade and a half of "crony capitalism" and it is suddenly pretty hard not to credit BULLRUN with far more access than is public even given the latest revelations. Certainly, I don't run the NSA, but it doesn't take much more than a middling operations professional to tell you that exception processing is the key. Attacking this stuff is a question of priorities. Though experiment: What order of difficulty would you assign: Catch it in the clear. Compromising a vendor (including keys and users passwords- which might be reused). Injecting poor RNG (with vendor cooperation). Stealing a master key. Stealing a session key. Stealing a password to master or session key. Dictionary-attacking a password. Brute-forceing a weak password. Compromising an endpoint. Compromising a physical machine. Rubber-hoseing a password. Brute-forceing a strong password. Brute-forceing a weak key. Brute-forceing a strong key. Include in your analysis the cost of bending (or breaking) constitutional protections in the post-911 era (if any). Just look at the leverage an unwieldy, all-encompassing central government has on large US based firms (See e.g. Qwest post-cooperation refusal) and reflect on the bi-lateral Fusion Center model and then try to speculate that BULLRUN is overstated. I don't think you need a major factoring breakthrough to have FANTASTIC success in accessing the vast majority of (for example) SSL "protected" internet traffic. Anyone know what the market penetration of Microsoft IIS is? No, quite the contrary. I'll be amazed to find that the NYT piece isn't UNDERstated. To coin a phrase with reference to large and medium sized Western IT firms: They're all Crypto AG now. - - uni -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJSKQm3AAoJEAWtgNHk7T8QJOEQALI381nUcAHtALvqw/ac/k84 Tdn+Zd2+T54stDJPwJvOQXkeIJJKAURyhPgG+oGkXHbzjLnwTp6zpB9+et4pM5n7 PRc8X/9fAF8+X8EzDwQA90wYEZaAaSmnnaXi034faw0kKw0T0EDenDBgJ6J9fHGa DtsQECUlYenj2Evm0cY60Uz52/zJcXryWS5vRS4IU+i4ELCC3CbY6cX3MAT6Y6jc reh1B8Wf1fbmaXYR5Ws+Dd5VE4+9T2VkB2MZQN9T+/NbS9abe+lFVZkqjNx28RT4 OHC9VVqG0rGgn3a7tiLY2StmPSIxyV08LRmoz89CU0smdjb8pZDc+08V29anIH+Q E6xo+pJdc+SF34wHurCBRYqeH4TLowB2Bl/pLQ05FUFCcj6bIGO1lwf5sHaPpsKU 3mAC4HnQwlgd61epbLVbNcltp40nz5Soz/tfyyRM2T2VNdkxcriJUezKQRwu+t6d pCbQow9KEpcrdL3TlaQgcvNH0btU5HRnz7EJSrctL+FfZBKUj4jcRCUgASt6gRBd cnrzFcFAYoSgBBR/wJBxUATpzxMl+xZ74zPKJPdaIiA0XPd1F9ZIUe+mzDL+IxHT b08+gUgME9OMpjwToSkoopYL02AkK/GRirC14C2cXieC8JwjrevIoBQmCLUutNK6 XC4sOGrFZ7Z37sXL+1jT =4NbV -----END PGP SIGNATURE----- _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography