Report: NSA slices through most 'net encryption, according to 'Bullrun' documents leaked by Snowden

Here’s an overview of what we know:

Systems manufactured by United States corporations, or corporations chartered in UK, Canada, NZ, or Australia, or which use components from corporations chartered in those countries, likely have backdoors in them, in the hardware or the software of both. IBM’s Lotus Notes key bits, Windows’ _NSAKEY, etcetera. This means anything manufactured by Google, Motorola, Microsoft, Apple, BlackBerry, etcetcetcetc will have backdoors. The existence of these backdoors makes using an encryption program on these devices and/or operating systems a joke; It doesn’t matter if I use a One-Time-Pad on these platforms, if the decrypted message just gets carbon-copied to the NSA.

This was so incredibly obvious for decades, given the fact that the PotUS couldn’t just use an American-made device straight off-the-shelf.

We know that Wikileaks, having seen the leaked documents, is still confident enough in AES to use it to encrypt three different insurance files.

We know that, over the past decade, multiple side-channel attacks and implementation weaknesses have been discovered in SSL/TLS implementations, and that the crypto negotiated by TLS is almost always a relatively weak RC4 — not using PFS, but a static key —

Which we know is likely to be crack able by the NSA, if they throw sufficient resources at it — dedicated appliances, think BitCoin Mining except designed specifically to attack a known weakness.

The NSA is relying on the fact that we are still using the network to exchange keys, to exchange secrets.

Those secrets need to be exchanged in-person, in a way that can’t be eavesdropped, such that it will require them to backdoor into a device to get the key material, or break down doors, or wholesale copy every thumb drive that crosses the border - and they can already legally copy every thumb drive and laptop and iPad and sdcard that crosses the border!

The expense. The expense has to be increased exponentially. There has to be a human being involved, a team of human beings involved, in every intercept. It has to be worth framing a person for kiddie porn or drug distribution just to get access to their keys.

We need Open-Source, open-hardware-design ASICs that do nothing but read in two source bitstreams, XOR them, and spits out one (with the obvious hardware interface layers of Bluetooth, file systems, USB, sdcard, etcetera.).

We need open-hardware ASICs that do nothing but dump true physical-noise-derived random numbers, in a SIM card package or SDCARD or USB or something that can be pulled out, swapped out, upgraded, thrown away when or if it is determined to have an implementation weakness — at a price point that is pennies. We need them on a single-layer process, mounted in a clear epoxy, so they can be put under a microscope and audited physically so we can say “this isn’t counterfeit”.

We don’t have these. Why? Because the US government has stepped on the throats of anyone who started moving in those directions without the NSA’s hand puppetting them.

It’s about time that changed.

2 Likes

I’m not the only one who’s been saying it for years… they have the keys. They don’t need decryption. They can just walk right in.

As a security professional, one of my greatest worries is the Exploit Marketplace. You can fight mistakes. You can fight attackers. But it is almost impossible to fight economics. The exploit market is creating an economy that creates and enables exploit. It is a great driving force reconfiguring the Internet for Attack, instead of Defense. Now, it looks like the Exploit Marketplace was dreamed up, founded and sustained by the NSA. We had previously learned that the NSA has enormous budgets devoted to purchasing exploits. Today’s revelations included:

“The NSA spends $250m a year on a program which, among other goals, works with technology companies to ‘covertly influence’ their product designs.”

So, the NSA creates exploit in everything they can influence. And they can influence almost everything. The NSA purchases exploit. Many times, they must be purchasing info on the exploits that they created. They preserve exploit. They mask everything in secrecy. And it all enhances the exploit marketplace. The NSA is no longer debating the Equities issue. They have only token interest in defending the Internet.

If we could just get the NSA out of the exploit market, the whole thing would probably collapse like 2008’s Housing bubble.

The other chilling revelation is the names of these programs. From the Guardian article:

“The NSA’s codeword for its decryption program, Bullrun, is taken from a major battle of the American civil war. Its British counterpart, Edgehill, is named after the first major engagement of the English civil war, more than 200 years earlier.”

The NSA has crappy internal discipline. Instead of using meaningless codewords for project names, their codewords frequently describe the project. PRISM alluded to the devices the NSA uses to collect information. These project names shout that the projects pit the government against itself. They are at war with the Internet and the rest of the country.

If we survive as a nation of liberty, the NSA must serve us, not attack us. We depend on the Internet. They can’t serve us if they attack the foundations of the Internet.

Creating exploit everywhere is the act of a power hungry sociopath. Does the NSA employ engineers anymore? Or do they just take the easy path?

The reform must paint some very clear lines. They should include:

  • The NSA must be stripped of it’s ability to create widespread exploit on the Internet.
  • The NSA must be stripped of it’s ability to maintain the exploit marketplace by purchasing exploit.

Afterwards, if they have any capable people, they can discover exploit. But their ability to preserve exploit within the Internet must be greatly limited. To suppress the exploit marketplace, they must be compelled to regularly do public disclosure of some of their discovered Internet wide exploits. Under no condition should they be allowed to maintain secrecy on an Internet wide exploit for more than a year.

Bruce Schneier is one of the world’s most preeminent experts on crypto, he has access to a lot of the Snowden docs, and he says:

the NSA is able to decrypt most of the Internet. They’re doing it primarily by cheating, not by mathematics.

Remember this: The math is good, but math has no agency. Code has agency, and the code has been subverted.

If you want to wear a tinfoil hat, as Bobby Brown once said, that’s your prerogative. But I’m going to go with the experts on this one.

With the support of the right protocols, a One-Time Pad of a Gig or two might last for years, if it was only used for authentication and symmetric key creation.

But, then you need the pad storage medium to have another attribute. It must be trivial for a human at each end to render inaccessible the information in the pad. It also should probably be impossible for a computer to initiate this destruction.

As long as Intelligence agencies think they can recover the content of communications, they will fight for control of the Internet. If the devices you describe were widely and cheaply accessible, then organized crime and state-level actors (including terrorists) would immediately abandon their current expensive alternatives and move to them. While this looks bad (to an Intelligence agency) it looks good to me. It eliminates most of the NSA incentive to control/destroy the Internet.

Then, there remains the seductive call of metadata. It will continue to drive Intelligence agencies to desire to control/destroy the Internet. Seems like the only answer there is to continue to implement untraceable broadcast forums. We need popular PasteBin’s. More popular personnel columns. More Wild-n-wacky (but popular) Help/Service wanted forums. When a million people view some info, it is impossible to tell which one benefited from it’s secret meaning. Of course, many forums matching this criteria have existed for decades. Most really organized crime and state-level actors (including terrorists) already use them.

At some point (maybe today) we can confidently say: “This huge and expensive surveillance apparatus HAS NO POINT, other than to destroy privacy and maintain unjust rule.”

It’s a tremendous waste of effort and money (a.k.a. lining contractors’ pockets.) Even if you decrypt a terrorist’s email, it would be one hell of an idiotic terrorist who’d be saying “The U-Haul full of explosives is set to go off outside the Federal Building at 10 A.M.” instead of something like “The golden eagle flies at dawn.” You can set all the supercomputers in the world to the task of crunching encryption but you’re not going to crack shared secrets without traditional man-inside intelligence gathering. Encryption is superfluous anyway in that context.

Note to self: rewatch Sneakers.

They are breaking commercial encryption by either breaking the keys or inserting back doors or other weaknesses. Basically, the lesson is that you can only trust open source encryption and products. Any government or agency would be stupid to use any closed source hardware or software from the US. Not looking good for the American IT industry.

1 Like

What is with all these articles that say “newly revealed documents reveal X”, and don’t have any links to the documents, so we can judge to what extent they clearly indicate X, to what extent they merely hint at a number of possibilities including X but equally plausibly also Y or Z, and what other things they reveal that the reporters didn’t see fit to include in their summary?

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members.

What standard? Oh, don’t worry your pretty little heads about that, dear readers. You wouldn’t understand anyway.

Aaaargh! Hulk complain impotently!

Well, if they’ve “long suspected” then surely those suspicious would be printed on the Internet, somewhere.

Their secret is a simple algorithm that accesses the security questions. For “what is your favorite pet?” There is a database that starts with the most obvious “fido”, “fluffy”, etc and goes through to “Mr Piddles”. For your first job it starts with “macdonalds” and the obvious “streetwalker” and goes through to “dogcatcher”.

Oh yeah - it took a bit of searching, but I found it - it’s DUAL_EC_DRBG, a pseudorandom number generator based on ECC crypto. It’s just, why not just name the blasted algorithm in the article? It would be shorter and more informative than dancing around the thing.

1 Like

Screw it, I’m going old school. I’m going to manually type up all my messages using a book cypher, then encrypt that using open source protocols on an obscure linux flavor running off a live CD on a non networked machine. Then, I’m going to use a flash drive to move it to a networked machine and send. Then nuke the flash drive with a few random data re-formats. This is now the only sure fire safe way to communicate it seems.

Someone really smart once said something like the situation you just describe is king of like using an armored car to pass messages between two cardboard shacks. Might have even been Schneier who said that. Of course he at one time advocated nearly the same thing you just did but later had a change of heart. Guess were back to the magic pixie dust of crypto once again.

My cousin can get them for you wholesale.

How so? Cardboard shacks they may be (implying physical security at my house is weak, which it is) but does the NSA or the gubmint have the manpower to send people to thousands or millions of physical addresses to do their physical, in-person dirtywork?

A lot easier to tap the backbone and get it without lifting a collective finger, isn’t it?

It seems to be pretty easy to backdoor most personal computers as well. The original metaphor was about how most computers (personal or server) are in no way “secure” though their owners will go to great lengths to encrypt data in transit between them.

This topic was automatically closed after 5 days. New replies are no longer allowed.