How the CIA used Crypto AG encryption devices to spy on countries for decades(washingtonpost.com) |
How the CIA used Crypto AG encryption devices to spy on countries for decades(washingtonpost.com) |
See chapter 26, https://www.cl.cam.ac.uk/~rja14/book.html
https://www.rts.ch/dossiers/la-suisse-sous-couverture/
It's in French and may not be accessible outside Switzerland but I highly recommend it.
The Allies were reading a good deal of both Japanese and German encrypted communications. This saved the lives of many Allied solders and, perhaps, tipped the balance of the war.
https://en.wikipedia.org/wiki/Magic_(cryptography) https://en.wikipedia.org/wiki/Ultra
David Kahn's book, the Codebreakers, is a good introduction to cryptography and has a lot of this history in it.
https://warfarehistorynetwork.com/2016/10/05/polish-ciphers/
To put it bluntly, the equivalent would have to be, say, informing Stalin about Barbarossa, or cracking Purple before Pearl Harbor.
What the article describes, is the most thorough and long-running (known) intelligence operation in modern history. It is simply unparalleled in strategic depth and tactical implications, not to mention how it must have shaped global politics, economics & social development.
I mean, you only need to read their repeated admissions that without MINERVA their intelligence recovery would've dropped from ~80% to ~10% to see why they're trying to play the same game plan again and again. Whether that's through puppetmastering encryption companies like in this article, sneaking it in via bribes (RSA's Dual_EC_DRBG), or most recently trying to legislate it through (FB, Whatsapp, etc. E2E encryption), it's all essentially the same play.
As a corollary to all this, it's another point of evidence that strong encryption really is beyond the reach of even the biggest three-letter-acronyms, and that there's no secret sauce technology out there letting them mass-decrypt everything. If there was, then perhaps there wouldn't be such a strong push to rig the deck in the first place. At least that's heartening.
I think most of us would be fine with the NSA doing what they do if it was targeted, like the police getting warrants to break privacy only in important cases for public safety.
The problem will always be mass interception. Not only domestically either, as there is nothing protecting any foreign communications being intercepted in the US (and I'm sure Five eyes+ bypasses these legal roadblocks whenever needed). Which is why the push for encrypt-everything is so important. But as we've seen repeatedly, even when investigating the president and his people, even the allegedly "significant domestic protections" offered by FISA are a joke and basically rubber-stamp.
WhatsApp and iMessage and other non-SMS communication as well as email providers finally adopting proper transit encryption probably has reduced the amount of this sort of unfiltered "intelligence" gathering by 90%+. But I'm sure there's still tons of mobile apps and websites which aren't doing things properly and are filling up their databases.
> WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
The fact that they use awkward wording that contains words whose first letters that start with NSA (not secure as) is pretty suggestive that you are right.
Even just reading this article should show you that they kill you with kindness when they want to keep things hush-hush. If someone is developing a free tool, and are offered a retirement-tier payoff to stop, they're going to stop.
Does that mean they are only available because the 3 letter agencies can hack them?
This is absolutely true and nowhere was it more evident than the Speck fiasco. Watching the old guard of the NSA show up and hammer a crypto forum with stonewalling and smug G-Man hand-waving would have been acceptable in 1995, but watching it take place after the snowden revelations was just cringe-worthy. The answer from the community wasnt just no, but hell no.
https://www.tomshardware.com/news/nsa-speck-removed-linux-4-...
I suspect things like ED25519 and LetsEncrypt were probably a much more damning blow to the day-to-day business of warrantless telecom spying than we're led to believe, and its only going to get closer to that 10% pre-MINERVA figure as time rolls on. the Signal protocol has gained massive traction, and things like Tails are easy enough for a power user. Once someone rolls out a slick CSS frontend for wireguard its back to greasing the palms of guys like RSA in the hopes snooping corporate networks is just as fruitful as snooping the public internet.
CryptoAG tips the governments hand on exactly why it disfavors crypto now. its not terrorists or posthumous parallel construction of $latest_shooter. its about control.
"Don't roll your own encryption."
I've always understood the arguments for it but that the advice is so widespread seemed a little counter intuitive. It always seemed, to me at least, that having millions of encryption algorithms out there would be inherently more secure than a lot of people standardized on one because the risk to any one would be so compartmentalized by comparison.
Enclosing letters in paper the thickness of which has a million variations doesn't mean one of them is magically more secure than one made from two inch thick steel. The point of encryption is it's a standard that needs to be interoperable. Also, NSAs of this world aren't breaking modern ciphers. They're circumventing encryption by going for the keys: There's three choices
1) If communication system uses TLS-encryption (e.g. Telegram cloud messages), there's no need to break encryption, just hack server and read messages from there.
2) If the system uses E2EE where user has no way to verify fingerprints (e.g. iMessage, Confide), compromise the server legally or by hacking it, and perform undetectable MITM attacks.
3) If the system uses E2EE where fingerprints can be verified, hack the user's endpoint to steal their private keys and perform undetectable MITM attack (or just steal their chat logs or take screenshots).
So, to sum it up, the game when modern ciphers are used, is not with cipher security, but everything else around it.
For the easiest, you can just apply multiple encryption algorithms in succession (of course with different keys). Although the algorithm of AES is considered safe, it can be broken through a side-channel such as a backdoor, which secretly stores keys used somewhere. But if you apply another algorithm after AES, be it ChaCha20 or Blowfish, it can only gets reinforced.
Another trivial way to safely roll out your own encryption is to increase the number of rounds in ciphers that are considered safe. The increased number of rounds only strengthen the algorithm. And it's just changing a few magic numbers in the source code - you can get extra security for little expense of time.
Both methods provide esay-to-implement ways to safely 'invent' a new encryption algorithm without a proper knowledge of cryptography. If people start doing any of the above regularly, it would be a headache for those enjoying to exploit vulnerabilities in common crypto implementations.
Let that sink in a bit.
Intelligence isn't about truth and transparency. It's about deception. They're not going to run a Super Bowl advert saying they can crack anything. That's not how it works.
> Le Temps has argued that Crypto AG had been actively working with the British, US and West German secret services since 1956, going as far as to rig manuals after the wishes of the NSA. These claims were vindicated by US government documents declassified in 2015.
http://www.spiegel.de/spiegel/print/d-9088423.html (1996) https://en.wikipedia.org/wiki/Crypto_AG#Compromised_machines
And as a U.S. resident, even as I acknowledge and deplore what the U.S. intelligence services have done to others, I still don't want China to do that to me. This is not an area where equitable (but bad) treatment makes things right IMO.
And the 'coup of the century' is far from clickbait, it's definitionally warranted for what the CIA and BND did here.
It's a little ironic as well, especially since the US is so keen on blocking Huawei over espionage concerns.
> In 1977, Heinz Wagner, the chief executive at Crypto who knew the true role of the CIA and BND, abruptly fired a wayward engineer after the NSA complained that diplomatic traffic coming out of Syria had suddenly became unreadable. The engineer, Peter Frutiger, had long suspected Crypto was collaborating with German intelligence. He had made multiple trips to Damascus to address complaints about their Crypto products and apparently, without authority from headquarters, had fixed their vulnerabilities.
> Frutiger “had figured out the Minerva secret and it was not safe with him,” according to the CIA history. Even so, the agency was livid with Wagner for firing Frutiger rather than finding a way to keep him quiet on the company payroll. Frutiger declined to comment for this story.
> The overlapping accounts expose frictions between the two partners over money, control and ethical limits, with the West Germans frequently aghast at the enthusiasm with which U.S. spies often targeted allies.
> Hagelin had once hoped to turn control over to his son, Bo. But U.S. intelligence officials regarded him as a “wild card” and worked to conceal the partnership from him. Bo Hagelin was killed in a car crash on Washington’s Beltway in 1970. There were no indications of foul play.
Wow, those are words to aspire to
Amazing. The only explanation I can think of is that CovertAction had much worse reputation and could be easily dismissed as conspiracy theory.
[0] https://www.theregister.co.uk/2019/09/30/cyberbunker_cb3rob_...
I've seen some deep integrations that have made me despair of any organization being free from the overweening influence of the "security services." I'm talking about groups as large as multi-billion dollar public US technology infrastructure companies and as small as anarchist cells planning to attend a political convention.
Sometimes it seems that internal turf battles, budget disputes, careerism, and rank incompetence are our only protections against the machinations of the National Security State.
Of course, knowing the contents of diplomatic messages isn't always enough. A good example is described in Peter Wright's Spycatcher: the Brits were breaking the French diplomatic cipher, using an ingenuous attack on the electromagnetic noise of the cipher machine in the embassy. But all this intelligence was unable to stop De Gaulle thwarting their entering the European Common Market.
eg XXX in 21Land is a WW
I may not like our current US president, but it doesn't mean he can't use truths as political instruments.
Due to China's and Russia's human rights abuses, they are who I dislike the most. It might be by a small margin, but I would feel more comfortable having the CIA and NSA spy on me any day, than China or Russia.
What's wild is that I know many in China would feel the same way - but in the reverse.
Fascinating use of 'negative space' in intelligence. Also appreciated the dig at Reagan, apparently gross intelligence breaches at the highest levels aren't anything novel.
True. Same portrayals too. If breacher is an R they're incompetent, it's a D they're a traitor.
Much of their communication probably isn’t that sensitive though.
Also, everyone wants to eventually end their shift and go home. That means just doing what you're told & screw the damage done.
Post wikileaks Diplomatic cable leaks - I think they assume their comms may eventually be compromised, but I don't think they assume their comms can decrypted in a matter of seconds.
Though to be fair, I'm not sure if there are copyright issues involved, which might make such a guideline difficult.
> At times, including in the 1980s, Crypto accounted for roughly 40 percent of the diplomatic cables and other transmissions by foreign governments that cryptanalysts at the NSA decoded and mined for intelligence, according to the documents.
Proton Mail would be a great honey pot for the CIA.
For funding, please visit https://CE.YA/
I'm quite curious about this. As you said it's been known for a long time that, without knowing the full extent of the ties, there was ties between Crypto-AG and US agencies (at least). I find hard to believe the candor that this M. Linde displays here...
> But the true extent of the company’s relationship with the CIA and its German counterpart was until now never revealed.
The new fact is that the company was co-owned, then fully owned by the CIA.
Along the way, I wouldn't blame any reader for assuming that this is entirely new information.
History shows that government isn't your friend at all. The US might be a rare exception from time to time. But even that would be very, very limited.
Doesn't mean I wouldn't mind 5G spyware from another country.
Other countries programs aren't good or anything, but anyone who's deluded themselves into thinking the US is some kind of clean actor, not participating in this sort of stuff, or only using it for good is more optimistic than I could ever manage being.
It’s clear that the CCP is assembling a database of information on everyone in the developed world, not just in China, and that they intend to use it as part of their soft power arsenal (along everything else from economic incentives to Confucious Institutes).
The CCP is much more frightening and less accountable than the US Govt, especially as they reach parity in soft and hard power.
That really depends on the government, and how heavily they rely on domestic surveillance as an instrument of political control. It also depends on the geopolitical and diplomatic situation, and the risks that stem from that.
In China for instance, domestic surveillance is a clear threat any of its citizens that choose to be dissidents and advocate for change. For instance, I have friends there who are very angry about the coronavirus situation, but have to be careful about what they say and how they say it to avoid risking government attention. Even with an extremely dark and cynical view of the US government, that kind of threat is far less for US citizens.
Foreign spying can be dangerous to you, personally, but usually in a more indirect and collective way [1]. The most obvious example of this is war. If your country loses one to a more brutal and oppressive adversary, you'll likely find yourself is a worse, if not outright bad, position. On a smaller and more mundane scale, foreign industrial espionage could put you out of a job.
[1] You may be a target of foreign direct spying if you're friend of a dissident, a government employee, a government official, or have access to valuable technology or trade secrets, etc.
This is an incredibly foolish line of reasoning. Compromising the trust and sovereignty of individuals in the U.S. is an extreme risk, and it can come for anyone. The U.S. government at least will tend not to try undermining the U.S. economy except through specific policy initiatives; the Chinese government has a permanent interest in controlling the U.S. economy, and holding the threat of compromise over our heads.
No government is your friend, but there's really no comparing the abusiveness of the CCP, both at home and abroad, to the U.S. equivalent, and I'm honestly shocked that I ever have to remind people in the west of this.
[1] https://www.nytimes.com/2018/03/17/us/politics/cambridge-ana...
Exactly. Huawei even kinda smells the same. From the OP:
> As Widman settled in, the secret partners adopted a set of principles for rigged algorithms, according to the BND history. They had to be “undetectable by usual statistical tests” and, if discovered, be “easily masked as implementation or human errors.”
> In other words, when cornered, Crypto executives would blame sloppy employees or clueless users.
https://www.theregister.co.uk/2019/03/28/hcsec_huawei_oversi...:
> Huawei savaged by Brit code review board over pisspoor dev practices
> "The work of HCSEC [Huawei Cyber Security Evaluation Centre]… reveals serious and systematic defects in Huawei's software engineering and cyber security competence," said the HCSEC oversight board in its annual report, published this morning.
Makes me wonder what we've done using the fact US companies (ex: Cisco) control large swathes of the internet's infrastructure.
Wouldn't China/Russia make some noise if they had proof the Cisco was hiding something in their infra?
Why should Cisco/Juniper/Ericsson/etc compete with Huawei when they can more easily use political pressure to exclude them from the market?
Guess they would also be able to do location tracking though and that's not so easily solved.
[0] https://www.nybooks.com/daily/2014/05/10/we-kill-people-base...
Also, I think quite a bit of telecomm traffic is encrypted by the telecomm carrier itself. For example I don't think my iPhone, by default, encrypts/decrypts SMS or voice calls on the device. To the extent text messages and mobile phone calls are resistant to dumb eavesdropping, that's provided by the mobile carrier. So having access into all the equipment at the carrier would be a nice centralized place to sit and observe/record.
A nation-state type actor can hoover up everything and retroactively decrypt.
Where is the self-interest in the US pressuring European (mostly EU) countries to use EU competitors?
There have been detailed leaks since 1995 on cryptome.org and crypto mailing lists about CryptoAG, including details about the message format and the bits used to leak parts of the key (16 bit leak, IIRC).
The CryptoAG story has tainted all Swiss-based crypto/security firms since 1994.
[1] https://www.cryptomuseum.com/people/hans_buehler.htm
[2] Verschlüsselt, Der Fall Hans Bühler, ISBN 3-85932-141-2. 1994 - Book written by former CryptoAG employee Hans Buehler (1994).
"CIA owned CryptoAG in collaboration with the intelligence establishment of West-Germany"
The story was handed to him by the Agency, or agents of. The only "research" seems to be calling the names in the story for fact checking, and wapo couldn't even determine if some of them were alive or dead.
This story is dangerously close to being nothing but a CIA press release.
It's not ironic to play a game to win. Saying this is ironic is like saying it was ironic for the US to try to keep the North Koreans/Chinese from winning the Korean War because the US had just won WWII.
For what it's worth I fully expect a great percentage of any anarchist cell to actually be double agents/"agents provocateurs", in the end I think that's why the Okhrana [1] was so good at its job (relatively speaking, of course).
As a matter of fact I think that the "Western" three-letter agencies are at a disadvantage because they're focusing too much on data collection and interception, they're too technical, so to speak, this is still a "humans-heavy industry" (for lack of a better phrase) and without controlling and understanding said humans all the information in the world will do almost nothing to further said secret agencies' goals.
Even though the knowledge of that is/was public, it wasn't widely know until the Edward Snowden revelations - largely due to the relative disinterest of US news orgs (even when faced with clear evidence of US's ethical lapses -- eg: Mark Klein whistleblows AT&T's NSA taps on the internet backbone).
Most of the US Press still behaves as if USIC's primary goal was safeguarding the public instead of furthering the interests of US Gov & political financiers.
The same is still going on in spades.
Thank-you editors for our chronically uninformed electorate.
1 %? I assume 80+ %. E v e r y o n e has secrets.
No: go read about National Security Letters.
But it is the CIA, so I'm assuming information was used as currency in paying off a favor to wapo.
Plus they get to brag about a huge success story in times where the public has... doubts ... About the competency and value of the intelligence community in general. Without revealing much that want already public knowledge.
Factor in the timing of FASA court investigations, the impeachment, and the AWS government cloud suit, and there are thousands of directions it could take.
Also complaining means you reveal what you know, which helps narrow what you don't know.
Is there any supporting evidence for this claim? If I took an AES library and changed the order of some inner loop wouldn't it require extensive statistical analysis to notice the difference? Which means instead of throwing a bunch of compute at decrypting me, along with the masses 10 years from now, you would need to get a specialist to specifically target me and spend considerable time.
IIRC Groestl if you switch the inputs between the P and Q functions you'll introduce fixed points ino Groestl. Or take your example of AES, if you changed AES such that the loop which ran shift rows and increase it to run four times, you'd massively damage diffusion and probably have a trivially breakable block cipher. Modern cryptographic primitives are very carefully built, minor changes can be disastrous.
True, if your threat model is exclusively future untargetted attacks ,your algorithm may be safer,but that is not a commonly accepted threat model I think, even for terrorists or banks.
Unless you knew why it was organized the way it is in the original spec, altering it may weaken it. The DES S-boxes were altered by the NSA and everyone was suspicious, but it turns out they had made things stronger:
* https://en.wikipedia.org/wiki/Differential_cryptanalysis
Turns out the NSA was (at the time) over a decade ahead in crypto knowledge than the public.
As it stands, AES is approved for even TOP SECRET labelled information:
* https://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography#Comme...
As are the various ECDH NIST curves that so many people are anxious about.
(Edit: other than being a longtime profit center for CIA slush money.)
It's all a bit fishy, especially since it's admittedly sourced from within the agency. A lot depends on if it was an approved leak or not. With the divestment in 2018, and no other really new information, I would suspect sanctioned leak, as there was nothing to lose.
The question is what was gained by whom? And why the timing? There's nothing in the story that's pressing topical information.
Between the Amazon government cloud contract lawsuit, and being 1 week post impeachment, there's quite a few opposing angles that would all seem plausible. Wapo reward for some Agency cooperation maybe? Rabbit holes in every direction.
(On the other hand, it's not a very positive report! Lots of basic issues with build reproducibility and updates)
On Qualcomm chipsets in particular heavily utilize shared memory for baseband to application processor communication.
Meditek uses a similar architecture, and I sure as hell don't trust their MMU.
Outside of Apple, Librem and Pine are just about the only way you're getting a USB attached baseband.
edit - Here's a Mediatek Baseband->AP PoC even: https://comsecuris.com/blog/posts/path_of_least_resistance/
Nobody uses Tor: Everyone is surveilled.
Few activists use Tor: Activists are easy to pick and everyone else is easy to surveill.
Everyone uses Tor: Nobody can be surveilled.
Nothing to gain by not using Tor, only one way to win, use Tor and tell everyone else to use Tor too.
It's like the prisoner's dilemma, and not using Tor is like betraying others just in case things ever get bad.
World experts in practical crypto regularly ship implementations that have serious errors that remain undetected by other world experts for years. This shit is hard.
Examples: “side channel such as a backdoor that secretly stores keys used somewhere”, “blowfish”, nonsensical mixing of block ciphers and stream ciphers without regard for the complete construction or the implementation (by far the largest weak point), etc.
Well, if the nested ciphers are all properly implemented AEAD schemes, use unique keys, and don't rely on public key crypto for key exchange, cascading crypto is fine.
Other than that their discourse was that of a novice, sure.
A back door is not a side channel.
So the correct advice is, "don't deviate from best practices, and hire a cryptographer."
[1] https://www.fnlondon.com/articles/facebook-whatsapp-puts-all...
If things really get too hot, it's easy to send a letter to any country's IRS via their local intell agency.
You'd be surprised how simple it is to close files in this world. I'd suggest reading Snowden's autobiography, Permanent Record. Very eye-opening and a great read.
There is value in misdirection.
Also, it's open source software. TrueCrypt going down didn't change the security landscape at all.
https://en.wikipedia.org/wiki/Murder_of_Rachel_Hoffman
The end result is "Work for us or go to prison."
Slavery's perfectly legal. The 13th Amendment:
"Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction."
https://en.wikipedia.org/wiki/Penal_labor_in_the_United_Stat...
I think under the right conditions, a good many state intelligence services would not let the letter of the law get in their way. I just don't think the particular scenario above makes sense.
What makes sense:
-devs discovered some vulnerability but were persuaded that disclosing it would endanger important operations in progress. They were not coerced but reached a compromise with (agency).
-Devs were told, in no uncertain terms, that they need to discourage use of Truecrypt. Seems kind of low-impact, so probably not the case.
- Truecrypt was an (agency) project all along, and the faction arguing for universal access to strong cryptography finally lost out. The cat being out of the bag, and given the difficulty of introducing new vulnerabilities into an open-source tool used by the professionally paranoid, the best option was to try to discredit Truecrypt to the extent possible.
That may be your personal opinion, but legally speaking, it is not true in any sense.
See: Three Felonies a Day
I think it's really difficult to come to any kind of firm conclusion about what NSA can and can't break, even with a background in the material. I tend to doubt NSA has a world-beating RSA class break locked away. But I don't think people should be making decisions based on Snowden's personal technical opinions.
"No decrypt available for _this_ PGP encrypted message."
You don't write an error message that way unless the code has a success case as well.
I'm sure he said "to my knowledge" or something to that effect. That is, at least for at least relatively far into the circles of confidence, people did not know about encryption being broken algorithmicly or PGP broken in practice.
Russia has world class cryptographers too, and may have beaten the NSA to the punch. Snowden is after all currently living under FSB protection, which I doubt came for free. Someone willing to sell out their country would likely sell out its people too.
To be sure, that's an important fact. And it does mean that PGP (and for that matter, similar cryptosystems with robust implementations) create a palpable and useful protection against this kind of analysis.
But in the event that the NSA (or other agencies engaged in signals intelligence) have an attack wholly unknown to the literature, it's unlikely that it will be provided in the same toolchain as hunky-dory man-in-the-middle style attacks, such as those disclosed in Snowden's famous slides.
I'm not saying NSA can break PGP - I think they almost certainly can't. But Snowden's revelation on this point shows only that the analysts he was supporting don't have access to novel attacks, not that novel attacks don't exist.
PGP uses RSA which means it's not forward secret. That means, when the agencies hack endpoints to steal PGP keys, they can use them to retrospectively decrypt all PGP-encrypted emails that user has received from their contacts, even if the user has deleted the original message long since.
So no, NSA can't break RSA (assuming it's at least 2048 bits) or AES, but they can bypass the encryption by hacking endpoints. PGP's algorithms are not weak, the key management is extremely weak.
You think wrong. That fact that there are opposing world states engaging in this nefarious, oppressive, terrible acts and they're not all aligned doesn't legitimize any of these states' activities.
The NSA should essentially be shut down, or cut down to a small agency operating in public with a much more limited mandate. And no secret FISA courts all of that spy-movie crap. That should just stop, period.
But relative to the risk of global nuclear war, and the certainty of global climate disruption, I couldn't care less about the NSA and its adversaries.
And hey, maybe all that spying reduces the risk of overt war.
Also, it's not that we "love privacy", it's that we dislike oppression. And believe you me - most people in my part of the world know very well how the US is oppressing them through military and intelligence means. We don't want to live under the US' boot, and the NSA is part of that boot.
The rubber meets the road, and real names are drawn from a hat somewhere along the line. After we shoo away that pesky threat of hypersonic implosion triggered plutonium cores raining down upon our heads, the sun rises on a new day, and we have to put on coffee and make breakfast.
And some people ride in limousines from hotels for brunch, and some people ride the bus to a fast food job at the ass crack of dawn.
And you can bet that whomsoever holds the keys to these cryptosystems that serve as nuclear-proof umbrellas keeping our heads dry from the oh-so-inevitable megatons of explosive fire, they'll never drive a garbage truck, they're kids won't have to worry about flunking out of college, and none of them will ever get cold in the winter, unless they want to on their holiday ski trip.
And it's no accident, the way such things work.
So, maybe this whole nuclear war thing? Maybe it's always been a big shakedown.
Maybe, sometimes you buy a gun with the full knowledge that keeping it clean, safe and ready for reliable use is going to book your Sundays solid from now on, and whoops, the cost of gun ownership, it just so happens, is never attending Sunday mass again.
Feel free to down vote me.
I can only guess but I would not be surprised if your very life was saved. Or even if we just look at money, you may have lost a significant amount of what you have in a scam that was avoided.
We do not know what we do not know. But there must be more good than bad in what they do.
The world is a lot more boring than films and far more complicated and difficult to pull off serious operations. The serious operations often merely being inside information about other nation states. Not saving the world from bad guys.
It's mostly just a long series of super paranoid people chasing each other in circles. And in between plenty of useful information being given to leaders, ie before big events to give them an edge or whatnot.
The cold war was the heyday of the outside-the-office spycraft stuff. Today I'm sure it's mostly just countering massive digital campaigns hitting gov agencies, critical infrastructure, and megacorps. Plus the old school agents working within each of those agencies feeding information back to their motherlands.
>"Feel free to down vote me".
Also, both iMessage and WhatsApp are proprietary, thus it's almost impossible to verify the code you're running is safe. You're right in that E2EE has become more common, but seeing how the intelligence agencies have targeted major vendors like Crypto AG and RSA, we should be extra careful with popular, proprietary systems.
But thats just a partisan political beliefs, right?
Except it's not getting a warrant, but simply deciding whether to spend resources. Which is not something that, like a warrant, I would be fine with.
Also there's another difference, technically it'll never really be on a case-by-case basis, because they can store all the encrypted communication (text chats, just store everything, easily). And they can in hindsight decide to decrypt any of that history (depending on ample metadata).
Or maybe they have a tiered system, a first-pass filter that detects a very vague definition of "possibly maybe interesting" (again, metadata) that would never ever pass a warrant request. Then just store everything that passes the filter, forever, and decrypt when needed.
Don't both of these have default/recommended configurations that back up your chats to cloud services?
I know WhatsApp nags to turn on chat backup to the cloud.
Even Apple's IOMMU has had vulnerabilities allowing for full memory access from the WiFi modem.
You start off trying to claim the entire class of vulnerability isn't possible because a few vendors made sane architectural decisions. When it's pointed out those sane vendors are in the minority, and there are real world examples of the terrible shared memory architecture being exploited, you scoff at the example being for a single device.
Nobody is claiming baseband == root, only that the terrible architecture prevalent in Android phones (the devices that make up the majority of the market) combined with the terrible software practices of SoC vendors results in a situation far more likely to be exploitable than shunting the baseband off on a non-dma capable bus.
(Unrelated: As well as TLS long term keys, passwords, hashes, usernames, and any other kind of metadata or secrets that may be useful one day in the future, if nothing more than for dictionary attack prefix/suffix fodder.)
I wouldn’t be surprised if they have some more creative secret key sources too: stolen and glitched smart cards, laptops that disappeared out of targets’ cars, tossed offices via evil maid, dumpster diving, all of it, including some I probably haven’t thought of because I’m a computer nerd and not a military intelligence cloak-and-dagger type.
Put all the recovered secrets into a big ol’ database, because disk is cheap and keys are small. Keep it for all time, Just In Case.
Of course, there is a request system frontending this capability.
There are many PGP messages they can decrypt, simply because they slurped up the specific private keys for those messages at some point, and simply saved every secret key, hash, or password that they ever saw, as a general organizational policy.
That doesn’t mean they have broken PGP.
Also, describing small-scale intervention in cryptography by services "mythologic" in a thread about news about large-scale intervention in cryptography by those services is a bit odd.
By all means: enable FDE. You have to turn it on. It's not optional. But the threat it defends against is not the threat many people think it defends against. It's hard to imagine it being such a priority that any government would launch a conspiracy to shut down an open source project.
> It wasn't even a speed bump for the Ulbricht investigators.
Are you talking about the situation where they had to very carefully snatch a running laptop from a suspect so that they can't lock it? Seems to me like FDE would have been at least a significant speedbump had they not circumvented it. Why else would they go to such trouble? And what would they have done if the suspect hadn't used his laptop in a public place?
(I mean, sure, it didn't protect him in the end. But it was a speedbump.)
- there is clear evidence linking him to some earlier cryptographic software
-and someone (the journalist who wrote the story?) tried to say that it was a precursor to TrueCrypt.
You make your case as if you have proof, which you likely don't. It's a moot point.
This trope needs to die already.
Your mind will see what it wants.
I suppose the fact that it contains words that start with TIN (TrueCrypt is not) provides sufficient justification for your hat, anyhow.
I am not naive, there are problems in big organizations.
To keep the movies methaphor, the biggest fears I have come from movie like Star Wars in which the empire turns to the dark side.
I have no idea what systems are in place to prevent things like this to happen. I hope they are VERY good.
My experience as software engineer teaches me that as things become more and more complex in a system the risk of a bug increase. And opacity is a double edge sword.
Even if you have a buggy system, you do not say "Let get rid of it" without talking about the alternatives. Other thing to consider is: "full rewrites are generally a bad idea".
I would like to open this to constructive suggestions but I am afraid that without an inside view we are just shouting the breeze.
“Unfounded” paranoia
That's not a dirty phrase either - regardless of what the media memo said back then.
That's what I'm suggesting.
No, I don't think that's how it works. A class break in a core cryptography primitive or even a major break in a particular crypto format would be one of the most closely protected SIGINT secrets in the country; the number of people who would be exposed to even knowledge of its existence would be very low.
(The speculation is, of course, with reasonable circumstantial support, is that it is a ~$1B program that has brute-forced the most common 1024 DH group in use.)
We simply don’t have the hard data, it is (educated) speculation based on what information we do have.
Even the existence of the program is TS. Its capabilities remain secret, due to the exact system you describe.
I would expect that people that speak up are mostly dissatisfied and frustrated people.
And for opacity, one part of the org will likely not know about what is going on on the other side.
A big selection bias.
But who knows...
If you want insight as to why heroic interventions are a sign of failure, talk to your IT department and then scale that up to nation states.
At the same time, other heroic efforts may also require hard work to keep up with the competition or to clean up someone's mess.
That seems one of the reason they monitor what is going on and are vigilant: so they are more likely successful at preventing problems before they araise or become too big. Are not those the problems that require superheroic measures?
And about nuclear war. Although I'm not expert, it seems pretty obvious that uncertainty increases the risk of war.
Sure, I hate oppression. And I'm not into oppressing others.
But the problem is all the assholes who are driven to oppress others. If I could snap my fingers, and have them all die instantly, I would. But that just ain't gonna happen.
And indeed, it's arguable that they've been selected for, since the development of agriculture and animal husbandry. I got that from Morgan's Black Man.
So anyway, I just do what I can for myself and those close to me, and what I can to help others. I don't focus so much on changing the system. Given how people are, it seems kinda pointless.
MAD doctrine is based on both sides being reasonably sure neither can get away with a first strike. There is interest in having that fact independently verifiable; spying is both providing that verification and serving as an incentive against overstating your actual capabilities.
Same reason you want layers of government with progression at a small scale available to many. So all the people with political ambitions aren't all trying to start their own governments and revolutions.
Busy is stability.
Someone started talking to him while someone else snagged his laptop - a thing you and a friend can do to more or less anyone. It's not like people rappelled down from helicopters with guns drawn.
But, there are also other tools out there.
Agee was higher up in the intelligence hierarchy than Snowden and the MINERVA secret, while a fairly big deal, is not nearly as big of a deal as 'NSA can break some kinds of modern crypto' would be.
More importantly, I think you're misreading what the new writeups on this story say about Agee's knowledge. He doesn't mention MINERVA and didn't know anything about the BND-CIA joint infiltration of the company. Here's what he writes in Inside the Company:
The National Security Agency cannot break this code system mathematically but they can do so if sensitive recordings can be obtained of the vibrations of the encrypting machine when the discs clack to a stop. The recordings are processed through an oscilloscope and other machines which reveal the disc settings. Knowing the settings, NSA can put the encoded messages, which are intercepted through the commercial companies, into their own identical machines with identical settings, and the clear text message comes out. Although the Swiss manufacturer when selling the machine emphasizes the need to use it inside a sound-proof room on a table isolated by foam rubber, we hope this particular code clerk is careless. If we can discover the settings on this machine in Montevideo, NSA will be able to read the encrypted UAR messages on the entire circuit to which their Montevideo Embassy pertains.
And yes, humanity is highly stratified. Socially, economically, whatever. But that just reflects what we are. Hate on it all you want, it's not gonna change.
Except, of course, that there's no body with the requisite authority or power. But maybe someday there will be.
0) https://www.legalmatch.com/law-library/article/reckless-enda...
For some people out there, this kinda shit keeps them safe/alive.
There were vulnerabilities in the software, but nothing that allows the governments to break the encryption with. The Windows client had some privilege escalation attack but that doesn't allow decryption of data at rest. On Linux TrueCrypt is still fine to use, the only downside is, the password based key derivation function is starting to show it's age. However, provided your password is around 128 bits, that's not a problem.
Screw open his laptop when it's turned off and he's away from home, install a keylogger into the bios. Put a camera onto the shelf to film which keys he types to log in. If he puts a blanket over his head: solely rely on the sound each key makes. Hack his computer remotely using one of the government owned 0days and dump the keys. Use side channels to attain the password via the power outlet in the neighbouring house.
They had countless ways and they chose the one that revealed the least about their capabilities.
FDE's not worthless. Again, I don't think it's even optional; one of your laptops is eventually going to get stolen, and you're going to want the reassurance that at the very least, once it loses power, the thief won't have access to your data (meaning, in effect, that most thieves will never have access to your data). And it's somewhat more powerful on phones, which have integrated designs to make FDE more granular.
But the idea that of all the things the USG could spend energy on, aftermarket FDE software would be their target? It's not very plausible.