topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:05 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Kiss Encryption Goodbye... :*  (Read 21783 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Kiss Encryption Goodbye... :*
« on: August 30, 2013, 11:22 PM »
ORIGINAL POST



I saw a relatively innocuous line in a news story, but it's implications are serious.

http://www.thestar.c...owden_documents.html

She said that she had been advised that the hard drive contains “approximately 58,000 U.K. documents which are highly classified in nature, to the highest level.”

Goode said the process to decode the material was complex and that “so far only 75 documents have been reconstructed since the property was initially received.”

It's odd that they used the word "reconstructed", but not surprising as simply using the correct terminology, "cracked" or "decrypted", would just be, well, too truthful. (Never mind "received" being substituted for "stolen"...)

Now, given that Edward Snowden knows what he's doing, this should be very frightening for a lot of people, if anyone is paying attention, which I doubt.



UPDATES & SUMMARIES FOR LINKS

ProPublica
 - NSA undermines most used & common cryptographic standards - TLS/SSL, HTTPS, VPN, SSH, IPSec, encrypted chat/VoIP all threatened.
http://www.propublic...-internet-encryption
https://www.donation....msg336930#msg336930

ProPublica
 - BULLRUN docs.
http://www.propublic...sheet-from-gchq.html

Techdirt
 - YOU are the enemy.
http://www.techdirt....nemy-is-public.shtml
https://www.donation....msg336971#msg336971

Popehat
 - "I am the other" - An essay/commentary.
http://www.popehat.c...opehat+%28Popehat%29

Dilbert
 - Cartoon commentary.
http://www.dilbert.com/2013-09-06/
https://www.donation....msg337025#msg337025

Matthew Green (Cryptographer)
 - Commentary on the situation being worse than bad.
http://blog.cryptogr.../2013/09/on-nsa.html
https://www.donation....msg337532#msg337532

Boiling Frogs Post
 - ProPublica funding sources and salaries are fishy.
http://www.boilingfr...mega-donors-funding/
http://www.boilingfr...oses-itself-further/
http://www.boilingfr...all-street-salaries/
http://www.boilingfr...ream-media-advisors/
https://www.donation....msg337538#msg337538

National Public Radio
- Interview with Barton Geller (Washington Post reporter). (MP3 with show highlights in text)
http://www.npr.org/2...-were-the-real-thing
https://www.donation....msg337754#msg337754

Falkvinge
- Certificate based security is dead - goodbye SSL
http://falkvinge.net...-from-the-ground-up/
https://www.donation....msg337960#msg337960

Techdirt
- NSA running MITM attacks against Google servers
http://www.techdirt....oogles-servers.shtml

IETF
- Kleptography: weakening security on purpose
http://datatracker.i...-req/?include_text=1


More nightmares to follow...
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
« Last Edit: September 15, 2013, 12:28 AM by Renegade, Reason: Updated links into original thread post »

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,200
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #1 on: August 31, 2013, 03:31 PM »
There can be no realistic expectation of privacy in today's world. A longing for it, perhaps, but not a reasonable expectation of it.

barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,294
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #2 on: August 31, 2013, 03:46 PM »
There can be no realistic expectation of privacy in today's world. A longing for it, perhaps, but not a reasonable expectation of it.

In truth, there's been no reasonable expectation of privacy since the sixties.  At least, not to my mind.  (Yeah, I'm paranoid ... my concern is whether I'm paranoid enough.)

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #3 on: August 31, 2013, 04:40 PM »

But up until 9-11 at least as a pasty white guy the feds stayed out of my way. You know if you did anything seriously stupid of course you risked getting in trouble, but the silly stuff was viewed as silly and treated as such, maybe with a warning from a cop that "hey, ya know, putting chewing gum in a guy's exhaust pipe could cause some nasty problems, so don't do it, mmkay?"

But now if you teach someone to beat a polygraph they want to send you to *jail*!!???

Never mind that several TV episodes go into it! I think I can recall at least three shows - Chuck, Lie To Me, and Alias that had scenes about that!


Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #4 on: September 06, 2013, 03:17 AM »
TLS/SSL, HTTPS, VPN, SSH, IPSec encrypted chat/VoIP...

Aaaannnd, it's gone!

Screenshot - 9_6_2013 , 6_10_40 PM.png

http://www.propublic...-internet-encryption

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

More at the link.

BULLRUN docs:

http://www.propublic...sheet-from-gchq.html
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #5 on: September 06, 2013, 06:43 AM »
Sometimes I really hate being right.  :(

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #6 on: September 06, 2013, 08:19 AM »
Okay I will say this and I fully expect it to be ignored or at least be called 'nonsense' ... that's fine, it really is, because it's not like I am sure what it means myself.

Very briefly and without comment:

Every other article about NSA and privacy issues has a line like 'restricted to those cleared' yet Snowden and whoever else were just able to look at it, walk out with it and reveal it.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #7 on: September 06, 2013, 08:32 AM »
Every other article about NSA and privacy issues has a line like 'restricted to those cleared' yet Snowden and whoever else were just able to look at it, walk out with it and reveal it.

That's one of the perks when you have sysadmin privileges. It's good to be root.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #8 on: September 06, 2013, 08:33 AM »
State of the art privacy services... for those willing to pay.

Spoiler
tyson-pigeons-9.jpg

« Last Edit: September 06, 2013, 08:53 AM by nosh »

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #9 on: September 06, 2013, 08:46 AM »
And the NSA's decryption method for that:

Spoiler
NSA-PI.jpg


nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #10 on: September 06, 2013, 08:50 AM »
Hahaha! *shocker* :P

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #11 on: September 06, 2013, 09:12 AM »
Every other article about NSA and privacy issues has a line like 'restricted to those cleared' yet Snowden and whoever else were just able to look at it, walk out with it and reveal it.

That's one of the perks when you have sysadmin privileges. It's good to be root.

A "NSA contractor" in this case ... every post and article is convincing more that something else is going on beyond (I am not saying it's not super bad or evil) what is being simply released by a contractor or soldier (a private)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #12 on: September 06, 2013, 10:15 AM »
^I don't think it's a matter of our government intel community and the Executive Branch "going beyond" anything any more. I think it's reached the point where we're now in the first phase of an undeclared and ongoing war against the people of the United States by a relatively small cabal within our own government.

Encryption-in-the-Real-World.jpg

From Techdirt


NSA, GCHQ Admit That The Public Is The Enemy
from the civil-war dept


Yet another point on the latest NSA/GCHQ revelations concerning backdoors into all sorts of commercial encryption tools, buried within the stories is the pretty clear admission that the NSA and GCHQ views the public as the enemy. First, as Marcy Wheeler points out, all of the programs are named after civil war battles in which the same country's own citizens were seen as the enemy:

   The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of American Civil War battles. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.

    Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”


But it actually goes even further than that. As the Guardian report notes, in one of the documents, the public is flat out named as the "adversary."

   Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries".

Kind of says it all, doesn't it? For all the bullshit coming out of the administration and the defenders of this program that they're about protecting the safety of Americans, that's clearly not the overall intent. It's to compromise the privacy of everyone.

 :tellme:

And to think we were so worried about those little drone planes!
Screenshot from 2013-09-06 11:40:35.png

:P
« Last Edit: September 06, 2013, 10:48 AM by 40hz »

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #13 on: September 06, 2013, 10:45 AM »
I meant "something else we are not seeing" or "we don't know". A program so secretive has so much details available to supposedly outside contractor and relatively low ranking soldier and not only that they got those details out too.
I don't agree that this can simply be a case of somebody heroic having root access, sees the info and slowly walks out with them. It's as if in our analysis of this situation we are subconsciously influenced by Hollywood plots.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #14 on: September 06, 2013, 10:54 AM »
It's as if in our analysis of this situation we are subconsciously influenced by Hollywood plots.

Yeah, don't go down that road. It leads to the basement. I've talked about that elsewhere.

^I don't think it's a matter of our government intel community and the Executive Branch "going beyond" anything any more. I think it's reached the point where we're now in the first phase of an undeclared and ongoing war against the people of the United States by a relatively small cabal within our own government.

BINGO!

YOU are the enemy.

No further comment on any of the above because it's just too bloody obvious. (And I don't want this to get kicked to the basement.)
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #15 on: September 06, 2013, 11:02 AM »
Me enemy? Such a nice guy as me?   :P

Won't comment any more, for reasons Renegade mentioned.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #16 on: September 06, 2013, 11:15 AM »
I am the enemy and I am really pissed ...

Democracy - F****

As I UK citizen I also find it amusing that apparently GCHQ have a similar project (though given the UK don't seem to be able to set up any government IT systems that aren't obsolete before they get them working I am not losing any sleep). Also we don't have a constitution .... doesn't the US have some sort of paper and isn't there some sort of vague provision in there for an individuals right to a private life?

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #17 on: September 06, 2013, 01:00 PM »
doesn't the US have some sort of paper and isn't there some sort of vague provision in there for an individuals right to a private life?

While this was for some time a popularly held belief, it is no longer possible to confirm existence of said verbiage as that section was rendered illegible when someone wiped their ass with said document. Hence the prevailing wisdom of our time now holds this as a myth.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #18 on: September 06, 2013, 01:02 PM »
Ken White weighed-in over at his Popehat blog with his usual style with a piece titled: NSA Codebreaking: I Am The Other.

I am The Other.

No, not from Game of Thrones.

I mean I am the "other" contemptuously categorized by my government, a vast category of people with an interest in using encrypted communications to thwart my government's attempt to spy on me.

Well worth reading in full. :Thmbsup:

anger-enjoy.jpg


40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #19 on: September 06, 2013, 01:14 PM »
doesn't the US have some sort of paper and isn't there some sort of vague provision in there for an individuals right to a private life?

While this was for some time a popularly held belief, it is no longer possible to confirm existence of said verbiage as that section was rendered illegible when someone wiped their ass with said document. Hence the prevailing wisdom of our time now holds this as a myth.

po.jpg

oblivion

  • Supporting Member
  • Joined in 2010
  • **
  • Posts: 491
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #20 on: September 06, 2013, 03:07 PM »
apparently GCHQ have a similar project (though given the UK don't seem to be able to set up any government IT systems that aren't obsolete before they get them working I am not losing any sleep).

That's mostly because most of the operational requirements are written by people who (a) are basically naive about what computer systems are capable of, and (b) are desperate to believe any line of BS that a salesman trots out. We'd write them ourselves, I suspect, if it weren't for the fact that real terms investment in the public sector keeps getting p*ssed up the wall by the same people responsible for (a) and (b) above.

Consider: the (UK) NHS National Programme for IT pumped several billion into a series of projects that were defined in terms of what was on the relevant wish lists at the time, not in terms of what was technically achievable. At least one of the systems procured under it went live before agreement about the dataset it was intended to manage and distribute was even agreed. It still works like it's broken and its data -- which should be the freshest, most up-to-date available -- is often inaccurate and sometimes dangerously so.

The UK paid a small fortune for systems that were not fit for purpose, in many cases never went live but somehow the suppliers got paid anyway. That's what we get for putting bloody old Etonians and Arts graduates in charge of Complicated Things. [/rant]

Still, the upside of the money wasted on NPfIT is probably that it couldn't be given to GCHQ instead. ;)
-- bests, Tim

...this space unintentionally left blank.

xtabber

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 618
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #21 on: September 06, 2013, 06:22 PM »
Today's Dilbert captures the other side of this, namely what makes anyone think that the NSA is going to be particularly adept at keeping the data they have collected away from others who might want access and be clever (or powerful) enough to get it.

If Snowden had been a mole, he would have spent his time quietly building backdoors into the NSA's systems rather than blowing the whistle. If he could get away with what he did, how many others could have, and how much more could they have gotten if they had greater resources?

I'd say the most positive aspect of this whole affair is that it should lead to big improvements in encryption in the future.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #22 on: September 06, 2013, 06:44 PM »
I'd say the most positive aspect of this whole affair is that it should lead to big improvements in encryption in the future.

Trouble is things will get tougher but no system is unbreakable - just look at all the unbreakable codes in history!

OK you will need machines to do the breaking, and if quantum encryption ever happens it is going to be exponentially harder to crack - but what's the bet that long before it gets too hard to crack in a reasonable time scale laws will be passed to prevent 'too difficult' encryption being used or forced to include a 'security' backdoor.

The trouble is the US wields too much power and the powers that be just aren't that bright and so are easily manipulated. The rest of the world is just scared of what the US might do next. The 'special relationship' enjoyed (until recently) by the UK is truly Etonian in nature (if you take my meaning - if not someone else can post a graphic image).

xtabber

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 618
    • View Profile
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #23 on: September 11, 2013, 07:51 AM »
Matthew Green is a cryptography researcher at Johns Hopkins University. His blog post On the NSA was taken down by the university, then restored, with only an image of the official NSA logo deleted, after the initial removal caused an uproar in some circles.

Green provides a useful perspective on the NSA's activities in subverting encryption, from someone who really does understand the topic, about what MAY (remember - that information is classified) have happened and what it would mean if it in fact HAS happened.



Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Kiss Encryption Goodbye... :*
« Reply #24 on: September 11, 2013, 08:27 AM »
Matthew Green is a cryptography researcher at Johns Hopkins University. His blog post On the NSA was taken down by the university, then restored, with only an image of the official NSA logo deleted, after the initial removal caused an uproar in some circles.

Green provides a useful perspective on the NSA's activities in subverting encryption, from someone who really does understand the topic, about what MAY (remember - that information is classified) have happened and what it would mean if it in fact HAS happened.

That was a good article. And not too long either! :)

I've been wondering about this:

Which means there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge.

A very worthwhile read.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker