Silk Road forums
Discussion => Security => Topic started by: Bazille on September 05, 2013, 10:32 pm
-
http://www.techdirt.com/articles/20130905/12484624418/feds-beg-ny-times-pro-publica-not-to-reveal-that-theyve-inserted-backdoors-into-internet-encryption.shtml
We already wrote about the latest reports coming out of the Snowden leaks, concerning how the NSA and GCHQ have effectively backdoored their way into breaking various encryption schemes by writing the standards themselves and recruiting internal spies within companies to covertly inject backdoors. The reporting on these documents was done jointly by The Guardian, the NY Times and Pro Publica. However, the NY Times coverage has one interesting tidbit not in the Guardian:
Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.
Pro Publica, for its part, put up a thorough and detailed explanation for why it chose to publish the story, which is well worth reading:
The story, we believe, is an important one. It shows that the expectations of millions of Internet users regarding the privacy of their electronic communications are mistaken. These expectations guide the practices of private individuals and businesses, most of them innocent of any wrongdoing. The potential for abuse of such extraordinary capabilities for surveillance, including for political purposes, is considerable. The government insists it has put in place checks and balances to limit misuses of this technology. But the question of whether they are effective is far from resolved and is an issue that can only be debated by the people and their elected representatives if the basic facts are revealed.
This is true in so many ways. As the NY Times report notes, there had been a public debate about all of this in the 90s, when there was the big fight over the Clipper Chip, an NSA-created form of encryption with backdoors. That fight ended with the NSA losing... and now it appears that they just ignored that and effectively spent the past few decades doing the same exact thing, but in secret. That deserves public exposure and discussion.
Pro Publica points out that this country is founded on a fundamental belief that you can't just "trust" the government, and yet the government is asking us to do exactly that here, as they prove time and time again not to be credible or worthy of trust.
There are those who, in good faith, believe that we should leave the balance between civil liberty and security entirely to our elected leaders, and to those they place in positions of executive responsibility. Again, we do not agree. The American system, as we understand it, is premised on the idea -- championed by such men as Thomas Jefferson and James Madison -- that government run amok poses the greatest potential threat to the people’s liberty, and that an informed citizenry is the necessary check on this threat. The sort of work ProPublica does -- watchdog journalism -- is a key element in helping the public play this role.
American history is replete with examples of the dangers of unchecked power operating in secret. Richard Nixon, for instance, was twice elected president of this country. He tried to subvert law enforcement, intelligence and other agencies for political purposes, and was more than willing to violate laws in the process. Such a person could come to power again. We need a system that can withstand such challenges. That system requires public knowledge of the power the government possesses. Today’s story is a step in that direction.
Kudos to all three publications for taking this step. It's unfortunate that they need to do this, but it's a sad statement on the way the US and UK governments have acted.
Update: The Guardian also mentions that intelligence officials asked them not to publish.
-
In no way, shape, or form does this surprise me in the least bit. Arrogance, ignorance, & belligerence are key to the NSA's code of conduct and they've proven that time & time again. This is just another case of history repeating itself.
-
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
NSA and GCHQ unlock encryption used to protect emails, banking and medical records
• $250m-a-year US program works covertly with tech companies to insert weaknesses into products
• Security experts say programs 'undermine the fabric of the internet'
US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.
The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.
The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – "the use of ubiquitous encryption across the internet".
Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with "brute force", and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.
Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.
The files, from both the NSA and GCHQ, were obtained by the Guardian, and the details are being published today in partnership with the New York Times and ProPublica. They reveal:
• A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".
• The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs.
• The secrecy of their capabilities against encryption is closely guarded, with analysts warned: "Do not ask about or speculate on sources or methods."
• The NSA describes strong decryption programs as the "price of admission for the US to maintain unrestricted access to and use of cyberspace".
• A GCHQ team has been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook.
The agencies insist that the ability to defeat encryption is vital to their core missions of counter-terrorism and foreign intelligence gathering.
But security experts accused them of attacking the internet itself and the privacy of all users. "Cryptography forms the basis for trust online," said Bruce Schneier, an encryption specialist and fellow at Harvard's Berkman Center for Internet and Society. "By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet." Classified briefings between the agencies celebrate their success at "defeating network security and privacy".
"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," stated a 2010 GCHQ document. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable."
An internal agency memo noted that among British analysts shown a presentation on the NSA's progress: "Those not already briefed were gobsmacked!"
The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government.
The key component of the NSA's battle against encryption, its collaboration with technology companies, is detailed in the US intelligence community's top-secret 2013 budget request under the heading "Sigint [signals intelligence] enabling".
Funding for the program – $254.9m for this year – dwarfs that of the Prism program, which operates at a cost of $20m a year, according to previous NSA documents. Since 2011, the total spending on Sigint enabling has topped $800m. The program "actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs", the document states. None of the companies involved in such partnerships are named; these details are guarded by still higher levels of classification.
Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries".
"These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact."
The document sets out in clear terms the program's broad aims, including making commercial encryption software "more tractable" to NSA attacks by "shaping" the worldwide marketplace and continuing efforts to break into the encryption used by the next generation of 4G phones.
Among the specific accomplishments for 2013, the NSA expects the program to obtain access to "data flowing through a hub for a major communications provider" and to a "major internet peer-to-peer voice and text communications system".
Technology companies maintain that they work with the intelligence agencies only when legally compelled to do so. The Guardian has previously reported that Microsoft co-operated with the NSA to circumvent encryption on the Outlook.com email and chat services. The company insisted that it was obliged to comply with "existing or future lawful demands" when designing its products.
The documents show that the agency has already achieved another of the goals laid out in the budget request: to influence the international standards upon which encryption systems rely.
Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006.
"Eventually, NSA became the sole editor," the document states.
The NSA's codeword for its decryption program, Bullrun, is taken from a major battle of the American civil war. Its British counterpart, Edgehill, is named after the first major engagement of the English civil war, more than 200 years earlier.
A classification guide for NSA employees and contractors on Bullrun outlines in broad terms its goals.
"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.
The document also shows that the NSA's Commercial Solutions Center, ostensibly the body through which technology companies can have their security products assessed and presented to prospective government buyers, has another, more clandestine role.
It is used by the NSA to "to leverage sensitive, co-operative relationships with specific industry partners" to insert vulnerabilities into security products. Operatives were warned that this information must be kept top secret "at a minimum".
A more general NSA classification guide reveals more detail on the agency's deep partnerships with industry, and its ability to modify products. It cautions analysts that two facts must remain top secret: that NSA makes modifications to commercial encryption software and devices "to make them exploitable", and that NSA "obtains cryptographic details of commercial cryptographic information security systems through industry relationships".
The agencies have not yet cracked all encryption technologies, however, the documents suggest. Snowden appeared to confirm this during a live Q&A with Guardian readers in June. "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on," he said before warning that NSA can frequently find ways around it as a result of weak security on the computers at either end of the communication.
The documents are scattered with warnings over the importance of maintaining absolute secrecy around decryption capabilities.
Strict guidelines were laid down at the GCHQ complex in Cheltenham, Gloucestershire, on how to discuss projects relating to decryption. Analysts were instructed: "Do not ask about or speculate on sources or methods underpinning Bullrun." This informaton was so closely guarded, according to one document, that even those with access to aspects of the program were warned: "There will be no 'need to know'."
The agencies were supposed to be "selective in which contractors are given exposure to this information", but it was ultimately seen by Snowden, one of 850,000 people in the US with top-secret clearance.A 2009 GCHQ document spells out the significant potential consequences of any leaks, including "damage to industry relationships".
"Loss of confidence in our ability to adhere to confidentiality agreements would lead to loss of access to proprietary information that can save time when developing new capability," intelligence workers were told. Somewhat less important to GCHQ was the public's trust which was marked as a moderate risk, the document stated.
"Some exploitable products are used by the general public; some exploitable weaknesses are well known eg possibility of recovering poorly chosen passwords," it said. "Knowledge that GCHQ exploits these products and the scale of our capability would raise public awareness generating unwelcome publicity for us and our political masters."
The decryption effort is particularly important to GCHQ. Its strategic advantage from its Tempora program – direct taps on transatlantic fibre-optic cables of major telecommunications corporations – was in danger of eroding as more and more big internet companies encrypted their traffic, responding to customer demands for guaranteed privacy.
Without attention, the 2010 GCHQ document warned, the UK's "Sigint utility will degrade as information flows changes, new applications are developed (and deployed) at pace and widespread encryption becomes more commonplace." Documents show that Edgehill's initial aim was to decode the encrypted traffic certified by three major (unnamed) internet companies and 30 types of Virtual Private Network (VPN) – used by businesses to provide secure remote access to their systems. By 2015, GCHQ hoped to have cracked the codes used by 15 major internet companies, and 300 VPNs.
Another program, codenamed Cheesy Name, was aimed at singling out encryption keys, known as 'certificates', that might be vulnerable to being cracked by GCHQ supercomputers.
Analysts on the Edgehill project were working on ways into the networks of major webmail providers as part of the decryption project. A quarterly update from 2012 notes the project's team "continue to work on understanding" the big four communication providers, named in the document as Hotmail, Google, Yahoo and Facebook, adding "work has predominantly been focused this quarter on Google due to new access opportunities being developed".
To help secure an insider advantage, GCHQ also established a Humint Operations Team (HOT). Humint, short for "human intelligence" refers to information gleaned directly from sources or undercover agents.
This GCHQ team was, according to an internal document, "responsible for identifying, recruiting and running covert agents in the global telecommunications industry."
"This enables GCHQ to tackle some of its most challenging targets," the report said. The efforts made by the NSA and GCHQ against encryption technologies may have negative consequences for all internet users, experts warn.
"Backdoors are fundamentally in conflict with good security," said Christopher Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union. "Backdoors expose all users of a backdoored system, not just intelligence agency targets, to heightened risk of data compromise." This is because the insertion of backdoors in a software product, particularly those that can be used to obtain unencrypted user communications or data, significantly increases the difficulty of designing a secure product."
This was a view echoed in a recent paper by Stephanie Pell, a former prosecutor at the US Department of Justice and non-resident fellow at the Center for Internet and Security at Stanford Law School.
"[An] encrypted communications system with a lawful interception back door is far more likely to result in the catastrophic loss of communications confidentiality than a system that never has access to the unencrypted communications of its users," she states.
Intelligence officials asked the Guardian, New York Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read.
The three organisations removed some specific facts but decided to publish the story because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of internet users in the US and worldwide.
-
Im thinking that the 'internet cable operator' encryption that they have broke through is BPI+, which is the standard encryption that is used in docsis cable modems to encrypt the information between you and the ISP.
As for SSL and HTTPS, it is unfortunate that the American Intelligence Agencies have crippled standards that are used around the entire world for their own perversion. It is clear we have created a monster, and that the monster is too large to stop. The propaganda machine works for the majority of American's, so no matter how many laws they break, how many constitutional laws they violate, there will be propaganda with reasoning that will convince the majority.
It is sad and depressing times for Americans.
-
It is sad and depressing times for Americans.
No, it's sad and depressing times for the internet. They broke it. But it will get fixed by millions of coders who will deal with the bug called NSA/GCHQ.
The NSA has undermined a fundamental social contract. We engineers built the internet – and now we have to fix it
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
-
I can't believe more emphasis is not being put on the banking aspects of of this. People might not care about their privacy but who the fuck doesn't care about their money? This should outrage individuals, businesses, corporations, everyone really. Banking systems rely heavily on encryption and if it can be broken then we have a serious, serious problem. One could argue that the economy depends on encryption to a certain degree. Trade secrets depend on encryption. Intellectual property depends on encryption. This is out of control. It goes way beyond communications.
-
Normal people don't understand the implications of this backdoor crap. They don't understand that China has an army of hackers who will work 7 days a week to find such backdoors and exploits and abuse the shit out of it. They hacked Gmail in China thanks to NSA.
Anyway, internal banking communications usually probably doesn't use SSL certificates by some NSA controlled certificate authority. They most likely also don't encrypt their data with Bitlocker or other backdoored/exploitable commercial software. They use their own implementations of strong encryption algorithms.
-
1. Is it possible GPG is backdoored?
2. Is it possible Truecrypt is backdoored?
3. Any insight to what strong encryption Snowden was referencing that still had value.
4....damn I wish I could see what all information he took....I would have an awesome time reading through all of that.
-
^Open source software is about the only thing left that CAN be trusted. At least others can check the code for backdoors, although I'm sure there's a way to sneak one in regardless, especially if the software has even the smallest proprietary component.
As for the SSL side of this, I wonder if the supposed parabon leaks have something to do with it:
http://edramalpl7oq5npk.onion/PRISM
That's encyclopedia dramatica's site on the darknet. Scroll down to the section about parabon and check out the screencaps of those SSL certificates. I looked at that the other day and went "nahhhh, couldn't be".
-
I feel sick...
-
^Open source software is about the only thing left that CAN be trusted. At least others can check the code for backdoors, although I'm sure there's a way to sneak one in regardless, especially if the software has even the smallest proprietary component.
As for the SSL side of this, I wonder if the supposed parabon leaks have something to do with it:
http://edramalpl7oq5npk.onion/PRISM
That's encyclopedia dramatica's site on the darknet. Scroll down to the section about parabon and check out the screencaps of those SSL certificates. I looked at that the other day and went "nahhhh, couldn't be".
Open source is not enough. It means bugs CAN be found, not bugs WILL be found. And the best way to insert a backdoor is to create an exploitable bug that most likely will NOT be found. Open source also often means anyone can contribute code, and all code does not get extensively reviewed/tested, so this actually makes creating backdoors much easier for the government. I would argue it's better to have a small number of contributors who make their code open but do not allow public contributions, but even that's not perfect. The Tor Project had a government directed collaboration going on IIRC at some point in the past.
-
The design for Tor came from the US government and two of its lead developers worked for US military intelligence agencies in the past (and one still does). I think over half of Tor's funding is from the US government still.
-
^Open source software is about the only thing left that CAN be trusted. At least others can check the code for backdoors, although I'm sure there's a way to sneak one in regardless, especially if the software has even the smallest proprietary component.
As for the SSL side of this, I wonder if the supposed parabon leaks have something to do with it:
http://edramalpl7oq5npk.onion/PRISM
That's encyclopedia dramatica's site on the darknet. Scroll down to the section about parabon and check out the screencaps of those SSL certificates. I looked at that the other day and went "nahhhh, couldn't be".
Open source is not enough. It means bugs CAN be found, not bugs WILL be found. And the best way to insert a backdoor is to create an exploitable bug that most likely will NOT be found. Open source also often means anyone can contribute code, and all code does not get extensively reviewed/tested, so this actually makes creating backdoors much easier for the government. I would argue it's better to have a small number of contributors who make their code open but do not allow public contributions, but even that's not perfect. The Tor Project had a government directed collaboration going on IIRC at some point in the past.
Of course. Open source is only as trusted as the person reviewing the code. Popular open source projects will be reviewed more extensively and by experts with greater talent, but NOTHING will guarantee that an application is free of (subversive) bugs unless you write it yourself. It's still the best option for most users, especially when the choice is between truecrypt and bitlocker haha
-
This marketplace is revolutionary beyond what many of us can conceive and the main reason for this is the ability to adapt constantly. DPR and his team can only do so much but we have to start contributing as well. One of the problems is that the feds can see everything we collaberate on here in the forums. I think we should start our own community think tank forums where anyone with any idea can contribute it. But the only thing mentioned in the forum should be the basic idea with just enough detail for DPR and other SENIOR members to grasp and if it should spark interest then all communication of said idea from that point on should only take place in private messages that the FEDS are gonna have a much harder time of seeing. Obviously this ideas going to eventually hit the forums but at least this will allow us more time. We can constantly be developing new ideas behind the scenes and we can choose when to implement them and then the clock will start on the feds side to stop it. But while there working on stopping that idea we can be working five more versus now where everything is out in the open and they can prepare for all of it at once. Just a thought
-
"Feds Beg..."
Ah, my favorite news headline of all time.
Maybe now they'll know how it feels as we beg for our 4th amendment rights to be respected or beg for them to respect the law they're supposed to uphold but instead share intelligence info - illegally - with LE for non-terrorism-related domestic cases.
The ethically-challenged should be the ones begging.
-
I have never had faith in SSL or the SHA encoding systems, but my main concern is PGP? Not just because of the Silk Road but I use it for plenty of other (legal) purposes.
My understanding PGP is an open source standard so any holes should be known or can be equally discovered by the good guys as opposed to the bad guys?
It fucken sickens me that people just allow this shit to happen. If a private person was to create encryption software and left back doors right through it they would be sent to jail yet governments across the world are able to do it and people hardly bat an eye lid.
-
I'm a big fan of ProPublica. They do an excellent job uncovering the ugly truth
-
The design for Tor came from the US government and two of its lead developers worked for US military intelligence agencies in the past (and one still does). I think over half of Tor's funding is from the US government still.
I have often thought about this myself and wondered why no one expresses concern over possible exploits given the ties between Tor and the US government.
-
The design for Tor came from the US government and two of its lead developers worked for US military intelligence agencies in the past (and one still does). I think over half of Tor's funding is from the US government still.
I have often thought about this myself and wondered why no one expresses concern over possible exploits given the ties between Tor and the US government.
The US government fully funds TOR to the tune of over a million dollars a year. The US government NEEDS TOR. The US government NEEDS people to use TOR. Any exploit would also leave the US government potentially vulnerable too.
-
The design for Tor came from the US government and two of its lead developers worked for US military intelligence agencies in the past (and one still does). I think over half of Tor's funding is from the US government still.
I have often thought about this myself and wondered why no one expresses concern over possible exploits given the ties between Tor and the US government.
The US government fully funds TOR to the tune of over a million dollars a year. The US government NEEDS TOR. The US government NEEDS people to use TOR. Any exploit would also leave the US government potentially vulnerable too.
Potentially yes but given the apparent requirement for Tor it would seem irresponsible for them to design and fund a system that they then panic over and have to spend billions on having the NSA trying to crack so they can deanonymize people using it. It also seems highly unlikely they would adopt that approach.
-
The design for Tor came from the US government and two of its lead developers worked for US military intelligence agencies in the past (and one still does). I think over half of Tor's funding is from the US government still.
I have often thought about this myself and wondered why no one expresses concern over possible exploits given the ties between Tor and the US government.
The US government fully funds TOR to the tune of over a million dollars a year. The US government NEEDS TOR. The US government NEEDS people to use TOR. Any exploit would also leave the US government potentially vulnerable too.
Potentially yes but given the apparent requirement for Tor it would seem irresponsible for them to design and fund a system that they then panic over and have to spend billions on having the NSA trying to crack so they can deanonymize people using it. It also seems highly unlikely they would adopt that approach.
The encryption cracking that they are working on is not specifically the TOR network that they are trying to crack. They need to be anonymous for certain stuff they do which we will never know all about. They need TOR. They need people using TOR. They are not panicking about Silk Road. Hell, one of the top 3% vendors had the email to their facebook on their profile. I could have easily found many of the members here if I was LE. They are not trying very hard. SR creates jobs for LE. The more people with drugs on the street and selling drugs IRL, the more people to arrest and the more jobs for LE. The government has no real interest in us at this point in time.
-
The design for Tor came from the US government and two of its lead developers worked for US military intelligence agencies in the past (and one still does). I think over half of Tor's funding is from the US government still.
I have often thought about this myself and wondered why no one expresses concern over possible exploits given the ties between Tor and the US government.
The US government fully funds TOR to the tune of over a million dollars a year. The US government NEEDS TOR. The US government NEEDS people to use TOR. Any exploit would also leave the US government potentially vulnerable too.
Potentially yes but given the apparent requirement for Tor it would seem irresponsible for them to design and fund a system that they then panic over and have to spend billions on having the NSA trying to crack so they can deanonymize people using it. It also seems highly unlikely they would adopt that approach.
The encryption cracking that they are working on is not specifically the TOR network that they are trying to crack. They need to be anonymous for certain stuff they do which we will never know all about. They need TOR. They need people using TOR. They are not panicking about Silk Road. Hell, one of the top 3% vendors had the email to their facebook on their profile. I could have easily found many of the members here if I was LE. They are not trying very hard. SR creates jobs for LE. The more people with drugs on the street and selling drugs IRL, the more people to arrest and the more jobs for LE. The government has no real interest in us at this point in time.
email to their facebook! fuck me some people are making it easy for LE.
I would like to believe you when you say that governments are not currently really that interested in SR, I doubt it though. I suspect they are sitting back for now and gathering intel ready for some future action, it would be incredibly complacent to assume we are not a priority target given what this place represents.
-
One of the problems is that the feds can see everything we collaberate on here in the forums.
I, for one, want them to see that I try to sabotage their plans. That makes it even more worthwhile. The only problem is that I'm not sabotaging them enough. I guess I need to start coding again, e.g. some "tarpit" hidden service proxy which delays network connections to make traffic analysis harder.
If I'm doing it right, then it won't help them to see what techniques I suggest. Though unfortunately I may have made some mistakes, e.g. suggesting hardware based virtualization (AMD-V/VT-x) is more secure than software based virtualization.
-
How to remain secure against NSA surveillance
The NSA has huge capabilities – and if it wants in to your computer, it's in. With that in mind, here are five ways to stay safe
by Bruce Schneier
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
With all this in mind, I have five pieces of advice:
1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.
2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you're much better protected than if you communicate in the clear.
3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.
4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about. There's an undocumented encryption feature in my Password Safe program from the command line); I've been using that as well.
-
The design for Tor came from the US government and two of its lead developers worked for US military intelligence agencies in the past (and one still does). I think over half of Tor's funding is from the US government still.
I have often thought about this myself and wondered why no one expresses concern over possible exploits given the ties between Tor and the US government.
The US government fully funds TOR to the tune of over a million dollars a year. The US government NEEDS TOR. The US government NEEDS people to use TOR. Any exploit would also leave the US government potentially vulnerable too.
Potentially yes but given the apparent requirement for Tor it would seem irresponsible for them to design and fund a system that they then panic over and have to spend billions on having the NSA trying to crack so they can deanonymize people using it. It also seems highly unlikely they would adopt that approach.
The encryption cracking that they are working on is not specifically the TOR network that they are trying to crack. They need to be anonymous for certain stuff they do which we will never know all about. They need TOR. They need people using TOR. They are not panicking about Silk Road. Hell, one of the top 3% vendors had the email to their facebook on their profile. I could have easily found many of the members here if I was LE. They are not trying very hard. SR creates jobs for LE. The more people with drugs on the street and selling drugs IRL, the more people to arrest and the more jobs for LE. The government has no real interest in us at this point in time.
email to their facebook! fuck me some people are making it easy for LE.
I would like to believe you when you say that governments are not currently really that interested in SR, I doubt it though. I suspect they are sitting back for now and gathering intel ready for some future action, it would be incredibly complacent to assume we are not a priority target given what this place represents.
The spooks over at the NSA - despite their varying views on drug users - have to admit that at least half of their black hat friends are regular drug users. And they're genuises, too. Many of them gave us things like Red Hat Linux and the Usenet. Perhaps there will be some kind of low-level action on behalf of the DEA to bust drug/weapons dealers that are making things dicey for law enforcement in the US. But in a world where the MI6 sets up the Syrian government to make it look as if they are using chemical weapons (this was about 6 months ago that story came out, anyone remember?) - low level SR users aren't much of a problem. Geopolitical engineering is what the NSA was made for. And there's probably more than a few SR users who work for the NSA.
Pedos, however, are a different story. Nobody cares what happens to them.
-
'fight terrrroism' = 'rape your rights'
football stadiums more and more force you to go near naked in the name of fighting 'terrrrror' when they just don't want you smuggling drinks and food
is anyone even remotely worried about getting blown up? usually the CIA edges on some unstable freaks to actually enable them to keep the scare going.. if it was like they say it is, shopping malls would be getting suicide bombed daily
they just want the ability bust anyone stepping out of line or causing political trouble
-
The US government fully funds TOR to the tune of over a million dollars a year.
The Tor financials are publicly available:
https://www.torproject.org/about/financials.html.en
https://www.torproject.org/about/findoc/2012-TorProject-Annual-Report.pdf
As can be seen on page 8, the US government provides about 60% of the Tor Project's funding, so they don't "fully" fund it.
They are a significant contributor, but if you look at the details, those agencies include the National Science Foundation, as an example, which is dedicated to funding open research. There is no conspiracy by the US government to control the Tor Project, and anyway the code is open source, reviewed by thousands of researchers and hackers, and the relays are run by independent operators in over 70 countries, so there's little the US gov could do to control the Tor network.
-
You're right Astor. I thought the 1.3 million USD (might be remembering that number wrong) from the US government was their entire funding.
Care to copy and paste the rest of the people funding TOR? I don't open PDFs. :-[
-
Care to copy and paste the rest of the people funding TOR? I don't open PDFs. :-[
If you can't trust a PDF produced and hosted by the Tor Project, then you shouldn't be running Tor. ;)
-
BTW, TBB 2.4, the newest version of which includes patches that should make your Tor circuits faster against the botnet load on the network, includes a built in PDF reader that should be nicely contained by Tor Browser's proxy settings.
https://blog.torproject.org/blog/new-tor-02417-rc-packages
Or just run Whonix already. :)
-
The newest version of TOR scares me. :( The idea of a development version of TOR is scary. :-\
-
The newest version of TOR scares me. :( The idea of a development version of TOR is scary. :-\
I haven't downloaded it yet, I'm scared too
-
You don't need to be scared about development versions. Maybe there's a bug which will make Tor crash, but it won't suddenly deanonymize you.
-
You don't need to be scared about development versions. Maybe there's a bug which will make Tor crash, but it won't suddenly deanonymize you.
Bugs that can cause crashes can usually be used to pwn people though
-
This is what worries me. Everybody always yells 'update, update, update!' How do we know that open-source project we trusted has suddenly been infiltrated and had a backdoor inserted?? Updates may not always be a good thing lol
-
This is what worries me. Everybody always yells 'update, update, update!' How do we know that open-source project we trusted has suddenly been infiltrated and had a backdoor inserted?? Updates may not always be a good thing lol
You can audit it for backdoors and build the browser bundle yourself.
https://gitweb.torproject.org/tor.git/tree/refs/heads/release-0.2.4:/src/or
https://gitweb.torproject.org/vidalia.git/tree/refs/heads/master:/src/vidalia
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/17.0.8esr/source/
https://gitweb.torproject.org/torbrowser.git/tree/refs/heads/maint-2.4:/src/current-patches/firefox
-
This is what worries me. Everybody always yells 'update, update, update!' How do we know that open-source project we trusted has suddenly been infiltrated and had a backdoor inserted?? Updates may not always be a good thing lol
You can audit it for backdoors and build the browser bundle yourself.
sigh...
it is getting to that point.. guard everystep
what's next, someone in MIT working on a Molecular Atomic Gamma Ray that can sniff out any substance through any material??
just lock us into our matrix pods and get it overwith!!!
-
This is what worries me. Everybody always yells 'update, update, update!' How do we know that open-source project we trusted has suddenly been infiltrated and had a backdoor inserted?? Updates may not always be a good thing lol
You can audit it for backdoors and build the browser bundle yourself.
sigh...
it is getting to that point.. guard everystep
what's next, someone in MIT working on a Molecular Atomic Gamma Ray that can sniff out any substance through any material??
just lock us into our matrix pods and get it overwith!!!
Drug scanning lasers that can detect particles of drugs through materials and/or your body from 150 feet away.
http://dkn255hz262ypmii.onion/index.php?topic=144014
http://dkn255hz262ypmii.onion/index.php?topic=167048
-
Wait, wait... I'm really fucking confused now. We're *not* supposed to use elliptic curve cryptography? But... but I... but...
wtf is going on?
-
Wait, wait... I'm really fucking confused now. We're *not* supposed to use elliptic curve cryptography? But... but I... but...
wtf is going on?
Right now expert cryptographers seem to hold conflicting opinions. Some are saying we need to switch to ECC right away, because they take the NSA revelations to mean that the NSA might be able to crack low bit strength RSA and DH (ie: The leak says that ten years ago the NSA had a break through allowing them to crack many forms of cryptography). Others are saying we need to stay far away from it. Personally I prefer ECC by a lot, but if it is broken well obvious it is no good. ECC has been the traditional wisdom up until very recently, with pretty nearly everybody suggesting it be switched to from RSA and DH. But with the NSA revelations, some people are getting cold feet in regard to the ECC algorithms, because the NSA has been their biggest supporter and trying to get everybody to switch to them for some years now (ie: The leak says that the NSA is trying to get people to use encryption that they can break).
So use ECC if you think the NSA revelations mean RSA and DH are screwed, and use high bit strength RSA and DH if you think the NSA revelations mean ECC is screwed. Right now the experts are split. ECC is pretty new. I think the mathematics behind ECC is relatively new, only being formalized a bit over a hundred years ago, whereas the mathematics behind RSA go back several thousand years. On the other hand, most people thought ECC was much stronger than RSA bit-for-bit. I really cannot say which I would use. I think ECC has much nicer properties and I would much rather use ECC than RSA or DH, provided it is secure. Honestly though I would probably have to lean more toward RSA or DH with really high bit strength, because not many people are worried the NSA can break those, but some people are worried they can break ECC in general and the others are worried they can break low bit strength RSA/DH.
-
Wait, wait... I'm really fucking confused now. We're *not* supposed to use elliptic curve cryptography? But... but I... but...
wtf is going on?
Right now expert cryptographers seem to hold conflicting opinions. Some are saying we need to switch to ECC right away, because they take the NSA revelations to mean that the NSA might be able to crack low bit strength RSA and DH (ie: The leak says that ten years ago the NSA had a break through allowing them to crack many forms of cryptography). Others are saying we need to stay far away from it. Personally I prefer ECC by a lot, but if it is broken well obvious it is no good. ECC has been the traditional wisdom up until very recently, with pretty nearly everybody suggesting it be switched to from RSA and DH. But with the NSA revelations, some people are getting cold feet in regard to the ECC algorithms, because the NSA has been their biggest supporter and trying to get everybody to switch to them for some years now (ie: The leak says that the NSA is trying to get people to use encryption that they can break).
So use ECC if you think the NSA revelations mean RSA and DH are screwed, and use high bit strength RSA and DH if you think the NSA revelations mean ECC is screwed. Right now the experts are split. ECC is pretty new. I think the mathematics behind ECC is relatively new, only being formalized a bit over a hundred years ago, whereas the mathematics behind RSA go back several thousand years. On the other hand, most people thought ECC was much stronger than RSA bit-for-bit. I really cannot say which I would use. I think ECC has much nicer properties and I would much rather use ECC than RSA or DH, provided it is secure. Honestly though I would probably have to lean more toward RSA or DH with really high bit strength, because not many people are worried the NSA can break those, but some people are worried they can break ECC in general and the others are worried they can break low bit strength RSA/DH.
Very curious. GPG also supposedly has had support for ECC algorithms in the development version for a year or two now, I believe -- yet it isn't in the general release. In fact, even after downloading and compiling the development version in question I decided not to use it because it has a big warning saying "do not use this version if you need strong security," or something to that effect (honestly I don't recall exactly, but that's close enough). The source of the development version is also quite a bit smaller in size than the general release's source (at least the versions I compared were), which seemed odd to me too.
Initially I wondered if they weren't releasing it because somebody from the NSA paid them a visit or something, but now I'm wondering if it's the other way around... I see Schneier's point about constants that could be easily influenced. I think I agree with him, too. If anyone's curious, apparently in 2007 this (may or may not have) actually happened: http://rump2007.cr.yp.to/15-shumow.pdf
If you aren't comfortable with a PDF, it's just a brief few pages -- back of a napkin kind of thing -- detailing the mathematics & attack on a specific implementation of an elliptic curve pseudorandom number generator that had a constant which was never derived or explained, and that allowed the entire system to be broken with as few as 32 bytes of the private key being known or some such thing. Frankly the math is a level higher than I'm readily able to understand, but I believe that's accurate.
-
The newest version of TOR scares me. :( The idea of a development version of TOR is scary. :-\
Right now it's at the "release candidate" stage, meaning it's almost ready to be released as a stable version. They are 96% of the way to a final release:
https://trac.torproject.org/projects/tor/milestone/Tor%3A%200.2.4.x-final
This isn't like alpha software that we're talking about.
The Tor Browser in TBB 2.4 is based on the same Firefox 17 that is bundled in TBB 2.3, so your safety (or danger) with regard to browser exploits is exactly the same.
-
So in the change log for 0.2.4.2-alpha "Removed features: Now that all versions before 0.2.2.x are disallowed, we no longer need to work around their missing features. Thus we can remove a bunch of compatibility code."
I'm not sure what compatibility code they're referring to? Have they just opened up a security hole if an older TBB is modified to trick the db into allowing it onto the network?
-
I don't know. You can read through the whole changelog to find out what those features are :)
https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=ChangeLog
Or get on their IRC channel and ask them.
I doubt it would be a security threat. More likely that a bunch of shit would just be broken for Tor 0.2.1. They blacklisted that Tor version about a year ago. You can see the downtick in relays around August/September 2012:
https://metrics.torproject.org/network.html?graph=networksize&start=2012-01-01&end=2013-09-09#networksize
I remember seeing that and wondering why the number of relays dropped, and then saw arma mention somewhere, maybe on the mailing list, that they had blacklisted Tor 0.2.1.
Another thing is, notice in the changelog that they switched from calling it alpha to release candidate between 0.2.4.14 and 0.2.4.15. That probably means that major bugs, like stuff that causes crashes, have been fixed.
-
The newest version of TOR scares me. :( The idea of a development version of TOR is scary. :-\
My understanding is the new version of Tor adds two very import features:
1. Smarter routing to help handle network attacks like last week.
2. Support for Elliptic Curve Curve Crypto, thought to be more secure Bruce Schneider's option.
The Tor project seems to be open source which is run by a non-profit organization, so the source should be available, and you can bet it will be reviewed by cryptographers.
My take on recent events:
1. NSA was likely bullied companies into giving up keys for stuff like VPN & SSL,
2. It stole most centralized keys what it couldn't get other ways.
3. NSA pushed broken Random Number Generator, pushed MS to use it in Windows.
So all SSL, VPN, HTTPs and centralized Certificates are all suspect or known broken. Windows disk encryption is broken. Apple's encryption is very suspect. I can't see Steve Jobs going to jail for anyone's privacy. These companies, and many other American interests will pay a heavy price for being snitches, for it will be long time before people trust them again.
PGP & GPG are very likely still secure, as is TrueCrypt. Their code is open, well inspected, and written by Phil Zimmerman and Bruce Schneider, the two most trusted name in Crypto. I also trust the Password holder.
-
So all SSL, VPN, HTTPs and centralized Certificates are all suspect or known broken. Windows disk encryption is broken. Apple's encryption is very suspect. I can't see Steve Jobs going to jail for anyone's privacy. These companies, and many other American interests will pay a heavy price for being snitches, for it will be long time before people trust them again.
I agree. They should suffer. Boycott the whole fucking American tech industry. The problem is there aren't too many other options, and most other governments suck too. The German government requires backdoors at any ISPs with more that 10K subscribers and has installed malware on on their citizens' computers. The Swedish government watches all internet traffic that crosses its borders. GCHQ is worse than the NSA. And the less developed countries have generally more corrupt governments, although their technical capabilities may be lower.
I still like the idea of home hosting. It's the cheapest and the most legally, technically, and physically secure.
PGP & GPG are very likely still secure, as is TrueCrypt. Their code is open, well inspected, and written by Phil Zimmerman and Bruce Schneider, the two most trusted name in Crypto. I also trust the Password holder.
There is a lot of criticism of Truecrypt.
http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/
https://tails.boum.org/doc/encryption_and_privacy/truecrypt/
I doubt it has been reviewed as thoroughly as LUKS/dm-crypt, whose developers are known. Most security savvy people have a negative view of it, including the Tor Project people.
I also wouldn't trust Windows or OS X for anything, since they are closed source operating systems made by corporations that work with the American government, including the NSA, whether they want to or not.
-
I've been running a vm in truecrypt container but wondering if best to just run a stripped down mac osx from a fragile usb that you can crack in your fingers
-
I still like the idea of home hosting. It's the cheapest and the most legally, technically, and physically secure.
Not that good for anonymity though. I would never want to run an illegal hidden service out of my own house.
I doubt it has been reviewed as thoroughly as LUKS/dm-crypt, whose developers are known. Most security savvy people have a negative view of it, including the Tor Project people.
The thing to understand is that the reason many of these people don't like Truecrypt is because they don't like the license it is released under. I know people who have hardly ever even glanced at Truecrypt at all, and they talk shit about it because it isn't released under GPL. These are problems from the perspective of ultra-geeks who might just strap suicide vests on in the name of a particular license, they are not problems that really have much effect on regular users who don't give a shit how the software they are using is licensed. Truecrypt is open source, I don't personally care if it is released under license 1 or 2, but some people refuse to even glance at it because it isn't released under license 2, and in addition to this they are more than happy to bash on it because of this.
I am not saying I trust Truecrypt or that I have looked at the code. Some of the other criticism about it is legitimate even. But talk with somebody who is against Truecrypt for more than a minute or two and the conversation is invariably going to head toward how shitty the license it is released under is.
-
I've been running a vm in truecrypt container but wondering if best to just run a stripped down mac osx from a fragile usb that you can crack in your fingers
Unless you can pulverize it with your fingers it won't help. They can piece the fragments back together and read the data on it. I also don't recommend swalling it.
Instead you may want to install an OS with dm-crypt/LUKS full disk encryption. Ubuntu, Xubuntu etc. starting from version 12.10. offer the option for full disk encryption during the installation with the graphical installer. So basically it's even easier to use than TrueCrypt full disk encryption. Older versions of *ubuntu offer full disk encryption with the alternate installer.
https://www.eff.org/deeplinks/2012/11/privacy-ubuntu-1210-full-disk-encryption
-
Red Hat engineer tries to make the Linux kernel have an option to blindly trust the hardware random number generator (e.g. of possibly backdoored Intel chips). And in his proposed patch he makes it sound like it was just an option to turn the hardware RNG on and off. Very funny.
Theodore Ts'o
Sep 6, 2013
Oh, I should add that just today I had to fight back an attempt by a Red Hat engineer to add a configuration option to blindly trust RDRAND and bypass the entropy pool: https://lkml.org/lkml/2013/9/5/212
The timing was particularly ironic....
This past week, it was a Red Hat engineer who wanted to put in a run-time configuration parameter that would bypass the entropy pool. When I asked why, he couldn't give me a cogent explanation, other than performance. When I pointed out that all of the performance critical callers were already using a CRNG seeded from the random driver, and asked him to give me the specific place where performance would make a difference, he couldn't give me a straight answer.
I don't want to assume that either of these engineers were taking a position that was formally endorsed by their employer. The most recent one was strange though, if for no other reason than he was completely unable to give me a justification that made any sense.
https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J
Also, Linus Torvalds responds to a petition to completely remove the hardware RNG function from the Linux kernel:
“Where do I start a petition to raise the IQ and kernel knowledge of people? Guys, go read drivers/char/random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong. Short answer: we actually know what we are doing. You don't. Long answer: we use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool. So even if rdrand were to be back-doored by the NSA, our use of rdrand actually improves the quality of the random numbers you get from /dev/random. Really short answer: you're ignorant.”
https://www.change.org/en-GB/petitions/linus-torvalds-remove-rdrand-from-dev-random-4/responses/9066
-
If you can't steal the keys, the next best way to break crypto is force use of a broken Random Number Generator. This seems the way that Windows encryption was compromised down to a 32 bit key space.
It seems likely that versions of Linux (& likely Apple) have been compromised, and since we can't be sure which are secure, all are suspect to me. The dm-crypt/LUKS full disk encryption file system could be secure, but I can't be sure.
We know that Snowden was able to encrypt files on the flashdrives so even NSA could not easily break them. I suspect he used TrueCrypt because Bruce Schneider is involved, but don't know. As mentioned, the problems with Truecrypt are mostly license based, the code is open, reviewable and has been given a security review of the code, and is probably secure.
-
I don't think Bruce *Schneier* has anything at all to do with Truecrypt.
-
The dm-crypt/LUKS full disk encryption file system could be secure, but I can't be sure.
Well, you can be quite sure, as the /dev/urandom random number generator in Linux is safe, even when it uses a possibly backdoored Intel CPU. Because it uses several other sources of randomness at the same time.
Encryption programs like GnuPG don't rely solely on /dev/urandom anyway, they mix it with other sources of randomness. I bet it's the same with dm-crypt, though I didn't look at the code (probably wouldn't understand it anyway). When creating a TrueCrypt volume you have to move your mouse around to create more randomness.
-
I don't think Bruce *Schneier* has anything at all to do with Truecrypt.
:-[
I stand doubly corrected... I have seen TrueCrypt favorably mentioned by him over the years, and thought he was involved in original design.
I should have said that he is working with the Guardian on security and analysis of the documents, and has indicated he is using Tor, GPG & TrueCrypt..
"I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about."
That's the best recommendation I can think of, and it fits with what we know.
Regarding Linux distributions, Bruce said indications that some versions were compromised doing the build.
I'll go back to newbie-town and do and another 50 posts :(
-
TC is now, very strange. Their latest updates simply say a vague 'bug fixes' and there's no 2013 repository. Nobody knows wtf is up with TC. I don't use them, I use Skein512/Threefish and operating system encryption like dm-crypt.
Also, this: https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1676028
"Could the NSA be intercepting downloads of open-source encryption software and silently replacing these with their own versions?"
Schneier: Yes, I believe so.
Even worse, today we discover RdRand, the Intel RNG is being exclusively used by the Linux kernel to map memory address allocations, and since it's well suspected the NSA can determine those blackbox Intel/AMD RNGs (because they sabotaged them) Linux is wide open to easy ASLR bypass attacks. Torvalds defended their use of RdRand for CS-PRNG because of other sources being mixed in, and of course that's fine, but didn't say anything about the rest of the kernel where RdRand is used directly with no extractor. This means every Linux kernel, the NSA has predictable memory pages, predictable PIDs, predictable temporary names for mktemp/mkstemp, predictable inodes, predictable TCP ISS value enabling easy spoofing attacks...
OpenBSD exclusively uses /dev/random as their PRNG pool and extractor and it is used for everything, not just CS-PRNG for crypto functions, but to truly randomize memory allocation, PIDs, TCP ect. Torvalds is too trusting of Intel.
-
I still like the idea of home hosting. It's the cheapest and the most legally, technically, and physically secure.
Not that good for anonymity though. I would never want to run an illegal hidden service out of my own house.
You're thinking like a criminal. Most people aren't doing anything illegal. Home hosting is the best option for privacy in general. I'm just saying people should get off "the cloud".
However, a hidden service for a legal site gives you simple NAT traversal, a free address and end-to-end encryption (without big scary warnings). And with brute forcing you can get a semi-human readable address.
-
sub
-
Sub'd
-
Unless you can pulverize it with your fingers it won't help. They can piece the fragments back together and read the data on it. I also don't recommend swalling it.
got my head churning for some interesting angles here.... I do think destruction is the best form of cryptology :D
like what if you engineered a USB stick that fries itself if you plug it into port without a special dongle? some kind of voltage limiter for a USB designed to not be able to handle what computer ports provide?
things like that.. of course you have to be stealth on that dongle to not tip off using it