NSA and Compromised Encryption: The Sword Cuts Both Ways
![[Snapshot, Ralph Langner presentation re: Stuxnet, outlining payload extraction (c. 2012 via YouTube)]](http://www.emptywheel.net/wp-content/uploads/2013/09/RalphLangner_StuxnetPresentation_snapshot_275pxw.jpg)
[Snapshot, Ralph Langner presentation re: Stuxnet, outlining payload extraction (c. 2012 via YouTube)]
A friendly handshake is offered;
Names are swapped after entry;
The entrant delivers a present;
The present is unboxed with a secret key…
And * BOOM *
Payload delivered.
This is cyber weapon Stuxnet‘s operations sequence. At two points in the sequence its identity is masked — at the initial step, when identity is faked by a certificate, and at the third step, when the contents are revealed as something other than expected.
The toxic payload is encrypted and cannot be read until after the handshake, the name swap, and then decrypted when already deep inside the computer.
In the wake of the co-reported story on the National Security Agency’s efforts to crack computer and network encryption systems, the NSA claims they are only doing what they must to protect the country from terrorists, criminals, and cyber attacks generated by individuals, groups, and nation-state actors.
Defense, though, is but one side of the NSA’s sword; it has two lethal edges.
While use of encryption tools may prevent unauthorized access to communications, or allow malicious code to be blocked, the same tools can be used to obstruct legitimate users or shut down entire communications systems.
Encryption APIs (ex: Microsoft CryptoAPI embedded in Windows operating systems) are often used by higher level applications — for example, a random number generator within the API used to create unique keys for access can also be used to create random names or select random event outcomes like a roll of the dice.
In Stuxnet alone we have evidence of encryption-decryption used as cyber warfare, the application planned/written/supported in some way by our own government. This use was Pandora’s Box opened without real forethought to the long-term repercussions, including unintended consequences.
We know with certainty that the repercussions weren’t fully considered, given the idiocy with which members of Congress have bewailed leaks about Stuxnet, in spite of the fact the weapon uncloaked itself and pointed fingers in doing so.
One of the unconsidered/ignored/unintended consequences of using weaponry requiring encryption-decryption is that the blade can cut in the other direction.
Imagine someone within the intelligence community “detonating” a cyber weapon built in the very same fashion as Stuxnet.
A knock at the door with a handshake;
Door open, package shoved in, treated as expected goods;
Encrypted content decrypted.
And then every single desktop computer, laptop, netbook, tablet, and smartphone relying on the same standardized, industry-wide encryption tools “detonates,” obstructing all useful information activities from personal and business work to telecommunications.
At least one other cyber weapon built with a similar profile as Stuxnet, but with the ability to profile systems and report “home” — has already gathered a snapshot of the computing environment and may have left behind content earmarking systems as friendly/not-friendly.
Metadata collected continuously by the NSA informs them through network analysis exactly which systems — whether computers, servers, or smartphones — are the most important nodes on any monitored network to which cyber weapons should be pushed in order to disperse clones of defensive/offensive cyber weapons most efficiently for maximum effective contagion.
The NSA will tell you that these kinds of tools are critical to protecting the country and its interests, but without any real oversight, created in the dark by entities who may have additional or different agendas than our own, and accessible by administrators who may be compromised, the sword they wield can deliver a mortal wound — to us.
Like the Clinton Administration’s Clipper Chip, the assault on encryption represents an end-run around adequate debate by well-informed representatives and the public as to whether the use of cyber weapons requiring compromised encryption systems is appropriate, let alone whether this double-edged sword should be contained in a way that it cannot be used inappropriately against citizens.
Congress has deliberated about the development and implementation of an internet kill switch, the use of which may or may not be legal under the Communications Act of 1934; each time the public has been enraged about the possibility that the government would have the ability to shut down communications altogether.
But NSA’s mucking about with encryption systems offers the opportunity to surreptitiously build a kill switch on any and all systems containing compromised encryption — and with NSA’s influence, the standards to which both computers, phones, and encryption systems are built ensure that nearly any and all devices, attached to a network or USB-enabled can be shut down once a cyber weapon has been deployed.
In other words, the NSA has likely built internet kill switch capability — and any debate in Congress against such capability has been futile.
How will the NSA defend this? Will it merely issue another terse statement like this one offered Friday:
“It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption. Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.
While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news. Indeed, NSA’s public website states that its mission includes leading “the U.S. Government in cryptology … in order to gain a decision advantage for the Nation and our allies.”
The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.”
In other words, to do its job the NSA must have a sword that can kill both its targets and those it is supposed to protect — just shut up about that sword hanging by a thread over your head, already. It’s not for you. Really.
the basic question the nsa predations on both privacy and internet systems is not can we have both security and protected encryption and other privacy safeguards,
but are we willing to insist that current nsa activities are completely inimical both to privacy and to secure, stable internet-like communications networks,
and as a consequence must be declared illegal.
or are we going to slowly give ground to an intrusive govt bureaucracy which cannot deliver what it promises in terms of protection and security,
but holds the potential for destroying privacy, controlling political opposition, blackmailing political leaders, and destabalizing internet-like communications dystems that are far more fragile than realized?
the issue is in short, what risks are we willing to take?
– destroy the nsa as currently constructed
– retain the nsa as currently constructed and allow its predations to continue under a cover of official lies and secrecy and ever more severe punishments for those even suspected of whistleblowing.
Secrecy doesn’t go well with any form of democracy: if you can’t know what’s going on in your name, you can’t make informed, intelligent decisions.
@orionATL: An additional problem that must be addressed, this time by the public, is the level of technical literacy wielded by members of Congress.
They can’t have this discussion for us if they know jack-shit about technology.
Stuxnet proved this, and continues to prove it.
@Rayne:
It doesn’t help that they aren’t allowed to discuss it with people who would know more about the technology, including other people in Congress.
(Great way to maintain ignorance and bad decision-making. /s)
Thanks, Rayne.
This is something that most people don’t think about, or even know. We have already seen in the US where they cut cell phone service in particular areas, and in Egypt both internet and cell phones were cut.
Do you think this is why the US forced older people out of Analogue TV’s? The last report I saw where those stations were to be used for Natl Sec said nothing has been done. Other than greed on the part of cable and satellite companies, I would think Satellite communications could be included in this type dirty dealing.
@P J Evans: Yeah, I hear you, but here’s my rebuttal:
NSA: Senator, you can’t talk to anybody about this stuff, it’s highly classified and will compromise our mission.
Feinstein: Oh. Okey-dokey! Thank you for keeping us safe! *mwah!*
– fade to black –
At least back in the Bush years Rockefeller had the good sense to note in writing an objection to sensitive info, even if his hands were tied.
@peasantparty: Good question, though I think there were a bunch of other factors including aging transmission technology. The US also auctioned the broadcast TV band, should be used by new technologies — unfortunately, since the sale a few years ago, nothing has emerged to fill that space. Ideally that band could have provided low-cost wireless ISP to the entire US, with distribution points at the same places where TV broadcast antennas have been used for decades. Sadly didn’t happen as yet; public should be pissed off about it.
WRT to forcing people to digital, if the point was to shut down communications, just knocking analog stations off the line is pretty easy.
@Rayne:
exactly right.
in fact for some time now i have been wondering how a president, a cabinet secretary, a presidential advisor, a congressman, or congressional staff can do the oversite and planning we need them to do when they don’t know shit about econoics and finance, about science, about computer, communications, medical, or miningtecnology.
all most of these bastards (though not all) know is law and how to play the poitical game.
take barrack obama vs macroeconomics – please.
take max baucus vs banking or health insurance – please.
take any of a anchovy barrel of right-wing congressmen vs reproductive, stem-cell, vacine medication – please.
take mike rogers and dumb dutch vs computer and internet spying technology – please.
take tom coburn vs evident global warming – please.
take the entire obama/bush-shaped u.s. dept of justice/fbi vs the u.s. constitution – oh wait, that’s something gov-lawyers are actually supposed to know something about! scratch that – and the constitution.
@P J Evans:
i like your formulation very much.
spare, straight to the point!
indeed, secrecy does not go well with democracy; whatvit does is a bang-up job of subverting it. still our congresscattle fall for secrecy, every g-damned time it is raised as a “need”.
@Rayne:
DiFi isn’t getting support from people here: her constituents, like me, are telling her ‘NO!!!’ and getting back ‘LA LA LA I Can’t Hear You!’
@orionATL:
Right up there with ‘terrorism’ as an excuse for doing the wrong thing nearly every time.
@P J Evans: She’s been getting plenty of negative feedback from inside and outside her constituency, but continues with the La-la-la-kneepads.
What we need to know, based on her lack of rational response: is she dense, is she compromised, or is she some of both?
If you understand how Internet routing protocols work, you’ll understand why there is no need for a “kill switch” for the Internet. Corrupt the global routing tables (doable if you “own” the major backbone ISP’s via black boxes installed on their networks by NSA personnel) and the Internet is down, you can send packets out but they never get past a couple of hops before going into the ether.
So no kill switch built into the equipment. What *is* clear, however, is that the NSA has just killed exports for every single US manufacturer of computers and networking gear. Every one of them. Because every other person on the planet is going to say, “Why should I buy those and get spied on by the USA, when I can buy cheaper Lenovo and Huwaei gear and be spied on by the PRC instead?” This is going to be like Pearl Harbor for Cisco and HP, done to them by their own government.
One more thing: Reading between the lines, SSL is utterly and totally compromised. Which I already pretty much suspected given the number of suspicious vulnerabilities that have been found over the years, but the deal is that pretty much every program that communicates “securely” on the Internet uses SSL to do that. Even my own employer’s product uses SSL to communicate. What this just did to the computer industry as a whole is to have our customers suddenly decide not to use our products as a security risk. Which isn’t the case for our own particular product (we use SSL to reassure the customer, not because it adds any particular benefit in the general case), but they just made it a lot harder to sell our product to customers. Used to be when they asked, “is it secure?” we told them “yep, we SSL-encrypt the connections!”. Now we tell’em that, but if they’ve been paying attention they’ll now say “okay, but is it secure?”
AGH! What a nightmare for those of us trying to make a living in the computer business!
“Dining with the devil you need a very long spoon!”, old proverb which holds true especially with the US dominated digital world! How far this dominance goes surfaces espially these days: The way Putin has insisted that Snowden must stop doing damage to Russia´s “partner USA” raises some frightening speculations: http://wipokuli.wordpress.com/2013/08/02/snowden-putin-and-the-us-russian-partnership-some-legitimate-speculations/
Andreas Schlüter
Sociologist
Berlin, Germany
Some of the slides used in Glenn Greenwald’s latest piece – NSA Documents Show United States Spied Brazilian Oil Giant – http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-states-spied-brazilian-oil-giant.html are here:
http://g1.globo.com/fantastico/noticia/2013/09/veja-os-documentos-ultrassecretos-que-comprovam-espionagem-dilma.html
@Badtux: How long would it take for a corruption of global routing tables to be suspected?
This combination:
[compromised encryption + Stuxnet-like malware] + [network nodes ID’d by metadata]
depending on the malware script, could go undetected just as long as Stuxnet went undetected, and it would look not like an abrupt shutdown freaking out the public, but a subtle throttleback or highly-localized spotty outage.
It could look like “suspicious vulnerabilities” “found over the years” but too late for any effective preemptive response.
It could look like a short-term outage of a single email service provider. Or a temporary outage at a server farm.
It could also be launched by a lone wolf or a rogue contract firm.
Sure, all American products will be less popular, but anything produced overseas is just as likely to be suspect.
This entire theoretical scenario only makes me wonder if the death of engineer Todd Shane was about Huawei’s equipment with regards to compromised encryption and standards.
I have been working for some time on HIPAA-compliant doctor-patient communications and the news from the NSA just shows such apps are impossible. All transmissions are to be securely encrypted end to end (now impossible, nothing is securely encrypted anymore), messages are destroyed immediately upon reading (not anymore – the NSA has stored them) and we work on a closed network (no such thing anymore). Very discouraging.
@Rayne: “They can’t have this discussion for us if they know jack-shit about technology.” Uh oh, we’re sunk. That’s an unsolvable problem.
@P J Evans Join the recall the c**t movement! If folks had done it right 30 years ago we might not be stuck with DiFi now.
@ tjallen You’re right, both HIPAA privacy and security are fatally compromised. Wonder if that’s an opening to challenge NSA? It’s a clear conflict in law.
@tjallen: I’m sure the NSA’s counterargument will be that the nation’s security is far more important than any one patient’s privacy or the security of their doctor’s practice.
Unfortunately that argument misses the fact we are all of us patients at some time, and we all of us need privacy in our medical decisions.
Makes one wonder if that’s another reason why corporate $$ is being spent on undermining Obamacare as the concept elevates healthcare to a national priority. Trash the concept of a national approach to healthcare long enough in favor of individuals on their own, and then the national security argument gains traction.
@orionATL: well said, the battle lines are drawn it is now left to each human-on which side of the barricades, fascism or freedom?