[Crypto-chi] NSA to infect millions and bypass crypto

Matt Chapman mchap88 at gmail.com
Thu Feb 19 18:58:13 CST 2015 

"The NSA isn't your enemy."

"You are not the specific target. The NSA is not your enemy. You don't live
in a foreign country, or run a foreign network that is used by foreign
governments, advocate groups, NGOs, or open source projects intended to
safeguard people like the Tor Project."

How does not being targeted make them any less of an "enemy"? Maybe my
sarcasm detection's shit today, but I'm not really following that one..

Matt

On Thu, Feb 19, 2015 at 1:54 AM, Dan Massoglia <dmassoglia at gmail.com> wrote:

> It's totally concerning (esp because, beyond the heart of this user's
> group, attacks on crypto standards/sitting on weaknesses diminishes the
> security of the web in general). Dual_EC_DRBG too. (great resource
> http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html;
>
> http://blog.cryptographyengineering.com/2015/01/hopefully-last-post-ill-ever-write-on.html;
> and see
> http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
> )
>
> Leaks made this happen so an important takeaway is transparency. (though
> that doesn't happen overnight)
>
> On Thu, Feb 19, 2015 at 1:42 AM, joe fuentes <joseph.fuentes at live.com>
> wrote:
>
>> hi everybody
>>
>> Whilst it's  true that a lot of the stuff that the Feds are trying to do
>> is not new like keylogging and there's a lot of going over stuff that's
>> been done previously even by crime grade baddies (see
>> https://blog.bit9.com/2015/02/18/equation-group-report-reveals-something-we-already-knew/)
>> there are some disturbing topics with this new malware.  And other dubious
>>  tactics adopted by the g-men to defeat crypto which is germane to the
>> heart of this users group.
>>
>> In addition to the tried and true webcam captures and all this stuff, the
>> firmware in HDs is compromised which defeats at first appearance a lot of
>> wot we're doing in the cryto space.
>>
>> http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html
>>
>> As a corollary , there's Fanny worm which cloaks itself a regular common
>> crook malware whilst hiding its real nefarious deeds. To do reconnaissance.
>>
>> http://www.pcworld.com/article/2885192/fanny-superworm-likely-the-precursor-to-stuxnet.html
>>
>> And the show doesn't stop there.  NSA has purportedly defeated crypto
>> technologies with Google, Facebook etc by undermining SSL, VPNs, TLS.
>>
>> http://arstechnica.com/security/2013/09/nsa-attains-the-holy-grail-of-spying-decodes-vast-swaths-of-internet-traffic/
>>
>>  Stay with me on this.
>>
>> Intel allegedly weakened its RdRand processor instruction used to
>> generate random numbers to make them cryptographically weak.  Even Bruce
>> Schneier weighs in on this.
>> https://www.schneier.com/blog/archives/2013/09/surreptitiously.html
>>
>> Which caused Linus Torvald of Linux fame to discard call not to use
>> RdRand in Linux. And give the camera the finger. Funny pic.
>> http://www.theregister.co.uk/2013/09/10/torvalds_on_rrrand_nsa_gchq/
>>
>> Now, as correctly pointed out we're not living in foreign countries
>> (though I have), all of these tenebrous techniques can be turned against
>> ordinary netizens like us. Some of us may indeed by members of an NGO.  Or
>> have interests that may trigger review.  If viewed suspicious by the feds
>> for WOTEVER the reason we could be targets. See for instance that readers
>> of Linux Journal - I am one of them - has been flagged by the NSA for extra
>> monitoring (
>> http://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance).
>> Tor users become Fed targets.
>> http://www.theregister.co.uk/2014/09/19/fbi_overseas_hacking_powers/
>>
>> Aside from having a good lawyer defend us, we rely on crypto technology
>> to defend our privacy and help keep us safe from prying eyes.  Thanks
>> goodness we have folks like the Tor project team and Linus Torvald who said
>> NO when approached by the Feds to implement back doors so they can get in.
>>
>> The point is all this technology we rely on is under attack.  And heaven
>> forbid this malware falls into the hands of cyber criminals. Our bank
>> accounts, medical records - all that stuff - would be at high risk.
>>
>> That is wot is so concerning about these hacks and malware. Don't you
>> think?
>> -Joe
>> > Date: Wed, 18 Feb 2015 10:09:56 -0600
>> > From: brian at fiberoverethernet.com
>> > To: cryptoparty-chi at groups.sshchicago.org
>> > CC: joseph.fuentes at live.com
>> > Subject: Re: [Crypto-chi] NSA to infect millions and bypass crypto
>>
>> >
>> > There is a key sentence in the article: " [...] targeted computers and
>> > to siphon out data from foreign Internet and phone networks."
>> >
>> > You are not the specific target. The NSA is not your enemy. You don't
>> > live in a foreign country, or run a foreign network that is used by
>> > foreign governments, advocate groups, NGOs, or open source projects
>> > intended to safeguard people like the Tor Project.
>> >
>> > Key logging is nothing new. Webcam or Microphone monitoring is nothing
>> > new. TAO is nothing new. This article rehashes everything we already
>> > know.
>> >
>> > The USG and others are trying to circumvent encryption in so many ways,
>> > why you ask? Because strong encryption WORKS and they CAN'T defeat it.
>> >
>> > -Brian
>> >
>> >
>> > On 17-02-2015 23:20, joe fuentes wrote:
>> > > Hello everyone!
>> > >
>> > > Whilst this isn't surprising to read about the NSA - and its brit
>> > > lackey dog, the GCHQ - is up to its old bag of tricks, wot is a bit
>> > > disturbing is how it plans to get around crypto by utilizing implants
>> > > and enable keylogging, webcam and microphone captures and other
>> > > dastardly and diabolical shenanigans. The first part of the article is
>> > > standard stuff though very interesting read but pay close attention to
>> > > the section beginning with CIRCUMVENTING ENCRYPTION.
>> > >
>> > > Now I pose a question to the group; whilst we use crypto tools to
>> > > guard our privacy _how in the heck do we cope with wot these
>> > > intelligence agencies are doling out as described in this article
>> > > _(which wuz based on the Snowden leaks)??
>> > >
>> > > Thoughts?
>> > >
>> > >
>> https://firstlook.org/theintercept/2014/03/12/nsa-plans-infect-millions-computers-malware/
>> > > [1]
>> > >
>> > > -Joe
>> > >
>> > >
>> > >
>> > > Links:
>> > > ------
>> > > [1]
>> > >
>> https://firstlook.org/theintercept/2014/03/12/nsa-plans-infect-millions-computers-malware/
>> > >
>> > > _______________________________________________
>> > > cryptoparty-chi mailing list
>> > > cryptoparty-chi at groups.sshchicago.org
>> > > http://groups.sshchicago.org/listinfo/cryptoparty-chi
>>
>> _______________________________________________
>> cryptoparty-chi mailing list
>> cryptoparty-chi at groups.sshchicago.org
>> http://groups.sshchicago.org/listinfo/cryptoparty-chi
>>
>>
>
> _______________________________________________
> cryptoparty-chi mailing list
> cryptoparty-chi at groups.sshchicago.org
> http://groups.sshchicago.org/listinfo/cryptoparty-chi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://groups.sshchicago.org/pipermail/cryptoparty-chi/attachments/20150219/1bc15eb5/attachment.html>

More information about the cryptoparty-chi mailing list