[Crypto-chi] NSA to infect millions and bypass crypto

Brian brian at fiberoverethernet.com
Thu Feb 19 20:14:25 CST 2015 

The NSA and GCHQ respectively in an ideological way is everyone's enemy, 
with their secretive tactics, immense overreach and poor regard for 
political consequence. Their main targets are not you and I, we are just 
collateral in dragnets but countries and private organizations are 
targets. They use information as weapons for economic gain, and as 
political clout in regions the USG have interests in-- be it for 
economic or political gains.

My sarcasm was there, though, I should have fluffed it a bit more. ^_^

When I said we are not the targets I refer to projects like Tor, PGP, 
OTR (among so many more, even non-technological) that undermine these 
mass collection dragnets, which also prevent private business which also 
the USG, and other states rely upon to circumvent their limitations be 
it in law or in capacity and to carry on this work. Those are the true 
targets.

The political edge over tapping a foreign leader to better undermine 
them at consul or to oust them as leader for some reason. The early 
knowledge that a country may default on loans, or the whisper where 
natural resources are abundant to mine to keep the US as the #1 tech 
industry are all reasons.

Where impact can really be made on us would at a local level. Police 
departments are gaining access with no oversight in the use of these 
technologies at an ever increasing and dangerous rate.

The big picture is we are battling on MANY fronts not just 
technological, but on every topic like race, religion, economics, 
political, gender, ecological and so, so much more.

It's a scary world with some of these people at the helm, so why are 
they?

This is a massive topic indeed. Thoughts?

On 19-02-2015 18:58, Matt Chapman wrote:
> "The NSA isn't your enemy."
> 
> "You are not the specific target. The NSA is not your enemy. You don't
> live in a foreign country, or run a foreign network that is used by
> foreign governments, advocate groups, NGOs, or open source projects
> intended to safeguard people like the Tor Project."
> 
> How does not being targeted make them any less of an "enemy"? Maybe my
> sarcasm detection's shit today, but I'm not really following that
> one..
> 
> Matt
> 
> On Thu, Feb 19, 2015 at 1:54 AM, Dan Massoglia <dmassoglia at gmail.com>
> wrote:
> 
>> It's totally concerning (esp because, beyond the heart of this
>> user's group, attacks on crypto standards/sitting on weaknesses
>> diminishes the security of the web in general). Dual_EC_DRBG too.
>> (great resource
>> 
> http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
>> [11];
>> 
> http://blog.cryptographyengineering.com/2015/01/hopefully-last-post-ill-ever-write-on.html
>> [12]; and see
>> 
> http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
>> [13])
>> 
>> Leaks made this happen so an important takeaway is transparency.
>> (though that doesn't happen overnight)
>> 
>> On Thu, Feb 19, 2015 at 1:42 AM, joe fuentes
>> <joseph.fuentes at live.com> wrote:
>> 
>>> hi everybody
>>> 
>>> Whilst it's true that a lot of the stuff that the Feds are trying
>>> to do is not new like keylogging and there's a lot of going over
>>> stuff that's been done previously even by crime grade baddies (see
>>> 
>> 
> https://blog.bit9.com/2015/02/18/equation-group-report-reveals-something-we-already-knew/
>>> [1]) there are some disturbing topics with this new malware. And
>>> other dubious tactics adopted by the g-men to defeat crypto which
>>> is germane to the heart of this users group.
>>> 
>>> In addition to the tried and true webcam captures and all this
>>> stuff, the firmware in HDs is compromised which defeats at first
>>> appearance a lot of wot we're doing in the cryto space.
>>> 
>> 
> http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html
>>> [2]
>>> 
>>> As a corollary , there's Fanny worm which cloaks itself a regular
>>> common crook malware whilst hiding its real nefarious deeds. To do
>>> reconnaissance.
>>> 
>> 
> http://www.pcworld.com/article/2885192/fanny-superworm-likely-the-precursor-to-stuxnet.html
>>> [3]
>>> 
>>> And the show doesn't stop there. NSA has purportedly defeated
>>> crypto technologies with Google, Facebook etc by undermining SSL,
>>> VPNs, TLS.
>>> 
>> 
> http://arstechnica.com/security/2013/09/nsa-attains-the-holy-grail-of-spying-decodes-vast-swaths-of-internet-traffic/
>>> [4]
>>> 
>>> Stay with me on this.
>>> 
>>> Intel allegedly weakened its RdRand processor instruction used to
>>> generate random numbers to make them cryptographically weak. Even
>>> Bruce Schneier weighs in on this.
>>> 
>> https://www.schneier.com/blog/archives/2013/09/surreptitiously.html
>>> [5]
>>> 
>>> Which caused Linus Torvald of Linux fame to discard call not to
>>> use RdRand in Linux. And give the camera the finger. Funny pic.
>>> 
>> http://www.theregister.co.uk/2013/09/10/torvalds_on_rrrand_nsa_gchq/
>>> [6]
>>> 
>>> Now, as correctly pointed out we're not living in foreign
>>> countries (though I have), all of these tenebrous techniques can
>>> be turned against ordinary netizens like us. Some of us may indeed
>>> by members of an NGO. Or have interests that may trigger review.
>>> If viewed suspicious by the feds for WOTEVER the reason we could
>>> be targets. See for instance that readers of Linux Journal - I am
>>> one of them - has been flagged by the NSA for extra monitoring
>>> 
>> 
> (http://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance
>>> [7]). Tor users become Fed targets.
>>> 
>> http://www.theregister.co.uk/2014/09/19/fbi_overseas_hacking_powers/
>>> [8]
>>> 
>>> Aside from having a good lawyer defend us, we rely on crypto
>>> technology to defend our privacy and help keep us safe from prying
>>> eyes. Thanks goodness we have folks like the Tor project team and
>>> Linus Torvald who said NO when approached by the Feds to implement
>>> back doors so they can get in.
>>> 
>>> The point is all this technology we rely on is under attack. And
>>> heaven forbid this malware falls into the hands of cyber
>>> criminals. Our bank accounts, medical records - all that stuff -
>>> would be at high risk.
>>> 
>>> That is wot is so concerning about these hacks and malware. Don't
>>> you think?
>>> -Joe
>>> 
>>>> Date: Wed, 18 Feb 2015 10:09:56 -0600
>>>> From: brian at fiberoverethernet.com
>>>> To: cryptoparty-chi at groups.sshchicago.org
>>>> CC: joseph.fuentes at live.com
>>>> Subject: Re: [Crypto-chi] NSA to infect millions and bypass
>>> crypto
>>> 
>>>> 
>>>> There is a key sentence in the article: " [...] targeted
>>> computers and
>>>> to siphon out data from foreign Internet and phone networks."
>>>> 
>>>> You are not the specific target. The NSA is not your enemy. You
>>> don't
>>>> live in a foreign country, or run a foreign network that is used
>>> by
>>>> foreign governments, advocate groups, NGOs, or open source
>>> projects
>>>> intended to safeguard people like the Tor Project.
>>>> 
>>>> Key logging is nothing new. Webcam or Microphone monitoring is
>>> nothing
>>>> new. TAO is nothing new. This article rehashes everything we
>>> already
>>>> know.
>>>> 
>>>> The USG and others are trying to circumvent encryption in so
>>> many ways,
>>>> why you ask? Because strong encryption WORKS and they CAN'T
>>> defeat it.
>>>> 
>>>> -Brian
>>>> 
>>>> 
>>>> On 17-02-2015 23:20, joe fuentes wrote:
>>>>> Hello everyone!
>>>>> 
>>>>> Whilst this isn't surprising to read about the NSA - and its
>>> brit
>>>>> lackey dog, the GCHQ - is up to its old bag of tricks, wot is
>>> a bit
>>>>> disturbing is how it plans to get around crypto by utilizing
>>> implants
>>>>> and enable keylogging, webcam and microphone captures and
>>> other
>>>>> dastardly and diabolical shenanigans. The first part of the
>>> article is
>>>>> standard stuff though very interesting read but pay close
>>> attention to
>>>>> the section beginning with CIRCUMVENTING ENCRYPTION.
>>>>> 
>>>>> Now I pose a question to the group; whilst we use crypto tools
>>> to
>>>>> guard our privacy _how in the heck do we cope with wot these
>>>>> intelligence agencies are doling out as described in this
>>> article
>>>>> _(which wuz based on the Snowden leaks)??
>>>>> 
>>>>> Thoughts?
>>>>> 
>>>>> 
>>> 
>> 
> https://firstlook.org/theintercept/2014/03/12/nsa-plans-infect-millions-computers-malware/
>>> [9]
>>>>> [1]
>>>>> 
>>>>> -Joe
>>>>> 
>>>>> 
>>>>> 
>>>>> Links:
>>>>> ------
>>>>> [1]
>>>>> 
>>> 
>> 
> https://firstlook.org/theintercept/2014/03/12/nsa-plans-infect-millions-computers-malware/
>>> [9]
>>>>> 
>>>>> _______________________________________________
>>>>> cryptoparty-chi mailing list
>>>>> cryptoparty-chi at groups.sshchicago.org
>>>>> http://groups.sshchicago.org/listinfo/cryptoparty-chi [10]
>>> 
>>> _______________________________________________
>>> cryptoparty-chi mailing list
>>> cryptoparty-chi at groups.sshchicago.org
>>> http://groups.sshchicago.org/listinfo/cryptoparty-chi [10]
>> 
>> _______________________________________________
>> cryptoparty-chi mailing list
>> cryptoparty-chi at groups.sshchicago.org
>> http://groups.sshchicago.org/listinfo/cryptoparty-chi [10]
> 
> 
> 
> Links:
> ------
> [1]
> https://blog.bit9.com/2015/02/18/equation-group-report-reveals-something-we-already-knew/
> [2]
> http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html
> [3]
> http://www.pcworld.com/article/2885192/fanny-superworm-likely-the-precursor-to-stuxnet.html
> [4]
> http://arstechnica.com/security/2013/09/nsa-attains-the-holy-grail-of-spying-decodes-vast-swaths-of-internet-traffic/
> [5] https://www.schneier.com/blog/archives/2013/09/surreptitiously.html
> [6] 
> http://www.theregister.co.uk/2013/09/10/torvalds_on_rrrand_nsa_gchq/
> [7]
> http://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance
> [8] 
> http://www.theregister.co.uk/2014/09/19/fbi_overseas_hacking_powers/
> [9]
> https://firstlook.org/theintercept/2014/03/12/nsa-plans-infect-millions-computers-malware/
> [10] http://groups.sshchicago.org/listinfo/cryptoparty-chi
> [11]
> http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
> [12]
> http://blog.cryptographyengineering.com/2015/01/hopefully-last-post-ill-ever-write-on.html
> [13]
> http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
> 
> _______________________________________________
> cryptoparty-chi mailing list
> cryptoparty-chi at groups.sshchicago.org
> http://groups.sshchicago.org/listinfo/cryptoparty-chi

More information about the cryptoparty-chi mailing list