iNSAne

Disclosures about NSA operations have been raining like confetti lately. I will try to list some of them here.

Binney

The first in the recent wave of leakers was William Binney. He was a high rank official within the NSA and maybe the most interesting of all the leakers because he was actually in charge of developing some of the NSA programs that were later abused. The abuses seems to have started during the George W. Bush presidency and when Binney found out he quit his job in protest and have been a harsh critic of these abuses since then, without revealing information that would harm national security. In my book Binney is both the most interesting and the most responsible leaker. A real hero.

In short, the abuses Binney is talking about consist of adapting systems that were originally aimed at spying on foreign nations to spy on Americans. All nations spy on each other, but when a nation starts to spy on its own citizens, even those not suspected of crime, it is a serious abuse of civil rights. The systems Binney talks about in the links above are (mainly) Trailblazer, ThinThread and StellarWind. These are basically previous iterations of the PRISM system, which Snowden later revealed.

Snowden, Snowden, Snowden

He was an IT administrator (contractor) at NSA and had access to a lot of documents. One day he made the decision he could not keep quiet about the abuses going on any more so he copied a lot of documents and went underground. From his hideout he contacted journalists Glenn Greenwald and Laura Poitras who have revealed small parts. But the major part of the documents are still with Snowden. They are also available in three gigantic encrypted blobs. It might be a good idea to download these. If Snowden would disappear the password for decryption will probably be automatically released. The encrypted blobs are appropriately named insurance files.

So far what has been released are details about PRISM (Stellar Wind 2.0, apparently a subprogram of BLARNEY), X-Keyscore, Pinwale, with parent program STORMBREW. These are directed against a domestic American public. A similar umbrella program named OAKSTAR is directed against the rest of the world. Revealed subprograms of OAKSTAR are MONKEYROCKET, directed against Europe, SHIFTINGSHADOW against Afghanistan, ORANGECRUSH unknown, ORANGEBLOSSOM unknown, YACHTSHOP worldwide metadata, SILVERZEPHYR against South America, and two more projects only known by name, BLUEZEPHYR and COBALTFALCON. Another project, FAIRVIEW, is about securing contracts to get access to international cables, routers and switches.

Recently details about two more programs were released. DARKTHUNDER and STEELFLAUTA. These are about TAO, Tailored Access Operations. TAO finds exploitable home computers, servers and devices, stores the information in a database which becomes searchable from within X-Keyscore. TAO have specialized teams for finding weaknesses in systems running Windows, OS X, iOS, Android and Linux.

And yet another release revealed details about how NSA has systematically worked to weaken crypto used worldwide. They tried to get legal support for this during the 1990:s, but were voted down. So NSA went on covertly without legal support. This program runs under the codename BULLRUN. As part of this program NSA also placed covert agents to  infiltrate (among others) NIST, an institute that defines standards used on the Internet. It is unknown exactly which protocols that have been weakened. Suspects are SSH, IPSec, SSL/TLS (used by HTTPS) and some crypto algorithms, mainly public key algorithms (especially those based on Elliptic Curves) and maybe RC4. Many others may be affected. We don’t know. As part of the PRISM program they also have agreements with various providers of popular services (facebook, google, hotmail, dropbox etc). Exactly how the cooperation works is unknown.

Other leakers

mitm

Another leak (not Snowden) recently revealed NSA carries out MITM attacks too (Illustration by Tony Arcieri)

Inspired by Snowden other NSA employees have anonymously revealed more information to various journalists. Cryptography expert Bruce Schneier is coordinating support for new NSA leakers in an effort to find out more about which cryptography standards that are broken. Check out his blog for much more information.

Defense

Nobody knows which cryptosystems to trust anymore and trust is like virginity, you only loose it once. Even if the results of things like MS CryptoAPI and Apple Common Crypto can be verified using open/free software we don’t know what else happens when these functions are run. Swedish crypto expert Joachim Strömbergsson recommends to replace calls to closed crypto libraries with open crypto implementations like NaCL or Sodium. This also works on smartphones. The most widely used one is OpenSSL but unfortunately it is complex and has a history of bugs (probably a result of overly complex code, not deliberatly placed). Bruce Schneier writes it is now up to the engineers to secure things from the ground up, with paranoia hats on.

Links

Advertisements

Om albertveli

Grävande programmerare.
Det här inlägget postades i konspiration, Krypto, Säkerhet. Bokmärk permalänken.

En kommentar till iNSAne

  1. wolfgang skriver:

    I think what you present as ”another leak” (not based on Snowden) is from a story in ‘Fantastico’ which was actually also based on Snowden documents.

Kommentera

Fyll i dina uppgifter nedan eller klicka på en ikon för att logga in:

WordPress.com Logo

Du kommenterar med ditt WordPress.com-konto. Logga ut / Ändra )

Twitter-bild

Du kommenterar med ditt Twitter-konto. Logga ut / Ändra )

Facebook-foto

Du kommenterar med ditt Facebook-konto. Logga ut / Ändra )

Google+ photo

Du kommenterar med ditt Google+-konto. Logga ut / Ändra )

Ansluter till %s