Q: Is it possible to put security in place to protect against state surveillance?
A: "You are not even aware of what is possible. The extent of their capabilities is horrifying. We can plant bugs in machines. Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place."
(from http://www.guardian.co.uk/world/2013/jun/09/nsa-whistleblowe...)
I've been finding HN to be a hub for all the facets, ideas, and fallout from this news. And the snowball of issues (privacy, gov't, business, foreign relations, internationl trade, future of the internet) is worrying to me. But what if it were suddenly gone?
And just as I had that thought, I started getting errors reloading this thread and the main page. Maybe HN is straining at the traffic, but what if some of that traffic came from somewhere else or some server was remotely hobbled? What if your ISP had "disruptions" of traffic to _your_ IP addres, or your 3G/4G became spotty?
Imagine if someone with total knowledge could track the spread of keywords through networks (physical and social) and then enable "slow-downs" to keep the level of spreading below a critical threshhold? If I didn't see all the articles subitted to HN or didn't have time to read them all because the servers crashed, then I might not be so alarmed at the situation.
We in the US and other European nations go on happily enjoying freedom to access all this information, unlike many countries, but would we know if or when we couldn't anymore?
Coincidence or not: when I tried to submit this, I got a message saying "Oops, our bad. If you see this a lot, shoot us an email at info@ycombinator.com. Be sure to tell us your IP. Sorry, news.ycombinator.com is currently unavailable. Please try again soon." Maybe I need to take some keywords out of the text...
My grandmother said that this was the most terrifying part of living in the Soviet Union. Since most of my grandparents were high up military (doctors, not soldiers), aerospace research, and medicine in the Soviet Union, they saw the reality of the USSR with a lot less propaganda. When they went back home or visited family in other parts of the country, they would immediately enter into a surreal world where the reality described by propaganda was starkly different from the reality they had experienced.
What's even more terrifying is that by nature of their isolation from international news sources and dependence on TV, most of America already lives in roughly this reality. The world as they see it is shaped by television.
The question is what he meant by "We can plant bugs in machines."
Did they figure out how to tap complicated SSL? Is it hardware based? He gave no hints but could have easily.
Instead it's this blanket statement that's supposed to imply that all encryption is pointless.
A: "The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards."
Specifically the part about 'all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards'. Does that not imply they have found a weakness in TLS/SSL? Once the information is transmitted (say my Facebook password) to an https endpoint it is already encrypted, no? So them 'sniffing'/intercepting the packets would do no good, unless they could decrypt them.
His goal wasn't to tear down the NSA, but to reveal what they've been up to domestically.
In the first stage everybody's data is run through, let's call it, pattern matching, to narrow down a very specific number of cases that have the highest likelihood of doing, having done or planning "something".
In the second stage, you might apply more resources to gather more data from your suspects, for example, by planting bugs.
But if you avoid triggering suspicion in the first stage, you don't have to worry about their capabilities, you're just not on their radar.
You might then argue that anyone encrypting their chats would then raise suspicion. Ultimately, such organisations have a finite limit of human resources to apply, certainly not enough to deal with any wide-spread usage.
If this were to happen, think from those organisations point of view. They need to stop it and can't scale to deal with every single case. You'll then find that encrypting your chat becomes against Google's T&C, because someone lent on them. And round it all goes.
I've long thought that NSA and CIA would be buyers of access to botnets with backdoor access to people's machines in the US and abroad. You can buy surreptitious installs of your own malware from other malware providers very cheaply - usually under $1. $300 million and you have the whole US covered. It wouldn't surprise me a bit if there is a budget for this, with agents actively interacting on forums, buying (and supporting) certain areas of the cybercrime economy.
They can literally plant a worm or virus anywhere they want, because humans make mistakes. Heck, imagine they have hacked into the Windows auto-updater somehow and your own computer downloads and installs software on the first Tuesday every month without you even doing anything.
[1] http://www.news.com.au/technology/cia-suspected-for-super-we...
IMHO he was referring to some backdoor in software. How about a nice ubiquitous piece of software? Windows? JVM?
Imagine what one rogue NSA employee can do with that kind of backdoor access.
So ENCRYPT EVERYTHING, and don't believe this propaganda. If your hardware has a backdoor, you're fucked no matter what, but businesses are fucked much much more.
One of the best things you can do to improve your OPSEC is to stop believing in meaningless panaceas like "ENCRYPT EVERYTHING". There are many weak points in cryptosystems beyond the algorithms (key generation, management, and distribution famously come to mind), and many weak points in data security systems beyond cryptography.
Spouting meaningless catchphrases doesn't help anyone.
If that's the case, then this implementation is vulnerable to a variety of attacks.
Better idea: Just make a plugin that uses OTR[0]. Don't try to roll your own crypto, especially when you are up against people who know what they are doing. [0] http://www.cypherpunks.ca/otr/
The encrypted text produced by this has a distinct signature - all message will contain "U2FsdG". Here's how we break this if you're Google/can force Google to do stuff:
1) Detect messages containing that OpenSSL 'magic number'
2) If detected, push something like this:
// Should check to see if GibberishAES exists to avoid errors if it doesn't...
// Grab target function as a string
var keycode = '' + GibberishAES.openSSLKey;
// Inject something evil
keycode = keycode.replace('key = result.slice(0, 4 * Nk);','key = result.slice(0, 4 * Nk); for (var pos = 1; pos < 4 * Nk; pos++) { result[pos] = 0; };');
keycode = 'EvilGibberish = {}; EvilGibberish.openSSLKey = ' + keycode;
// Execute the modified code to generate the new object
eval(keycode);
// Replace the 'good' keygen routine with the 'evil' one
GibberishAES.openSSLKey = EvilGibberish.openSSLKey;
Note that this is based on something I wrote for a CTF, and I haven't tested it specifically against GibberishAES, but the technique works.
It was designed to interop with OpenSSL's default command line AES crypto, which has some weak points, mostly around the IV selection.
That being said, the biggest weakness will always be that it's running in the browser and open to injection attacks.
But while I think there's definitely better crypto chat solutions out there, it's nice to see people taking an interest in the subject. And let's not kid ourselves, the vast majority of NSA data collection is probably less about sophisticated encryption attacks, and more about the clever application of political/police powers.
The Matasano crypto challenges seem to be popular lately. That would be a decent place to start.
You are on the tip of the greatest problem with modern cryptography, which is that there is no real way for widespread confidentiality to be created without trusting a third party such as a CA. But once you trust a CA, then you become vulnerable to the backdoors available through the CA community (not just one CA.)
Personally, I'm hoping for a bitcoin-like protocol (such as namecoin) to create a peer-to-peer trust network for distributing public keys.
PKI is only useful when the root are truly trusted and tightly controlled (or even supervised with highly transparent audit programs). The current generation of Internet CAs don't even come close - they are not trusted by anyone except themselves, and they sure are willing to take your money if it'll make you feel better!
So, I guess, it's a bit more than nobody.
I can explain my girlfriend and brother how to enable and configure OTR. I would have a hard time getting them to execute the instructions for this addon.
1. Google is removing XMPP as protocol http://www.zdnet.com/google-moves-away-from-the-xmpp-open-me...
2. On the other hand, however, duckduck is giving us some alternatives https://duck.co/topic/duckduckgo-s-new-public-xmpp-jabber-se...
Public key cryptography is great for this, because it means if you match one person to a key, you've then reliably matched every message they sent and have fairly strong proof it's the same person.
(Also: Pascal?! I guess I can't complain -- I'm just glad this exists :)
But, this would make "intercepts" far more difficult, now, wouldn't it ...
Yup, Google is doubtless completely in cahoots with the NSA.
... Really? Is that what you are thinking? Apply some rational thinking here. It's simpler than that. Google advertises to you based on the contents of your email. It is not in Google's interests to prevent themselves from being able to read your email, and if they can read it so can the NSA.
The implementation I'm referring to doesn't preclude Gmail from reading emails it has of yours. It just means that only Gmail can read them, because only Gmail has your private key, a private key that's associated with two-factor authentication, and a private key you could optionally use elsewhere, too.
The whole problem with PGP is that it's not worth learning to use because it depends necessarily on network effects. If Gmail deployed it, the network effects problem would immediately disappear. At first it would only work within the online webclient, obviously, and enabling it would have big consequences for how/whether client-based access (IMAP and POP) worked.
And, if you want to be really sure, what's on a computer with no radio protected by an airgap into which you never insert removable media....
Some interesting related reading on the XMPP with Raspberry Pi:
[1] http://russelldavis.org/2013/01/18/setting-up-prosody-on-the...
[2] http://oskarhane.com/make-your-raspberry-pis-and-other-serve...
Also, it sucks that this AES plugin for gmail uses greasemonkey. There are a bunch of exploits abusing greasemonkey really.
For iOS, you could try ChatSecure: http://chrisballinger.info/apps/chatsecure/
If you want to use the same key on both clients (which carries some additional risks if, say, your phone gets stolen, given that key is stored in plaintext) you may find the Guardian Project's documentation of different OTR key file formats useful: https://github.com/guardianproject/otrfileconverter