Microsoft and Google to sue over US surveillance requests - Rory Carroll -> theguardian.com/law/2013/aug … ue-us-fisa
Americans Try to Disappear from Internet as Security Anxiety Grows - -> finance.yahoo.com/news/americans … 28239.html
Further revelations about the extent to which NSA/GCHQ have broken and sabotaged existing encryption technologies and set industry wide security standards.
theguardian.com/world/2013/s … s-security
PGP seems the most likely?
Nah, PGP is kind of a sideshow. TLS (ie https) is what they really want.
I suspect that’s also what they mean when they talk about agreements with technology providers – I suspect the implication is that they get copies of root certs from Verisign etc. If so, lots of Very Bad Things are happening.
Can you elaborate ?
The certificate authorities have always been a weak link.
Man in the middle attacks at-will to intercept apparently secure communication?
However, if you set up your own infrastructure/web-of-trust then you may not suffer from this specifically
Fair enough, though I wouldn’t really consider that a “breakthrough”. It’s just business as usual.
Lengthy oversimplifaction follows:
So, much of what’s encrypted on the web is done using SSL – sites that show as “https” in your browser and give you the infamous padlock icon use SSL to enrcrypt traffic between you and them; and also to prove to you that they’re who they say they are (encryption and authentication). Your banking, your email, some Revenue services, Amazon, etc all depend on SSL (more correctly called TLS) to secure their stuff. If the NSA could decrypt SSL on the fly, they could read all your stuff. Even more interesting, they could grab your authentication cookie as it went past and impersonate you later, at their leisure.
So if you’re the NSA, how do you do that? One way is to attack the underlying encryption that SSL uses. They most certainly are trying to do this, but it’s difficult and requires lots of resources. It’s probably not feasible to decrypt all the SSL traffic on a submarine cable in real time. Another way is to attack the implementation of TLS in the browser (your end) or server software (Amazon/Gmail/etc’s end). They almost certainly are trying to do this, but it’s hard to do without being noticed. A vulnerability in a similar protocol was snuck into the NetBSD server operating system some years ago by persons unknown and was undetected for years, but it’s not easy to do.
The “simplest” way is to get copies of the encryption “keys” used by the server. Every SSL connection to a public website is verified using a public/private key pair. If you have the private key, you can pretend to be Gmail, Amazon, AIB, or the Revenue. Why would you want to? Because you sit in the middle of the conversation and pretend to be AIB to mr_anderson’s computer and mr_anderson’s computer to AIB. This is called a man-in-the-middle attack, and is as old as people writing secrets on clay tablets. Again it allows you to intercept the communication and also the session cookie, so you can impersonate mr_anderson later.
So how do you get the private key? You can hack into the server and copy it, but that might be too much work. But there’s another link in the chain that you can attack. If you’re Amazon, you get a 3rd party to “sign” your key, verifying that it’s yours – otherwise I could just pretend to be the Amazon server. There are a dozen or so of these key signing companies operating around the world. Their top-level keys get installed on your computer as part of Internet Explorer/Chrome/Firefox/Safari etc. Your browser explicitly trusts these keys and whatever they have signed (slight crypo oversimplification for clarity).
These “root certificates” and their owners are the weak link I’m talking about. If I control Verisign for example, I can sign any cert I want. I can sign a cert saying I’m google and spy on all your google traffic (assuming I have access to your traffic). In fact, someone hacked into one of the root cert signers recently and issued themselves certs for Google and a few other global companies before someone noticed and revoked the certs. If you’re the NSA, you might be able to compel the signers to do this for you with just a letter, and no hacking or subterfuge at all, let alone million of dollars of kit.
This is not news – there was a huge furore when a Chinese crypto company wanted to become a trusted root and have their cert included with the major browsers – there was a widespread assumption that they would provide fake certs to the Chinese government, allowing them to spy on Chinese citizens’ emails and browsing. Ironically, there wasn’t much discussion that I recall about the dangers of having a US-based root signer…
It would be big news if US intelligence agencies were getting root certs from Verisign.
Correct. But no-one actually does this outside of the enterprise.
Bruce Schneier’s blogs posts and articles are worth reading to get a handle on this story.
NSA surveillance: A guide to staying secure
theguardian.com/world/2013/s … rveillance
News yes, a ‘breakthrough’ no. Intelligence agencies regularly strong arm tech companies. All the time, even, if recent reports are true.
Thanks for the reply Mantissa.
Down the rabbit hole we go.
Substantial piece in the NYT, top story in the print edition.
I’ve always wondered this about public key encryption - the pairs are unique, right? So if you had a sufficiently large database, you could generate all the possible pairs and then you’d have every private key to go with the public key? Or is there a random element that I’m not figuring in to it?
Yes you could calculate every possible key pair thus rendering public key cryptography useless. In the case of a crypto system using 1024 bit keys you’d only have to calculate
It’s a very positive development that the latest revelations are the result of a co-production between the Guardian, the NYT and Pro Publica. Good to see some investigative stuff on the front pages. Also some great coverage from DN
I saw a documentary on quantum encryption recently.
It takes into consideration the wave-particle duality, thus if someone intercepts the message, it changes, alerting the communicators of the interception.
I’m in awe of scientific progress.