For example, they claim Canada is monitoring hockey sites:
> Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation.
But if you look at the actual slide https://i.imgur.com/2GO8H6L.png, it is clearly a fake sample report of what a real one might look like. It even uses the name 'Canukistan' as the country name.
There are 44 slide decks, one of the biggest leaks so far. It will take time to make sense of the noise. And any misinformation from reporting by non-technical journalists doesn't help the cause.
non-technical journalists
Ever heard of a certain Jacob Appelbaum?
However we already knew for a while that the active attacks are being done:
http://www.theguardian.com/technology/2014/dec/07/north-kore...
The active attack can of course obtain enough information to decrypt the traffic automatically afterwards or even record it unencrypted. It appears that's the context of the SSH decryption in the documents.
So, all your sessions are hosed at some point in time. Either now or in the future.
And yes, sensationalize is sometimes necessary to get more folks onboard to work with the documents.
Yes, for now OTR and PGP is fine. There must be a big speculation on future breakthroughs regarding breaking crypto - otherwise they wouldn't build Bluffdale.
Edit: Instead of downvoting, how about taking position?
The present is problematic enough, we don't even need to hypothesize on the future breakages.
1) http://en.wikipedia.org/wiki/Forward_secrecy
"As of December 2014, 20.0% of TLS-enabled websites are configured to use cipher suites that provide forward secrecy to web browsers."
IPSEC is also often configured with the disabled PFS, even if the RFC is from 1998 ( http://tools.ietf.org/html/rfc2412 )
* Revealed: US spy operation that manipulates social media (http://www.theguardian.com/technology/2011/mar/17/us-spy-ope...)
* How Covert Agents Infiltrate The Internet To Manipulate, Deceive, And Destroy Reputations (https://firstlook.org/theintercept/2014/02/24/jtrig-manipula...)
http://www.spiegel.de/media/media-35515.pdf
Did he actually say break?
The United States and allies do use the internet to spread Western culture and ideas, start revolutions, and kindle insurrection.
The United States CIA attempted (and nearly succeeded) in inciting a revolution against Castro by pretending to be a series of grassroots movements on a Twitter-like platform and by inciting anti-administration feelings within the Cuban population. That was earlier this year.
"USAID effort to undermine Cuban government with fake ‘Twitter’ another anti-Castro failure" [1]
The United States has an ongoing effort to use Internet media to 'deradicalize' the next generation of Middle Easterners and actively manipulates public opinions in Jordan, Cairo, Syria and other Middle Eastern states. Here are some quotes from one DoD MINERVA paper:
"...it is imperative that we develop empirically-based procedures for countering messages that promote violent extremism and anti-Western beliefs..."
"...Neural predictors of Twitter impact in Cairo (UCLA & Egypt). Our prior work (Falk et al., 2012), indicates that neural responses of a small group can predict which persuasive messages will be more successful in mass media campaigns..."
"... Defense Group Inc. already tracks Twitter trends specific to Egypt and will identify which of the selected Twitter topics went on to be highly influential over the next month and which did not..." - Matthew Lieberman, UCLA, September 30, 2012, Department of Defense MINERVA Initiative [2]
Here's one US company that does it. MARAYA MEDIA - "Driving Intelligent Dialog". [3]
The United States engages in targeted mass media and social manipulation to stir dissent in target nations, and to quell dissent where destabilization would hurt policy objectives. The DoD's MINERVA project specifically looks to understand the cultural components of stability of various countries and mechanisms to encourage or disrupt that stability. Among a great number of social studies you will find DoD research on how to seed information inside of specific Asian countries, including China, for the targeted introduction of instability. I will leave speculations of possible connections to the Hong Kong protests to the reader. [4] During the Iraq war US officials were known to detain Iraqi journalists and bloggers and force them to write articles in favor of the American efforts or to spread misinformation useful to ongoing campaigns. The CIA purposefully slipped misinformation into American media outlets to fool counterinsurgents who were reading American media (the infamous "Fallujah PysOp").
This should not come as a surprise given the history of the US: The United States and allies are known to target media in other countries to stir dissent. Radio Free Europe, "Voice of Iraq" (cough American), the Lincoln Group infiltrations and partnerships, etc.
But now with global interconnectedness it is easy to set up 'foreign media', blogs and other politicizing content to influence other nations' populations.
In the past decade it has become a global issue.
This year Egypt sentenced Al Jazeera journalists that they believed were partnered with geopolitical interests of other states. Putin's administration is now requiring bloggers to register if they have a certain number of readers, so that his administration can curtail international influence. China blocks many American services including Facebook and Google. The usual story in America is that they are censoring free speech. The truth is that they do not want foreign influence to destabilize their population and that they do not want their citizen's data in America's PRISM program (there's a reason it's called the FISA "Foreign Intelligence Surveillance Act" court).
The Snowden revelations showed us how intelligence agencies are involved in PsyOps - the term for 'psychological operations' used by the CIA and others. The GCHQ's BIRDSONG/BADGER/GATEWAY/SLIPSTREAM/ETC and partnership with the NSA are used to influence online polls, discussion forums and to vote up and down content that aligns with policy goals. [5][6][7] The giant meta-data graph created by the NSA is also particularly valuable for 'influencer' and 'social contagion' analysis (leaks showed they do use it to understand internal chain-of-command and organization structure for target selection). It's why metadata matters. A nice illustration of this is the article "Finding Paul Revere."
And so we have issues here with the use of targeted social influence in America as well. First there are instances where other countries are trying to incite disruption in the US - the US wants to study and curtail it. [8]
A number of journalists have called out that the state has been extremely aggressive to dissenting opinions, even to go so far as labeling current policy on the issue "War on Journalism". American officials have exported a number of journalists with Middle Eastern descent and journalists like Ayman Mohyeldin have been pulled from Gaza and other conflicts when reporting has erred on the side of other state interests. The crackdown on journalism is worth another post I don't have time to write.
Just look at how central a role controlling internet dialog is for running a modern US presidency. A Google search for "Obama internet campaign" [9] results in headlines "How Obama's Internet Campaign Changed Politics", "How Obama won the internet", "Barack Obama and the Facebook Election", "Propelled by Internet, Barack Obama Wins Presidency" - this isn't because of grassroots discussion but because both Obama and McCain (and Romney before him) had cyber centers in control of internet PR engaging tens of millions of dollars in Twitter messages, etc.
You can nudge public opinion by bombarding them with an influx of the same message, slightly disguised in one way and then another. The MINERVA program has plenty of good reading with regard to this. Anyway, the USG does this overseas and, to a limited degree (you decide how limited) presidential campaigns and journalistic partnerships (anyone want me to write a blurb on that...?) have them doing it inside the United States as well.
[1] http://www.washingtonpost.com/lifestyle/style/usaid-effort-t...
[2] http://minerva.dtic.mil/doc/samplewp-Lieberman.pdf
[3] http://www.marayamedia.com/company.php
[4] https://firstlook.org/theintercept/2014/02/24/jtrig-manipula...
[5] https://firstlook.org/theintercept/2014/02/24/jtrig-manipula...
[6] http://www.theguardian.com/commentisfree/cifamerica/2011/jun...
[7] http://www.dailykos.com/story/2011/02/16/945768/-UPDATED-The...
[8] http://www.washingtonpost.com/opinions/truthy-project-is-unw...
[9] https://www.google.com/?q=obama+internet+campaign
Comment reprised from here: https://news.ycombinator.com/item?id=8709976
It's fun to think that we're so important that the US government cares enough to intervene in our political discussions. But we are not, not a single one of us. If pg himself called for open insurrection in his next essay, no one in the NSA would lift an eyebrow or raise a finger. Until this or any community becomes known as a hotbed for muslim extremism or communist agitation we're simply not on the radar in any way. As far as hackernews and reddit are concerned, "shill" is a synonym for "someone who disagrees with me" and always will be.
I agree with the sentiment that this does not imply reddit or hackernews are subject to influence by the United States Government or allies.
I do not agree that the idea is preposterous or laughable. This is because we do know that the NSA infiltrates domestic technical groups as they did with the IETF to affect standards discussions, that they infiltrate activist groups inside the United States to disrupt them, that they are aware of social contagion theory and its usefulness in affecting public opinion, that they have done studies with at least the UCLA on viral messaging for Americans (to compare to, with and against foreign countries), that political campaigns use social targeting techniques without branding and will comment on news articles (to be 'first to post') to color conversation on hot button issues during the races, and that companies with political interests and who share a revolving door with elected office also advertise political discourse online in this way. Thinkst researchers studied how easy it is to manipulate online social conversation, news media outlets and platforms. We know that the GCHQ have JTRIG capabilities to perform internet manipulation and that there are documents from Snowden that specifically mention their use in derailing conversations on online forums. There have been reports of PR firms of private companies astroturfing reddit and others. And we know that HBGary Federal and other cyberoperations contractors for the US Government sell astroturfing services.
What we don't know is that reddit or hackernews are targeted specifically or for domestic purposes by the US Government. We have a few indications that this is done for large media outlets (recently Judith Miller, Ken Dilanian, CNN on Bahrain) in tandem with other leverage like access to officials, exclusive press passes and permission to report at the edges of no-reporting zones. Unfortunately there isn't enough evidence to be conclusive yet about the reddit/HN case as there have not been leaks that speak directly about it, so any debate in this area is bound to be speculation versus speculation.
(But I guess you knew that already.)
Additionally, domestic US propaganda is now legal:
https://www.techdirt.com/articles/20130715/11210223804/anti-...
Further, sock puppetry is an established tactic:
http://www.theguardian.com/technology/2011/mar/17/us-spy-ope...
http://mashable.com/2011/03/17/centcom-social-media-personal...
http://www.fbodaily.com/archive/2010/06-June/24-Jun-2010/FBO...
So the only question is, specifically which sites are targeted and to what ends. If the metadata shows that HN or your favorite sub-reddit has out-sized influence on matters of national concern, then they're probably targeted.
Please don't reprise comments on Hacker News. This is a place for conversation, not boilerplate.
(Just to be clear, your other comments are part of the conversation and are thus fine.)
But the moment he breathed SSH, pretty much all of IRC and the whole Saal 1 could not think of anything else. Everyone and their brother wanted to know what to use instead of SSH now that it's broken. It was a bit of panic in the air.
My suggestion is to go to the leaked slide and make your own conclusions. There are among the most credible people we have behind openssh and the crypto primitives are used in a very straightforward way.
Do I take the ssh claim seriously? Do I just pretend the hockey monitoring paragraph isn't there?
Perhaps I should read the source for myself. http://www.spiegel.de/media/media-35515.pdf
Alas, there's very little in the way of detail. There's exactly one slide (19) dedicated to ssh, which says it can "potentially recover usernames and passwords." That would adequately describe a simple mitm attack where somebody either accepts an unknown server key or uses a client that doesn't even check (e.g. Prompt for iOS). Slides 35 and 36 mention ssh and decryption, but it sounds like they're talking about further processing after decryption. How is that decryption being done?
https://www.imperialviolet.org/2013/06/27/botchingpfs.html
"I'm not aware of any open source servers that support anything like that."
The article is from June 2013, has anything changed since?
https://firstlook.org/theintercept/2014/12/13/belgacom-hack-...
Active attacks allow access to the keys, and once the attackers have the keys, unless the PFS is properly used, the old captured streams are readable. But often it's even easier to read the documents on the attacked machine directly.
Still, all this was known before the material we comment now. Which doesn't mean we should let PFS remain unused or wrongly used as it is now and that we shouldn't try to protect us from the active attacks.
If we worry about the decryption of our SSH traffic, do we properly use PFS? What do we do to prevent or detect active attacks?
Shutting down opposing dissent usually means that all your press is now only good as toilet paper (like the Pravda in Cuba)
"inciting anti-administration feelings within the Cuban population"
So, the population love the Castro administration then? And whoever opposes is an US shill, sure...
From the Spiegel article: "Electronic codebooks, such as the Advanced Encryption Standard, are both widely used and difficult to attack cryptanalytically. The NSA has only a handful of in-house techniques. The TUNDRA project investigated a potentially new technique -- the Tau statistic -- to determine its usefulness in codebook analysis."
Of course, all we have is a probably - this selection of documents is not anywhere near as comprehensive as we'd perhaps like here. We're having to fill in the blanks - and there's too many blanks to fill in clearly. There seems to be relatively little in this leak from NSA's PICARESQUE/PIEDMONT, or GCHQ's STRAP3 (which covers specific operational details: purely by way of hypothetical example :-), where individual full-take feed taps actually are in Telehouse North, or specific details about SIGINT enabling via the Cavium Nitrox chips), sadly. Alternative ideas (or leaks!) are welcomed.
Recent versions of OpenSSH have using some non-NIST primitives from djb, including Curve25519-SHA256 key exchange, Ed25519 keys and ChaCha20-Poly1305 transports. I am quite confident neither NSA nor GCHQ have any good cryptanalytic attacks against those primitives.
There is mention of some exploitation against finite-field Diffie-Hellman in TLS (PHOENIX). That lacks context, however, and we can only guess about what's missing. One possibility is it's an active attack which tricks the peers into agreeing keys over an unsafe field (TLS 1.2 has no way to date for peers to suggest or agree on lists of named fields; however, the recent ffdhe draft does provide one) - however active attacks don't really fit the context under discussion in the slides. The TLS Working Group at IETF is currently discussing this, and a suggestion's been made to remove the old finite-field DHE transports due to their poor performance and apparent vulnerability, replacing them with ECDHE over secp256r1 (a NIST curve), and quite possibly in the near future X25519 over Curve25519 (a non-NIST curve). I don't know how that's going to resolve yet.
Removing DHE is a mistake. The discrete log in prime fields is fine---as fine as RSA is, anyway---and it's a handy PFS backup in the (unlikely) case deployed elliptic curves turn out to be significantly wounded.
Your first sentence seems to me like an excellent reason to remove DHE altogether from TLS 1.3, considering those servers do not support, and presumably may never support, (the draft) Finite Field DHE parameter negotiation.
Discrete log in prime fields does have the index calculus problem; it won't keep being good forever, and the performance gets worse. I'm banking on having enough different backup between ECDHE over secp256r1 and X25519 over Curve25519 that any elliptic curve difficulty won't be a problem.
The latter half of AGL's post is about systems security, not (really) the cryptographic security of TLS. It's about things you can do that would make NSA owning up your servers a greater or lesser threat to previously encrypted TLS sessions.
Index calculus. Over prime fields it has seen essentially no major progress (beyond small complexity tweaks, some of which are useful) since 1992 with the number field sieve. Index calculus also exists for elliptic curves, under some conditions: once again, over prime fields things seem fine (modulo MOV, anomalous, etc curves). I suspect we will also have to drop RSA if the index calculus for prime field discrete logs ever improves significantly. Likewise, some efficient attack against P-256 or curve25519 has a good chance to eliminate most or all curves in that size range.
"Incredibly costly" + "I don't see how they would benefit" is only an effective argument against individuals and businesses whose continued existence depends on not wasting money. The state runs on taxes and executive orders.
You may not realize that one of the non-publicized goals of recent executive administrations has been to keep the official unemployment rate of war veterans low enough that it stays out of the public consciousness. This has been accomplished in large part by steering them into make-work jobs with strict citizenship or clearance requirements along with hiring preference points for military service.
The government probably does not care to intervene in our nerd talk, but it can afford to, and if that provides a minor political benefit beyond sticking loyalists in dubious, relatively-high-paying desk jobs, then so be it. If I were to attempt to promote state interests with respect to encryption and network security, HN is certainly one of the sites I would pay my subordinates to read and influence.
Don't assume that just because you think it is stupid and pointless, no one is actually doing it. That doesn't mean that anyone is, but you can't realistically argue that everyone is not.
And: http://blog.erratasec.com/2014/12/that-spiegel-nsa-story-is-...
Which isn't to say the NSA isn't legitimately participating in IETF and taking such notes ... but that codenames can be taken out of context. ;-)
