AGAH : ‘Defeated our tools’?
CIO : More broken our agencies and defeated our tools. Intelligence has traffic analysis, traffic content, background material and informants to use to understand who, what, where, when. The patriots changed their problem very cleverly, added a very nice new combination of technologies to cell phones, and have cost us sleep ever since. They exploited the strengths of their loose, distributed organization, with the strengths of their local social ties, a natural cell structure. And they identified the weaknesses in our organizations and overloaded them. The longer that goes on, the less sleep we get. Those of us that are still here.
The situation : First, we are no longer breaking much of their traffic, even tho most of it is ultimately breakable. At least real traffic, we waste a lot of time on fake files of some kind. Whoever figured out that using AES and the other standard crypto schemes was to our advantage, even though they are uncrackable, was clever. Snowden gave the game away with his “Assume your adversary is capable of one trillion guesses per second“.*
Probably breakable : infinite precision integer arithmetic and really big integers make it hard to break even dumb algorithms unless you have enough large messages with the same passwords. They have those courier groups, so change both codes and passwords a lot, pair to pair, so we don’t take much traffic, mostly.
But they send those enormous big BS ‘secret government documents’, or stuff out of some cache of hacker’s piratings, or even just Wikileaks and the other such sites. And we spend manhours extracting it and evaluating it, all crap.
They tend to arrive at the end of shifts. Every now and then, we get some genuine info, almost always too late to be useful, but real, checkable. So we keep doing it.
The patriots obsoleted our hardware by going to their own oh-so-breakable (with effort) crypto systems, and we can’t throw enough crypto people and computers at the problem. Especially the layering, encrypting encrypted files, random number files, and random number files generated by their home-grown PRNGs, which are just bad enough to convince us it is one of their lousy encryption systems. Real hard to know when you are done, when you should quit.
But worse is the output of their bull-shit generators. They keep adding new classes of gov documents, enough so they can do 5-deep Markov chains, so those are getting good enough that our analysts can take them seriously for a bit, when tired at the end of a shift, at least. If anyone has worked on them, changed awkwards words, fixed usage and meaning, they fool analysts at the beginning of the shift, and for longer. They burn up analyst time, overtime is a problem.
Every time another one of their ‘Gestapo is inside our systems’ waves of paranoia sweeps through the ‘Tall Tale Clubs’, as they call themselves, they change everything, swap burner phones, new crypto systems, new passwords, new pseudonyms, new shared code lists for every pair of communicants. That sometimes takes them 2-3 weeks, versioning everything keeps it all together. Then we get to break the new ciphers, learn all the new passwords, program the decrypt systems. Overtime is a problem.
The problem keeps getting worse, their continuous contests for new ‘just barely breakable’ inventive ways of doing crypto are harder all the time. They write programs to write new variations of crypto programs so every pair of people can run their own if they would like. Big streams into the decrypt mill, damn little out.
AGAH : So we lost the traffic, what about signals analysis?
CIO : The computer side is the easiest, and we don’t get much. They developed hardware and software using Kickstarter that NSA can’t break into. Shocking to NSA how easy it was to avoid all the backdoors they put into hardware, BIOSes and the many components of a modern OS. Of course, the designs and components were immediately adopted by everyone, and NSA has a lower ‘effective take’ every quarter.
Upside was that US computer and communications companies have revived largely based on those designs and software. Their ties to the gov prevented them from doing the obvious previously. Proud to say I contributed to a couple of those, and profited on trading on the knowledge of how they were doing.
But they run everything in the overlay network, all we see is encrypted links riding on a TCP transport layer. We can estimate the amount of usage, maybe, but it is a big virtual network, pieces move around easily. Also still getting organized, expanding at a hell of a rate as people escape government monitoring as much as possible and access higher quality and lower cost goods. Easy when you don’t have large tax bills, they say.
AGAH : Chuck, what is the state of their burner phone network? That is the thing the ops teams worry about. They say nobody can move anywhere in patriot country without a lot of burner phones coming alive, sending a text message, going silent again. Government cars are identified immediately, as is any car that has ever driven into one of our parking lots. Any time a new person shows up in a patriot town, their picture goes up on a patriot web site welcoming them, and then we see a lot of activity against the web sites with the pictures of people entering and leaving gov buildings. Telescope manufacturer’s stock is doing well.
CIO : Yes, and then the person is gradually checked out and everyone gradually warms up real friendly, or not and people don’t talk much around them. The only stuff that is kept is the tags and times of cars in and out of gov buildings and photos, where those are available. So few feel that their privacy has been violated, rather that the patriots are working to improve life, not setting up a totalitarian regime. The penalties for having or using data not your own without permission are serious : they won’t do business with you. You broke a user agreement, and so are cast back into the dishonest world again.
Funny to listen to their gossip : it is all about the new people in town, just like small towns always. But now it is cross-checking every fact found out about them. Then it is back to normal stuff, but the analysts have to say, there aren’t so many critical things said in the patriot groups. They have self-selected a good group. We predict a class hierarchy as this continues, completely independently of meat-space. It will change the way people act out here, we think.
Burner phones. Yes, their burner phone network was a clever invention : they made their phones into an overlay network to route text messages and run that overlay net routing in an overlay net on TCP/IP. More Kickstarter projects. More open-source + Kickstart technology development. Even worse, there are 5 major lines of evolution, with gateways translating formats and terms, one to another. They love the additional complexity, more faux-expertise for the gurus in the Tall Tale Clubs to be serious about, more noise for us.
Their randomly-swapping cell phones and only using text messages broke the connection between individual and telephone number. If they had gone on calling other cell phones, always an option of course, we would nevertheless had some idea of connections between individuals. But the text messages all go to the same phone number, and so have the addressee in the text, can use source routing, elaborate codes, … We can read that text message as it moves over the telco’s circuits, no problem. But almost all of the addresses are ‘position@group ‘, and the actual person is hidden behind one of every member’s pseudonyms, of which they keep a good supply.
That level of routing, the actual sending of a text to a cell phone, or email to an account, only happens at the last step, in his group’s router. In between, the source route can have names interpreted to control the processing and/or forwarding.. Those routers are run independently, can provide any services the operators want. So someone sends a text message to a phone number that turns it into an email message, and sometime later, randomly later, a text message is delivered. That gives us a set of possible sender->receiver pairs. Another message with the same caller and routing, if the same receiver phone # is in the list, it identifies a link. Progress in traffic analysis!
But, as soon as we get a few of those, they switch burner phones with one-another again. We get cell tower data, it gives us a good lat/long for pairs of communicators, so we see how many of these guys there are. Maybe. There is nothing to prevent them from having more than one burner phone. Most of those are turned off most of the time, and the swapping means finding phone pairs that are never turned on at the same time doesn’t help. We get weak connection data from the movement of cell phones in space, but it isn’t much of a lead on anything.
AGAH : One of the people at the Director’s last briefing was raving about the ‘Lady Gengi’ routing. What is that?
CIO : ‘Lady Gengi‘ naming was a clever security measure, but not blindingly brilliant. The literary reference is to ‘Tales of Genji’, which is hard to read because every individual is referred to obliquely, private information shared by speakers conveying meaning by the choice of reference. It is nothing more than the latest bit of a software-defined network, doing at a router level what the switches do routinely. Once they decided on source routing, anyone can send a message to their own router, which can do with the message what it will. It can know actual current cell numbers as well as the cell’s router. I guess the big thing is putting meaning in names, allowing them to determine the handling of the message, allowing any group to do that for its own unique names going through it. So individuals can decide ahead of time what names they will use to convey particular situations, and the urgency of delivering the messages attached. It is just multi-protocol Label Switching ideas from one point of view. AI blackboards, interpreting URLs in a web browser, there are probably dozens of lines of tech that do some piece of that.
So overall, technically, the patriot burner net is an overlay network on cell phones using texts as transport. It is organized as local routing domain which translates destination names into cell phone numbers for the last-link. This is the router that keeps track of the actual cell phone number associated with the individual, allowing swapping phones often without changing message flow. Inter-domain traffic is routed as direct encrypted links between routers or via email. Source routing, Lady Gengi naming and multiple ordinary pseudonyms and code-books unique between individual are used, all simple techs combined to give us a very hard problem.
They turned the assumptions upside down : distribution of codes and passwords used to be hard and dangerous. They made it easy with their Kiki’s groups. Keeping track of phone numbers was a big deal. Now they only need to check it once, when they randomly swap phones, then tell one person, the cell router. People were crazy about the encryption algorithm being unbreakable, they decided barely breakable was better. Then honesty combined with tall tales as performance art defeated informants.
“What box thinking”, they call it. That is the cell structure America is constructing for itself. A parallel universe where we are not, and are not wanted.
AGAH : I think I want you to talk to the director before you leave. But let me think on that, so hard to know where he is coming from on a given day, what arguments will move him in non-cliff directions.
*Once you have that fact, anyone could understand what the game was, what kind of hardware was needed to make usefully-many attempts happen on any particular number of files per day. 1T is 40 bits is 1×10**12 is a big number, but AES keyspace is 256 bits, about 77 decimal digits. 10**77 / 10**12 = 10**65, a very large number, quite unimaginable. The age of the universe in seconds is only 18 digits. Therefore, the keyspace that can be searched at the rate of 1 trillion keys a second with any hope of finding a match must be a keyspace limited by the imagination of people. ‘admin’, ‘1234’, … and all the clever variants on dictionary words, names, cities, states, sports and cinema stars, … NSA sweeps passwords and phrases every day, adds them to the list — that is why Snowdon insisted that Poitras never have used it on the network. Every one will have been transformed into a proper key for each of the crypto systems using each of the standard hash functions. Those are what are fed into the hardware for the ‘1 trillion attempts per second’. NSA doesn’t give out info, but we know hardware and have all heard bits and pieces. To do computation at that speed requires pipelines of operations. FPGAs would have been used during the development. FPGAs have not increased their clock rates much, so NSA must use full-custom asics, which means hardware with a long lead time and big fixed cost. There are about 400,000 words in the English dictionary. There are maybe a million names of people and places. Round up and assume the same number for 50 languages, we are only up to 100M. Make 10,000 variants of each of those, and we have a trillion passwords, 1 seconds worth.
Added later : pretty clear that the CIA’s money is behind continuing TOR work, so I would not trust it by itself, although the fact that the FBI had to hire Carnegie-Mellon’s CS dept to ID some users in child porn and other cases means it isn’t easy.
Maybe, the CIA doesn’t tell the FBI everything, and who knows the reality of that? If you are going to use it, add a layer of encryption to protect your communications and as many additional indirections as possible to hide your identity. E.g. only a VPN in Tails from a different coffee shop every day, always through a secure VPN or two before you get onto TOR.