NSA’s Fatal Mistake

I am annoyed at the feeble thinking publicly applied to the issue of computer security.

Except for the NSA. Every time I understand a bit more about this, I understand why the NSA is on the offence, never much bothered with defense.  That was clear thinking wrt budget and power.

I think that they could have done a lot more good with a lot less budget and effort had they worked on tools for protecting systems.  That would not have garnered the power and budget, of course, but copying all of the world’s electronic communications has a serious downside in that they will soon to lose access to anything as a direct result.

What do we know?

  • Perimeter defense, e.g. firewall or security proxy isn’t the answer.

No matter how sophisticated the firewall, you have to let messages through in both directions.  Firewalls cannot know much about payloads, and security-oriented proxies are expensive in money and compute resources and latency.  By extension, no inspection of packets on the network can be complete protection.

  • Any message can be an attack vector.

If a hacking team can get a message onto your system, they can attack it.  Any file you download, lying there for years, can still attack when you open it.  Any web page that downloads a file or executes a script is exposed to attack.

Attacks deliver a program and execute it at user level.  Such a program can perhaps find a way to root via a bug in another program or a configuration error.  It can always cooperate with an outsider to assist in other attacks.

  • Attacks are ‘exploits’ of bugs in programs or configurations of programs and systems.

There are many types of bugs in programs, and many types of attacks against them, with more of both found all the time.  Not every bug is exploitable, nor is every configuration error, but all are opportunities to invent something new.

  • 0-Day exploits are gold

Exploits have a half-life that begins the first time they are used. Most exploits are discovered as they are used.  That triggers fixing anti-virus and other security checks to look for key items in that vector and block the processing of that message, as well as patches to correct the bug.

A 0-day exploit is one that has never been used and therefore has the longest probable useful life.  These are the ones that the hacker and intelligence organizations search out or buy, then hoard to be used on their priority targets via their automated hacking tools.

Added later : an excellent view of the issues.

  • Any system processing messages from other systems is vulnerable

Every application has bugs.  If those bugs are exploitable, they will eventually be found and used.  It is often easy to identify the exact version of applications, so the exploit knows exactly what exploits can be employed.  Otherwise the attacking program tries its exploits in order, one will work.

  • 0-day exploits will always be available.

Software increases in complexity with every release and bug fix.  Complexity is bugs.  Bugs are exploits.  New exploits are valuable, many people make good livings finding them.

Thus, your systems will all be vulnerable to someone else’s program trying to collect information from them and send it home.  Your system’s only defense is to look for anomalies as that happens.

From NSA’s POV, given that, there was no upside to pursuing defense.  Many companies make security products.  NSA can crack codes and gather signals intelligence.  That is much sexier, more interesting and budget-producing, than protecting OMB’s databases.  It also works against governments’ standard procedures and unaware corporations and individuals.  Their information is not useless, governments and individuals can always find ways to extract value from free resources.

NSA has some top talent.  If they had devoted even a portion of it to increasing security tools’ capabilities it could have been a huge payoff, and they might have been able to put off what is about to happen to them.

NSA Will Soon Collect Nada. Zilch.  Nothing.  What did they expect?  Snowden was inevitable.  People were going to know about their spying sooner or later, and either figure out or be told how, in detail.

Did they believe their philosopher, who thinks “NSA is knowing everything about me is better for me”?  We didn’t. More Snowdens are inevitable, and NSA’s secrets will continue to leak away.

A significant part of the technical world interested in these matters was and is really annoyed.  Generally, we annoyed believe civilization cannot continue with such surveillance, that it is an invitation to a totalitarian government, an automated surveillance state with authoritarian enforcement, probably gulags.

Many technical people have been concerned about the surveillance, we knew about the NSA’s copying fiber optic lines in the San Francisco AT&T office for years.  Cryptography, secure computing, network security have been hot topics in computer science for 30 years, a lot of good minds have applied their thinking to the issues.  NSA has people who understand all of that.

What every technical person understands is that there is no way to ensure anyone can break a code, no way to prevent anonymity, no way to prevent attacks, no way to trace attacks back to their source, and no way to prevent attacks from being effective.  Not ever, that is built into reality.  There is no possible way that a computer network can be managed to ensure security of the information any program requires in processing, you can only make it more probably secure against hackers.  But you can make your information in transit 100% secure, and information that is not being processed 100% secure.

First, the crypto.  Current codes are unbreakable, which is why NSA wants you to use a small subset of them.  If you do, they can attack the password : people aren’t good at passwords, and NSA can apply 1 trillion passwords a second to your document via their high performance decryption hardware.  Do you have the slightest idea how pitiful your imagination is compared to 1 trillion?  1 trillion is 10,000 variations of each item in all dictionary words and all the place names and all scientific and technical terms and jargon and all the scraps of poetry people remember and use in their passwords for each of ~25 languages.  It might take 10 seconds to cover the world’s 250 major languages.  Clever passwords likely aren’t.

QED : NSA cannot read traffic or encrypted storage contents if sender and receiver manage their network and cryptographic security well.  Doing that is discipline and detail, much of which can be automated.

Next, that encrypted traffic can be a network protocol.  Network protocols allow computers to support people exchanging information. When network protocols run on top of another network protocol, in this case the TCP/Internet Protocol, it is called an overlay network.  Distributed networks are designed to be resilient, with peer-to-peer ad hock organization of a mesh network a common design.  The designs keep the location of nodes private in the design of identifiers and routing. These allow a server to come alive, find overlay network peers and establish a trust relationship.  They can be private dark nets, you have to be invited to join, yet can themselves link to a public component of the overlay.  Even when an distributed overlay gateways to the underlying TCP/IP network, everyone inside the overlay is anonymous to anyone on the TCP/IP side, by design.  Just like Tor, but more of the processing and storage will be done in that overlay net, never need touch a bare TCP network link.

Because NSA has frightened people with the extent of their intrusion into our private lives, everyone is beginning to use encryption for everything.  File systems are encrypted, chats are encrypted, email, our web browsing ditto.  File systems that only decrypt information as it is being processed and only for listed programs exist.  NSA can only break those if we use bad passwords and the ‘approved’ encryption methods.  More and more systems do not allow bad passwords and there is no end to unbreakable crypto.  People are also beginning to use overlay networks, Tor being the first.  Overlay networks don’t have the problem of bad passwords, NSA sees nothing inside them.  NSA sees none of their files, as those are often also distributed and encrypted.

Avoiding NSA’s surveillance is also happening in telephony.  WiFi is becoming the alternative to AT&T and the other carriers, the reason they are opposing Google’s public WiFi networks.  WiFi can use better crypto and hide meta-data and content much more effectively than the older technologies.

Overlay networks don’t entirely prevent attacks, as messages will still transit from the base TCP/IP network into the overlay.  But they greatly complicate the attacker’s problem.  Added to the other tools and methods of ‘sandboxing’ processes that deal with messages from the outside, attacker’s ROI will drop.  NSA’s real motive is people control and their insider information investment portfolios.  That ROI is about to fall also.

Thus, NSA’s collection of secrets is about to end.  Peak Secrets is nigh and the end of the power that fresh secrets gave them.

Too bad for NSA.  They will manage to cover it all up for a few years and their store of secrets guarantee they will never disappear, but their technical people will soon understand this and abandon them.  Too bad for us. Don’t hire those people, they do not have values that can fit into the civilization I want to be part of.

NSA has failed as do all centralized organizations.  They adopted a simple measure, followed a slogan ‘Collect It All’.  Believing they could weather any public opinion (they can, remember the Church Committee?  and notice how nothing has changed in the law or their behavior since Snowden?) they ignored the power of their own technical success, as applied by us here in the outside, applying our distributed talents to their defeat.  Centralized doesn’t win evolutionary arms races.

NSA is toast.

———

With NSA, you should at least double-think, triple-think is better, if you can.  NSA has smart people, assume that if it can be done technically, they can do it.  Even some things you might not think are feasible, money works magic.

If they had control of semiconductor design software vendors like Mentor or Cadence or possibly of mask makers in the semi industry, they could put registers and microcode in the major processors and communications chips.  Maybe could slip in some in-band data links, but if they can get the software needed to make those work, the attacker doesn’t need the hardware, and otoh microcode and ROM firmware for an 8502 is small fractions of a square mm.  Combine those with a BIOS  that implements an inband spy on data traffic.  Also, I believe radios only require a square mm of silicon now, plastic packages on chips don’t stop radio waves.  There were also chips that NSA would install on Cisco’s hardware, for example, that would give them access to the system.

But engineers find that stuff and it makes headlines.  So it will take a few years to work through all of that and cut NSA off entirely, but it is inevitable they lose almost everything from communications.  Hacking systems will get harder, even much harder as overlays are adopted.  Physical surveillance via small mobile spying machines managed by an AI is future tech, probably NSA won’t last that long.

However, my frequent Lebowski Enlightenments now include the thought that I probably wasn’t first to think this through, and the FBI and local sheriffs are pushing hard for laws mandating backdoors in software and hardware.

Doesn’t matter.  The FBI and sheriffs are centrally directed.  Centralized loses evolutionary arms races.

The only distributed part of that world is the independent hackers.  The next stage of that arms race will have wealthy cyber criminals funding teams to develop automatic exploit-finding tools.  NSA did the first round, automatic execution of exploits in a wide variety of environments.  So the NSA will hire the attackers, as they already biy 0-Day exploits from them.  OTOH, I find it easy to be skeptical of such a tool.  There are many companies making tools for finding bugs in software.  If you got control of them, you could have a traffic in 0Day tool bugs.   My brain starts hurting at this point, but I think the density of bugs will decrease in most software exposed to the network.  Never will be zero.

Added later.  Anything NSA can figure out, the rest of the world gets to sooner or later. and NSA’s take goes inevitably to zero.

More added later : this says there are no secure cell phones because of the hardware architecture combined with the complexity of the baseband chip running the radio interface.  Those include a processor and firmware.  Firmware is software in a ROM, and software has bugs.

This adds to that the problem of bugs, and somewhere I can’t find now, I read about low-level mechanisms that developers inside Apple use for debugging which are present in delivered systems.  Also, the claim that Apple, MS, and all other such large organizations work closely with NSA in exposing their systems.  We know that to be true for MS, strongly suspect it for Google.

And as I was saying, the list of leaks and spills and steals of data since I put this up 9 months ago, would fill another article this long.  This is the latest on the hidden trillions in offshort and hidden accounts.

This, a database for an entire country, the Phillipines.

Added later.  Told them the tech world was annoyed and NSA would suffer for it.

Added later.  An example of ethical hacking, if such a thing is possible. One pov is, all informants don’t need to come from inside an organization. The guy wants to be considered a Snowden. I hope he is real, certainly am imressed with his evident skills, tho I would be much more impressed if an intelligence service can do that good a job of simulating a prideful hacker with ideals.

Added later : there is a real trend here.  Hackers are into everything for the best of reasons. NSA will yet regret not having gone for defense. What is a NATO general doing using a gmail account?  Is gmail NSA approved? They have a secure version, but I believe it doesn’t store the mail encrypted, and so they can read it. It has been a while since I read that, could be wrong.

Advertisements

12 thoughts on “NSA’s Fatal Mistake

  1. I dunno if 1mm square silicon is viable as a radio. You still need an antenna to radiate a signal and supposing 1mm for the wavelength you are looking at a resonant frequency of about 150GHz (If my math is right for a half-wave antenna).

    When you get up that high in frequency you run into issues where drywall and water vapor in the atmosphere absorbs so much of the RF that it is pretty much useless trying to pick it up from far away and outside of whatever building that computer is in. Oh, and if your computer is properly enclosed inside a metal case, without those silly case windows the hobbyists like, your transmitter in a chip is safely enclosed in a Faraday cage. So I think the NSA is pretty much SOL on that matter.

    Like

  2. Couple of details NSA can use to get their data —

    1) Embedded keyloggers with a default key.
    2) Embed your own crypto using a double key set. That has been detected on Windows machines in the past ‘out of the box’. Linux also uses a crypto system provided by our buddies from CIA. All swear that the code is clean. But…..
    3) It was just reported today that Lenovo has installed crap ware on their laptops that won’t be denied EVEN IF YOU RELOAD A MS OS FROM A RETAIL pack. Thanks to the new boot loaders in vogue this will become a common thing.
    4) Crypto encoding is ALWAYS breakable. Its the matter of urgency vs time to break it. By the time you do the data maybe useless. But getting the right data stream is a piece of cake, even using systems like Tor and encoders if the NSA can embed a marker in the IP base stream, and it can, then sniffing the stream is childs play. Then brute force the packets offline. Throw a multimillion processor machine at the problem and the results might come pretty quick. Thanks to the patriot act embedding that tracker code can be done by entry into the home/office.

    One can secure a lot of any given system. But if the govt really wants you they will invoke sufficient police power to peek into what you are doing.

    Like

    1. Keylogger can be a chip added to the keyboard, has to communicate via USB to software on the system. The software on the system is the problem for the attacker, getting it on the system and avoiding detection.

      Keylogger as a chip added to the motherboard with an independent IP link is probably the most dangerous, also the most difficult technically. Otherwise a keylogger is software, maybe at a driver level to be most difficult to detect. But getting software on a system is an attack problem.

      Embed your own crypto ? Again, software. If you can put them into the OS as a permanent back door. Yes, Windows did that, I would expect Apple also. I advocate using other crypto for the reason they can’t go after passwords for those and your reason, I don’t trust NSA or gov either.

      Yes, buying std MBs with std BIOSs makes you vulnerable. That is why I think patriots need to fund development of hardware that we can certify as having been designed and manufactured in operations certified as secure-from-hackers.

      No, crypto isn’t always breakable, at least depending on the definition of ‘break’. You can eventually guess a password, but the size of the modern key spaces is way too huge for guessing, guessing requires computational complexity > age of universe even if ever particle in the universe is a super computer. But not breakable in the sense of having a shortcut to avoid that. I think that can’t be mathematically proven, but a lot of people outside of NSA have worked on breaking all of the standard encryption systems, small progress.

      I had seen that AT&T was labeling packets on their local nets for nefarious purposes, I assumed MPLS? But I don’t think you can tag an IP stream in an overlay, as those copy the contents and forward contents, the IP header is discarded. Tor works, as a support for that point.

      I agree it is hard to hide, but think overlays are going to make it a lot easier. NSA does too: Snowden’s docs show a lot of bitching about Tor.

      Like

  3. This is a reason why 3d printing needs to extend into the electronics realm. being able to print a chip will do to hardware what linux did to software, but worse–it will completely remove the centralized systems from the loop and allow truly independent design. Don’t think anyone is working on it right now though, and while it’s part of what I’d like to work on with a 3D printing company, that’ll be a while.

    Like

      1. Thinking back, there is one I know of I saw in Popular Mechanics. It was conductive ink and I suppose was a true printer. Problem I see is high amp circuits and specialty circuits that won’t like the inks.

        Not insurmountable but my billion dollar idea would use true copper, allowingaerials and grades to be adapted to use.

        You also still need microchips and components.

        Like

      2. Seems to me that a print head that lays down wire would work. I believe they are developing print heads for spools of carbon fiber, glass fiber, etc. Leave a stub of wire in the via, soldering will catch it? I am not a circuit board person, so hand-waving.

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s