I am annoyed at the feeble thinking publicly applied to the issue of computer security.
Except for the NSA. Every time I understand a bit more about this, I understand why the NSA is on the offence, never much bothered with defense. That was clear thinking wrt budget and power.
I think that they could have done a lot more good with a lot less budget and effort had they worked on tools for protecting systems. That would not have garnered the power and budget, of course, but copying all of the world’s electronic communications has a serious downside in that they will soon to lose access to anything as a direct result.
What do we know?
- Perimeter defense, e.g. firewall or security proxy isn’t the answer.
No matter how sophisticated the firewall, you have to let messages through in both directions. Firewalls cannot know much about payloads, and security-oriented proxies are expensive in money and compute resources and latency. By extension, no inspection of packets on the network can be complete protection.
- Any message can be an attack vector.
If a hacking team can get a message onto your system, they can attack it. Any file you download, lying there for years, can still attack when you open it. Any web page that downloads a file or executes a script is exposed to attack.
Attacks deliver a program and execute it at user level. Such a program can perhaps find a way to root via a bug in another program or a configuration error. It can always cooperate with an outsider to assist in other attacks.
- Attacks are ‘exploits’ of bugs in programs or configurations of programs and systems.
There are many types of bugs in programs, and many types of attacks against them, with more of both found all the time. Not every bug is exploitable, nor is every configuration error, but all are opportunities to invent something new.
- 0-Day exploits are gold
Exploits have a half-life that begins the first time they are used. Most exploits are discovered as they are used. That triggers fixing anti-virus and other security checks to look for key items in that vector and block the processing of that message, as well as patches to correct the bug.
A 0-day exploit is one that has never been used and therefore has the longest probable useful life. These are the ones that the hacker and intelligence organizations search out or buy, then hoard to be used on their priority targets via their automated hacking tools.
Added later : an excellent view of the issues.
- Any system processing messages from other systems is vulnerable
Every application has bugs. If those bugs are exploitable, they will eventually be found and used. It is often easy to identify the exact version of applications, so the exploit knows exactly what exploits can be employed. Otherwise the attacking program tries its exploits in order, one will work.
- 0-day exploits will always be available.
Software increases in complexity with every release and bug fix. Complexity is bugs. Bugs are exploits. New exploits are valuable, many people make good livings finding them.
Thus, your systems will all be vulnerable to someone else’s program trying to collect information from them and send it home. Your system’s only defense is to look for anomalies as that happens.
From NSA’s POV, given that, there was no upside to pursuing defense. Many companies make security products. NSA can crack codes and gather signals intelligence. That is much sexier, more interesting and budget-producing, than protecting OMB’s databases. It also works against governments’ standard procedures and unaware corporations and individuals. Their information is not useless, governments and individuals can always find ways to extract value from free resources.
NSA has some top talent. If they had devoted even a portion of it to increasing security tools’ capabilities it could have been a huge payoff, and they might have been able to put off what is about to happen to them.
NSA Will Soon Collect Nada. Zilch. Nothing. What did they expect? Snowden was inevitable. People were going to know about their spying sooner or later, and either figure out or be told how, in detail.
A significant part of the technical world interested in these matters was and is really annoyed. Generally, we annoyed believe civilization cannot continue with such surveillance, that it is an invitation to a totalitarian government, an automated surveillance state with authoritarian enforcement, probably gulags.
Many technical people have been concerned about the surveillance, we knew about the NSA’s copying fiber optic lines in the San Francisco AT&T office for years. Cryptography, secure computing, network security have been hot topics in computer science for 30 years, a lot of good minds have applied their thinking to the issues. NSA has people who understand all of that.
What every technical person understands is that there is no way to ensure anyone can break a code, no way to prevent anonymity, no way to prevent attacks, no way to trace attacks back to their source, and no way to prevent attacks from being effective. Not ever, that is built into reality. There is no possible way that a computer network can be managed to ensure security of the information any program requires in processing, you can only make it more probably secure against hackers. But you can make your information in transit 100% secure, and information that is not being processed 100% secure.
First, the crypto. Current codes are unbreakable, which is why NSA wants you to use a small subset of them. If you do, they can attack the password : people aren’t good at passwords, and NSA can apply 1 trillion passwords a second to your document via their high performance decryption hardware. Do you have the slightest idea how pitiful your imagination is compared to 1 trillion? 1 trillion is 10,000 variations of each item in all dictionary words and all the place names and all scientific and technical terms and jargon and all the scraps of poetry people remember and use in their passwords for each of ~25 languages. It might take 10 seconds to cover the world’s 250 major languages. Clever passwords likely aren’t.
QED : NSA cannot read traffic or encrypted storage contents if sender and receiver manage their network and cryptographic security well. Doing that is discipline and detail, much of which can be automated.
Next, that encrypted traffic can be a network protocol. Network protocols allow computers to support people exchanging information. When network protocols run on top of another network protocol, in this case the TCP/Internet Protocol, it is called an overlay network. Distributed networks are designed to be resilient, with peer-to-peer ad hock organization of a mesh network a common design. The designs keep the location of nodes private in the design of identifiers and routing. These allow a server to come alive, find overlay network peers and establish a trust relationship. They can be private dark nets, you have to be invited to join, yet can themselves link to a public component of the overlay. Even when an distributed overlay gateways to the underlying TCP/IP network, everyone inside the overlay is anonymous to anyone on the TCP/IP side, by design. Just like Tor, but more of the processing and storage will be done in that overlay net, never need touch a bare TCP network link.
Because NSA has frightened people with the extent of their intrusion into our private lives, everyone is beginning to use encryption for everything. File systems are encrypted, chats are encrypted, email, our web browsing ditto. File systems that only decrypt information as it is being processed and only for listed programs exist. NSA can only break those if we use bad passwords and the ‘approved’ encryption methods. More and more systems do not allow bad passwords and there is no end to unbreakable crypto. People are also beginning to use overlay networks, Tor being the first. Overlay networks don’t have the problem of bad passwords, NSA sees nothing inside them. NSA sees none of their files, as those are often also distributed and encrypted.
Avoiding NSA’s surveillance is also happening in telephony. WiFi is becoming the alternative to AT&T and the other carriers, the reason they are opposing Google’s public WiFi networks. WiFi can use better crypto and hide meta-data and content much more effectively than the older technologies.
Overlay networks don’t entirely prevent attacks, as messages will still transit from the base TCP/IP network into the overlay. But they greatly complicate the attacker’s problem. Added to the other tools and methods of ‘sandboxing’ processes that deal with messages from the outside, attacker’s ROI will drop. NSA’s real motive is people control and their insider information investment portfolios. That ROI is about to fall also.
Thus, NSA’s collection of secrets is about to end. Peak Secrets is nigh and the end of the power that fresh secrets gave them.
Too bad for NSA. They will manage to cover it all up for a few years and their store of secrets guarantee they will never disappear, but their technical people will soon understand this and abandon them. Too bad for us. Don’t hire those people, they do not have values that can fit into the civilization I want to be part of.
NSA has failed as do all centralized organizations. They adopted a simple measure, followed a slogan ‘Collect It All’. Believing they could weather any public opinion (they can, remember the Church Committee? and notice how nothing has changed in the law or their behavior since Snowden?) they ignored the power of their own technical success, as applied by us here in the outside, applying our distributed talents to their defeat. Centralized doesn’t win evolutionary arms races.
NSA is toast.
With NSA, you should at least double-think, triple-think is better, if you can. NSA has smart people, assume that if it can be done technically, they can do it. Even some things you might not think are feasible, money works magic.
If they had control of semiconductor design software vendors like Mentor or Cadence or possibly of mask makers in the semi industry, they could put registers and microcode in the major processors and communications chips. Maybe could slip in some in-band data links, but if they can get the software needed to make those work, the attacker doesn’t need the hardware, and otoh microcode and ROM firmware for an 8502 is small fractions of a square mm. Combine those with a BIOS that implements an inband spy on data traffic. Also, I believe radios only require a square mm of silicon now, plastic packages on chips don’t stop radio waves. There were also chips that NSA would install on Cisco’s hardware, for example, that would give them access to the system.
But engineers find that stuff and it makes headlines. So it will take a few years to work through all of that and cut NSA off entirely, but it is inevitable they lose almost everything from communications. Hacking systems will get harder, even much harder as overlays are adopted. Physical surveillance via small mobile spying machines managed by an AI is future tech, probably NSA won’t last that long.
However, my frequent Lebowski Enlightenments now include the thought that I probably wasn’t first to think this through, and the FBI and local sheriffs are pushing hard for laws mandating backdoors in software and hardware.
Doesn’t matter. The FBI and sheriffs are centrally directed. Centralized loses evolutionary arms races.
The only distributed part of that world is the independent hackers. The next stage of that arms race will have wealthy cyber criminals funding teams to develop automatic exploit-finding tools. NSA did the first round, automatic execution of exploits in a wide variety of environments. So the NSA will hire the attackers, as they already biy 0-Day exploits from them. OTOH, I find it easy to be skeptical of such a tool. There are many companies making tools for finding bugs in software. If you got control of them, you could have a traffic in 0Day tool bugs. My brain starts hurting at this point, but I think the density of bugs will decrease in most software exposed to the network. Never will be zero.
Added later. Anything NSA can figure out, the rest of the world gets to sooner or later. and NSA’s take goes inevitably to zero.
More added later : this says there are no secure cell phones because of the hardware architecture combined with the complexity of the baseband chip running the radio interface. Those include a processor and firmware. Firmware is software in a ROM, and software has bugs.
This adds to that the problem of bugs, and somewhere I can’t find now, I read about low-level mechanisms that developers inside Apple use for debugging which are present in delivered systems. Also, the claim that Apple, MS, and all other such large organizations work closely with NSA in exposing their systems. We know that to be true for MS, strongly suspect it for Google.
And as I was saying, the list of leaks and spills and steals of data since I put this up 9 months ago, would fill another article this long. This is the latest on the hidden trillions in offshort and hidden accounts.
This, a database for an entire country, the Phillipines.
Added later. Told them the tech world was annoyed and NSA would suffer for it.
Added later. An example of ethical hacking, if such a thing is possible. One pov is, all informants don’t need to come from inside an organization. The guy wants to be considered a Snowden. I hope he is real, certainly am imressed with his evident skills, tho I would be much more impressed if an intelligence service can do that good a job of simulating a prideful hacker with ideals.
Added later : there is a real trend here. Hackers are into everything for the best of reasons. NSA will yet regret not having gone for defense. What is a NATO general doing using a gmail account? Is gmail NSA approved? They have a secure version, but I believe it doesn’t store the mail encrypted, and so they can read it. It has been a while since I read that, could be wrong.