Encryption

NSA plays chess, the rest checkers
Putin mandated that mechanical typewriters be used in respect of top secret data for a reason: it is impossible to escape NSA interception when using electronic devices. They have decrypted access of all VPN, I2P and Tor activity but are not busting every possible crime or revealing it to the FBI(silkroad was an exception). The narrative surrounding the capture of Ulbricht was Plausible deniability. Some plausible story had to be concocted to make it seem that it was solely an FBI bust. The NSA knows who every single drug purchaser was but won't reveal such data for the same reason Churchill could not let the Germans know their Enigma code was broken. Churchill allowed German bombing runs on British cities for the sole reason of making the Germans think their Enigma code was safe. Enigma's subterfuge should have been kept a secret for ever, because now we can infer that the same type of misdirection is taking place with our present and future technology.

All our evening conversations around the kitchen table, torrenting, everything we do and say on an electronic device is known both to our domestic and NSA spy agencies. Cellphones can transmit all sound and data by remote NSA activation. see FaradayCage, HardWare. Place your cellphone inside of a box spray painted with copper if you want some privacy. Everything you have ever said on a telephone/cell/voip line is recorded. People get fired for their indiscretions, if these recordings were to ever be released as a torrent, then the entire South Africa will have to be fired.

A recent story on "Anonymous" described how they managed to penetrate the Chinese milatary hacking complex and prevent a US company from being hacked by them. Anonymous is the NSA, their magical abilities to hack is but another WWII Enigma misdirection. The Intel/AMD chipsets the Chinese military uses has a NSA backdoor. By conjuring up "anonymous" misdirection the NSA is able to fulfill its mandate of protecting US companies. The NSA can't just phone a US company targeted for their trade secrets by China. By having "anonymous" hack with seeming Thor like abilities, the NSA generates plausible deniability that they weren't infact behind the hacking or tip off. Isis twitter accounts weren't sabotaged by "anonymous" but by Twitter themselves, "anonymous" provides plausible deniability. Just the fact that Anonymous has an official Youtube and Facebook presence should be seen in the same vane as a bank account hacker for hire risking life in federal prison by having an official Facebook presence. Anonymous has no i2p presence. Shuttleworth's Ubuntu project does not include i2p as part of the standard download and neither insists that the http://www.mofolinux.com releases their source code as per the GPL license, because it is an NSA distribution.

I2p uses port 4444 and for all we know every router could have an NSA backdoor listening and decrypting data inside the router from this port. The decryption is embedded in the silicon of the router itself.


 * http://gizmodo.com/i2p-the-super-anonymous-network-that-silk-road-calls-h-1680940282 Here's how underground I2P still is: The Electronic Frontier Foundation, a leading advocate of online privacy, hasn't really bothered investigating the 12-year-old anonymizing service yet."I haven't found anyone who has taken an in-depth look at I2P yet," EFF media relations director Rebecca Jeschke told me in an email. "In general, folks here think I2P is a promising project. It's really important to have a variety of strong solutions for anonymity, privacy, and security online. However, folks did say that for practical use today, Tor is far ahead in terms of implementation and reliability."

This quote by the EFF is very interesting, Tor is utterly hacked, it was DOD project from the start but not i2p. If i2p does somehow provide a means of escaping NSA interception, then NSA fronts would be inclined to keep us away from i2p. The fact that the EFF pushes the NSA C-code obfuscated PGP from EFF program for email, that they even recommend using email at all for anonymous communication, means they are an NSA front. It is impossible to get your own website and pay with bitcoins without providing an email address. If these hosting providers were really this keen on setting up anonymous websites then they would at least provide a means of i2p or tor chat contact. Email is designed by the NSA for De-anonymization

https://www.privacytools.io/ Yet another NSA honeypot site, the NSA VPN providers they list insists on an email contact or uses bitpay a joint Goldman Sachs, NSA project. You do not need bitpay.com to send bitcoins to anybody, this is how the NSA gets your real identity because the transaction uses java script, which reveals the end user's ip address, whether over Tor or clearnet. The US federal government will only allow VPN providers if they know precisely who is using the service. It is for example impossible to connect to any VPN provider over I2P ... why does it seem that the NSA is desperate that nobody uses i2p?
 * http://gizmodo.com/anonymous-just-leaked-a-trove-of-nsa-documents-511854773 Update: As several have pointed out below, the papers Anonymous "leaked" were already publicly available. It's since been reported that the US does, in fact, share PRISM information with UK intelligence officials. https://pad.riseup.net/p/opnsa_is_reborn_also_cocks_and_all_that, https://twitter.com/AnonymousOpNSA , https://www.anonops.com/opnsa/

Jo Biden met with his supporters in what he thought would be a private meating to contest the US presidential race. CNN got hold of the secret recording where Biden said: " we have access to every inch of Iran". Netanyahu played his part in this game of misdirection by dramatically addressing congress, opposing the deal, because Iran had to be provided with a face saving means by having Israel not support the official agreement. Unofficially though, Iran has provided full access. Iran's clerics believe in the return of the 12 Imam and that this will occur with fire raining down on Israel.

Anonymous is an Iraq style PSYOP operation. Psyop teams placed placards that says"Terrorism kills children" in Arabic on retail outlet, signed by an insurgent group they were targeting. The terrorists would reveal themselves when they confronted the shop owner about the placards.

The NSA knew about everything LulzSec did from the start, but had to find some way of busting them with the FBI in such a way that it wouldn't be too obvious the NSA knew who they were.

Our Russian friends engage in the same type of misdirection. Encryption is a KGB project that attempts to insert backdoored Linux into US corporations. The lead developer is a Russian citizen and she concocts highly plausible stories about how Linux is compromised and why here Qubes system will solve this. Eric Raymond's reaction to the Snowden leaks hasn't been with the same gusto as say Applebaum .... And obviously the NSA would never have allowed Torvalds to be the lead Linux developer if he wasn't working for them, right?

Both Mount Gox and now Bitfinex were hacked by the NSA because the NSA won't allow bitcoin money laundering operations outside the ambit of https://bitpay.com/, domiciled in the US. Systemd was forced into adoption by the NSA/Redhat alliance, Torvalds and the other NSA agents maintaining the kernel did what their paymasters told them to do.

Airgapped systems
Airgapping two computers is done by transferring data from an internet connected computer to another pc which is never connected to the internet. The data or passwords on the isolated pc are written to the USB, on a memory location not detectable by any operating system. When the USB is inserted back to the internet connected pc, it is then extracted by magic black box instructions from this secret memory location. To at least detect this BEFORE inserting the USB back into the internet connected pc, physically record every high low transition on the usb port/stick with a logic analyzer and compare this with the data you thought you transferred. The wikipedia https://en.wikipedia.org/wiki/Air_gap_malware article specifically does not mention any of this.

One possible hack is to use OCR software and a camera to read the relevant text you want to transfer between two computers directly of a monitor. Some edits on wikipedia that werer deemed OR: https://en.wikipedia.org/w/index.php?title=Air_gap_malware&oldid=627656639 The converted malicious code is passed through ultrasonic waves from one device to other devices using Speakers and Microphones. Speaker in the system emits the converted malicious code and the microphone in the other device receives it and the virus is injected to that device.In a covert acoustical mesh network, more than two computing systems in a shared physical environment (i.e. within the physical communication range between two connected nodes) can be connected to the mesh network and computing systems are able to communicate indirectly by following routing paths over multiple hops.

Thus the NSA can extract your keystrokes via your Android, IPhone communicating with ultrasonic waves.

NSA dictates OS development
The seemingly irrational Linux decisions and Windows decisions were orchestrated by the NSA so that a huge attack vector of API's, Nvidia binary blobs and entropy weakened hardware encryption could be created. Many non-NSA BSD developers couldn't understand what was going on with the Linux developers with commit rights to the Linux kernel tree. Theo Raath was at his wits end, it seemingly didn't occur to anybody that the Linux mess was deliberate(this assumes that Raath isn't an NSA agent). One can presume that the development trajectory of all Unix derivatives were influenced by key coders on the payroll of the NSA.

There is no reason why any computation must be broken up into millions of human-unintelligible instructions before a machine can execute it. Not only is it possible to build a CPU which understands a high-level programming language directly, but such devices were in fact created – many years ago – and certainly could be produced again. It is also eminently possible to build a computer which can be halted by pressing a switch, and made to reveal – in a manner comprehensible to an educated operator – exactly what it is doing and why it is doing it. Can you buy such a computer at your local electronics store? Of course not, the NSA will never allow it. http://www.loper-os.org/?p=55

“Windows Update” is a remote back-door and “Accidental” bugs, of which there is a seemingly-inexhaustible supply, make for just as effective – and, more importantly, deniable back-doors(https://en.wikipedia.org/wiki/Plausible_deniability).

Keystroke logging
http://cluborlov.blogspot.co.za/2012/05/making-internet-safe-for-anarchy.html You think you are safe. But wait! Are you running a commercial operating system, like Windows or Mac OS? If so, it has a back door, added by the manufacturer based on a secret request from the US government. The back door allows someone (not necessarily the government, but anybody who knows about it) to install a keystroke logger that captures all your keystrokes and periodically uploads them to some server for analysis. Now all of your communications, and username/password combinations, are known to a third party.

One possible workaround is to click on a grid with a mouse, inserting the numbers. All keystrokes are logged by custom hardware chips on the motherboard itself and funneled over IP6 to the NSA. Under windows open the cmd terminal window and type netstat -ano. Scroll down to the bottom to find scvhost.exe funneling all your data over the IP6 protocol over UDP to the NSA. SCVHOST.exe is part of the windows OS and cannot be removed.

The NSA's http://keepass.info/ password utility attempts to gain direct memory access and has a frequent "bug fixes" release cycle so as send back the passwords. Somewhere on github is a python program that scans memory for keystroke loggers. Rufus is a potent NSA weapon, it is a windows USB boot utility that plants a trojan on any pc with any operating system. The usb copies and and inserts files on the usb stick without either windows or linux giving any indication. This is how air-gapped systems are breached. Attach a logic analyzer to the usb port to detect data this unreported data transfer.

i2p
https://www.encrypteverything.ca/index.php?title=Installing_and_using_I2P

https://www.youtube.com/user/i2ptutorials

Digitizing files
https://www.encrypteverything.ca/index.php?title=Uploading_photos_privately_%28removing_EXIF_data%29    ......When you take a picture with your cell phone or a digital camera information called EXIF data is stored inside it. EXIF data can contain information that reveals personal details about you (e.g. GPS location, camera type, etc.). .....  Book liberator.

Links

 * https://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html Evil maid attack.
 * Freenet
 * http://fiddler2.com/, http://www.wireshark.org/download.html , http://www.snort.org/start/download

The traffic is coming from inside the target's machine. Thus, you would have to have complete logs, like through Fiddler or equivalent, and cross-reference that to a Snort or Wireshark session running on another machine. When you see traffic that doesn't match normal system or user traffic, then you have a suspect.

Since this is based on two things: (1) a BIOS component, and (2) a hardware transmitter component, working together.... one way to defeat it is to wipe out the BIOS and upgrade it to your own compiled fully free and open source variant, like http://www.coreboot.org/. This could possibly disable the attack even if the hardware transmitter were hard to spot and physically remained.

https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html

Note how tor must be config on vm, win7 can be bypassed

http://www.loper-os.org/?p=1299

Obfuscated C-code

 * http://cm.bell-labs.com/who/ken/trust.html The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.

http://www.peereboom.us/assl/assl/html/openssl.html  openssl deliberately made unreadable by NSA agents part of the core coding team. See http://web.archive.org/web/20140414023227/https://www.peereboom.us/assl/assl/html/openssl.html as peereboom.us warns on fake certificates. Before the the Snowden release, read somewhere that the NSA has its agents as core openbsd,freebsd,linux etc. kernel coders with commit rights to the source tree. I thought this was just to conspiratorial, after Snowden computing from inside a faraday cage should be standard. Using obfuscated C-code the NSA can hack any linux, ssl system at will.

TOR

 * http://www.thehiddenwiki.net/breaking-half-of-tor-sites-compromised-including-tormail/ Java script compromises tor. Running flash youtube videos over tor provides Google with your IP address, since the flash video must have the IP address of the client side pc.

https://cpunks.org/pipermail/cypherpunks/2014-July/005183.html Recently a high profile talk on de-anonymization Tor users was pulled from Blackhat due to legal issues. Their talk outlined with a budget of $3000 with some powerful servers and multiple gigabit links they were able to de-anonymize hundreds of thousands of users in ‘a couple of months’. Exodus decided to pick up where this talk left off by letting the community know that there are many other vectors for de-anonymization. The vulnerability we have found is able to perform remote code execution with a specially crafted payload. This payload can be customized to unmask a user and show the public IP address in which the user connected from within ‘a couple of seconds’. http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/

NSA antics
http://www.truecrypt.org is NSA software that uses Intel hardware encryption chipsets which the NSA agents with the complicity of Intel(according to various news outlets) has compromised so that the random key generator is not truly entropic and can be decrypted with specialized custom made ASIC chipsets. (Raspberry PI should not be used as web server, its hardware encryption isn't entropic(random) enough.) The max allowable password length is only 32 chars long, because not even the NSA can decrypt a 100 character password. They are not so stupid as to place any software backdoors in truecrypt itself, this would eventually be detected with a software audit, they did something that nobody even thought about: designed their very own chipset and then forced Intel to adopt it. All Truecrypt encrypted code is decrypted by the NSA when uploaded anywhere unto the Internet. The NSA can track down any person uploading to http://thepiratebay.org by comparing the file on piratebay with their cached copy of the same file that had to traverse an NSA controlled router, gateway, ISP etc. somewhere in this world. The NSA caches the entire Internet in realtime and especially homes in on encrypted files. Only by encrypting(not using truecrypt) a file before uploading to a torrent sharing site is some measure of protection provided. And even then this must start with i2p -> Tor -> clearnet. It seem that there aren't any file uploading sites that allows for encrypted upload or that allows for Tor based uploads. Tor itself is compromised, begin with i2p and then hop unto Tor.

In South Africa the uploader of the Mandela movie was caught because he rented the DVD with his ID number. It was trivial to contact all the ISP's, with this ID and extract the unencrypted cached copy on their servers linked to him. Had he torrented it over i2p to a Russian contact, it would have at least been encrypted. The NSA will not help decrypt this because they like the British during WWII didn't want the Germans to know their Enigma code was broken, don't want to make it obvious that all i2p, torrent traffic is decrypted.

Fact is - the US authorities were confronted with the following situation: 1. It proved politically impossible to force all creators/distributors of encryption software to implement a backdoor in their products (via law). See a good overview about the history here: http://www.newyorker.com/online/blogs/elements/2013/08/hard-to-crack-the-governments-encryption-conundrum.html 2. However, government and/or government agencies were absolutely convinced that the only way to guarantee security is for the authorities to be able to read the content of encrypted communications. See the document from the US Department of Justice from 1998 quoted above: https://web.archive.org/web/20040529211445/http://www.justice.gov/criminal/cybercrime/cryptfaq.htm Note the conclusion: "At bottom, it is important to recognize that society has an important choice to make. On the one hand, it can promote the use of unrecoverable encryption, and give a powerful tool to the most dangerous elements of our global society. On the other hand, it can promote the use of recoverable encryption and other techniques, achieve all of the benefits, and help protect society from these criminals. Faced with this choice, there is only one responsible solution."

So what were the US authorities supposed to do? Just do nothing and watch how "Open Source" encryption programs "take over" the market, because they are free and trustworthy, and where it won't be possible to force the creators to install backdoors like they exist in "Bitlocker"? (yes, Bitlocker is backdoored, which is well know in the law enforcement community)

Well, one possible and perfectly reasonable solution for the authorities could be: Take part in the "open source" community, offer the best program, and then dominate the market! Make a program which will be used all over the world, and which includes a very well concealed backdoor. And that's exactly what they did. They used a cover which was barely credible, as it had the elements of an international, well funded organization with considerable funds, personnel, lawyers etc., but it worked for about 10 years. In the future, we all should just be more careful, and, as I said before, should not ignore the obvious warning signs.

Chat sessions are not encrypted; Pigeon, Aim, Skype etc. You need to encrypt all text with a custom AtmelMicro attached to an RS-232 port with a diode that blocks the read signal. The NSA cannot defy the physics of a diode. This encrypted text is then inserted into the skype session, the person at the other end must have a decrypting AtmelMicro attached and the read the text from the LCD display of the micro. Anything in software on a pc is compromised.

Torvalds and NSA
http://cryptome.org/2013/07/intel-bed-nsa.htm ....n 2013-07-13 12:20 AM, Eugen Leitl [forwarding Matt Mackall ] wrote: It's worth noting that the maintainer of record (me) for the Linux RNG quit the project about two years ago precisely because Linus decided to include a patch from Intel to allow their unauditable RdRand to bypass the entropy pool over my strenuous objections. Is there a plausible rationale for bypassing the entropy pool? How unauditable is RdRand? Is RdRand unauditable because it uses magic instructions that do unknowable things? Is it designed to actively resist audit? Has Intel gone out of its way to prevent you from knowing how good their true random generation is?

The naïveté of bean-counters and bureaucrats may be excusable; that of seasoned academics and engineers isn’t. Mr. Torvalds eagerly hitched the security of the Linux kernel to Intel’s Trojaned wagon. http://www.loper-os.org/?p=1299

FreeBSD10 has reverted recent commits to their source on using Intel compromised chip sets back to random key generation in software only. All Lenovo motherboards have chip sets implanted that "phones home" to China. NSA has so compromised the Android system that no bitcoin wallet is safe on it. Plastic rocks, thrown over the wall, embedded with electronic signal sniffing equipment that can detect keyboard presses, this was how the Iranian nuclear computer systems were penetrated. Faraday cages, lined with tin-foil is posb. solution to this. http://inertiawar.com/microcode/ Undocumented microcode updates from Intel. Any type of encryption can be bypassed. http://web.archive.org/web/20130727071418/http://inertiawar.com/microcode. The NSA could not have forseen something like i2p and tor, by injecting microcode etc. and controlling probably 95% of all i2p nodes they know what anybody is doing on i2p. Java's source code is not available and is obviously so NSA compromised that any magic can be performed on a program written in Java. Appelbaum is constantly harrassed by the NSA because he probably isn't an NSA agent and actually does want to enable strong encryption: why are the coders of i2p lives not being made difficult? Why have they chosen Java, knowing that not having the source code makes it compromised way more than Python. How are they financially able to commit themselves full time to the project .....?

During the second world war, Churchill actually allowed German bombers to attack British cities, so as not tip off the Germans that their Enigma code was broken: why is https://www.schneier.com/ not harrassed by the NSA? In other words, now finally knowing that the NSA listens in on the captains of industry making love to their wives via their cell phones besides their beds leads to a state of paranoia and wholesale distrust of any US citizen that must be entrusted with trade secrets.

NSA/FBI honeypots

 * http://silkroaddrugs.org/silkroad-drugs-complete-step-by-step-guide/ This is most probably a FBI honeypot site. Installing VPN software will reveal to the feds the ip address of the PC connecting to Tor. Every single VPN provides a direct stream of all activity to security services.

Password footprint
https://www.schneier.com/blog/archives/2007/01/choosing_secure.html What's happening is that the Windows operating system's memory management leaves data all over the place in the normal course of operations. You'll type your password into a program, and it gets stored in memory somewhere. Windows swaps the page out to disk, and it becomes the tail end of some file. It gets moved to some far out portion of your hard drive, and there it'll sit forever. Linux and Mac OS aren't any better in this regard.

Encrypt the entire hdd and run the operating system from a usb stick, see the NSA linux distribution at http://www.mofolinux.com for more info on this.

https://www.schneier.com/blog/archives/2007/01/choosing_secure.html .....Even so, none of this might actually matter. AccessData sells another program, Forensic Toolkit, that, among other things, scans a hard drive for every printable character string. It looks in documents, in the Registry, in e-mail, in swap files, in deleted space on the hard drive ... everywhere. And it creates a dictionary from that, and feeds it into PRTK. 50% success rate cracking password.

Qubes linux
Xorg or similar X-based server as your GUI server, and this is what nearly all Linux, and most of the other non-Windows OSes use, then you don't have any form of GUI-level isolation. http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html Second, all mainstream desktop OSes, such as Windows, Linux, BSD, even OSX, are all based on a monolithic kernels, which present a significant security problem. This is because a typical monolithic kernel of a contemporary desktop OS contains tens of millions of lines of code, and to make it worse, most of this code is reachable from (untrusted) applications via all sorts of APIs, making the attack surface on the kernel huge. And it requires just one successful kernel exploit to own the whole system, bypassing any security mechanisms that might have been built on top of it, such as SELinux, LXC, etc.
 * http://blog.invisiblethings.org/2014/08/26/physical-separation-vs-software.html Airgaps

http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html Now, for the best, start another terminal window, and switch to root (e.g. using su, or sudo). Notice how the xinput running as user is able to sniff all your keystrokes, including root password (for su), and then all the keystrokes you enter in your root session. Start some GUI app as root, or as different user, again notice how your xinput can sniff all the keystrokes you enter to this other app! http://invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf


 * http://motherboard.vice.com/read/finally-a-reasonably-secure-operating-system-qubes-r3 "...Rutkowska wants to work with a few companies and pick two or three specific models that can be "Qubes Certified" laptops. She wrote that Qubes has been in talks with two vendors over the last month, but declined to reveal their names as negotiations are ongoing...."

How would one prevent theses vendors from installing chip backdoors on detecting the Qubes operating system as the NSA has done to detect I2P activity on a pc?

Javascript
http://www.mega.co.nz loads javascript locally to prevent man in the middle server impersonation. http://www.ghacks.net/2013/07/20/megas-chrome-app-improves-security-by-loading-javascript-locally/ Loads javascript locally.

NSA password software
http://keepass.info/download.html Attempts to make TCP/IP connections the whole time. All downloads are probably a man in the middle attack, nobody is really connecting to sourceforge, but to an NSA proxy server. The .exe sourceforge file is obviously NSA compromised. Even compiling the code from source won't reveal the hidden obfuscation http://cm.bell-labs.com/who/ken/trust.html

NSA forum trolls

 * blog.thinkst.com/p/if-nsa-has-been-hacking-everything-how.html"...It isn't actually that difficult to create logic testers to verify proper operation of hardware... they're used for troubleshooting, and by factories for QC before a product even goes out the door. What seems important, now, is that these tests be made available to the public with open APIs. That would, at least, allow researchers to identify infections in the wild, and from there potentially develop software-based identification techniques....'

This quote is a typical attempt at misinformation by NSA forum posters, the rest of his post shows that he has a high level of knowledge and would therefore know that 'APIs' won't help: NSA has 5G tracking embedded inside every Microcontroller, which is why not a single high impact drone attack has been pulled off.

VPN
FINISHED! You are at the registration page for Agora.
 * http://www.roboform.com, http://www.agoradrugs.com/agora-market-guide/ advice on using VPN is laughable, all VPN's are controlled by the NSA or the VPN operators provide data. Anonymity doesn't exist anymore.
 * http://www.agoradrugs.com/agora-marketplace-url/ provides the following hubris:
 * Download your VPN. Download Tor.  Start your VPN. Start Tor.  Enter in the Agora Marketpalce URL that is above.

Any VPN .exe file to download is an obvious scam, the exe file provides the authorities direct access to your TOR activities.


 * http://darkwebnews.com/dark-web-market-list/ "...Remember that anonymity should be your MAIN FOCUS. You should use a VPN along with Tor browser so your ISP wont know you are using Tor to access darknet markets. ISP’s can tell you are using Tor and they are logging your use. A VPN will hide this from the..."

And VPN software installed will send the decrypted data back to the NSA, http://www.darkwebnews.com is a front for the NSA providing false information(the .com domain is the first warning flag, why not .cr? ). There is not much anybody can do about their ISP figuring out TOR usage, maybe https://www.torproject.org/docs/bridges will help.

INFOSEC
https://www.schneier.com/blog/archives/2015/02/understanding_n.html#c6688978

The thing is that a number of us have been on top of them quite well. We've continually pushed for the larger INFOSEC industry to see and act on these risks. They were called speculative, impractical, overly paranoid, nonexistent, and so on. My own framework called for everything from custom firmware to strong TCB's to covert channel mitigation at the cache level. The industry just doesn't listen or learn ***** compared to many other fields.

A great, recent example was the covert channel attack on cloud services that used a covert channel published years before and predicted over a decade before. Why didn't we see those coming since we figured them out over a decade ago? Why do people keep rediscovering this same issue that attackers at NSA's level actually know how to use? This applies to too many things in INFOSEC.

A few were interested in how a high assurance security engineer would look at these points. So, let's have a look. :)

1. Adherence to classification/secrecy.

Yes, this is the norm rather than the exception. I predicted that anything this risky would be in SAP's with dedicated personnel, paperwork, host systems, networks, and so on. The information would be behind guards with people deciding what could be released at what level. People doing these SAP's are *highly* vetted people. Summaries of their results could be released under certain clearances and to certain people. It would be highly compartmentalized with few seeing the big picture or how it was used in practice.

The leaks showed the technologies were developed in SAP's with selective release under codeword. Easy prediction given it's the black program M.O. I've even posted their public security guides here. The surprise was that so much access was concentrated at Booz with so little security and monitoring. I expected at least a little more given the Manning leaks. Especially since the data is so close to SAP's. The expectation that did pass is that the Snowden leaks aren't SAP's that I can see: just summaries and briefings without the full data and tech that's still compartmentalized. That system works so long as the personnel aren't infiltrators (esp Chinese and Russian).

2. You thought they were someone else.

We all do that. Proxies, black hat attack tools, strategies copied out of [good] hacking guides... anything to blend in. The NSA has it better given the huge number of both organized crime and nation states involved in hacking. If I were them, I'd use their vast monitoring systems and partnership with groups like Mandiant to obtain exact MO + toolset of these organizations. Then, their own people can use them.

Another possibility was that the tools are becoming standardized enough that it's hard to tell who is who. These range from all-in-one kits on hacker forums to professional tools sold by the likes of Finfisher. We know both types are sold to a broad customer base of people committing espionage. This might lead their attacks to look a bit similar with the customization aspects, originating IP's, and behavioral profiles being the identifier.

3. You were looking at the wrong level.

I proved this by posting my own framework in a discussion on secure code vs secure systems. Most developers were satisfied if it ran a NIX with enhanced security "features," some crypto protocols, code audits of app, and maybe things like Stackguard. The TCB concept dictates security must be baked in ground up and the common standard was bogus. Extra nails in the coffin came from defense contractors and NSA classifying those as for "inadvertant and casual attempts to breach security." They then rated the whole market at that level (or below!) of security minus a few exceptions that mainly sold to them.

So, we've been saying it a while now. INFOSEC pro's were stubborn, industry just pushes nonsense customers want, and customers didn't want to sacrifice legacy for real security. Result was predictable.

4. Some beautiful misdirection.

That's really just 2 with less incompetence. This might include planting evidence on the system for pro's to find that point in a different direction. Smokescreens abound with professionals.

5. They were playing chess and you were playing checkers.

I love this one: it's absolutely true. NSA themselves already defined the Orange Book A1 and C.C. EAL6+ High Robustness requirements that determine when they will *start* to trust something against software attacks by High Strength Attackers. Their own pentesters often couldn't beat such systems. Instead, they worked to come up with more clever integrations of those with legacy systems and ways to apply such rigorous methods more cheaply to *defense systems*. Their teams also leverage all that security engineering expertise to identify and hit anything not developed to such criteria.

Which brings us to most proprietary and FOSS technologies: low to medium robustness through and through. These are build by so many people doing systems development who don't know how to do covert channel analysis, what a trusted path is, the importance of secure SCM, how precise security/design specs + simplified implementation can mitigate developer subversion, the benefits of non-x86 hardware, and so on. Even most smart people doing mainstream INFOSEC are so far removed from true security engineering that it's like they're playing a different, amateur game altogether. Pro tip: pro attackers can only be defeated by pro defenses. Security has no amateur league [that wins].

6. Your "experts" failed you miserably.

This builds on 5 actually. I've had to explain to top, press-making people in this field why a user-mode driver is better than a kernel-mode driver, how their idea is full of covert channels, and even that secure systems can't be built on OS's with megabytes of privileged code. The field inherently has trouble maintaining and passing on the wisdom learned from prior generations who designed or fielded highly secure systems. We need to work on that. I've done my part at evangelizing high assurance design but it will take a large, organized effort to actually succeed. Specifics of that are still an open question.

The other part of this issue is the "experts." These are people who are believed to be experts due to possessing certifications, references from clueless companies, and references from INFOSEC companies. As they're all doing low assurance, the expert is guaranteed to be clueless on building highly robust systems. However, he or she might be quite knowlegeable on what the industry focuses on. Industry and its experts are another issue though: pushing fake or ineffective solutions is profitable so they do that pervasively. Combine these effects, you probably have most of the professionals in the field and their collective voices drown out naysayers like myself promoting the strong stuff.

Conclusion

Answer is No 7: all of the above. The problems all feed into each other to become quite a vicious circle. The good news is that high assurance security engineering and practical approximations of it are still around. Lots of different companies and projects are working on the strong stuff: crash-safe.org's SAFE processor; CHERI capability processor; DARPA secure fabrication work; new networking designs like MinimaLT; easy, strong crypto like NaCl; stronger virtualization like HAVEN and SKPP kernels; driver synthesis with Termite2; fundamentally better OS architecture like GenodeOS, EROS, or JX OS. The list goes on.

Moreover, such methods have more funding and publicity than ever before. Still a blip on the larger IT and INFOSEC radar. However, the methods aren't lost, many pro's are focused on secure endpoints, and some are even compatible with legacy software. World's always getting darker but future for widespread high assurance is at least a little brighter. Meanwhile, study on what's known about building highly robust systems and *apply it* in every component you can.

jdgalt • February 12, 2015 12:19 AM

What jumped out at me from the first article was that PBXes (private telephone exchanges) are one of the targets. No wonder the industry is resisting measures that would defeat people who use a PBX to fake their caller ID when they spam -- the government uses those loopholes, so it wants them to remain open.

Securing the phone network would be a much harder job than securing the internet. Fortunately it isn't necessary. VOIP and similar services are fast making traditional phones completely unnecessary.

Links
https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Kamkar, https://twitter.com/samykamkar  ,  https://github.com/samyk

Veracrypt and http://www.mofolinux.com, yet another NSA front (the .com is first problem, .com allows the NSA easier man-in-the middle attack vector then say .cr that kat uses). Sure you can probaly use this to upload journal papers to Libgen dot info, by first sending the encrypted file to a contact in Russia and have the Russian upload it to libgen. Over some encrypted link (tor chat), micro with diode blocking the password to decrypt the file in Russia is sent. Anything uploaded over clearnet is cached, by comparing the copies on the routers, the NSA can figure out who uploaded what.
 * https://veracrypt.codeplex.com/ ".....Veracrypt is the top software for file system encryption. It has great features and performance, able to encrypt drives and directries, even hiding them from detection. Encryption is even better than its predecessor, Truecrypt, and the user interface is much improved. Ecryptfs is an encrypted filesystem with support built into the Linux Kernel. It is fast, strong, and efficient enough to keep users' files safe from unwanted access. Ecryptfs is the principal means of encrypting the home directory and other storage volumes in Linux. It is suggested that users run MOFO Linux from a flash drive and keep a separate flashdrive partition for encrypted files. Another option is to use a separate drive and encrypt its entire contents, accessing it through Veracrypt. Doing that, it is possible to carry a large volume of data which is quite difficult to detect and even more difficult to decrypt. In theory, a well-arranged encrypted volume should be secure for centuries. Be careful to create strong passwords. Do not allow any secret keys to be compromised....."


 * ECC is uncrackable, why the NSA does not want its adoption away from RSA. Their quantum computer solving elyptic is a redherring as a QM of 30bits cannot solve a 31 bit encrypted system and isn't on the horizon.
 * http://zqktlwi4fecvo6ri.onion/wiki/Main_Page Hidden wiki, http://www.thehiddenwiki.net/access-the-hidden-wiki/ ( uses outdated flash).
 * https://www.neomailbox.com/ Webmail
 * https://pravokator.si/index.php/2014/06/02/on-mobile-phone-security/ explains why any type of blackphone (no NSA access) is impossible.
 * http://
 * https://www.anonymousspeech.com/registration.aspx#registration Webmail, email
 * http://www.hushmail.com email, sign in every 3 weeks.
 * http://www.keepassx.org/screenshots/   http://underhanded.xcott.com/
 * http://blog.thinkst.com/p/if-nsa-has-been-hacking-everything-how.html ....Case in point: why did they use "=" instead of "^=" when they added the FIPS PRNG to GPG? Infiltration is staring everyone in the face, and people do shout about it... Nobody notices or cares though. They've been trained to think everyone who points this stuff out is a hysterical conspiracist, and ignore.........  https://www.gnupg.org/
 * https://nex.sx/blog/2015-01-27-everything-we-know-of-nsa-and-five-eyes-malware.html
 * https://www.comodo.com/ NSA controlled Comodo firewall is free because the NSA whishes to install Geekbuddy allowing the NSA to take remote control of you pc and siphon of company information. This information is shared with the Fortune 500 companies once a year under the ruse of 'cyber security'. The NSA is an industrial espionage machine under the cover of national security. Putin mandated that mechanical typewriters be used for top secret classified information: what does he know that we don't?
 * http://networkfilter.blogspot.com/2015/01/be-your-own-vpn-provider-with-openbsd.html openbsd VPN, openBSD on install downloads NSA binaries .... sigh .... privacy ?
 * https://anonfiles.com/ NSA honeypot, any uploads of say corporate trade secrets will be shared with said corporation and identity easily revealed but the uploader not necessarily arrested. Like the British during WWII with the Germans, they cannot make it too obvious that encryption is sabotaged. The .com domain instead of say .cr, .io domain is a give away.
 * http://hack.training/use-tor-to-anonymize-skype
 * http://darkwebnews.com/help-advice/dark-web-beginners-security-guide/ NSA site, good info interspersed with nonsense.
 * http://invisible.im/ Probably another NSA project. The NSA is creating these "brilliant" projects in order to prevent alternative solutions, they control the project by obfuscated c code, trojaned intel chips etc. https://ricochet.im/ wrote:"..You should support The Tor Project, EFF, and run a Tor relay....". Ricochet is an NSA project to deceive people into using Tor, i2p should be used or should it? Putin uses a mechanical typewriter, maybe homing pigeons ?
 * http://linux.slashdot.org/story/15/11/06/132209/linuss-thoughts-on-linux-security NSA forum trolls lamenting on how difficult true security is .... Linux, BSD,(unix whatever) is insecure because no US citizen working on the Linux, BSD kernel tree cannot thwart the NSA and expect a normal family life ... Torvalds loves his kids way more than those thinking they have a secure linux.
 * https://www.dashlane.com/security Nsa password manager
 * https://www.dashlane.com/security why did they not remain with .ch domain? .com domains are under the direct control of the NSA. No secure email service exists.