Discussion:
Bruce Schneier CRYPTO-GRAM Newsletter 15 June 2014
(too old to reply)
Thad Floryan
2014-06-15 09:25:40 UTC
Permalink
The monthly [15th of every month since May 1998] newsletter just landed
in my INBOX a few minutes ago. Whew, it's a l-o-n-g one.

For those unaware: http://en.wikipedia.org/wiki/Bruce_Schneier

He's one of the few people allowed access to the Snowden documents that
were given to The Guardian and Der Spiegel about which both Bruce and
Glen Greenwald <http://en.wikipedia.org/wiki/Glenn_Greenwald> have
written extensively.

One item mentioned is the NSA's QUANTUM. AFAIK that has nothing to do
with quantum computers and is described here as Bruce cited today:

http://www.wired.com/2014/03/quantum/

as "... QUANTUM, at heart, really is airpwn without the goatse." :-)

Here's Bruce's latest summary about the NSA in today's CRYPTO-GRAM:

" I am regularly asked what is the most surprising thing about the
" Snowden NSA documents. It's this: the NSA is not made of magic.
" Its tools are no different from what we have in our world, it's
" just better-funded. X-KEYSCORE is Bro plus memory. FOXACID is
" Metasploit with a budget. QUANTUM is AirPwn with a seriously
" privileged position on the backbone. The NSA breaks crypto not
" with super-secret cryptanalysis, but by using standard hacking
" tricks such as exploiting weak implementations and default keys.
" Its TAO implants are straightforward enhancements of attack tools
" developed by researchers, academics, and hackers; you can buy a
" computer the size of a grain of rice, if you want to make your
" own such tools. The NSA's collection and analysis tools are
" basically what you'd expect if you thought about it for a while.
"
" That, fundamentally, is surprising. If you gave a super-secret
" Internet exploitation organization $10 billion annually, you'd
" expect some magic. And my guess is that there is some, around
" the edges, that has not become public yet. But that we haven't
" seen any yet is cause for optimism.

Because it's too long for a posting, you can read today's issue here:

http://www.schneier.com/crypto-gram-1406.html

" These same essays and news items appear in the "Schneier on
" Security" blog at <http://www.schneier.com/blog>, along with a
" lively and intelligent comment section. An RSS feed is available.

Thad
David Kaye
2014-06-16 05:53:45 UTC
Permalink
Post by Thad Floryan
" I am regularly asked what is the most surprising thing about the
" Snowden NSA documents. It's this: the NSA is not made of magic.
Exactly. Paranoia causes people to se things that aren't there. Spying is
done the old-fashioned way, whatever that fashion happens to be at the time.
Tools become available and spy agencies use them. "Mission Impossible" was
fantasy, not reality.

I'm reminded of the time when small transmitters came available. The French
government put pillows embedded with transmitters aboard Air France planes.
Business executives used the pillows, and the mics were close enough to the
passengers that the spies could record conversations about products the
companies were working on: industrial espionage. (Remember that many
governments are partners with private industry, so they benefit from
industrial espionage.)

Still, it appears that the very best detective work is still done the REALLY
old-fashioned way: Listening to people with loose tongues. People love to
brag about things they're privy to, even when they've been sworn to secrecy,
even when their jobs depend on that secrecy. People knew that Google was
building a data center on a barge long before anybody even admitted that
Google owned the barge and that they had rented space on Treasure Island.
Not even the manager of Treasure Island knew that Google was the lessor.
BUT, engineers working on the project would to go a local bar, have a few
too many drinks, and begin talking about all the wiring they were doing and
how large the generators had to be, etc. It was then a matter of tracing
down the contact phone number to a Google employee and learning that Sergei
or Larry once fantasized on building a data center in international waters
away from any government's jurisdiction.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Steve Pope
2014-06-16 20:57:08 UTC
Permalink
Post by Thad Floryan
" I am regularly asked what is the most surprising thing about the
" Snowden NSA documents. It's this: the NSA is not made of magic.
" Its tools are no different from what we have in our world, it's
" just better-funded. X-KEYSCORE is Bro plus memory. FOXACID is
" Metasploit with a budget. QUANTUM is AirPwn with a seriously
" privileged position on the backbone. The NSA breaks crypto not
" with super-secret cryptanalysis, but by using standard hacking
" tricks such as exploiting weak implementations and default keys.
Or more than likely it does both, but the supersecret mathematical
cryptonalysis was too compartmentalized for Snowden to be able
to access it.


Steve

Loading...