Been seeing Twitter from @ralphholz, @KevinSMcArthur, and @eddy_nigg
about some goofy certs surfacing in S Korea with CA=true.
via Reddit http://www.reddit.com/tb/kj25j
http://english.hani.co.kr/arti/english_edition/e_national/496473.html
It's not entirely clear that a trusted CA cert is being used in this
attack, however the article comes to the conclusion that HTTPS
application data is being decrypted so it's the most plausible assumption.
Quoting extensively here because I don't have a sense of how long "The
Hankyoreh" keeps their English language text around.
- Marsh
NIS admits to packet tapping Gmail By Noh Hyung-woong
It has come to light that the National Intelligence Service has been
using a technique known as “packet tapping” to spy on emails sent and
received using Gmail, Google’s email service. This is expected to
have a significant impact, as it proves that not even Gmail,
previously a popular “cyber safe haven” because of its reputation for
high levels of security, is safe from tapping.
The NIS itself disclosed that Gmail tapping was taking place in the
process of responding to a constitutional appeal filed by 52-year-old
former teacher Kim Hyeong-geun, who was the object of packet tapping,
in March this year.
As part of written responses submitted recently to the Constitutional
Court, the NIS stated, “Mr. Kim was taking measures to avoid
detection by investigation agencies, such as using a foreign mail
service [Gmail] and mail accounts in his parents’ names, and deleting
emails immediately after receiving or sending them. We therefore made
the judgment that gathering evidence through a conventional search
and seizure would be difficult, and conducted packet tapping.”
The NIS went on to explain, “[Some Korean citizens] systematically
attempt so-called ‘cyber asylum,’ in ways such as using foreign mail
services (Gmail, Hotmail) that lie beyond the boundaries of Korea‘s
investigative authority, making packet tapping an inevitable measure
for dealing with this.”
The NIS asserted the need to tap Gmail when applying to a court of
law for permission to also use communication restriction measures
[packet tapping]. The court, too, accepted the NIS’s request at the
time and granted permission for packet tapping.
Unlike normal communication tapping methods, packet tapping is a
technology that allows a real-time view of all content coming and
going via the Internet. It opens all packets of a designated user
that are transmitted via the Internet. This was impossible in the
early days of the Internet, but monitoring and vetting of desired
information only from among huge amounts of packet information became
possible with the development of “deep packet inspection” technology.
Deep packet inspection technology is used not only for censorship,
but also in marketing such as custom advertising on Gmail and
Facebook.
The fact that the NIS taps Gmail, which uses HTTP Secure, a
communication protocol with reinforced security, means that it
possesses the technology to decrypt data packets transmitted via
Internet lines after intercepting them.
“Gmail has been using an encrypted protocol since 2009, when it was
revealed that Chinese security services had been tapping it,” said
one official from a software security company. “Technologically,
decrypting it is known to be almost impossible. If it turns out to be
true [that the NIS has been packet tapping], this could turn into an
international controversy.”
“The revelation of the possibility that Gmail may have been tapped is
truly shocking,” said Jang Yeo-gyeong, an activist at Jinbo.net. “It
has shown once again that the secrets of people’s private lives can
be totally violated.” Lawyer Lee Gwang-cheol of MINBYUN-Lawyers for a
Democratic Society, who has taken on Kim’s case, said, “I think it is
surprising, and perhaps even good, that the NIS itself has revealed
that it uses packet tapping on Gmail. I hope the Constitutional Court
will use this appeal hearing to decide upon legitimate boundaries for
investigations, given that the actual circumstances of the NIS’s
packet tapping have not been clearly revealed.”
Please direct questions or comments to [englishh...@hani.co.kr]
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
