Re: [cryptography] [Cryptography] Equation Group Multiple Malware Program, NSA Implicated
Here's an interesting comparison. Most academic cryptographers believe that the NSA has lost its lead: While for years they were the only ones doing cryptography, and were decades ahead of anyone on the outside, but now we have so many good people on the outside that we've caught up to, and perhaps even surpassed, the NSA. I've always found this reasoning a bit too pat. But getting actual evidence has been impossible. What evidence is there for this? Snowden saying encryption works. This is probably quite true... from his particular vantage/access point and social network. Yet however much we may know about that side being relatively open and shary and the capabilities there, it is not an exclusive answer to the crypto question. None of the Snowden docs to date are or show any real details about the crypto side of the house. He either had no interest (unlikely), had no time, found it too risky (whether to pull off without being caught, or over concern about some element of grave damage), or simply had no access. FBI complaining about going dark, we need backdoors - they only ever complain at that level as proxy for NSA, and same complaint is repeated in rapid succession in UK, DE. These sort of things may be important indicators. Yet to prove them as such you'd also have to analyse the history of FUD making, grab attempts and so on to interpret. It could be that selective crypto is not dark, but merely expensive to scale into being see all as desired with the old in clear. So you would have to analyse the costs there. Electricity, rainbow disk storage, real estate, cooling. How do you know the disk makers and their suppliers do not have black wing budgets. Or that there is not a multi billion fab lab buried under some mountain powered by a ground radiator / aquifer cooled nuke reactor? This is exactly how organizations win over smart individuals: They build a database of expertise over many years, and they are patient and can keep at it indefinitely. Yes, that's one... who is tracking where all the brilliant maths and others go after high school? The student names in known friendly colleges and programs? The ones that seem to drop from the public scene? What media is publishing interviews with them? Where are known adversary retirees that may have something to say when invited? It's not that I have evidence the other way. We just don't know. At one level, this all comes down to your model of science. ... thinking of the question as a murder investigation - clues, hypotheses, correlations, etc. To know the adversary you must continual analyse all potential aspects, and not just aspect itself but their inputs, dependencies and output/result chains. Then maybe you can answer some questions. After all, the adversary is doing analysis upon you. Right. I'm surprised Android sells any phones in USA market. It's surprising that maybe no one has yet reverse engineered the binary blobs/drivers in android to provide a fully open software stack there. And although more difficult, same goes for the firmware blobs. Regardless of effectiveness, it would show market demand. New models for large corporations only started to arise in the late 1960's, with the development of so-called knowledge organizations. Knowledge, and knowledge dichotomy within capacity of biology as a whole to adapt evenly, seems quite a potential for scary outcomes... http://yro.slashdot.org/story/15/02/17/2229240/oregon-residents-riled-over-virtually-staff-free-data-centers-getting-tax-breaks http://science.slashdot.org/story/15/02/17/030208/game-theory-calls-cooperation-into-question http://yro.slashdot.org/story/15/02/17/0025237/att-to-match-google-fiber-in-kansas-city-charge-more-if-you-want-privacy http://tech.slashdot.org/story/15/02/16/2332217/the-software-revolution In sum, I'd say they are ahead in the pure math, but you'd be hard pressed to find an area where it mattered. Maybe. It's really impossible to say. Two days ago, I would probably have agreed with you. Now ... I'm not so sure. As with Google, they hire a lot of Maths and others, and have been at it for decades longer. Even generations of maths born into now. There is too much silence from these workers. Especially when society could probably get along just as well without so many organizational level secrets everywhere (wars), and now potentially against peoples if you believe that sort of thing. More Snowdens Please. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Equation Group Multiple Malware Program, NSA Implicated
From someone failing to send to list: Or he actually got those docs ... Possible, but you would expect crypto research to be well compartmented from legal, sigint and offensive ops that appear to be the sole scope of the known docs. If research does posess a break, maintaining that secret while producing politically/operationally useful decrypts would be harder to manage. but the journalists he entrusted them to have decided not to release them. You can always bury / escrow multiple copies in multiple locations known only to you in case you need them later. Hard to believe this was not forseen and done given history of media with prior leaks. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Equation Group Multiple Malware Program, NSA Implicated
On 17/02/2015 15:56 pm, Jerry Leichter wrote: On Feb 17, 2015, at 6:35 AM, ianG i...@iang.org wrote: Here's an interesting comparison. Most academic cryptographers believe that the NSA has lost its lead: While for years they were the only ones doing cryptography, and were decades ahead of anyone on the outside, but now we have so many good people on the outside that we've caught up to, and perhaps even surpassed, the NSA. I've always found this reasoning a bit too pat. But getting actual evidence has been impossible. I'd rather say it this way: we have circumstantial evidence that we are at about the same level for all practical purposes and intents. As far as we are concerned. What evidence is there for this? Snowden saying encryption works. EquationGroup use of RC4-6, AES, SHAs. FBI complaining about going dark, we need backdoors - they only ever complain at that level as proxy for NSA, and same complaint is repeated in rapid succession in UK, DE. Practically all the exploits so far disclosed are about hacking the software, hardware, nothing we've seen comes even close to hacking the ciphers. Some of the interventions are about hacking the RNGs - which typically take the cryptanalysis to places where we can hack it. Off-the-record comments I've heard. Analysis of released systems such as Skipjack. It's all circumstantial. There's a bit of a difference. I'd say they are still way ahead in cryptanalysis, but not in ways that seriously damage AES, KECCAK, etc. Again, do you have any evidence? There is the story about differential cryptanalysis - they released the first 4 volumes, but still haven't mentioned the other 4 ;-) It's not that I have evidence the other way. We just don't know. At one level, this all comes down to your model of science. Typically we in the science world like to know stuff based on evidence from experiments, or similar facts that have been built up over time. We are very careful to not let our imagination run away with us. But this doesn't work with the spy business. They will never let us run the experiment, they will not let us read the literature, and if we ever find enough to put 2+2 together, they'll run a deception campaign to break that logic. Or lie. Or they will remind us that you don't know or all of the above. So we have to develop a better approach. We can probably benefit from thinking of the question as a murder investigation - clues, hypotheses, correlations, etc. We can't take it to a court of law -- they deny us that as well -- but we can form a view as to whodunnit. Many won't accept that view, of course. To them I say, you're dancing to their tune. What concerns me is that most of the arguments are faith-based - the kind of arguments that support open always wins: No matter how big/smart you are, there are more smart people who *don't* work for you than who *do*, and in the long run the larger number of people, openly communicating and sharing, will win. And yet Apple sold more phones in the US last quarter than all Android makers combined - the first time they've been in the lead. It's not even clear how to compare the number of smart cryptographers inside and outside of NSA - and NSA has more funding and years of experience they keep to themselves. This is exactly how organizations win over smart individuals: They build a database of expertise over many years, and they are patient and can keep at it indefinitely. Right. I'm surprised Android sells any phones in USA market. Although I understand that it is the only way to compete with Apple, it is also the weaker position. Which comes out in a price insensitive market. OTOH, I'm surprised to see an iPhone in Africa ;) In contrast, I'd say we are somewhat ahead in protocol work. That is, the push for eg CAESAR, QUIC, sponge construction, is coming from open community not from them. Why would they push for new stuff out in the open world? Maintenance of protocols is really hard, really expensive. I know, I manage a 100kloc code base with several hard crypto protocols in it, and I'm drowning, perpetually. Whatever we can do to get that into the open source world, the better. They *should* be pushing for it, because they *should* be putting more emphasis on defense of non-NSA systems. Yes. That is the huge mystery. It's pretty clear the NSA is doing the non-NSA mission huge damage. Yet no movement on the priorities, just blather about 'sharing' from Obama. That's a mystery. But what we've seen confirmed repeatedly over the last couple of years is that they have concentrated on offense - and against everything that *isn't* an NSA system. Right. I think that we know, even though they won't release much evidence of it ;) (To the point where they've apparently even neglected defense of their own internal systems: What Snowden did was certainly something they *thought* they had a
Re: [cryptography] [Cryptography] Equation Group Multiple Malware Program, NSA Implicated
On 17/02/2015 00:58 am, Jerry Leichter wrote: On Feb 16, 2015, at 3:39 PM, John Young j...@pipeline.com mailto:j...@pipeline.com wrote: Kaspersky Q and A for Equation Group multiple malware program, in use early as 1996. NSA implicated. https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf https://t.co/bByx6d25YF Dan Goodin: How “omnipotent” hackers tied to NSA hid for 14 yearsand were found at last http://ars.to/1EdOXWo http://t.co/0n1D05GOFN Two articles that are well worth reading. Back in the 1980's, I knew a bunch of the security guys at DEC. While this was a much less threatening time, even the DEC internal network of that period saw attacks here and there. What the security guys said was that they had all kinds of attacks that they would find, analyze, and lock out. But there was this residual collection of ghosts: They'd see hints that something kind of attack had taken place, but they couldn't find any detailed trace of how, where, or by whom. The guys doing it could get in and out and at most leave a bit of an odd, unexplainable event behind. They assumed it was government attackers, but could never prove anything. It should be no surprise that this kind of thing has been going on for years. The first papers on attacks on and defenses of computer systems from a military point of view go back to the 1970's. (The Air Force took the early lead - or perhaps they just let more out.) For a while, some of this work was in the open; the famous Rainbow Series of reports was one result. But then it all went dark - a fact that's now obvious in retrospect, though I don't recall anyone commenting on it at the time. (One wonders if this was the result of the NSA taking over fully.) With unlimited funding and years of practice, these guys are way ahead of the rest of us. Back in late 2000s, there was a surge in interest in APTs and the industrial-military contractors went on a shopping spree looking for cyber-warriors. At the time I discounted it as yet another hype thing, but it seems that it happened, and we're now in a cyber-arms race. Here's an interesting comparison. Most academic cryptographers believe that the NSA has lost its lead: While for years they were the only ones doing cryptography, and were decades ahead of anyone on the outside, but now we have so many good people on the outside that we've caught up to, and perhaps even surpassed, the NSA. I've always found this reasoning a bit too pat. But getting actual evidence has been impossible. I'd rather say it this way: we have circumstantial evidence that we are at about the same level for all practical purposes and intents. As far as we are concerned. There's a bit of a difference. I'd say they are still way ahead in cryptanalysis, but not in ways that seriously damage AES, KECCAK, etc. In contrast, I'd say we are somewhat ahead in protocol work. That is, the push for eg CAESAR, QUIC, sponge construction, is coming from open community not from them. In the 1990s we infamously blundered by copying their threat model; now no longer, we have enough of our own knowledge and deep institutional experience to be able to say that's garbage, our customers are different. And our needs are pushing the envelope out in ways they can't possibly keep up with. Although, I could be wrong here - Equation team reports from Kaskersky didn't say much about the protocols they were using to exfiltrate, just that they had a fetish for Ron's ciphers. So now we have some evidence from a closely related domain. It's not as if the world isn't full of people attacking software and hardware, for academic fame, for money, just for the hell of it. And yet here we have evidence that the secret community is *way* out ahead. Sure, there are papers speculating about how to take over disk drive firmware. But these guys *actually do it*, at scale. Should we be so confident that our claims about cryptography are on any firmer ground? In sum, I'd say they are ahead in the pure math, but you'd be hard pressed to find an area where it mattered. E.g., as Peter Adi and I are infamously on record for saying [0], the crypto isn't what is being attacked here. It's the software engineering and the crappy security systems. iang [0] http://financialcryptography.com/mt/archives/001460.html ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
