David Spencer
Bradford Linux Users Group
16 September 2013
http://www.bbc.co.uk/news/uk-24107854
by the end of 1920 the Black
Chamber had the secret and illegal
cooperation of almost the entire
American cable Industry
B...
LOUIS W. TORDELLA
http://arstechnica.com/tech-policy/2013/06/how-a-30-year-old-lawyer-exposed-nsa-mass-surveillance-of-americans-in-1975/2/
Every day, a courier went up to New
York on the train and returned to Fort
Meade with large reels of magnetic
tape, which ...
2001-09-11
http://usvsth3m.com/post/61008418799/awkward-9-11-tribute-tweets-from-companies
A lot of people are trying to
say that it's a different
world today, and that
eavesdropping on a
massive scale is not
cove...
2005 FFS
2013
“You need the haystack to find the needle”
Keith Alexander
Aspen Security Forum, 17 July 2013
http://www.foreignpolicy.com...
INFORMATION DOMINANCE CENTER
http://www.theguardian.com/commentisfree/2013/sep/15/nsa-mind-keith-alexander-star-trek
http:...
BIG DATA
Alexander reportedly gave several presentations
that detailed networks of suspected terrorists.
In one case it tu...
U R TEH EN3MY OF TEH ST8
Counterencryption programmes
code-named after first battles
of respective Civil Wars
UK: EDGEHILL...
http://static.guim.co.uk/sys-images/Guardian/Pix/audio/video/2013/9/5/1378396354932/NSA-Bullrun-2-001.jpg
“Do not speculate on sources or methods”
HERE YA GO
● A company volunteers to help (and gets paid for it)
● Spies copy the...
Encryption works.
Properly implemented strong crypto systems
are one of the few things that you can rely on.
Unfortunately...
IPSEC
Every once in a while, someone not an NSA employee,
but who had longstanding ties to NSA,
would make a suggestion th...
Weakness in Dual_EC_DRBG
Dan Shumow and Niels Ferguson
(Microsoft)
Did NSA Put a Secret Backdoor in New
Encryption Standar...
WTF 2007
Gov’t standards agency “strongly” discourages
use of NSA-influenced algorithm
13 September 2013
http://arstechnic...
http://www.change.org/en-GB/petitions/linus-torvalds-remove-rdrand-from-dev-random-4
Where do I start a petition to raise the IQ and kernel knowledge of people?
Guys, go read drivers/char/random.c. Then, lea...
https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J
DIGINOTAR PWNED JULY 2011
Netherlands cert authority
“the list of fraudulent digital certificates obtained from
DigiNotar ...
O HAI
http://koen.io/wp-content/uploads/2013/09/DigiNotar_slide.png
MAN IN THE MIDDLE
“FLYING PIG”
https://people.torproject.org/~andrew/2013-09-10-quick-ant-tor-events-qfd.png
MAN IN THE MIDDLE
“FLYING PIG”
http://4.bp.blogspot.com/-jUBwxB2JMuo/UjCPEX7CYtI/AAAAAAAAFAE/IXaJrZdyQhQ/s400/Flying+Pig.g...
MAN IN THE MIDDLE
https://ur.pwned.lol
Perfect Forward Secrecy
Netcraft toolbar
http://toolbar.netcraft.com/install
Gmail certificate
subverted?
u r teh fuX0r3d
lololol
Singularity Hub
http://singularityhub.com/2013/09/04/facebook-plans-to-add-millions-more-faces-to-its-facial-recognition-d...
http://arstechnica.com/security/2013/09/the-body-worn-imsi-catcher-for-all-your-covert-phone-snooping-needs/
Ars
Technica
http://arstechnica.com/tech-policy/2013/09/how-the-cops-watch-your-tweets-in-real-time/
http://www.wired.co.uk/news/archive/2013-06/26/socmint
Adam Curtis
http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER
Charles Stross
1970s: deregulation of labour markets and the
deliberate destruction of the job for life culture.
Today, ar...
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
In ur-internets
In ur-internets
In ur-internets
In ur-internets
In ur-internets
In ur-internets
In ur-internets
Upcoming SlideShare
Loading in …5
×

In ur-internets

1,076 views

Published on

IN UR INTERNETS - the NSA and your intertubes, September 2013

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,076
On SlideShare
0
From Embeds
0
Number of Embeds
105
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

In ur-internets

  1. 1. David Spencer Bradford Linux Users Group 16 September 2013
  2. 2. http://www.bbc.co.uk/news/uk-24107854
  3. 3. by the end of 1920 the Black Chamber had the secret and illegal cooperation of almost the entire American cable Industry Bamford The Puzzle Palace 1920
  4. 4. LOUIS W. TORDELLA
  5. 5. http://arstechnica.com/tech-policy/2013/06/how-a-30-year-old-lawyer-exposed-nsa-mass-surveillance-of-americans-in-1975/2/
  6. 6. Every day, a courier went up to New York on the train and returned to Fort Meade with large reels of magnetic tape, which were copies of the international telegrams sent from New York the preceding day using the facilities of three telegraph companies Ars Technica http://arstechnica.com/tech-policy/2013/06/how-a-30-year-old-lawyer-exposed-nsa-mass-surveillance-of-americans-in-1975/
  7. 7. 2001-09-11 http://usvsth3m.com/post/61008418799/awkward-9-11-tribute-tweets-from-companies
  8. 8. A lot of people are trying to say that it's a different world today, and that eavesdropping on a massive scale is not covered under the FISA statute, because it just wasn't possible or anticipated back then. That's a lie. December 29, 2005 https://www.schneier.com/blog/archives/2005/12/project_shamroc.html
  9. 9. 2005 FFS
  10. 10. 2013
  11. 11. “You need the haystack to find the needle” Keith Alexander Aspen Security Forum, 17 July 2013 http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander http://www.aspeninstitute.org/events/2013/07/17/2013-aspen-security-forum/transcript-clear-present-danger-cyber-crime-cyber
  12. 12. INFORMATION DOMINANCE CENTER http://www.theguardian.com/commentisfree/2013/sep/15/nsa-mind-keith-alexander-star-trek http://www.businessinsider.com/the-us-army-star-trek-command-center-2013-9
  13. 13. BIG DATA Alexander reportedly gave several presentations that detailed networks of suspected terrorists. In one case it turned out that "all those guys were connected to were pizza shops" http://www.businessinsider.com/keith-alexanders-sidekick-james-heath-2013-9 MMM PIZZA OM NOM NOM Another massive chart, which ostensibly detailed al Qaeda and its connections in Afghanistan, turned out to be completely false. "We found there was no data behind the links. No verifiable sources. We later found out that a quarter of the guys named on the chart had already been killed in Afghanistan."
  14. 14. U R TEH EN3MY OF TEH ST8 Counterencryption programmes code-named after first battles of respective Civil Wars UK: EDGEHILL US: MANASSAS / BULLRUN http://www.emptywheel.net/2013/09/05/nsa-gchq-declare-civil-war-on-their-own-people/ Adwalton Moor = CCL
  15. 15. http://static.guim.co.uk/sys-images/Guardian/Pix/audio/video/2013/9/5/1378396354932/NSA-Bullrun-2-001.jpg
  16. 16. “Do not speculate on sources or methods” HERE YA GO ● A company volunteers to help (and gets paid for it) ● Spies copy the traffic directly off the fiber ● A company complies under legal duress ● Spies infiltrate a company ● Spies coerce upstream companies to weaken crypto in their products/install backdoors ● Spies brute force the crypto [weakened keys] ● Spies compromise a digital certificate ● Spies hack a target computer directly [zero-day exploits], stealing keys and/or data, sabotage Ars Technica http://arstechnica.com/tech-policy/2013/09/let-us-count-the-ways-how-the-feds-legally-technically-get-our-data/
  17. 17. Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. Snowden 17 June 2013 The NSA is able to decrypt most of the Internet. They're doing it primarily by cheating, not by mathematics. Remember this: The math is good, but math has no agency. Code has agency, and the code has been subverted. Schneier 5 Sep 2013 http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
  18. 18. IPSEC Every once in a while, someone not an NSA employee, but who had longstanding ties to NSA, would make a suggestion that reduced privacy or security, but which seemed to make sense when viewed by people who didn't know much about crypto. For example, using the same IV (initialization vector) throughout a session, rather than making a new one for each packet. Or, retaining a way to for this encryption protocol to specify that no encryption is to be applied. John Gilmore 6 September 2013 http://www.mail-archive.com/cryptography@metzdowd.com/msg12325.html
  19. 19. Weakness in Dual_EC_DRBG Dan Shumow and Niels Ferguson (Microsoft) Did NSA Put a Secret Backdoor in New Encryption Standard? Schneier 15 November 2007 http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115 http://rump2007.cr.yp.to/15-shumow.pdf
  20. 20. WTF 2007 Gov’t standards agency “strongly” discourages use of NSA-influenced algorithm 13 September 2013 http://arstechnica.com/security/2013/09/government-standards-agency-strongly-suggests-dropping-its-own-encryption-standard/
  21. 21. http://www.change.org/en-GB/petitions/linus-torvalds-remove-rdrand-from-dev-random-4
  22. 22. Where do I start a petition to raise the IQ and kernel knowledge of people? Guys, go read drivers/char/random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong. Short answer: we actually know what we are doing. You don't. Long answer: we use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool. So even if rdrand were to be back-doored by the NSA, our use of rdrand actually improves the quality of the random numbers you get from /dev/random. Really short answer: you're ignorant. Linus 9 September 2013 http://www.change.org/en-GB/petitions/linus-torvalds-remove-rdrand-from-dev-random-4/responses/9066 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2557a303ab6712bb6e09447df828c557c710ac9
  23. 23. https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J
  24. 24. DIGINOTAR PWNED JULY 2011 Netherlands cert authority “the list of fraudulent digital certificates obtained from DigiNotar has been growing, expanding to include not just Facebook, Google, Microsoft, Skype, Twitter, and WordPress, but also the CIA, MI6, and Mossad intelligence services, as well as the pro-privacy Tor Project” Information Week 6 September 2011 http://www.informationweek.com/security/attacks/stolen-digital-certificates-compromised/231600810
  25. 25. O HAI http://koen.io/wp-content/uploads/2013/09/DigiNotar_slide.png
  26. 26. MAN IN THE MIDDLE “FLYING PIG” https://people.torproject.org/~andrew/2013-09-10-quick-ant-tor-events-qfd.png
  27. 27. MAN IN THE MIDDLE “FLYING PIG” http://4.bp.blogspot.com/-jUBwxB2JMuo/UjCPEX7CYtI/AAAAAAAAFAE/IXaJrZdyQhQ/s400/Flying+Pig.gif
  28. 28. MAN IN THE MIDDLE https://ur.pwned.lol
  29. 29. Perfect Forward Secrecy Netcraft toolbar http://toolbar.netcraft.com/install
  30. 30. Gmail certificate subverted? u r teh fuX0r3d lololol
  31. 31. Singularity Hub http://singularityhub.com/2013/09/04/facebook-plans-to-add-millions-more-faces-to-its-facial-recognition-database/
  32. 32. http://arstechnica.com/security/2013/09/the-body-worn-imsi-catcher-for-all-your-covert-phone-snooping-needs/
  33. 33. Ars Technica
  34. 34. http://arstechnica.com/tech-policy/2013/09/how-the-cops-watch-your-tweets-in-real-time/
  35. 35. http://www.wired.co.uk/news/archive/2013-06/26/socmint
  36. 36. Adam Curtis http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER
  37. 37. Charles Stross 1970s: deregulation of labour markets and the deliberate destruction of the job for life culture. Today, around 70% of the US intelligence budget is spent on outside contractors. Gen Y has never thought of jobs as permanent things. Gen Y will stare at you blankly if you talk about loyalty to their employer. Edward Snowden is 30: he was born in 1983. I think he's a sign of things to come. PS: Chelsea Manning is 25. http://www.antipope.org/charlie/blog-static/2013/08/snowden-leaks-the-real-take-ho.html
  38. 38. http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying

×