Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 28

Backdoor Dreaming

1

Share

Download to read offline

This is the talk I gave at computer security conference m0leCon2021 in Turin.
Security products are often the ideal target for those who want to attack a system by weakening it from within. From encryption equipment to VPNs, from encryption software to chips, in recent years alarms have been raised about the possible presence of backdoors or serious vulnerabilities in products meant to be safe. How can we draw the line between paranoia and reality?

Related Books

Free with a 30 day trial from Scribd

See all

Backdoor Dreaming

  1. 1. Backdoor Dreaming #m0leCon2021 - Carola Frediani
  2. 2. In the Sixties the UK Foreign Office’s cold war propaganda arm had been assigned to stir Indonesian anticommunists into action to overthrow the Sukarno regime. They did it through black propaganda. And through backdoored cypher machines. Before the online troll farms
  3. 3. Psyops and SIGINT GCHQ could break and read Indonesian encrypted messages without difficulty. A revealing GCHQ memorandum highlighted the contribution which SIGINT could make. The GCHQ material can “help the generals to persecute the PKI (the communist party, nda) more effectively”. How come?
  4. 4. The dirty secret of the machines made for secrets The government was among many countries using equipment supplied by Swiss-based company Crypto AG. For over 50 years, Crypto AG supplied secretly sabotaged cypher machines, so that CIA/NSA, BND and the GCHQ could easily break the codes.
  5. 5. Crypto AG: the intelligence coup of the century Boris Hagelin, Crypto’s founder, fled to the US during the war and sold cypher machines to the army. Then he went back to Switzerland. US intelligence sent cryptographer William Friedman to persuade Hagelin to sell his most advanced machines only to US approved countries. In intelligence terms it is a denial operation.
  6. 6. The breakthrough Crypto AG shift to electronic devices was the breakthrough moment for NSA/CIA. To adapt to the new technology Crytpo AG accepted their help. In 1967, Crypto rolled out a new, all-electronic model, the H-460, whose inner workings were completely designed by the NSA. “Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.” (from CIA report)
  7. 7. The expansion NSA didn’t install crude “backdoors” or secretly program the devices to cough up their encryption keys. The manipulation of Crypto’s algorithms streamlined and shortened the code-breaking process. The company made at least two versions of its products — secure models sold to friendly governments, and rigged systems for the rest of the world (WashPost)
  8. 8. The exit BND left. CIA acquired other crypto firms, liquidating some of them. The documents do not disclose any details about these entities. The encryption market moved from hardware to software. CIA sold Crypto AG.
  9. 9. The steps Denial operation Active measures Take over (or eliminate) competition Exit t
  10. 10. The steps Denial operation Active measures Take over or eliminate competition Exit Technological shift Technological shift
  11. 11. The mastermind Paul Calder Le Roux is a former criminal cartel boss. A drug lord. A kingpin. A weapons trafficker. He has been arrested in September 2012 and sentenced to 25 years. He was involved in money laundering, drug and arms trafficking, organized crime, fraud. He later admitted seven murders. But he was also a talented programmer. Someone even speculated that Le Roux could be Satoshi Nakamoto.
  12. 12. TrueCrypt prequel There is a connection between Le Roux and TrueCrypt. What we know is that Le Roux is responsible for creating an open-source disk encryption platform called E4M, Encryption for the Masses. He even wrote a manifesto: “The battle for privacy has long since been lost in the real world”. I
  13. 13. TrueCrypt release Le Roux went on to work for a security company, SecurStar, that later accused him of having incorporated some of his work into E4M. In 2004, a group of anonymous developers released a new free file-encryption program, TrueCrypt, built on the code for E4M. There was a controversy with SecurStar. But the anonymous programmers maintained TrueCrypt. Not clear how they funded it. I
  14. 14. TrueCrypt rumors Around 2013, after the NSAgate, some speculation arose about the presence of a backdoor in TrueCrypt. A crowdfunding campaign was launched in order to audit it. “Okay, the sources of TrueCrypt are available and will probably be audited seriously, but the binaries (for Windows) present on the site, do they contain a backdoor?”, asked an article. A researcher compiled it and answered no (reached a very close match with the official binaries)
  15. 15. TrueCrypt farewell The TrueCrypt project was abruptly shut down on May 28, 2014. And this also fuelled speculations. “They set the whole thing on fire” - Matthew Green
  16. 16. TrueCrypt audit “The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaw” - 2015
  17. 17. TL;DR “Just to be clear, Paul Calder LeRoux wrote E4M, the precursor to Truecrypt. He then went on to become, essentially, a James Bond villain. Truecrypt 1.0 was a fork of E4M made by two anonymous authors. There was a legal tussle, and 1.0 was pulled. 2.0 was later released. The Truecrypt authors were anonymous but clearly had some funding. They hired lawyers and filed trademarks. There is no evidence that LeRoux maintained a connection to Truecrypt development while he built his criminal empire. He used it though.
  18. 18. Γνώθι σαυτόν (and your VPN provider) Crossrider Kape Technologies They acquired: ● CyberGhost VPN ● Zenmate VPN ● Private Internet Access VPN ● Express VPN (one of major providers) ● a collection of VPN review websites Incidentally, Express VPN CIO has been involved in Project Raven, the mercenary cyberspy unit of the UAE.
  19. 19. Dangerous liaisons “The combination of malicious ad-network+VPN-provider means that not only can they profile specific users, but they can also manipulate their traffic. And that’s where the real magic enters the picture as ‘TNI’!” (‘Tactical network injection, nda). “Think about it, it’s not only cheaper, people are paying you to run this, you also make ad revenue, you can sell their data, AND you can occasionally serve some other shady interest by profiling user traffic and infecting some special unsuspecting customers”
  20. 20. Conclusions? When does the backdoor dreaming come true? Enabling factors: ● Technological shit
  21. 21. Conclusions? When does the backdoor dreaming come true? Enabling factors: ● Technological shit ● Ideological drive
  22. 22. Conclusions? When does the backdoor dreaming come true? Enabling factors: ● Technological shit ● Ideological drive ● Market concentration/dominance
  23. 23. Conclusions? When does the backdoor dreaming come true? Enabling factors: ● Technological shit ● Ideological drive ● Market concentration/dominance ● Strong market demand
  24. 24. Conclusions? When does the backdoor dreaming come true? Enabling factors: ● Technological shit ● Ideological drive ● Market concentration/dominance ● Strong market demand ● Failure of other containment strategies
  25. 25. Conclusions? When does the backdoor dreaming come true? Enabling factors: ● Technological shit ● Ideological drive ● Market concentration/dominance ● Strong market demand ● Failure of other containment strategies
  26. 26. Conclusions? When does the backdoor dreaming come true? Enabling factors: ● Technological shit ● Ideological drive ● Market concentration/dominance ● Strong market demand ● Failure of other containment strategies ● Other?
  27. 27. Conclusions? What do you need to trust a security product? ● Open source code? ● Audits? ● A transparent history? ● Known developers? ● Wide community? ● Funds source? ● A diversified market? ● Competitors existence? ● Ideology affinity? ● Other?
  28. 28. Thank you! Carola Frediani Twitter: @carolafrediani Website and Newsletter: https://guerredirete.it/

×