Get the top HN stories in your inbox every day.
convivialdingo
GuB-42
Is there any proof that Dual_EC_DRBG is backdoored?
All I know is that Dual_EC_DRBG can be backdoored. And there are indeed suspicions, it was known from the start that not only Dual_EC_DRBG could be backdoored, but that it was rather weak to begin with. So, how could it be adopted as a standard?
Now it seems that everyone takes the backdoor as a given. Is there any proof? Ideally the keys themselves (that would make it undeniable), but more credibly, leaks that show usage or potential usage of the backdoor.
But what seems surprising to me about that story is that the potential for a backdoor was known even before the adoption of Dual_EC_DRBG as a standard. Any credible enemy of the state would know that and use something else, and be very suspicious of imported products using it. The ones following NIST recommendations would be allies, but why would you want allies to use weak ciphers?
jiggawatts
> Is there any proof that Dual_EC_DRBG is backdoored?
The algorithm is bad: it's complicated and slow.
The competing algorithms were much simpler, much more secure by construction, and much faster. Most importantly, there was no obvious way to backdoor the competing algorithms, but there's a hilariously trivial way to backdoor Dual_EC_DRBG.
Ergo: the only reason you would ever devise or use Dual_EC_DRBG is to introduce a backdoor capability. There is no other believable benefit or reason.
But rest assured, the NSA promised that they destroyed all copies of the private key they used to generate the public key for Dual_EC_DRBG.
Oh wait, you thought you could generate your own pair and throw away the private key? Ha-ha... haaa. No. That's not compliant with the "standard", which the NSA forced upon the industry, and/or literally bribed companies with millions of dollars to accept willingly.
It's as obvious a backdoor as you could possibly have.
Even if the NSA didn't use it as a backdoor -- I'm crying with laughter now -- the Chinese hacking group APT5 definitely did: https://blog.cryptographyengineering.com/2015/12/22/on-junip...
jandrese
Why would you need proof that it has been backdoored? The fact that it can be backdoored should be enough to disregard it for all uses right from the start.
thephyber
I like the link and the explanations about the weaknesses.
I detest the only evidence being circumstantial and the _argument from ignorance_ being the one that you lean on. Make the simple observations and don’t try to oversell it.
lazide
It has constants chosen with NSA input which weaken it - and which were called out a long time ago as doing so.
It isn’t a back door in the sense of ‘poke the code in a certain way and voila’, rather ‘if you know the counterpart to this constant, you can guess what values the RNG spits out at statistically improbable rates’.
You’d never know if someone was doing so unless they admitted it or someone got arrested in a way that was only possible if they’d used it. Which good luck.
I_am_uncreative
Yes, yes there is: https://eprint.iacr.org/2015/767.pdf
undefined
carbotaniuman
If you believe you are the only one who can break the cipher, then it doesn't really matter if your allies are using them - after all, spying happens even among ostensibly allied or friendly countries.
I think most people's source of proof is the Snowden leaks, but I haven't actually read it or corroborated, and most backdoors should be deniable anyway - it'd be real dumb if they weren't. I think strong circumstantial evidence is really the only thing one can go on.
kurikuri
You are wildly incorrect here.
The cryptographic module uses the CTR_DRBG, not the withdrawn Dual_EC_DRBG. The Dual_EC_DRBG was withdrawn in 2014, but this Security Policy for this module was submitted well past that for FIPS 140-2 revalidation, and the CMVP would not have let a testing lab submit it at all.
This isn’t the back door.
mike_d
Irrelevant. This "revelation" is from pre-2013 information. Dual_EC may have been the capability before it was withdrawn.
kurikuri
> Irrelevant Except it was relevant as a response to the OP in that: I was pointing out their conflation of two different DRBGs.
Having an SP 800-90A DRBG does not mean you support all of them, nor does it imply the user could change between the 3 (or, in that hypothetical, 4).
Outside of that, it is unlikely that this module had Dual_EC_DRBG at any point in time for three reasons: 1) Submitting a hardware module that has an entirely new DRBG would require a lot of low level work from Cavium, and the modifications made to the physical module would likely constitute more than an updated certificate (i.e., a new certificate). 2) Even though the DRBG was withdrawn, the CAVP lists algorithm certificates, and this includes historic certificates. Cavium doesn’t have a Dual_EC_DRBG certificate for any operating environment. A list of Dual_EC_DRBG certificates can be seen here: https://csrc.nist.gov/projects/cryptographic-algorithm-valid... 3) the earliest security policy for the module that I could find dates back to 07/22/2014, and it still uses the CTR_DRBG. Security policy here: https://csrc.nist.rip/groups/STM/cmvp/documents/140-1/140sp/...
stephen_g
That's a very specific module - one of Cavium's dozens and dozens of products.
Hard to tell what it is, more information is needed.
convivialdingo
Well, there's several Cavium devices that support the deprecated/back-doored Hash_DRBG.
For example, these devices were validated for the completely appropriately named "SonicOS 6.2.5 for TZ, SM and NSA". Gotta appreciate the irony.
Cavium CN7020 Hash DRBG
Cavium CN7130 Hash DRBG
Cavium Octeon Plus CN66XX Family Hash DRBG
Cavium Octeon Plus CN68XX Family Hash DRBG
I don't know if that's hardware support or just a software validation - but it's still interesting that they validated it.
https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Valid...
dfox
Except Hash_DRBG is neither deprecated nor backdoored. See NIST SP 800-90A Rev. 1 section 10.1.1.1 for description of the algorithm.
araes
Since Calvium got rewarded for being "Completely Enabling for _______ encryption chips used in VPN and Web encryption" and then lists these on its Nitrox III and Nitrox V (https://pbs.twimg.com/media/F6Y_zDQWgAAj96s?format=jpg)
AES (128/192/256 CBC, GCM)
Triple-DES (CBC, 3-key)
SHS (SHA-1/256/384/512)
HMAC (SHA-1/256/384/512)
RSA (KeyGen, SigGen and SigVer; PKCS1 V1 5; 2048bits)
ECDSA (PKG, SigGen and SigVer; P-256, P-384, P-521)
CTR DRBG (AES-256)
HASH DRBG (SHA-512)
CVL Component (IKEv2, TLS, SSH)
CKG (vendor affirmed)
Does that imply that the NSA may have kleptographic (algorithm substition, or secondary key) attacks or something different for all of these?
_kbh_
> Looking more closely at this, the backdoor is almost certainly based on the back-doored random number generator, Dual_EC_DRBG, which is implemented as NIST SP 800-90A.
This doesn't have to be backdoored.
It could simply be a bug in their hardware RNG that uses something that isn't public to break it.
Or something that Cavium did not realise was vulnerable.
distract8901
Sorry, what does it even mean for a random number generator to have a backdoor? Is it leaking your generated keys to the NSA? Does it have some arbitrary code execution vulnerability?
0xDEFACED
Computerphile has a video about this algorithm and its potential backdoor, it’s a great watch.
zimmerfrei
More interestingly, Cavium (now Marvell) also designed and manufactured the HSMs which are used by the top cloud providers (such as AWS, GCP, possibly Azure too), to hold the most critical private keys:
https://www.prnewswire.com/news-releases/caviums-liquidsecur...
joezydeco
Ayup. We use AWS CloudHSM to hold our private signing keys for deploying field upgrades to our hardware. And when we break the CI scripts I see Cavium in the AWS logs.
Now I gotta take this to our security team and figure out what to do.
supriyo-biswas
I'd be surprised if you get anything more than generic statements about how they take security very seriously and they are open to suggestions, but avoid addressing the mentioned concerns directly (and this applies to all cloud providers out there, not just AWS).
I'm sure a few others here would like to see their response as well.
joezydeco
We've had other issues with our CloudHSM instance, especially with the PKCS1.5 deprecation on January 1. And their support has been pretty dismal. Not expecting much from them at this point.
DyslexicAtheist
wouldnt such a backdoor invalidate all promises made by external audits e.g. https://cloud.google.com/security/compliance/offerings and more importantly wouldn't it violate safe harbor agreement with the EU or whatever sham this safe-harbor was replaced with?
d-161
The Intel Management Engine always runs as long as the motherboard is
receiving power, even when the computer is turned off. This issue can be
mitigated with deployment of a hardware device, which is able to disconnect
mains power.
Intel's main competitor AMD has incorporated the equivalent AMD Secure
Technology (formally called Platform Security Processor) in virtually all of
its post-2013 CPUs.
Ylian Saint-Hilaire, principal Engineer working on remote management software
including hardware manageability:
close04
I think Ylian Saint-Hilaire hasn’t been with Intel for about a year now, after some layoffs. As a result the software ecosystem around AMT/vPro is lagging these days.
Hardware wise nothing changed, it’s just even harder for the actual owner of the hardware to use the legitimate management features while presumably easier for whoever could illegitimately abuse them.
theamk
Nothing?
I mean, you are already in US-based cloud, so if NSA is interested, they will just request information directly, no backdoors needed.
(This is a good test for your security team, btw: if they say anything other that "we do nothing", you know its all security theater)
garfieldnate
But being able to request it and having a built-in backdoor for anyone with a key are different things. It has happened before that the Chinese government figured out network equipment backdoors that were put in for the US government. All your company secrets are there for the taking for anyone with the resources to figure out that backdoor. Especially now that people know it exists. Shouldn't this at least start the clock on expiring this hardware?
joezydeco
Very good point. That was the consensus from our team, so I think we're okay.
Ironically, the data we're securing is because of US government requirements. So if the government wants to spy on itself, who are we to say?
datavirtue
Nobody cares. If caring gets in the way of easy money. Spoiler...it does.
catchnear4321
more accurately, nobody (with sufficient agency to act) cares.
you wouldn’t be cynical if you didn’t care, or felt able to do anything about it.
sambazi
future you will care and facepalm
api
Is there anyone here who actually thought cloud provider HSMs were secure against the provider itself or whatever nation state(s) have jurisdiction over it?
It would never occur to me to even suspect that. I assume that anything I do in the cloud is absolutely transparent to the cloud provider unless it's running homomorphic encryption, which is still too slow and limited to do much that is useful.
I would trust them to be secure against the average "hacker" though, so they do serve some purpose. If your threat model includes nation states then you should not be trusting cloud providers at all.
jacquesm
Lots of people believe that. They believe truthfully you can get to the level of AWS, MS, Google, Facebook or Apple whilst standing up to the nations that host those companies. I've walked into government employees in the hallways of tiny ISPs, I see no reason to believe at all that larger companies are any different except for when easier backdoors have been installed.
BlueTemplar
The really concerning part is to be STILL believing that after the Snowden scandal, after everybody has seen the slides that explain in detail how the NSA sends an FBI team to gather data from (then, in 2013) Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, Apple (and Dropbox being planned).
Also how Yahoo first refused but was forced to comply by the Foreign Intelligence Surveillance Court of Review.
https://www.electrospaces.net/2014/04/what-is-known-about-ns...
(Note that supposedly, "the companies prefer installing their own monitoring capabilities to their networks and servers, instead of allowing the FBI to plug in government-controlled equipment.")
eightysixfour
I don’t know how many believe it and how much is willful ignorance. The big cloud providers make big mistakes but how many trust their organizations to do better against a nation state level actor?
The underlying architectures of our systems are not secure and much of the abstractions built on top of them make that insecurity worse, not better.
For nation state level issues, the solution likely isn’t technical, that is a game of whack-a-mole, it will take a nation deciding that digital intrusions are as or more dangerous than physical ones and to draw a line in the sand. The issue is every nation is doing it and doesn’t want to cut off their own access.
luxuryballs
I always just tell people to lookup “Lavabit” to learn everything you need to know.
TheRealDunkirk
> If your threat model includes...
At my Fortune 250, our threat model apparently includes -- rather conveniently and coincidentally -- everything! Well, everything they make an off-the-shelf product for, anyway. It makes new purchasing decisions easy:
"Does your product make any thing, in any way, more secure?"
"Uh... Yes?"
"You son of a bitch. We're in. Roll it out everywhere. Now."
jdwithit
This reminds me of our own security team, who as far as I can tell do nothing but run POC's of new security tools. And then maybe once a year actually buy one, generating a ton of work (for others) to replace the very similar tool they bought last year. Seems like a good gig.
calgoo
And then when there is a security issue you ask them share the log files from all their spyware and suddenly half the stuff needed is not there because we did not get that module.
Macha
Ahh, I've been there. I'm sure no concern is given for usability of the result.
Welding your vault shut may make it harder for thieves to break in, but if your business model requires making deposits and withdrawals, it's somewhat less helpful.
hiatus
There's no thought given to if the cost to secure the thing outweighs the risk of exposure?
johnklos
It's interesting to consider the people who, with the very same set of facts, come to completely opposite conclusions about security.
For instance, Amazon has a staff of thousands or tens of thousands. To me, that means they can't possibly have a good grasp on internal security, that there's no way to know if and when data has been accessed improperly, et cetera. To others, the fact that they're a mega-huge company means they have security people, security processes and procedures, and they are therefore even more secure than smaller companies.
For one of the two groups, the generalized uncertainty of the small company is greater than the generalized uncertainty of the large. For the other, the size of the large makes certain things inevitable, where the security of smaller companies obviously depends on which companies we're talking about and the people involved. More often than not, people want to generalize about small companies but wouldn't apply the same criteria to larger companies like Amazon.
There's a huge emotional component in this, which I think salespeople excel at exploiting.
It fascinates me, even though it's a never-ending source of frustration.
enkid
If your threat model includes the nation state where you physical infrastructure is, you're hosed.
outworlder
> If your threat model includes the nation state where you physical infrastructure is, you're hosed.
True. But even if you trust your nation state 100%, having a backdoor means you now have to worry about it falling into the wrong hands.
api
Literally hosed. There's a funny jargon term "rubber hose cryptography" that's used to refer to the cryptanalysis method where you beat someone with a rubber hose until they give you the key. It's 100% effective against all forms of cryptography including even post-quantum algorithms.
vasco
I mean in the end everything is people just like Logan Roy said in Succession. Cryptography or any software protections are the same. It's a great quote that is very true:
> "Oh, yes... The law? The law is people. And people is politics. And I can handle of people."
PeterStuer
Addendum: if your threat model includes any nation state that has significant ties to the nation state that hosts your physical or transit infrastructure, you're hosed.
numbsafari
I believe this is why the government of Singapore appears to fund a lot of work on homomorphic encryption.
Even when you are a nation state, you still have to worry about other nation states.
arter4
Especially when you are a nation state.
wsc981
I feel the same and Snowden kinda said as much regarding phones. To assume each phone is compromised by state level actors.
TheRealDunkirk
I mean, there's a reason that the government was involved with setting up the first cell networks. No assumptions need to be involved. They ARE all compromised.
lokar
Cloud HSM services have always been understood as a convenience with limited real world security, without even considering nation state threats.
dclowd9901
I think there’s such a thing as plausible deniability here. We didn’t know for certain so we weren’t culpable, but now that it’s public record, we really have to do something about it or risk liability with our customer data.
pyinstallwoes
This breeds the familiar scenario where a group will start saying the link between the two is so clear that there must be a connection. Then you’ll get another group calling the first group conspiracy theorists, and say it’s just a coincidence of probability.
Narrative control and information modeling is so powerful it’s scary.
jacquesm
Post Snowden the first group has some formidable ammunition.
pyinstallwoes
Now apply that to every other "conspiracy.."
sdiupIGPWEfh
Now get yourself some half-decent psyops and contaminate the first group with supporting voices that emphasize weaker evidence, use poor logic, name-drop socially questionable sources, and go out of their way to sound ridiculous.
pyinstallwoes
Bingo
amluto
…which is really weird. At least Google and Microsoft are quite outspoken about their in-house secure element technology.
If nothing else, at Google/Amazon scale, I’d be concerned about a third-party HSM losing data.
jhallenworld
It's not surprising because who wants to make their own FIPS 140-2 level 3 compliant key store device?
Also, the Cavium one was the fastest one on the market the last time I looked at this. Thales, Safenet and IBM also had them..
amluto
Google? Titan appears to meet FIPS 140-2 level 1.
I find the levels bizarre. Chromebooks are highly exposed to physical attack. Keys in the cloud are not nearly as exposed. Yet people seem okay with level 1 for chromebooks but apparently want level 3 in the cloud?
I’d rather see a level 1 or level 2 auditable cloud solution, with at least source available.
b112
Gotta be better than Utimaco HSM cards. I've worked with them, and have issues with them throwing false low power alarms, and wiping for no reason.
And tech support is horrible, incompetent.
teepo
Time to leverage IBM Cloud KYOK model. You need level 4 especially if you're using 3rd party: FIPS 140-2 Level 4 certified HSM
https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-faq-bas...
tgsovlerkhgsel
In-house stuff is for security.
HSMs are mainly for compliance, where a customer needs to check a regulatory box, because some rules says you must use a HSM. The more standard it is, the easier it is to demonstrate to the auditor that you've checked the box.
undefined
BlueTemplar
[flagged]
milesward
Not Google..
zimmerfrei
Certainly Google (and Oracle and AWS):
https://www.marvell.com/company/newsroom/marvell-enables-ent...
progbits
I'm not saying you are wrong but I can make a website which claims some cloud provider uses my hardware too. Their website is irrelevant. Do we have a Google (or AWS/...) page regarding this?
NelsonMinar
For anyone wondering "what's the big deal" it's worth remembering the NSA has a bad track record of keeping their own hacking tools secure. https://en.wikipedia.org/wiki/The_Shadow_Brokers
It infuriates me the NSA actively works to undermine American security. Their brief is to protect us, not plant backdoors and then lose the keys.
boffinAudio
>It infuriates me the NSA actively works to undermine American security.
It infuriates me that the NSA actively works to undermine International security.
Seriously.
jokoon
I believe they do this because most critical softwares are American, and as long as the NSA has better offensive capabilities, it's better for the NSA if international defenses are low.
I don't think china or Russia really have good offensive capabilities, so as long as it is the case, this helps the US maintain some form of cyberweapon supremacy.
As long as china or small black hats don't do harm, they will not raise security standards.
thewileyone
So much projection when the US accuses China of backdoors ...
Aerbil313
Hahaha. That “concern” is only for you guys in the US. I live in a state which has conflicting interests with the US.
unaindz
So what if you are not in the US?
If they manage to put a backdoor in any software or hardware you use you are affected. They could spy on you and trade that with your government or just lose the keys and now anyone can do it.
PD:Also from outside US btw
guyonthewall
[dead]
JanSolo
The tweet seems to imply that the entire Ubiquiti Networks line of network hardware could be compromised. That's a shame; I was thinking of installing some in my house. I'm sure that Ubiquiti's customers will not be happy if they find out that the US Govt can access their private data.
andreasley
I think at this point it's pretty safe to assume that all of the well-known network hardware is compromised.
tekeous
I wonder if MikroTik would be compromised- they’re Latvian and don’t necessarily have to bow to the NSA.
HideousKojima
I assume by default that any hardware from any NATO nation is compromised by the NSA and other Western intelligence agencies. I also assume that any Chinese or Russian hardware is compromised by their respective intelligence agencies. And I assume that the NSA and other Western agencies are constantly trying to get backdoors into Chinese hardware (and I assume the Chinese are trying the do the same to ours). You're basically screwed no matter what.
pizzalife
There's been plenty of remote 0days in MikroTik's products. At one point people were paying a pretty penny for them.
chinathrow
> have to bow to the NSA
You don't have to bow in order to be compromised. You can be compromised without even knowing it.
ElectricalUnion
Several MikroTik routers use marvel hardware underneath. So marvel might be compelled to backdoor the hardware for the NSA.
some_random
Why would the NSA need to strong arm MikroTik to implement a backdoor when they can pay ~10k for an 0-day to do the exact same thing?
paganel
> they’re Latvian and don’t necessarily have to bow to the NSA. reply
The majority (I'd say all) of the Eastern-European countries that are also NATO members do in fact bow to the US, and thus to the NSA/FBI/the Secret Service.
smolder
MikroTik has come up in their slides before, yes...
some_random
In a world where local PD can kick my door in, shoot me in the face, and the news will report that I had it coming because I own a gun, I find it hard to care that the IC can burn a technical access backdoor to access my private data.
cryptonym
Whataboutism. Both are wrongs and concerning.
mrweasel
I'm currently replacing my network equipment with Mikrotik, not because I believe it to be safer than Ubiquity, but because then at least it's made in the EU.
But now I'm thinking: Is it better that the US is spying on me in Europe, vs. having EU governments do it? I feel like I'd be somewhat more safe from the US, compared to if my own government decides to spy on me. Maybe I should look into Chilean network equipment, I can't imaging that they'd have much interest in my online activities.
owenmarshall
> But now I'm thinking: Is it better that the US is spying on me in Europe, vs. having EU governments do it? I feel like I'd be somewhat more safe from the US, compared to if my own government decides to spy on me.
https://en.wikipedia.org/wiki/Five_Eyes
> In recent years, documents of the FVEY have shown that they are intentionally spying on one another's citizens and sharing the collected information with each other, although the FVEYs countries claim that all intelligence sharing was done legally, according to the domestic law of the respective nations.
So in practice, it's entirely irrelevant: your data will end up Hoovered up by someone, coated with a veneer of legality, and provided back to your government to act on (or not).
Don't be too interesting to your government, I guess?
BlueTemplar
None of these are EUropean countries.
Freestyler_3
Other countries spy on you and sell it to your own country.
manmal
Europe doesn’t make that many chips (unfortunately), chances are high there’s US/Chinese components in there too. Since your network hopefully sees mostly encrypted traffic anyway (even if you're running Plex on the LAN, that should use SSL), I‘d be more concerned about HW in desktops, notebooks and tablets.
isykt
I think in order to address this question, we need to know more about your threat model.
Are you a journalist working in a sensitive/dangerous area?
Do you often participate in discussions with dissident groups?
Do you frequently access content that is illegal in your jurisdiction?
BlueTemplar
In democratic countries we also have rights against (unjustified) spying by our governments. Sounds like a better long-term plan for everyone is to make them work. Especially when even the ideal equipment won't do much against metadata spying by ISPs and cellphone carriers...
ricktdotorg
okay, so assuming the US gov can access my private LAN data due to my use of the Ubiquiti USG as router/firewall, USG wifi APs etc, of what form would this data exfiltration take? can we please explore/explain how this "compromise" would happen in real-life.
if i were sniffing for outbound WAN traffic as root on the unix-like that the USG run, would i see the exfiltration traffic? or is this [supposedly/apparently] happening at a lower layer that an OS can't see i.e. some kind of BMC or BIOS layer?
wouldn't such traffic also have to navigate the varieties/restrictions of DOCSIS etc? or are they also compromised?
is the worst-case scenario here some kind of giant C2 network with waves hands tons of compromised lower-than-OS mini pieces of firmware exfiltrating data over waves hands compromised network providers hardware into the giant NSA AWS cloud?
lofaszvanitt
Would be an interesting experiment to see what an oscilloscope sees on the wire vs what tcpdump records... There was a story somewhere on the net where someone complained thay they wanted to include a do not record payload parameter in tcpdump and couldn't get it through.
stephen_g
Pretty sure only the EdgeRouter and some of the older Unifi Security Gateways use Cavium chips. Most of the newer stuff (like the Dream Machine line) I don't think are anymore. None of the Unifi APs did either I don't think (the U6 ones have Mediatek chips in them)
slau
Annoyingly, the ER4 uses the Cavium Octeon III. I have a few of those in production.
stephen_g
Yeah, I have one at home too, so I really want more detail on what the exploit is (I wonder if if is perhaps IPSEC specific, like an RNG flaw since they talk about VPN and encryption appliances, or it could be something to do with Cavium HSMs and unrelated to the network processors).
inferiorhuman
Some of the EdgeRouter stuff (ER-Lite, ER-4) use Cavium SoCs. The ER-X uses a MediaTek SoC.
djangelic
I recently upgraded my USG for a dream machine, glad it seems the upgrade was worth it.
RationPhantoms
If you're not under the threat cone of nation state surveillance (like trying to exfiltrate the radar-asborbing paint formula on the F35) then I wouldn't be too concerned.
"That's not the point! It's about privacy!"
Sure. I'll choose it ignore the fact that our civilization is somehow still functioning in a post-nuclear world.
tinco
It's not about privacy, it's about security. If there's a backdoor in a HSM or network interface, that backdoor can be used by others as well. That might start with foreign nation states, but might eventually leak to regular private persons or entities as well.
A backdoor is an extra attack vector with often very unfavorable properties that you as a user are unaware of.
sschueller
A Mann is being executed in Saudia Arabia for tweeting a negative tweet about the government to his tiny following. Not exactly someone who thinks they are a target of a nation state.
[1] https://www.hrw.org/news/2023/08/29/saudi-arabia-man-sentenc...
RationPhantoms
Not sure if this a joke but SA is the exact country I would expect to utilize spyware against its citizens.
isykt
100% agreed. If you’re concerned about privacy, being tracked online by corporations is a bigger concern than the the NSA. If you’re the target of an NSA investigation, you’re already fucked. Changing your network equipment is not going to help.
Minor49er
On the contrary, changing equipment may actually help quite a bit when dealing with the NSA. The 2016 documentary "Zero Days" which was centered around the creation of Stuxnet showed that the NSA targeted specific hardware models to look for security holes. They had to buy matching hardware themselves and rigorously try to break it which took time and wasn't trivial to do
awesomeMilou
> If you're not under the threat cone of nation state surveillance
The average reader may be surprised by how far this cone can extend in some circumstances.
It has been established that the NSA conducts industrial espionage [0], under the cover of national security [1]. To what degree the term "national security" narrows down the scope of any surveillance measures is likely unfamiliar to the laymen, but an NSA representative gave a short description on the agencies views to that regard in 2013:
"The intelligence community's efforts to understand economic systems and policies, and monitor anomalous economic activities, are critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security." [1]
While it affirms that it does not steal trade secrets, the NSA reserves the right to pass on critical information about economic developments towards policy makers, who then can use this knowledge in their decision making.
Notable examples of industrial espionage conducted by the NSA consisted of spying on EU antitrust regulators investigating Google for antitrust violations [1], alleged espionage of business conducted by brazilian oil giant Petrobas [2], international credit card transactions [3], SWIFT [4], and the infamous allegations of espionage against european defense company EADS [5].
It's noteworthy that this short list only comprises cases that got attention of the media, the actual list of targets in europe was much higher, about 2000 companies in europe, many of them defense contractors.[5]
So, to summarize, it may be much easier to fall into this cone, than one would assume. The agency is also at odds with it's own claims as this this excerpt from a Guardian article [2] clearly shows:
"The department does not engage in economic espionage in any domain, including cyber," the agency said in an emailed response to a Washington Post story on the subject last month. [...] "We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries' economic policy or behavior which could affect global markets."
But he again denied this amounted to industrial espionage. "What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line." [2]
To me these statements are mutually exclusive: How is providing policy makers with insights from foreign politics and possible industrial espionage (i.e. not necessarily actual technologies, but research objectives of foreign companies) not giving an advantage to domestic companies, if those policy makers act appropriately?
[0]https://theintercept.com/2014/09/05/us-governments-plans-use... [1]https://www.cnet.com/tech/tech-industry/nsa-spied-on-eu-anti... [2]https://www.theguardian.com/world/2013/sep/09/nsa-spying-bra... [3]https://www.spiegel.de/international/world/spiegel-exclusive... [4] https://www.spiegel.de/international/europe/nsa-spying-europ... [5] https://www.theregister.com/2015/04/30/airbus_us_german_inte...
irreticent
The NSA has been caught lying before (see: the Snowden leaks) so I wouldn't trust them to be forthcoming about their industrial espionage, if they are engaging in it. Of course they'd deny it.
p337
> How is providing policy makers with insights from foreign politics and possible industrial espionage not giving an advantage to domestic companies, if those policy makers act appropriately?
Let's imagine OpenAI was a Russian company operating mostly in secret. This RU OpenAI secretly discover and use GPT-4-like technology, and show promise that they are not done innovating. While these LLMs are often overhyped, these recent innovations no doubt present a policy issue, right? I'd say there are legitimate national security reasons to know about that technology, not just about making money or making a better product for cheap.
The distinction being made is that the NSA may steal data related to this, but they aren't just giving it to Google to make Bard better. They are getting intel and giving lawmakers the tools to fund research, write policy, or whatever else our elected representatives deem beneficial. Any side action or under the table dealings would make this distinction meaningless of course. So, for the example above, if we started funding departments to research the threat of LLMs/AI, inform the public of the issue, and inform companies that their data is being pillaged to train AI... that is all very different from just stealing a cool new widget design and getting it to market first.
I think there's no debating that this is morally gray, but I think it's a few steps off of what other nation states are doing by stealing tech and implementing it in "private" companies. It's certainly worthy of criticism, but I think it's unhelpful to bucket it with the other type.
If the LLM example isn't your thing, it also makes a lot of sense for the NSA to steal information related to weapon/defense tech, even if developed by a private company, and even if we use what we stole to implement countermeasures. I can't honestly be morally outraged about invading the privacy of someone developing tools of war against you. Fwiw, I wouldn't blame Russia or China for trying this against the US gov or defense contractors either, but it's not like I'd be happy about it. My point is that that is not so much economic espionage or corporate espionage as much as it is just plain old espionage. It saves lives and protects American hegemony - which I recognize may be counter to many people's ideal situation.
It's a nuanced thing. When you take two morally questionable things and reduce them down to both just being bad, the ones doing the worse things benefit. E.g. "all politicians lie" is a handy phrase for truly corrupt politicians because the ones who make small mistakes or half-truths are in the same bucket as them, and the outcome is apathy for the issue rather than being upset at all of it. Kinda the classic whataboutism trope - not to imply you are doing that, but just to say that's where it often leads.
runeofdoom
And if you are in a position where nation-states are a likely adversary, you'd best assume that all commerically available hardware is compromised.
slackfan
Sure. See you in the gulag, comerade
MSFT_Edging
Gulag is just Russian for prison.
The US currently has about 1.2M people in their gulags, comrade*
RationPhantoms
Oh please, the United States is so incredibly armed, my death will likely come at the hands of some misplaced right-wing militarized fascist group performing mass murders under the guise of "Freedom" and "A return to the constitutional purity of the US".
cpursley
Comrade is of Latin origin. In Russian, tovarisch is the correct term. At least get it right if you're trying to be edgy.
hedora
So, Marvell bought the company that backdoored all my Ubiquiti gear.
Since it was never working as advertised, do I contact them or Ubiquiti to get my refund / warranty replacements?
snoman
It’s an interesting thought experiment to wonder if consumer protections extend to defects from state sponsored acts of espionage.
rdtsc
They are now part of Marvell Technology https://en.wikipedia.org/wiki/Cavium
Wonder if agreeing to enable NSA backdoors they agreed to be compensated when eventually that fact is leaked. "If nobody starts buying your chips, don't worry, we will! ... and then promptly throw them into the recycling bin"
Also interesting is if Marvell knew their acquired tech had this "cool feature".
rvnx
The agreement with the NSA is more likely like this: "if you don't comply, you will get arrested / fined for whatever reason (crypto exports issues or failure to comply with the law), maybe even by another authority, or journalists may discover your little things about X.
If you comply we may help you with some tips occasionally to make sure our partnership is working well, or just not reveal your trade secrets to your competitors"
bananapub
er...what? why do you think any of that has happened?
we already saw this happen in public once with Qwest: https://www.eff.org/deeplinks/2007/10/qwest-ceo-nsa-punished...
hedora
It’s happened at least three times. They got Yahoo’s CEO to [bypass SOX compliance and] hand over access to 500 million email accounts. Last I heard, she said they convinced her she wasn’t allowed to ask corporate lawyers for guidance.
https://www.theguardian.com/technology/2016/oct/04/yahoo-sec...
Both she and Yahoo’s shareholders suffered greatly for complying.
There’s also Crypto AG, which was a foreign-owned CIA front that spied on US allies:
https://www.theguardian.com/us-news/2020/feb/11/crypto-ag-ci...
The Washington Post article is now bullshit-walled, but goes into more details.
One of my favorite parts of the story is that the intelligence agency handlers needed to make sure they only hired incompetent / mediocre engineers and mathematicians at the actual company (algorithm and backdoor design was done at a US government agency that employed competent people).
One day, a brilliant woman applied for a job. She aced the interview, and there were concerns she might be too smart, but upper management hired her on the grounds that the interview results were probably spurious. She was just a woman, after all.
She ended up exposing and fixing their backdoors pretty quickly, which caused a huge containment problem for them.
AdmiralAsshat
Happened to Yahoo as well, IIRC:
https://www.theguardian.com/world/2014/sep/11/yahoo-nsa-laws...
undefined
delfinom
Yea, people forget we literally have a secret kangaroo FISA court being abused to issue "national security letters" with rubber stamp that demanded compliance and threatened to throw you in jail for resisting and/or talking about it. The Patriot Act largely was responsible for it, but even now they've wiggled to other avenues since the Patriot Act expired.
undefined
KingLancelot
[dead]
nonrandomstring
Another tragic blow to the environment and economy.
We treat these stories as if they were simple matters of politics and tech. But the blast radius is huge. When this happened to Cisco, and their value dropped to about 7% of the market they created, I passed massive dumpsters of Cisco gear in the car park, prematurely torn out of racks and consigned to crushing as e-waste.
Has anyone done a serious cost analysis of just how hard this hits? If a foreign entity sabotaged our industry this way we'd take the battle right to them.
chillbill
[dead]
hnthrowaway0315
Where can I find dumpsters of Cisco gears? I guess they are good targets to hack on.
perihelions
How the NSA successfully manage to prevent the Washington Post and friends from discovering and reporting on this malicious backdoor? They've been sitting on these documents for a decade. Are the journalists just that *uncurious* about the deep contents of the documents they hold exclusive access to? Was this some kind of organizational failing?
michaelt
I suspect when a trove of documents is big enough, newspaper readers lose interest before you run out of documents. I mean, even on this tech forum hardly anyone knows who Cavium are, let alone your average Washington Post reader.
elif
Maybe the moral of the story is that future snowdens should leak to selected law firms instead of selected journalists? If there's one organization designed to comb through large documents for details and understand the impacts to potential parties, it is law organizations. Put 2-3 in time competition to make cases out of the documents and it will be a scramble race for justice.
hcurtiss
Law firms aren't terribly entrepreneurial. Absent somebody paying them their hourly rate, I suspect not a single document would be read. Newspapers regularly take risks deploying humans to investigate issues without any assurance there will be a story at the bottom, but even the newspaper business has less appetite for that these days (as an aside, I suspect it's that margin that the financial investors have exploited -- at the expense of high quality reporting).
cbsmith
You'd be surprised. Top journalism organizations do this kind of thing with tremendous efficiency. The Pandora Papers were impressive for exactly that reason.
shortrounddev2
I can't imagine there's any money in it for them
yieldcrv
All the big leaks should be done this way
The Ashley Madison leaks should have been one name a week and making it a big spectacle till this very day!
Same for the Snowden leaks
you can also get bigger bidders for the data by drumming up interest and suspense
hackers really suck at marketing, so far.
akira2501
> newspaper readers lose interest before you run out of documents
So.. what's your case here? It would be so expensive to host and publish the documents that they would be unable to recoup their investment based upon lack of interest?
> hardly anyone knows who Cavium are, let alone your average Washington Post reader.
Oh.. I don't know.. maybe that's because no one has reported on it and explained why it would be important?
There's a lot of circular reasoning present to create excuses for an entity that really doesn't need or deserve it.
undefined
ormax3
sounds like something LLMs can help with, sift through huge amounts of documents to summarize and highlight the interesting ones
jstarfish
If only. The biggest problems right now are limited context size and basic security, including having to share such documents with God-knows-how-many third parties.
Tangent, but we use Azure instead of OpenAI due to data-retention concerns. To ensure nobody's inputting anything classified or proprietary, Legal demanded implementation of an "AI safety" tool...so we demoed one that ships all prompts to a third party's regex-retraction API.
So you never know who ends up the recipient of your LLM prompt, where it's getting logged to, who's reviewing those logs, etc. Even some local models require execution of arbitrary code, and Gradio ships telemetry data. Uploading Snowden's docs into a black box is a good way to catch a ride in a black van.
KaiserPro
The snowden leak was huge and reverberated for weeks. There were lots of followups.
However at the time it was the more sexy things like tapping google's fibre and backdoors in cisco's kits that were more interesting. This is because the public could understand those things and therefore it sold papers.
The difference between "cisco, dell and many other leading manufacturers shipped backdoors in their kit" and "cavium the small provider you've not really heard of" is large.
Most people reading the snowden stuff will have assumed that the NSA had put in backdoors to most things.
some_random
Snowden leaked a shit ton of documents, the vast majority of which had absolutely nothing to do with any kind of NSA wrongdoing. Journalists then had to go through and try to figure out what these documents actually meant (which they frequently misunderstood). Obviously they're still doing it to today.
c7DJTLrn
>Snowden leaked a shit ton of documents, the vast majority of which had absolutely nothing to do with any kind of NSA wrongdoing
Like how NSA collects a shit ton of data on citizens... the vast majority of which has absolutely nothing to do with any kind of wrongdoing.
I'm only pointing this out because your comment has a negative tone towards what Snowden did.
freedomben
I didn't read anything negative in there. GP might have been negative but I don't think there's enough to tell just from the post
sheepshear
Making a strawman argument doesn't point anything out.
mindslight
As a general rule when criminal conspiracies are taken to task, they don't retain a right to privacy for their communications that aren't about the criminal conspiracy. Rather it all comes out in court. I understand why Snowden released the way he did, and given how it kept attention on the subject for longer than Binney/Klein it was probably the right call. But there should have also been an escrow/intent to dump the whole trove raw after some time period.
0xDEF
>As a general rule when criminal conspiracies are taken to task, they don't retain a right to privacy for their communications that aren't about the criminal conspiracy. Rather it all comes out in court.
That doesn't seem to be true. There are many court cases involving criminal conspiracies where you cannot find unrelated information about the involved people.
some_random
Do you really think the entire American IC is a "criminal conspiracy", or are you just trying to justify the fact that Snowden is an angry and vindictive sharepoint admin who simply dumped everything he had access to without regard for what was actually in those documents?
denton-scratch
I don't think the journos were lazy, and I don't think there was an organisational failing. The Guardian, in particular, evidently fell out with Snowden and his collaborators; they turned on him. I assume that was coordinated with Washpo and Spiegel. That is: I think there was a decision made, to stop publishing information from the Snowden trove.
I don't know what the reason for the betrayal was. I'm pretty sure Alan Rusbridger knows though. He resigned as Editor-in-chief shortly after these events.
I don't get why whistleblowers rely on newspaper publishers to unpack their leaks for the public; it's not as if the press are known for either their honesty or their scruples.
jstarfish
> I don't get why whistleblowers rely on newspaper publishers to unpack their leaks for the public
They have an interest in drama and a platform to publish on.
miguelazo
Are you kidding? WaPo serves the intelligence community.
>After creation of the CIA in 1947, it enjoyed direct collaboration with many U.S. news organizations. But the agency faced a major challenge in October 1977, when—soon after leaving the Washington Post—famed Watergate reporter Carl Bernstein provided an extensive exposé in Rolling Stone.
Citing CIA documents, Bernstein wrote that during the previous 25 years “more than 400 American journalists…have secretly carried out assignments for the Central Intelligence Agency.” He added: “The history of the CIA’s involvement with the American press continues to be shrouded by an official policy of obfuscation and deception.”
Bernstein’s story tarnished the reputations of many journalists and media institutions, including the Washington Post and New York Times. While the CIA’s mission was widely assumed to involve “obfuscation and deception,” the mission of the nation’s finest newspapers was ostensibly the opposite.
https://www.guernicamag.com/normon-solomon-why-the-washingto...
pxc
The WaPo is relentlessly pro-US and pro-'intelligence community' in its writings today, too. It's transparent. Idk how it could be missed, even without knowing the history. Just read a couple articles about contemporary whistleblowers or US involvement in the Syrian civil war or the war in Ukraine or whatever.
mcpackieh
> It's transparent. Idk how it could be missed,
Support or criticism for the intelligence community became very partisan during Trump's campaign and presidency. Once something like this becomes partisan, the average political creature loses some degree of rationality for it. The IC becomes patriotic good guys, stalwart defenders of American democracy standing up to fascism; their past and present malfeasance goes unnoticed, forgotten, or simply ignored. This is how the WaPo's relentless pro-IC stance could be missed; they've been telling a lot of people what they want to hear and all people are less critical and suspicious of things that support their biases and prejudices.
wsc981
There was also a German ex-journalist (dr. Udo Ulfkotte) who wrote a book about how journalists (in Germany and EU I suppose) are “bought” by intelligence agencies like the CIA:
https://www.amazon.in/Journalists-Hire-How-Buys-News/dp/1944...
StillBored
I personally had my eyes opened during the run up to the Iraq war in 2022. Pretty much every single news org with national recognition seemed completely incapable of the smallest amount of critical thought. They would basically parrot the whitehouse/etc press releases, and never question a single thing in them.
So, the behavior you point out is enabled by politicians who show such bad judgment in such a critical area, and yet few if any lost their positions over their votes. I personalty have been wondering for the past few years how many of our leaders are actually there of their own accord, rather than put there by various backroom cabals of business leaders and intelligence (foreign and domestic) agencies that want to put their thumbs on the scale with a representative or dozen. How would you ever know, except by their behavior.
miguelazo
Not sure if you meant 2002 instead of 2022 or Ukraine instead of Iraq. Either works!
stephen_g
This happens a lot. I've read stories too about British journalists being cultivated by their intelligence services to make sure that the leaks they want to be published get published and the leaks they don't want published don't.
There's a lot of pontificating about the virtuous, important, selfless job journalists do, but when they're manipulated to such an extent not just by the Government and intelligence agencies but also by their corporate sponsors... It's hard to not be a bit cynical...
pangolinpouch
Our media companies are rife with intelligence agents. Corporate / State media has no incentive to make you the wiser.
ekianjo
> Our media companies are run by intelligence agents
Fixed that for you
hangonhn
It's quite a bit more subtle than that. News organization have their sources that are in the intelligence community. They use each other. Sometimes the journalist wants to use their sources for information. Other times their sources feed them disinformation disguised as information. Other times they want a back channel to leak some real information but can't be seem as coming from a government source. Being a good journalist is hard and often doesn't pay very well.
I'm often remind of PG's essay on corporate PR and the media: http://www.paulgraham.com/submarine.html
the-dude
I have no sources at hand, but I understood the FBI/CIA is embedded within every major news org in the US.
rdtsc
WP is a very close ally to the government agencies in general. That's where it gets those juicy "anonymous government sources claim ..." news. If WP all of sudden wanted to prevent democracy from dying "in darkness" as their motto says, it would mean to start digging a lot harder going against the government as a whole. Don't think they are prepared for it.
45y54jh45
Well yes, why do you think the noise died after the initial hype of Snowden leaking the docs? Do you honestly believe the mechanisms of for-profit journalism lets journalists be journalists? They got to eat and in this world you don't eat by covering yesterdays news.
NSA didn't have to lift a finger. Wait a few weeks and people move on to the next story, this should not be a shocking revelation to anyone.
ben_w
The British intelligence agencies forced the Guardian to literally shred the laptop with the contents while they were in the swing of running headlines about the things it was revealing.
While the USA and the UK are different, I suspect there was a bit more difficult for the NSA than "didn't have to lift a finger".
colatkinson
Mastodon link for those so inclined: https://ioc.exchange/@matthew_d_green/111091979256440306
throwfaraway398
Original source from march 2022 : https://pure.tue.nl/ws/portalfiles/portal/197416841/20220325... page 71, thanks to wikipedia
jdblair
Help me out here:
if my network hardware is compromised, but all of my communication is encrypted, that leaves… traffic analysis? hoovering up the data and storing it to decrypt in the future when it becomes feasible? using the router as a foothold to attack the rest of my network?
The first two are already happening for data that leaves my LAN. Unencrypted data on my LAN is vulnerable, and there is plenty of unencrypted traffic on my LAN in practice. Is that the risk?
jdblair
still thinking… if the three-letter-agency has compromised the random number generator, then that means all traffic encrypted by the router may be easier to crack.
What data is encrypted on the router? VPNs, for one. So a VPN, and all the plaintext traffic sent over it, could be made vulnerable.
0xDEAFBEAD
>What data is encrypted on the router? VPNs, for one.
What sort of VPN are we talking about?
thenickdude
You can run OpenVPN or Wireguard directly on Ubiquiti network equipment for example, and some Ubiquiti EdgeRouter equipment has Cavium CPUs
someonehere
I think I had read the three letter agency is storing this kind of data somewhere in a database for later technologies to decipher.
So I’d assume they could snoop packets and store that data elsewhere. Whenever they harness quantum computing I could assume they put that stored data of yours through it and decrypt it all.
jdblair
but they’re already storing data off the IXs, why do they need to target my router?
w7
Is this not just related to the Dual_EC_DRBG and other tainted RNG issues we've known about, and mitigated, for years?
You can see discussion on this going on as far back as 2015, explicitly in regards to what "SIGINT enabled" means and Cavium: https://www.metzdowd.com/pipermail/cryptography/2015-Decembe...
Am I missing something here? People are talking as if there is some new backdoor that's somehow avoided detection. Did everyone just miss this discussion in 2015?
Discussion of the "Sigint Enabling Project" goes as far back as 2013 on HN itself.
AndrewKemendo
Genuinely, at this point you should just assume 100% of your electronics are compromised by someone. If it’s not a government (yours or otherwise) then a corporation will fill the gaps (while in most cases also giving it to those governments)
You should assume you have no privacy anywhere in your life.
0xDEAFBEAD
If the NSA had hardware backdoors everywhere, it seems to me there would be no need for TAO or hoards of 0-days. And yet we know from the Snowden leaks that the NSA invests a lot in that stuff, correct?
eimrine
I have a laptop with no communications functioning and I'm sure it is not compromised. The proof of it is openly stored the wallet.dat file with no any password.
AndrewKemendo
Is the idea to challenge someone to prove you wrong?
Or are you suggesting that there no way for one of the aforementioned groups to recover your data remotely should they have a focused desire to recover it?
eimrine
Idea is to challenge someone to propose a hardware + OS which can be as secure being online. Probably it has to be OpenBSD and the latest architecture with open BIOS.
Get the top HN stories in your inbox every day.
Looking more closely at this, the backdoor is almost certainly based on the back-doored random number generator, Dual_EC_DRBG, which is implemented as NIST SP 800-90A.
From Wiki: >>> NIST SP 800-90A ("SP" stands for "special publication") is a publication by the National Institute of Standards and Technology with the title Recommendation for Random Number Generation Using Deterministic Random Bit Generators. The publication contains the specification for three allegedly cryptographically secure pseudorandom number generators for use in cryptography: Hash DRBG (based on hash functions), HMAC DRBG (based on HMAC), and CTR DRBG (based on block ciphers in counter mode). Earlier versions included a fourth generator, Dual_EC_DRBG (based on elliptic curve cryptography). Dual_EC_DRBG was later reported to probably contain a kleptographic backdoor inserted by the United States National Security Agency (NSA).
From Cavium's NIST FIPS-140-2, Section 3.3 [1] Approved and Allowed Algorithms:
The cryptographic module supports the following FIPS Approved algorithms.
*SP800-90 CTR DRBG Deterministic random number generation 32
1: https://csrc.nist.gov/csrc/media/projects/cryptographic-modu...