Slashdot Mirror

← Back to Stories (view on slashdot.org)

How the NSA Is Spying On Everyone: More Revelations

Posted by timothy on from the your-own-good dept.

The Intercept has published today a story detailing documents that "reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers." The documents also describe a years-long effort, aimed at hostile and friendly regimes, from the point of view of the U.S. government, to break the security of various countries' communications networks. "Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks."

2 of 148 comments (clear)

  1. 3GPP by TechyImmigrant · · Score: 5, Informative

    There is a group called SAGE that writes the crypto protocols for cell phones, DECT phones and other ETSI/ITU/3GPP derived standards.
    They have never knowingly published an unbroken spec. It is widely understood that this group exists to put government sponsored back doors into cordless phones and cell phones.

    I attended a 3GPP meeting since LTE was happening. In it, the guy from SAGE was presenting the new link cipher. 3GPP had asked for something based on AES (so SAGE couldn't pull their A5 shit any more). He presenting AES-CTR for the encryption and AES-CBC-MAC for the integrity field. He added in an off hand way that *the integrity field is truncated to 16 bits*.

    Since I wasn't there to help them, I didn't question this in the meeting but after the meeting I cornered him an asked why he made it 16 bits (because its obviously stupid), and he did a Gallic shrug of his shoulders and said "Zat ees what zey asked for". So at that point I knew the fix was in.

     

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    1. Re:3GPP by HBI · · Score: 5, Informative

      No they weren't.

      Total US population in 2000 Census: 281421906. Total US-origin casualty count for 9-11: 2604. 1 death in 108072.93.
      Total US population estimate 2013: 313914000 Total motor vehicle fatalities: 33561. 1 death in 9353.5354.

      So you have 10 times the likelihood of dying in a car wreck every year than the worst year ever for terrorism. That's worth giving up all our rights for.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.