The NSA Uses the Same Chat Protocol As Hackers

← Back to Stories (view on slashdot.org)

The NSA Uses the Same Chat Protocol As Hackers

Posted by samzenpus on Monday December 29, 2014 @10:46AM from the I-think-I'm-in-the-wrong-chatroom dept.

rossgneumann writes NSA documents obtained by Edward Snowden and reported on by Der Spiegel on Sunday reveal that the agency communicates internally with Jabber, an open source messaging service used by hackers and activists trying to skirt the NSA's internet surveillance dragnet. A document outlining the NSA's Scarletfever program—a "message driven cryptologic exploitation service" designed as part of the larger Longhaul initiative, a program that collects data and finds ways to break its encryption—contains a curious point buried near the end: "Jabber Chat Room: TBD."

20 of 81 comments (clear)

Min score:

Reason:

Sort:

OMG Jabber by rednip · 2014-12-29 10:49 · Score: 5, Funny

Whatsapp is a jabber client as well. I fail to see why this is surprising connection. Seems more like click bait.

--
The force that blew the Big Bang continues to accelerate.
stupidest. revelation. ever. by Anonymous Coward · 2014-12-29 10:51 · Score: 5, Insightful

i bet those sons of bitches are using imap and ethernet too! just like hackers!
1. Re:stupidest. revelation. ever. by NoNonAlphaCharsHere · 2014-12-29 11:04 · Score: 4, Funny
  
  Yup. The difference is the internal NSA's systems are air-gapped so those sons-of-bitches at the GCHQ can't listen in.
2. Re:stupidest. revelation. ever. by F.Ultra · 2014-12-29 11:30 · Score: 3, Informative
  
  Didn't stop Snowden though :)
3. Re:stupidest. revelation. ever. by Anonymous Coward · 2014-12-29 11:52 · Score: 2, Funny
  
  And slashdot has sunk to new lows in terms of article quality.
  And despite that, I bet they still haven't reached their full downward potential.
4. Re:stupidest. revelation. ever. by unrtst · 2014-12-29 11:57 · Score: 4, Interesting
  
  There's a whole lot of comments here saying this is stupid, obvious, not surprising, etc, and pointing out other clients that have used (and still use) XMPP (jabber).
  The one potentially interesting bit that brought me here... what are they using for encryption?
  I'm assuming they have TLS enabled from client to server, and from server to server. The details for that layer are not very important to me, though I'd still be interested to know.
  The end-to-end encryption used, that's what I'd be most curious to hear about. There's a lot of apps and plugins and such that boast end-to-end encryption, but there is little interoperability AFAICT. There's a fairly wide variety of implementations and specs (and lack thereof). OTR may be the best known one (http://en.wikipedia.org/wiki/Off-the-Record_Messaging). IMO, what it uses seems somewhat dated with respect to all the SSL/TLS issues that came to light this past year. Ex, OTR uses:
  * Diffie-Hellman key exchange with 1536 bit group size. (is this ADH, static DH, DHE, ECDH, ECDHE, etc)
  * AES symmetric key with 128 bit key length (AES 256 is more the norm now, and there are certainly lots of other alternatives)
  * SHA-1 hash function (SHA1 is deprecated in many situations, and SHA256 and other stronger hash functions are readily available)
  * forward secrecy (that's good... but I wonder if it's using similar and well tested methods such as used in current PFS TLS implementations)
  * NO support for multi-user group chat
  I'm betting there's better and/or more updated things out there. Seems OTR could be updated fairly easily (define new protocol version and use different set of stuff in the various places in the protocol), but what is it that others that are extremely paranoid are using?
5. Re:stupidest. revelation. ever. by chill · 2014-12-29 12:13 · Score: 2
  
  OTR is mentioned as one of those things they really can't crack if you dig through the whole Spiegel article.
  
  --
  Learning HOW to think is more important than learning WHAT to think.
Dumb by Anrego · 2014-12-29 10:51 · Score: 4, Insightful

Wow, that article said absolutely nothing interesting.
The gist: jabber is a widely used protocol, there is a widely used way to encrypt it,and the NSA has played around with it.
Also what is the deal with every website now using this weird scrolling hackery. I find it very unpleasant.
1. Re:Dumb by cold+fjord · 2014-12-29 19:05 · Score: 2
  
  ...properly participating in the two minutes of hate.
  I'm guessing that the irony eludes you.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
I'll bet that's not all... by Chris+Mattern · 2014-12-29 10:58 · Score: 4, Funny

They probably use the same email system hackers do!
In other news... by x0ra · 2014-12-29 10:59 · Score: 2, Funny

NSA employees enjoy the same daily disturbing bodily functions as hackers; they poop...
1. Re:In other news... by rubycodez · 2014-12-29 11:03 · Score: 2, Informative
  
  in fascist USA NSA poops on you
Re:Jabber by NoNonAlphaCharsHere · 2014-12-29 11:08 · Score: 2, Funny

Well, it's not like they're gonna use Windows and be pwned by third-graders, is it?
Keyboards also used by hackers & NSA by OrangeTide · 2014-12-29 11:22 · Score: 3, Funny

Both the NSA and Hackers are using Keyboards to input data into computers.
Seriously, Jabber/XMPP are well known standards for implementing internet messaging.
This whole article smells like misinformation to work the media up into a frenzy. I don't see how these revelations can accomplish anything positive.

--
“Common sense is not so common.” — Voltaire
1. Re:Keyboards also used by hackers & NSA by phantomfive · 2014-12-29 12:47 · Score: 2
  
  This whole article smells like misinformation to work the media up into a frenzy. I don't see how these revelations can accomplish anything positive.
  Most people can't distinguish between Jabber and Metadata. Expecting people to come to reasonable conclusions, and be outraged about the proper things when dealing with computer related issues, is asking too much.
  
  Reporters don't care, they are looking for something sensationalistic to bring in eyeballs. They aren't really journalists, they're eyeball-mongers.
  
  The important thing is that people realize the NSA is spying on them, and presumably that would outrage them, but somehow it seems to not. I don't know why.
  
  --
  "First they came for the slanderers and i said nothing."
"NSA using same technologies as hackers!" by Paul+Jakma · 2014-12-29 11:24 · Score: 3, Funny

“Shocking revelations have come out today that the NSA is using the same kind of computers and Internet technologies as hackers, criminals and even paedophiles! The NSA are known to use PCs and operating systems such as Microsoft Windows - a paeophiles favourite - and even Linux - beloved by hackers. The NSA even has spent money on making Linux more secure, which may help thwart law enforcement from investigating computers used by criminals. Further reports suggest the NSA also regularly use TCP in a variety of ways. TCP is known to be heavily deployed by many criminals worldwide. We contacted the NSA and asked them to comment, but their spokesperson responded only with a sneering "Oh for fucks sake" before hanging up the phone.”

--
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
Do your part by Brain-Fu · 2014-12-29 11:44 · Score: 2, Interesting

An AC in a previous Snowden story posted this link:
Grant Snowden Clemency
You can sign this petition to pressure the government to pardon Snowden, so he can come back to the states a free man.
Please share this link on your other forums. It is the least you can do for him, after all he has sacrificed for you.
1. Re:Do your part by unrtst · 2014-12-29 12:33 · Score: 3, Insightful
  
  It will be as successful as the "legalize marijuana" petition.
  Is that really the example you want to use? Is the answer, "fairly successful"?
  23 states and District of Columbia currently have laws legalizing marijuana in some form.
  4 states have legalized it for recreational use (6 in 2015).
  Many states have eliminated or greatly reduced penalties for small amounts of it.
  Population-wise, and electoral-college-wise, I believe we are well past 50%.
2. Re:Do your part by lister+king+of+smeg · 2014-12-30 10:57 · Score: 2
  
  Post hoc ergo propter hoc
  No if it were not for petitions we would not had the initiative put on the ballot where it succeeded, therefor it is not "Post hoc ergo propter hoc" as you say but simple cause and effect.
  QED bitches -xkcd
  
  --
  ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Re:As 'Hackers'? by Ketorin · 2014-12-29 11:52 · Score: 2

>Is this like nerd, where everyone is calling themselves that? Someday they will claim "obese shut-in", what is there then left for me? Go out and exercise?