Slashdot Mirror
NSA Says They Have VPNs In a 'Vulcan Death Grip'
An anonymous reader sends this quote from Ars Technica:
The National Security Agency's Office of Target Pursuit (OTP) maintains a team of engineers dedicated to cracking the encrypted traffic of virtual private networks (VPNs) and has developed tools that could potentially uncloak the traffic in the majority of VPNs used to secure traffic passing over the Internet today, according to documents published this week by the German news magazine Der Speigel. A slide deck from a presentation by a member of OTP's VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs—including tools with names drawn from Star Trek and other bits of popular culture.
It's not so much the VPN technology as it is the failure to correctly implement and secure it.
TFA leaves the real content until the end of the article:
So if the NSA wants to "crack" your VPN session they first record it (we know how they do that) then they try to brute force that recording using what is, essentially, a dictionary attack.
TFA seems more entranced by the cutesy names than by the technology.
So if they have the PSK, then they can decrypt your VPN connection?
Yeah, not surprising.
Nowhere does it say they actually have effective techniques for extracting the PSK from, say, a Diffie-Hellman exchange. Because.... well... pretty much, nobody can.
But, sure, if you plug in your VPN PSK into a router that's then compromised, your PSK is then public knowledge. Hell, in most places it's listed in your Cisco CLI and extractable if you have access to it (http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/82076-preshared-key-recover.html).
Isn't this why we have several things, not least SSL VPN with proper keychains, certificate revocation, passphrase-protected keys, etc.?
You can try to scaremonger all you like (this is, what? The fourth of fifth article this month with scaremongering like this about Tor, SSL, etc.?). Fact is nobody has demonstrated, or even pointed to suspicious circumstances that may hint, that the NSA or anyone else are doing anything different to the bad guys out there - finding out that compromising the devices is generally easier than decrypting proper TLS security. And nobody's been seen to actually have a shred of evidence that they can decrypt TLS by any way other than being handed the keys.
All this does is tell me the exact OPPOSITE of what the little guy (and presumably anyone reading this article, shame on you Slashdot) would take home. The NSA aren't able to do anything more than I thought they could. That the encryption is serving it's purpose to the point that it's easier to compromise the routers en-masse than it is to break the encryption.
All this does is say to me "Keep doing what you're doing". Use proper PKE with decent size keys and secure them as much as humanly possible.
All I've thought about these kinds of articles for the past year is "What are you trying to scare me onto?" Truecrypt, SSL, PFS etc. It all points towards a certain set of algorithms which are hailed as the "solution" to all these problems - Elliptic Curve. Strangely, one of the "official" curved was designed in co-operation with these people and they won't provide justification for it, and their track-record in this area is quite well-known. These are the people who paid RSA to weaken their encryption, the people who didn't want us to be able to have large-bit encryption available in any case, and who wanted us to have backdoored chips protecting our devices.
PKE is doing it's job at the moment. I'd hate to think that we all jump-ship to the thing that's ACTUALLY broken, in our haste to secure things against this kind of propaganda.
With those ping times, you sure won't have the first laugh.