Slashdot Mirror
NSA Targeted 'The Two Leading' Encryption Chips (theintercept.com)
Advocatus Diaboli sends a report from Glenn Greenwald at The Intercept about the NSA's efforts to subvert encryption. Back in 2013, several major publications reported that the NSA was able to crack encryption surrounding commerce and banking systems. Their reports did not identify which specific technology was affected. The recent backdoor found in Juniper systems has caused the journalists involved to un-redact a particular passage from the Snowden documents indicating the NSA targeted the "two leading encryption chips" in their attempts to compromise encryption.
Quoting:
The reference to "the two leading encryption chips" provides some hints, but no definitive proof, as to which ones were successfully targeted. Matthew Green, a cryptography expert at Johns Hopkins, declined to speculate on which companies this might reference. But he said that "the damage has already been done. From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way."
It's only cheating if you get caught. Now the NSA has to deal with the blowback for daring greatly.
Not in US-based/affected products.
So assume Snowden never existed.
Who here is shocked that a government agency whose job it is to FUCKING BREAK CRYPTOGRAPHY would target products that people actually use for cryptography?
This isn't news. This is stating that water is wet with a clickbait conspiracy spin to sucker in the usual crowd.
When was that? I've been here since before Echelon and general consensus here when Echelon was revealed was bomb nuclear jihad assault rifle terrorism explosion poison murder kill.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Not really.
It hasn't been their job to insert backdoors into their own and existing systems worldwide, really. Not even the early codebreakers did that kind of thing.
It's their job to produce foreign signals intelligence, yes, but backdooring every piece of hardware in the country doesn't achieve that. All that achieves is compromise of people who were trusting US hardware already. For example, their allies.
All they've done is hurt their other core purpose - the national security of the US - and significantly damage their country's economy in a few specific areas.
Spying is not about having backdoors in hardware you produce in your own country. It's about getting those into foreign countries, foreign hardware, and about defeating encryptions that you're NOT already in control of.
Literally, a signed court order saying that Cisco/Juniper has to put in a backdoor for US intelligence into products X, Y, Z achieves this aim in the same way. With non-disclosure clauses, it's as secret. That's not what the NSA should be wasting their time on, if that's even what the US want to do.
Remember the big scare a while back about backdoors in Huawei network switches and routers? Looks like we weren't that far behind.
Use a one time pad.
Not just encryption, but pretty much any US created technology ... cloud services or anything else.
If the US has made their technology companies part of their spy apparatus, then who the hell would trust a US technology company? You simply can't.
So don't go all boo-hoo that people are looking at your products with some skepticism they can trust you when you created the situation in which they can't trust you.
Anybody outside of the US has no choice but to look at US technologies and ask "given that it's almost certain they're under the thumb of the NSA, what are my alternatives?"
You can't have it both ways. And you don't get to whine if people stop buying your products because they can't trust you anymore.
Lost at C:>. Found at C.
I think it's more because of the NSA, CIA, etc and the general feeling we get from the U.S.A. that we cannot trust anything you do, period.
Signed,
the rest of the world.
These backdoors are starting to feel more like goatse with every disclosure.
The failure is applying it FAR too broadly and in domestic surveillance which they are specifically prohibited by law from performing.
However, if you are inept enough to keep getting caught in the act, eventually all you do is cripple foreign sales of the companies who cooperate with your efforts.
Eventually, you have less ability to target the threats you are so afraid of.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Easy there, Saika.
#DeleteChrome
And bootlickers like you.
INTEL SKYLAKE
"From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because TECHNOLOGY FROM OTHER COUNTRIES IS ABSOLUTELY *NOT* ANY SAFER, and certain other countries have, you know ACTUALLY killed activists for actions that would be, without question, protected by US free speech rights even if the US government happened to have been able to access some of the encrypted data."
It was time for some more NSA red-meat to rile up the rabid /. base
Spying is not about having backdoors in hardware you produce in your own country. It's about getting those into foreign countries, foreign hardware, and about defeating encryptions that you're NOT already in control of. Literally, a signed court order saying that Cisco/Juniper has to put in a backdoor for US intelligence into products X, Y, Z achieves this aim in the same way. With non-disclosure clauses, it's as secret. That's not what the NSA should be wasting their time on, if that's even what the US want to do.
Sure, because slapping a multi-national full of foreigners with no security clearance with an NDA is totally simliar to an in-house NSA project with all Top Secret clearances. And if China or Russia is the customer, we'll just make a special order just for you without anybody noticing. It's not like the end result would be any better either, everybody would wonder if their hardware has been NSL'd instead of r00ted. I'm not saying either way is a good gamble, but I'd rather take the technical one than the legal one.
Live today, because you never know what tomorrow brings
This.
One of the NSA's mandates is signals intelligence. Another is information assurance, i.e. making sure our communications infrastructure is secure. Inserting backdoors in crypto hardware represents a pyrrhic victory for the first, and a complete disaster for the second.
The one thing that advocates for crypto backdoors completely fail to understand is that what you gain from the ability to monitor traffic comes at an enormous cost, which is the indroduction of a systemic flaw in our entire information infrastructure, which could potentially have catastrophic consequences. The best reason to oppose backdoors is not because "privacy" or "freedom" (although those may indeed be sufficient), but because backdoors combat a nuisance by making us vulnerable to a truly existential threat.
More interesting is the claim that they "reach full capability for SIGINT access to a major Internet peer-to-peer and text communications system." That means Skype to me. My guess is the VPN chips mentioned are the Broadcom 53xx chips that were widely used around that time.
When you have a 55-gallon drum of sewage with a teaspoon of pure water in it, you have a 55-gallon drum of sewage.
When you have a 55-gallon drum of pure water with a teaspoon of sewage in it, you have a 55-gallon drum of sewage.
"Spying is not about having backdoors in hardware you produce in your own country."
Unless you consider your own citizenry to be a threat to national security.
Purposeful, nonconsensual, warrantless, bit manipulation of a private computer, located inside a home (or other constitutionally protected zone of privacy) within the United States is very likely a clear civil rights violation.
Should this become provable, the NSA won't be able to stay out of Federal Court.
I would like to trust the NSA (I really would), but J. Edgar Hoover.
Fool me once....
TPM and?
You've been on /. since a couple of decades before it existed?
BRAVO good sir, BRAVO
Snowdentard
Now _that_ belongs in the dictionary
What ever happened to the echelon spoofer, anyway?
With the way America behaves, I don't see how US hardware is even an option for corporate entities. The post WW2 plunder of European technology, and attempts to control and dominate the foreign policies of other countries, should offer sufficient evidence.
If there were even some attempt to prosecute those responsible for the criminality within the US regime, then there might be some belief that there was anything other than malicious intent, but there isn't.
CYRIX 6X86
The NSA has destroyed US based companies' reputation as reliable IT partners. Nobody trusts anything IT related coming from the US anymore and this is costing money. There was a time when the US held a seemingly moral high ground and constantly accused China of conspiring with Huawei and similar tech giants. Oh how the times have changed!
I suppose the good part is that now everyone (sensible) knows not to trust anything truly sensitive to any networked device.
"Spying is not about having backdoors in hardware you produce in your own country. It's about getting those into foreign countries, foreign hardware, and about defeating encryptions that you're NOT already in control of." And you think they are not doing that as well? lol. They are doing their job and hitting every nail. Even the American made ones.
Have a look at TrackMeNot. It sits in the background cluttering up your "search history" full of randomized searches, with the intention that your real searches get lost in the noise, and any search history being stored about you becomes less useful. There's an option to have it include all kinds of fun terms that are supposedly on NSA/DHS watchlists.
Nonsense. The US government hasn't been about protecting US citizen interests for some time. The "economy" of the US government itself is bigger than that of most world countries, after all. They only care in so far as we are able to perpetuate them.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
We are also due for SJW post.
love is just extroverted narcissism
I tried it once - it blew up my slashdot account because it started randomly reading slashdot pages at a furious pace.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Fall back to one time pads for your embassies. No more huge networks chattering on crypto hardware from "trusted" fast, imported brands that seem to work for every other embassy. The big foreign brands are selling out your networking to competing nations every decade. Reduce the imports and use of any systems that report back to other nations by default as designed, as sold, as installed.
Great for interacting with tourists but dont put the entire nations secrets on foreign systems.
Have staff fly back home and talk in secure vaults and start using a constant flow of embassy staff. Stay away from anything sold as "networked" and "cryptographic" at low prices by competing nations.
Learn to fab your own chips. Create your own compilers. Work on programming languages and cryptography over a new generation of students. Teach all the mistakes of trusting imported crypto, chips, systems, networks. The chips created will be slow, hot, not very efficient but they will be your chips and your nations designers will understand every aspect of them.
Hold meetings about long term issues and international bids/trade, in person in suitable vaults. Stop using imported computer equipment to set and create policy on before its in public and final.
Use imported digital networks and the imported brands to flood other nations security services with crafted, long term disinformation.
Set up entire departments just to create shadow flows of expected information. Some advanced nations only have digital collection as the entirety of their clandestine services. So spread some interesting news in the expensive junk hardware.
We aware of staff going to other nations and returning with a huge shopping list of hardware and software for international integration and cooperation.
The same staff will then have to go on training or refresher courses, conferences and meetings with foreign manufacturer. The friendships, lifestyle are a form of been handled and turned. Use such contacts for long term disinformation by trusted staff over decades.
Harden networks between mil, gov, banking sites with more human contact and less chatter on fully imported digital "crypto" networks.
Use number station like efforts in world wide digital radio to pass out messages rather that per person contact on the internet.
If all that is too hard or expensive, just stop the staff chatter on sensitive national topics on fully imported crypto and networks.
All the news about trapdoors and backdoors is nothing new. France suffered total collection of its embassy codes by the US and GCHQ in the after WW2 into 1950's. Why? Their crypto was weak and their hardware was well understood by the crypto staff working for the US and UK.
Domestic spying is now "Benign Information Gathering"
if u want security:
pencil
one sheet of edible paper at a time on a glass surface
clean glass when done
always have a way to dispose of the paper
Remember those photos of NSA agents intercepting Cisco hardware during shipping and installing backdoors? It's not just anything built in America, it's anything exported from there too.
Best not to buy stuff online really, get it in person and pay cash.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
"Trust but verify." The ability to verify, usually referred to as transparency, is necessary for the establishment of trust. Anything you cannot understand or verify is not trustworthy. You may be forced by circumstances to "trust" it, but if it says "no user serviceable parts inside," the trust is hollow
At this point it's full on "Dis-Trust and Verify" for me.
So comrade 'Anonymous' you celebrate our 'National Sabotage Agency' in its efforts to destroy the credibility of the evil US pig-dog computing industry.. Soon we will get the world to buy our superior Russian made hackware and encryption products.. No security destroying backdoors or spying-software in our products..
Below the speed of light Special Relativity is one of the most accurate theories in physics - above the speed of light..
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
IA doesn't extend to private citizens -- it's only for government data. But you don't have to take my word for it. http://www.c-span.org/video/?3...
https://www.eff.org/https-everywhere
I'd mod you up, but the patriarchy has all the mods points today.
https://www.eff.org/https-everywhere