NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other 'High Potential' Targets (theintercept.com)

← Back to Stories (view on slashdot.org)

NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other 'High Potential' Targets (theintercept.com)

Posted by BeauHD on Friday August 17, 2018 @08:30AM from the devil-is-in-the-details dept.

An anonymous reader quotes a report from The Intercept: The National Security Agency successfully broke the encryption on a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document. The fact that the NSA spied on Al Jazeera's communications was reported by the German newsmagazine Der Spiegel in 2013, but that reporting did not mention that the spying was accomplished through the NSA's compromise of Al Jazeera's VPN. During the Bush administration, high-ranking U.S. officials criticized Al Jazeera, accusing the Qatar-based news organization of having an anti-American bias, including because it broadcasted taped messages from Osama bin Laden.

According to the document, contained in the cache of materials provided by NSA whistleblower Edward Snowden, the NSA also compromised VPNs used by airline reservation systems Iran Air, "Paraguayan SABRE," Russian airline Aeroflot, and "Russian Galileo." Sabre and Galileo are both privately operated, centralized computer systems that facilitate travel transactions like booking airline tickets. Collectively, they are used by hundreds of airlines around the world. In Iraq, the NSA compromised VPNs at the Ministries of Defense and the Interior; the Ministry of Defense had been established by the U.S. in 2004 after the prior iteration was dissolved. Exploitation against the ministries' VPNs appears to have occurred at roughly the same time as a broader "all-out campaign to penetrate Iraqi networks," described by an NSA staffer in 2005.

25 of 68 comments (clear)

Min score:

Reason:

Sort:

Good by Anonymous Coward · 2018-08-17 08:37 · Score: 1

That's what they exist to do.
1. Re:Good by Anonymous Coward · 2018-08-17 08:53 · Score: 1
  
  Good we hack the Russians, Bad the Russians hack us.
  Got it.
  You DO know we are not at war with them, right?
  I think the word is, Hypocrite
2. Re: Good by OtisSnerd · 2018-08-17 10:42 · Score: 1
  
  We have been, are, and always be at war with Russia in one form or another
  "We've always been at war with Eastasia."
3. Re:Good by AHuxley · 2018-08-17 11:34 · Score: 1
  
  Thats nice AC. Until the same powerful methods walk out. Then get sold to anyone with cash.
  Then get given to other nations due to share faith, split loyalty.
  End up in a police collection product?
  The everyone has decryption and all internet use is weakened.
  Better to work on the best encryption and make encryption great again.
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re: Good by BlueStrat · 2018-08-17 20:18 · Score: 1
  
  Out of fear of its power
  No, out of quite-justified fear of what Communists always do. Murder tens of millions of people (mostly their own) After all, Marx himself said that Socialism was the step between Capitalism and Communism.
  And before anyone goes off about the Nordic countries, they have been corner-cases firstly because they're only partially Socialist (and mostly Capitalist), and secondly because until relatively recently they've been a very small and culturally/racially/religiously/ideologically homogeneous culture (somewhere around 5-7 million population in Norway I think?). They are now running away from Socialism because of all the foreign refugees who don't share the same culture, ideology, beliefs, or values. Socialism breaks down in a large and very culturally, religiously, and morally diverse society because of the natural tribal nature of humans.
  As usual in this world, people are why we can't have nice things.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
5. Re:Good by cryptogranny · 2018-08-17 21:07 · Score: 1
  
  Funny thing is here in Russia my friend and I always argue about whether U.S. is a threat. Raised in USSR my friend firmly believes U.S. is solely committed to dominate Russia. "I don't want them told us what to do" - these are his words. I'm not so sure really. Both U.S. and Putin's Russia extends influence by every possible means. Both often break international law and manipulate press. And generally behaves very much the same. My point is that no doubt politics has their agenda and citizens of both countries divides on those who willingly go to play their game as a pawns and those who don't. And as long as you are trying to justify which side is more flawed you are into that game.
6. Re:Good by arglebargle_xiv · 2018-08-18 18:58 · Score: 1
  
  Good we hack the Russians, Bad the Russians hack us. Got it. You DO know we are not at war with them, right?
  We have always been at war with East^H^H^H^Eurasia.
Sounds like they were doing their job by 93+Escort+Wagon · 2018-08-17 08:38 · Score: 5, Insightful

More or less, anyway. But I don't understand how they found time for this, what with all the domestic spying they were doing...

--
#DeleteChrome
Which VPNs? by duke_cheetah2003 · 2018-08-17 08:50 · Score: 2

So, naturally, I want to know which VPN suites they broke into, any particulars on the settings used in such VPNs would also be great.
I would like to improve my own VPN to be.. not what they broke into. No real point in this article if we can't learn how to better secure our own VPNs from it.
1. Re: Which VPNs? by guruevi · 2018-08-17 08:58 · Score: 2
  
  Working with vendors insisting on Cisco gear: outdated protocols (MD5, RC4 and 56-bit DES is standard if you want to use the âaccelerationâ(TM) module.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
2. Re: Which VPNs? by MightyMartian · 2018-08-17 09:10 · Score: 4, Funny
  
  My VPN uses ROT13, you insensitive clod!
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
3. Re: Which VPNs? by amorsen · 2018-08-17 09:24 · Score: 2
  
  I wouldn't be surprised if the NSA has a fairly generic way to take on IPSEC running aggressive mode IKEv1 with group PSK and XAUTH. Because all other options are still a pain...
  The various *SWAN implementations of IKE showed us 15(?) years ago how to do secure roadwarrior VPNs with "raw" public key authentication, no insecure CA's or anything involved. No commercial implementation exist. IKEv2 can do cert-for-the-server + PSK-for-the-client, which is half way decent without relying on a full PSK infrastructure that ~noone gets right, but commercial implementations are generally broken or practically impossible to configure to do so.
  Which leaves IKEv1 with group PSK and XAUTH as the obvious choice. Unfortunately that can be broken offline, if the attacker can watch an authentication attempt.
  
  --
  Finally! A year of moderation! Ready for 2019?
4. Re: Which VPNs? by shellster_dude · 2018-08-17 09:49 · Score: 1
  
  Considering the recent USENIX talk on exploiting most mainstream IKE implementations via a Bleichenbacher attack, this seems most probable. Related paper: https://www.ei.rub.de/media/nd...
5. Re:Which VPNs? by AHuxley · 2018-08-17 11:12 · Score: 1
  
  We know of Bullrun https://en.wikipedia.org/wiki/...
  The world now knows more now with this news.
  The security services know of the origin network, the VPN use in the middle and the destination network.
  Is it decryption in the middle or really perfected decrypted collection on both ends?
  
  --
  Domestic spying is now "Benign Information Gathering"
6. Re:Which VPNs? by gweihir · 2018-08-17 11:25 · Score: 2
  
  Probably Cisco. They are thoroughly compromised, both from no skill and from no integrity.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
7. Re: Which VPNs? by rtb61 · 2018-08-17 17:34 · Score: 2
  
  From what I understand of the US government, would not the US government declare those acts to be acts of war and should generate the potential for a first strike nuclear retaliatory attack. Just saying, according to American exceptionlism that would be the common consensus within corporate controlled main stream media, the US congress and Senate and the White house. So what does the US feel is the appropriate response by the targeted countries, where is the press release to define that, just saying.
  
  --
  Chaos - everything, everywhere, everywhen
8. Re: Which VPNs? by guruevi · 2018-08-19 11:57 · Score: 1
  
  Dude, those configurations are recommended on current gear (IOS 15)
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
Hacking Russian airline Aeroflot is very useful... by ffkom · 2018-08-17 09:17 · Score: 1

... because of all the superior airplane technology and the military secrets that can be sourced from there, right?

Or was this network just hacked to later stage really relevant attacks originating from there, that are then attributed to evil Russians?
That's their job by mschuyler · 2018-08-17 09:22 · Score: 1

It's what they are tasked to do.

--
How about a moderation of -1 pedantic.
1. Re:That's their job by CanadianMacFan · 2018-08-17 10:07 · Score: 4, Insightful
  
  Then don't complain when the foreign governments break into CNN, Fox, United Airlines, and other such companies because they are just doing their jobs too.
How much does it take for NSA to monitor a VPN? by Anonymous Coward · 2018-08-17 09:43 · Score: 1
This makes me wonder if what the cost/effort for NSA is to crack a VPN? Is it high enough that somebody there has to justify it?
- It costs something: "Al Jazeera talks to high-value targets, we should expend the effort/resources to crack their VPN"
- It costs little: "Al Jazeera might have interesting conversations, add them to the list"
- It costs nothing (or already paid for): Network sniffer detects VPN encyrpted patterns, adds them to the list to crack, auto-scaling group chews on that list continuously
The pessimist in me fears its the latter, or will be that very soon...
1. Re:How much does it take for NSA to monitor a VPN? by AHuxley · 2018-08-17 11:31 · Score: 1
  
  AC nobody knows the math side to this.
  Has the NSA found an easy way around all consumer VPN products rather than into VPN encryption
  Is the NSA and GCHQ tracking all networks back from a VPN use and just getting in networks beyond their later VPN use?
  CIA placing devices that collect before VPN use and the NSA ensures their data flow out of nations?
  Some sort of design problem network wide that only the NSA/GCHQ discovered over decades makes all collection very easy?
  
  PRISM could be the way to understand this. Collection is at the origin before any later difficult VPN networking.
  
  --
  Domestic spying is now "Benign Information Gathering"
Cold news by manu0601 · 2018-08-17 12:18 · Score: 1

Summary miss the method of exploitation: this was done thought LogJam. Note that this is a 12 years old source within Snowden leaks.
Re:NSA cracked open networks? by Megol · 2018-08-18 01:11 · Score: 1

If someone cracks US networks - an act of war.
If the US cracks others networks - ...
Saudi Arabia by CaffeinatedBacon · 2018-08-18 02:00 · Score: 1

U.S. officials criticized Al Jazeera, accusing the Qatar-based news organization of having an anti-American bias, including because it broadcasted taped messages from Osama bin Laden.

So Qatar is the badguy because they broadcast messages, but Saudi Arabia is on our side because actually causing 911 is OK.
Good to know, funding terrorists and killing thousands of Americans is not as bad as gloating about it afterwards.