They have the cooperation of the average users OS, its code and plain text input. Forms of onetime pads, PGP and other amazing encryption has always been an issue. The solution was Tempest, later weak/cheap global standards and now plain text as entered.
Yes they have your tame mainstream OS/cell OS and every hardware "keystroke" before encryption and any needed knowledge of the OS.
Also recall many nations have sent their officer class to the US. They will recall the best years of their lives while working in the telco/security sectors...
Then comes the "just this once" telco/OS favour....
Close allies or cold war friendships - or a nations law enforcement - its not your cloud.
In the old days a gov would go after the coders, hardware makers, publishers or even create a 'trusted' front company.
The big telco and computer brands handed over clear text making life much more easy but old methods are still waiting for anyone.
Cheap dual ethernet motherboards see a jump in sales as whitebox testing units are constructed.
A fast new cleanroom OS is loaded and deep packetsniffing code is carefully crafted.
When the boss is home and clerical staff have packed up for the day...
Ex staff and trusted colleagues load up their B2B and B2P machines with exciting new dual use orders from exotic locations.
Will they see a hint of "routers, switches and firewalls from multiple product vendor lines" trying to “harvest” their efforts and phone home?
Low cost, fast, new crypto hardware and later software was always very suspect from the 1970's on.
Enigma gave the clandestine services a taste of near realtime information. Why would a top system admin or cryptographer not warn of past (1970-90's) insights into state sponsored network issues?
The good news for all in the "defend my networks" community is great new books on gap or air wall and good code. Way beyond a chapter of trusted brands or code that 'just works' that the author wrote or likes.
If we the posters dont have US/UK clearances and are just commenting on press stories that are not behind paywalls..... its just a thought crime for now.
Everything you connect Linux to is by default compromised. Every packet you send, every search term, every line of code you add or correct.
So in theory and practice the code is safe. The first telco exchange/tower/branded box you connect is not.
The hardware and software used to help Linux as part of a much larger setting maybe junk as the routers, switches and firewalls from multiple product vendor lines comment notes.
You also have the hint of "“harvest” communications and tunnel into other connected networks" - why is this outgoing data not making any admin at that skill level sit up and start thinking?
So the big threat may not be good quality code inspected my a few bright people world wide but the flexibility/power/cast savings/cooling offered by brand name devices on or off site that are the way in and out.
The world needs smarter admins watching more of their kit beyond just the uptime and consumer needs.
A work environment may have very long term guests that have total control over systems.
Historic information filling in the back story to this years cyber comments has consequences.... http://blogs.fas.org/secrecy/2013/08/cyber-offense/
“We believe our [cyber] offense is the best in the world,” - Gen. Keith B. Alexander, director of the National Security Agency and Commander of U.S. Cyber Command.
Lets go down the list cold:
A mission count, the citation needed for the aggressive aspect and the words GENIE and TURBINE.
More people will understand terms like Tailored Access Operations (TAO).
More firms will be careful about their shopping for routers, switches and firewalls from US product lines. That would be nothing new after 30 years of crypto warnings of useless hardware and software been sold world wide from 'trusted' brands.
The harvest aspect is fun ins scope and costing, how is the US getting all that data back without skilled admins at some point working out what their expensive systems are doing:)
The use of sites more within to the US (Georgia, Texas, Colorado) may point to more domestic operations - also not really new.
Overlapping missions notes will be very interesting to US legal teams and law reform groups.
So over all a few new names, terms and a hint that some hardware and software encryption is mostly expensive junk- something books and magazines noted many years ago.
The problem is many in the USA are working in the "teaching people", publishing, faith or related groups.
Their legal teams and friends may see this as the start of a colour of law chilling effect.
Will they be next, on a list, questioned or be subjected to entrapment just for "teaching someone" or publishing.
The point can be understood from the UK and UK perspective.
When the UK faced a huge flow of information to the Soviet Union the US liked to show its ability to protect its interests.
One method was the lie detector test used by the ~CIA from 1948 onwards.
By 1951 all US crypto experts faced the polygraph exam.
The sale, education, maintenance and use became part of US culture. The UK feared losing very skilled individuals over one test. The UK was very aware of the fact any Soviet agent who could pass falsely would be confirmed as safe year after year.
In the early/mid 1980's the UK found the machines to be useless. 200 MI5 staff where tested, 37% failed - the press got the results.
The UK did an amazing and very smart thing - they understood the inaccurate side of the testing, how it would result in good staff losses and very bad staff moving further up the ranks. The UK did not really 'tell' the US about the tests and did not go on with more polygraph work in the late 1980's.
The NSA was hoping anxiety would trip many people up with basic mind tricks, pre and post test questions and ever more tests.
ie 'scare the hell out of people"
Tor was well commented on in the late 2000. The mentioned "global passive attack" was well understood. The use of academics using many exit nodes was also noted. The ability of code to track people during the past years was also in the press.
Today's Fun Article was commenting on a version of the "first break the gag order, then wait for government attacking in court, and then defend" mentioned in the "Alternative solution".
The defence team did bring up aspects of the NSA's domestic surveillance program.
You also have a mention of FBI, CIA, and.... DEA - something that seems to be news in 2013.
You can read more at http://cryptome.org/mayer-016.pdf eg
"... May 11, 2006, that the NSA has engaged in a continuing program of intelligence gathering directed against U.S. telephone subscribers of...."
The Total Information Awareness program is also mentioned and issues that surround warrant or subpoena needs and the United States telephone
network. http://en.wikipedia.org/wiki/MAINWAY may make interesting reading too. (Warning: link may contain classified data: ensure unclassified work computer is clean)
The audio, video, text trust in US encryption is gone. Global trust is the brands is gone. People will love the products but at a 'free' joke like level.
The data "in" will be spread over a few more distant groups and what the NSA can get will be more difficult.
People can expect to be hunted down 'before' 'during' and 'after' a protest organised via the US "brands" products.
The "before" part was always a bit of a mystery. Now cameras and legal staff will be waiting.
The same people with US trust funds, scholarships, shares, pensions and telco/hardware/software/web 2.0 political connections.
Their parents or they bought into or made millions at a staff or contractor or software level from the big US brands.
They need to believe that the encryption IS safe, the product sold world wide IS safe, the ads ARE lucrative, that the brand, logo and "coded in the USA' IS a global winner.
Not that their pension/shares/job/resume/are contracting for/blog about/sockpuppet for a US gov wired ENIGMA box and the rest of the world just found out.
The US gov knows what you did last IPO. What was a great moment in capitalism might just get 'reviewed' years later by an understaffed, underfunded, legally powerless gov entity.
For the first time ever they might have amazing funding, smart staff, real subpoenas, global extradition support and strangely US press backing.
Yes a nice internal "telco" like splitter at the clear text adversing plain text end.
Nobody would have ever known. The sockpuppets on Slashdot could have posted citation needed for years.
The internal legal teams would have been unaware, the staff just seeing 'contractors' at another door outside their pay grade.
Why did the big brands in the USA risk all? What made then roll over vs the trust as global.com brands?
The UK has a lot of legal experts who will love a day in court over this or talk at length in to press as to why and how why where shut out.
The UK press has faced this style of cold war intrusion before and has the cash, legal skills and PR to mount a good defence on any more UK/US gov legal efforts.
Add in historians, publishers, bloggers - its a powerful mix to fight off per case in the web 2.0 age. The ability of anyone in the UK to still seek news/truth on the topics 'outside' the UK makes any rulings a legal mess. "Banned in the UK" "MI5 is watching this site" "Forbidden to many US/UK gov workers: non fiction content posted below" might become a nice joke on many a news site outside the UK.
Legally the UK is entering that ~1960-80 East European legal zone - the gov so needs more control but as you said so need to be seen as lawful and democratic.
In the end the UK press wins or the gov faces a very short internal legal victory. Years of reminders about its fancy new "laws" in the global press, computer games, plays, tv, radio, web 2.0, books...poems..puppets, lyrics.... people win contests, big international prizes... UK law becomes a global joke.
Very true, this keeps everybody who has a role well in the loop and online, waiting to see what will happen.
Overtime the GCHQ and NSA hope someone will get very sloppy and they can 'recover' more hardware in over parts of the world.
Law reform experts and the UK press will also be kept very busy trying to understand any new colour of law efforts that slide "Irish" era laws over their daily work.
Yes the US private sector is going to have to re invent what Germans taught the USA years ago but long term it will be great.
More real local jobs again, real science, real data and real costs.
Groups, institutions and companies world wide will have more options and see missions they could never afford been launched.
As the tech gets cheaper more companies will be able to enter the market too.
No more slowing a science or an imaging project due to politics, an epic boondoggle or hidden costs:)
page 2 has some interesting directions for iCloud Keychain.
"...online, shared between your devices and backed up by a meaty encryption system"
Will all that 256-bit AES encryption system to outlast a NSL (http://en.wikipedia.org/wiki/National_security_letter) like effort or will it be a form of one time, one way only online system?
They have the cooperation of the average users OS, its code and plain text input. Forms of onetime pads, PGP and other amazing encryption has always been an issue. The solution was Tempest, later weak/cheap global standards and now plain text as entered.
Yes they have your tame mainstream OS/cell OS and every hardware "keystroke" before encryption and any needed knowledge of the OS. ....
Also recall many nations have sent their officer class to the US. They will recall the best years of their lives while working in the telco/security sectors...
Then comes the "just this once" telco/OS favour
Close allies or cold war friendships - or a nations law enforcement - its not your cloud.
Or a NSL to add in another server?
In the old days a gov would go after the coders, hardware makers, publishers or even create a 'trusted' front company.
The big telco and computer brands handed over clear text making life much more easy but old methods are still waiting for anyone.
http://www.youtube.com/thejuicemedia (via http://thejuicemedia.com/ has a display in video form : :)
WHISTLEBLOWER - feat. Edward Snowden:
http://www.youtube.com/watch?v=hnMPQmIPibE
French, Portuguese, German, Czech, Hebrew, Russian, Serbian, Dutch, Spanish, Japanese, Turkish lyrics translations are listed too
Cheap dual ethernet motherboards see a jump in sales as whitebox testing units are constructed.
A fast new cleanroom OS is loaded and deep packetsniffing code is carefully crafted.
When the boss is home and clerical staff have packed up for the day...
Ex staff and trusted colleagues load up their B2B and B2P machines with exciting new dual use orders from exotic locations.
Will they see a hint of "routers, switches and firewalls from multiple product vendor lines" trying to “harvest” their efforts and phone home?
Low cost, fast, new crypto hardware and later software was always very suspect from the 1970's on.
Enigma gave the clandestine services a taste of near realtime information.
Why would a top system admin or cryptographer not warn of past (1970-90's) insights into state sponsored network issues?
The good news for all in the "defend my networks" community is great new books on gap or air wall and good code. Way beyond a chapter of trusted brands or code that 'just works' that the author wrote or likes.
If we the posters dont have US/UK clearances and are just commenting on press stories that are not behind paywalls..... its just a thought crime for now.
Everything you connect Linux to is by default compromised. Every packet you send, every search term, every line of code you add or correct.
So in theory and practice the code is safe. The first telco exchange/tower/branded box you connect is not.
The hardware and software used to help Linux as part of a much larger setting maybe junk as the routers, switches and firewalls from multiple product vendor lines comment notes.
You also have the hint of "“harvest” communications and tunnel into other connected networks" - why is this outgoing data not making any admin at that skill level sit up and start thinking?
So the big threat may not be good quality code inspected my a few bright people world wide but the flexibility/power/cast savings/cooling offered by brand name devices on or off site that are the way in and out.
The world needs smarter admins watching more of their kit beyond just the uptime and consumer needs.
A work environment may have very long term guests that have total control over systems.
Historic information filling in the back story to this years cyber comments has consequences.... :)
http://blogs.fas.org/secrecy/2013/08/cyber-offense/
“We believe our [cyber] offense is the best in the world,” - Gen. Keith B. Alexander, director of the National Security Agency and Commander of U.S. Cyber Command.
Lets go down the list cold:
A mission count, the citation needed for the aggressive aspect and the words GENIE and TURBINE.
More people will understand terms like Tailored Access Operations (TAO).
More firms will be careful about their shopping for routers, switches and firewalls from US product lines. That would be nothing new after 30 years of crypto warnings of useless hardware and software been sold world wide from 'trusted' brands.
The harvest aspect is fun ins scope and costing, how is the US getting all that data back without skilled admins at some point working out what their expensive systems are doing
The use of sites more within to the US (Georgia, Texas, Colorado) may point to more domestic operations - also not really new.
Overlapping missions notes will be very interesting to US legal teams and law reform groups.
So over all a few new names, terms and a hint that some hardware and software encryption is mostly expensive junk- something books and magazines noted many years ago.
The problem is many in the USA are working in the "teaching people", publishing, faith or related groups.
Their legal teams and friends may see this as the start of a colour of law chilling effect.
Will they be next, on a list, questioned or be subjected to entrapment just for "teaching someone" or publishing.
The point can be understood from the UK and UK perspective.
When the UK faced a huge flow of information to the Soviet Union the US liked to show its ability to protect its interests.
One method was the lie detector test used by the ~CIA from 1948 onwards.
By 1951 all US crypto experts faced the polygraph exam.
The sale, education, maintenance and use became part of US culture. The UK feared losing very skilled individuals over one test. The UK was very aware of the fact any Soviet agent who could pass falsely would be confirmed as safe year after year.
In the early/mid 1980's the UK found the machines to be useless. 200 MI5 staff where tested, 37% failed - the press got the results.
The UK did an amazing and very smart thing - they understood the inaccurate side of the testing, how it would result in good staff losses and very bad staff moving further up the ranks. The UK did not really 'tell' the US about the tests and did not go on with more polygraph work in the late 1980's.
The NSA was hoping anxiety would trip many people up with basic mind tricks, pre and post test questions and ever more tests.
ie 'scare the hell out of people"
The mentioned govs dont really have global reach into US telcos by default.
Tor was well commented on in the late 2000. The mentioned "global passive attack" was well understood. The use of academics using many exit nodes was also noted.
The ability of code to track people during the past years was also in the press.
Today's Fun Article was commenting on a version of the "first break the gag order, then wait for government attacking in court, and then defend" mentioned in the "Alternative solution". .... DEA - something that seems to be news in 2013. ...."
The defence team did bring up aspects of the NSA's domestic surveillance program.
You also have a mention of FBI, CIA, and
You can read more at http://cryptome.org/mayer-016.pdf eg
"... May 11, 2006, that the NSA has engaged in a continuing program of intelligence gathering directed against U.S. telephone subscribers of
The Total Information Awareness program is also mentioned and issues that surround warrant or subpoena needs and the United States telephone network. http://en.wikipedia.org/wiki/MAINWAY may make interesting reading too. (Warning: link may contain classified data: ensure unclassified work computer is clean)
The fun part is .com is now understood to be .nsa.
Will other cute words just be part of the same legal and cryptographic trap?
The audio, video, text trust in US encryption is gone. Global trust is the brands is gone. People will love the products but at a 'free' joke like level.
The data "in" will be spread over a few more distant groups and what the NSA can get will be more difficult.
People can expect to be hunted down 'before' 'during' and 'after' a protest organised via the US "brands" products.
The "before" part was always a bit of a mystery. Now cameras and legal staff will be waiting.
The same people with US trust funds, scholarships, shares, pensions and telco/hardware/software/web 2.0 political connections.
Their parents or they bought into or made millions at a staff or contractor or software level from the big US brands.
They need to believe that the encryption IS safe, the product sold world wide IS safe, the ads ARE lucrative, that the brand, logo and "coded in the USA' IS a global winner.
Not that their pension/shares/job/resume/are contracting for/blog about/sockpuppet for a US gov wired ENIGMA box and the rest of the world just found out.
The US gov knows what you did last IPO. What was a great moment in capitalism might just get 'reviewed' years later by an understaffed, underfunded, legally powerless gov entity.
For the first time ever they might have amazing funding, smart staff, real subpoenas, global extradition support and strangely US press backing.
A telco tried that http://www.businessinsider.com.au/the-story-of-joseph-nacchio-and-the-nsa-2013-6
US federal courts are very tame, mix in a legal team that might need a security clearance and its a hard defend.
Yes a nice internal "telco" like splitter at the clear text adversing plain text end. .com brands?
Nobody would have ever known. The sockpuppets on Slashdot could have posted citation needed for years.
The internal legal teams would have been unaware, the staff just seeing 'contractors' at another door outside their pay grade.
Why did the big brands in the USA risk all? What made then roll over vs the trust as global
The UK has a lot of legal experts who will love a day in court over this or talk at length in to press as to why and how why where shut out. ... UK law becomes a global joke.
The UK press has faced this style of cold war intrusion before and has the cash, legal skills and PR to mount a good defence on any more UK/US gov legal efforts.
Add in historians, publishers, bloggers - its a powerful mix to fight off per case in the web 2.0 age.
The ability of anyone in the UK to still seek news/truth on the topics 'outside' the UK makes any rulings a legal mess.
"Banned in the UK" "MI5 is watching this site" "Forbidden to many US/UK gov workers: non fiction content posted below" might become a nice joke on many a news site outside the UK.
Legally the UK is entering that ~1960-80 East European legal zone - the gov so needs more control but as you said so need to be seen as lawful and democratic.
In the end the UK press wins or the gov faces a very short internal legal victory. Years of reminders about its fancy new "laws" in the global press, computer games, plays, tv, radio, web 2.0, books...poems..puppets, lyrics.... people win contests, big international prizes
Very true, this keeps everybody who has a role well in the loop and online, waiting to see what will happen.
Overtime the GCHQ and NSA hope someone will get very sloppy and they can 'recover' more hardware in over parts of the world.
Law reform experts and the UK press will also be kept very busy trying to understand any new colour of law efforts that slide "Irish" era laws over their daily work.
Yes the US private sector is going to have to re invent what Germans taught the USA years ago but long term it will be great. :)
More real local jobs again, real science, real data and real costs.
Groups, institutions and companies world wide will have more options and see missions they could never afford been launched.
As the tech gets cheaper more companies will be able to enter the market too.
No more slowing a science or an imaging project due to politics, an epic boondoggle or hidden costs
page 2 has some interesting directions for iCloud Keychain.
"...online, shared between your devices and backed up by a meaty encryption system"
Will all that 256-bit AES encryption system to outlast a NSL (http://en.wikipedia.org/wiki/National_security_letter) like effort or will it be a form of one time, one way only online system?