[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Marsh Ray marsh at extendedsubset.com
Sat Sep 17 21:37:56 EDT 2011

Been seeing Twitter from @ralphholz, @KevinSMcArthur, and @eddy_nigg 
about some goofy certs surfacing in S Korea with CA=true.

via Reddit http://www.reddit.com/tb/kj25j

It's not entirely clear that a trusted CA cert is being used in this 
attack, however the article comes to the conclusion that HTTPS 
application data is being decrypted so it's the most plausible assumption.

Quoting extensively here because I don't have a sense of how long "The 
Hankyoreh" keeps their English language text around.

- Marsh

> NIS admits to packet tapping Gmail By Noh Hyung-woong 
> It has come to light that the National Intelligence Service has been
> using a technique known as “packet tapping” to spy on emails sent and
> received using Gmail, Google’s email service. This is expected to
> have a significant impact, as it proves that not even Gmail,
> previously a popular “cyber safe haven” because of its reputation for
> high levels of security, is safe from tapping.
> The NIS itself disclosed that Gmail tapping was taking place in the
> process of responding to a constitutional appeal filed by 52-year-old
> former teacher Kim Hyeong-geun, who was the object of packet tapping,
> in March this year.
> As part of written responses submitted recently to the Constitutional
> Court, the NIS stated, “Mr. Kim was taking measures to avoid
> detection by investigation agencies, such as using a foreign mail
> service [Gmail] and mail accounts in his parents’ names, and deleting
> emails immediately after receiving or sending them. We therefore made
> the judgment that gathering evidence through a conventional search
> and seizure would be difficult, and conducted packet tapping.”
> The NIS went on to explain, “[Some Korean citizens] systematically
> attempt so-called ‘cyber asylum,’ in ways such as using foreign mail
> services (Gmail, Hotmail) that lie beyond the boundaries of Korea‘s
> investigative authority, making packet tapping an inevitable measure
> for dealing with this.”
> The NIS asserted the need to tap Gmail when applying to a court of
> law for permission to also use communication restriction measures
> [packet tapping]. The court, too, accepted the NIS’s request at the
> time and granted permission for packet tapping.
> Unlike normal communication tapping methods, packet tapping is a
> technology that allows a real-time view of all content coming and
> going via the Internet. It opens all packets of a designated user
> that are transmitted via the Internet. This was impossible in the
> early days of the Internet, but monitoring and vetting of desired
> information only from among huge amounts of packet information became
> possible with the development of “deep packet inspection” technology.
> Deep packet inspection technology is used not only for censorship,
> but also in marketing such as custom advertising on Gmail and
> Facebook.
> The fact that the NIS taps Gmail, which uses HTTP Secure, a
> communication protocol with reinforced security, means that it
> possesses the technology to decrypt data packets transmitted via
> Internet lines after intercepting them.
> “Gmail has been using an encrypted protocol since 2009, when it was
> revealed that Chinese security services had been tapping it,” said
> one official from a software security company. “Technologically,
> decrypting it is known to be almost impossible. If it turns out to be
> true [that the NIS has been packet tapping], this could turn into an
> international controversy.”
> “The revelation of the possibility that Gmail may have been tapped is
> truly shocking,” said Jang Yeo-gyeong, an activist at Jinbo.net. “It
> has shown once again that the secrets of people’s private lives can
> be totally violated.” Lawyer Lee Gwang-cheol of MINBYUN-Lawyers for a
> Democratic Society, who has taken on Kim’s case, said, “I think it is
> surprising, and perhaps even good, that the NIS itself has revealed
> that it uses packet tapping on Gmail. I hope the Constitutional Court
> will use this appeal hearing to decide upon legitimate boundaries for
> investigations, given that the actual circumstances of the NIS’s
> packet tapping have not been clearly revealed.”
> Please direct questions or comments to [englishhani at hani.co.kr]

More information about the cryptography mailing list