[cryptography] [Cryptography] Opening Discussion: Speculation on "BULLRUN"

Eugen Leitl eugen at leitl.org
Fri Sep 6 11:45:50 EDT 2013

----- Forwarded message from arxlight <arxlight at arx.li> -----

Date: Fri, 06 Sep 2013 00:46:15 +0200
From: arxlight <arxlight at arx.li>
To: cryptography at metzdowd.com
Subject: Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130620 Thunderbird/17.0.7

Hash: SHA1

What surprises me is that anyone is surprised.  If you believed
OpenBSD's Theo de Raadt and Gregory Perry back in late 2010, various
government agencies (in this specific case the FBI- though one wonders
if they were the originating agency) have been looking to introduce
weaknesses wholesale into closed AND open source software and OS
infrastructures for some time.  Over a decade in his example.

(See: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2)

Those of us old enough might marvel at the fact that going back to the
late 1980s a huge dust up was caused by the allegations that Swiss
firm "Crypto AG" introduced backdoors into their products at the
behest of Western (read: United States and the BND) intelligence
agencies, products that, at the time, were in widespread use by
foreign governments who, one presumes, could not afford to field their
own national cryptology centers to protect their own infrastructure
(or were just lazy and seduced by a Swiss flag on the corporate
domicile of Crypto AG).

For the unwashed on the list, Wikipedia (and Der Spiegel) relate the
story of (probably) hapless Crypto AG salesman Hans Buehler's 1992
arrest by the Iranian authorities after those allegations came to
light, and the fact that Crypto AG paid a $1m ransom for him (but then
later billed him for the $1m--you stay classy, Crypto AG).

(See: http://en.wikipedia.org/wiki/Crypto_AG)

But fear not.  Governments and NGOs around the world will be pleased
to know that Crypto AG lives on and continues to provide superior
crypto and security solutions to foreign institutions of all kinds,

"National security councils, national competence centres, e-government
authorities, encryption authorities, national banks, ministries of
defence, combined/joint commands, cyber commands, air forces, land
forces, naval forces, special forces, military intelligence services,
defence encryption authorities, ministries of foreign affairs and
numerous international organisations, ministries of the interior,
presidential guards, critical infrastructure authorities, homeland
security authorities, intelligence services, police forces, and cyber

(See: http://www.crypto.ch/ - The inclusion of a shot of the
Patrouille Suisse is an especially nice touch.  I often drive by their
offices in Steinhausen and was stunned to realize a few years ago that
they are thriving- I can only imagine what the mortgage on that place

I expect that today many of us feel quite naive at being shocked by
those penetration revelations (sorry, allegations) given that it seems
highly probable now that anyone using any sort of Microsoft, Cisco,
Google, Facebook, Yahoo, YouTube, Skype, AOL or Apple product has now
been elevated to a collection priority that seemed confined to the
Irans of the world in the 1990s and early 2000s.

Perry wondered after the "unpardonable carelessness" of the NSA in
giving 50,000 Snowden's access to a Powerpoint with all the Prism
partners. I would argue that the NSA had good cause to think no one
would notice or care given how many people who should know MUCH MUCH
better still send Crypto AG scads of money. And going back to the days
of toad.com hasn't this always been the story?

Security is expensive. Most people (and some governments) are cheap.

There's something about the present political climate in the United
States that really interests me. Mere mention of the word "fascism" in
any context other than sarcasm seems to brand one quite instantly as a
tin-foil nutjob. Granted, I think the world "fascism" is as overused
as the word "communism," but it bears mentioning that the usurpation
of corporate entities and industry by the state to its own purposes is
one of the classic tenants of fascism.  I'm sure the list's readers
sense where I'm going with this by now.

It is hard to escape noticing that the NSA and its sister and orbital
agencies have long since broken the traditional firewall and morphed
themselves into domestic surveillance agencies.  But the United States
is late to the party here.

In the world of finance it was long understood that certain
state-dominated Russian firms were front-running a number of U.S.
economic indicators prior to release.  The rumor at the time was that
this activity stopped cold after a security audit at the offending
U.S. agencies.  It's possible that the story was apocryphal, but I
sort of doubt it.  The economic intelligence apparatus of foreign
intelligence services was the place to be if you wanted to find
yourself in the good graces of your nation-state.  (It's not an
accident that Nikolay Patolichev, once the Soviet Union's Foreign
Trade Minister, led the pack having been awarded the Order of Lenin
twelve times).

Of course, drafting otherwise independent-appearing private
enterprises to the purposes of the state was popular then (the CIA
would routinely interview U.S. businessmen and businesswomen after
trips to jurisdictions of interest, and leverage their presence in
foreign lands to their own advantage), and appears even more popular now.

I won't belabor the point (made long ago and loudly by Kate Martin,
only to fall upon decidedly deaf ears) that U.S. Courts generally
refuse to examine the legality of collection of inculpatory evidence
that is dropped into their lap- but it is important to at least
acknowledge.  Again, those of us shocked by those revelations (that
evidence of domestic crimes "accidentally" collected by intelligence
agencies would not necessarily be inadmissible) might feel awfully
stupid now that it seems that the NSA expressly retains or passes on
evidence of crimes unrelated to foreign intelligence activities or
terrorism, and that the DEA (presumably among others) routinely
engages what could fairly be called wholesale perjury to conceal the
source of such evidence from courts and defense counsel when it is
presented in support of criminal prosecutions.

Finally returning to the original topic (please forgive the diversion)
I think what is the most important element to understand is that what
was once opportunistic synergy between national intelligence agencies
and law enforcement agencies (here the War on Drugs was clearly the
camel's nose) has become Fusion Center level integration- and
bilateral information flow.  Don't take my word for it, just read some
of the Fusion Center testimony to various congressional committees-
this is their bread and butter.  Whichever asshole it was who first
blamed 911 on a lack of cooperation between law enforcement and
intelligence did a great deal of damage to the United States, but the
trend was already pressing forward.

What seems even more daunting is the new path of information from the
bottom up. Now that you have local law enforcement humming around in
cars collecting position and "metadata" on every license plate within
20m of a cop car prowling around on its beat, federal agencies are
just a "Fusion Center query" away from access to... well... nearly

Look at this model (local collection at local expense re-purposed to
federal exploitation), basic "exception processing," and the impact of
the last decade and a half of "crony capitalism" and it is suddenly
pretty hard not to credit BULLRUN with far more access than is public
even given the latest revelations.

Certainly, I don't run the NSA, but it doesn't take much more than a
middling operations professional to tell you that exception processing
is the key.  Attacking this stuff is a question of priorities.

Though experiment: What order of difficulty would you assign:

Catch it in the clear.
Compromising a vendor (including keys and users passwords- which might
be reused).
Injecting poor RNG (with vendor cooperation).
Stealing a master key.
Stealing a session key.
Stealing a password to master or session key.
Dictionary-attacking a password.
Brute-forceing a weak password.
Compromising an endpoint.
Compromising a physical machine.
Rubber-hoseing a password.
Brute-forceing a strong password.
Brute-forceing a weak key.
Brute-forceing a strong key.

Include in your analysis the cost of bending (or breaking)
constitutional protections in the post-911 era (if any).

Just look at the leverage an unwieldy, all-encompassing central
government has on large US based firms (See e.g. Qwest
post-cooperation refusal) and reflect on the bi-lateral Fusion Center
model and then try to speculate that BULLRUN is overstated.

I don't think you need a major factoring breakthrough to have
FANTASTIC success in accessing the vast majority of (for example) SSL
"protected" internet traffic.  Anyone know what the market penetration
of Microsoft IIS is?

No, quite the contrary.  I'll be amazed to find that the NYT piece
isn't UNDERstated.

To coin a phrase with reference to large and medium sized Western IT

They're all Crypto AG now.

- - uni
Version: GnuPG v1.4.10 (Darwin)

The cryptography mailing list
cryptography at metzdowd.com

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the cryptography mailing list