- Spitfire List - http://spitfirelist.com -

The Spywarepocalypse Cometh. Lock the Backdoor.

With last week’s Snow­den-leak that the NSA can break a large amount of the encryp­tion used across the web using a vari­ety of back­doors and secret agree­ments with man­u­fac­tur­ers, there’s now a push in Con­gress for legal restric­tions on the use of these back­doors [1]:

The New York Times
Leg­is­la­tion Seeks to Bar N.S.A. Tac­tic in Encryp­tion

By SCOTT SHANE and NICOLE PERLROTH
Pub­lished: Sep­tem­ber 6, 2013

After dis­clo­sures about the Nation­al Secu­ri­ty Agency’s stealth cam­paign to counter Inter­net pri­va­cy pro­tec­tions, a con­gress­man has pro­posed leg­is­la­tion that would pro­hib­it the agency from installing “back doors” into encryp­tion, the elec­tron­ic scram­bling that pro­tects e‑mail, online trans­ac­tions and oth­er com­mu­ni­ca­tions.

Rep­re­sen­ta­tive Rush D. Holt, a New Jer­sey Demo­c­rat who is also a physi­cist, said Fri­day that he believed the N.S.A. was over­reach­ing and could hurt Amer­i­can inter­ests, includ­ing the rep­u­ta­tions of Amer­i­can com­pa­nies whose prod­ucts the agency may have altered or influ­enced.

“We pay them to spy,” Mr. Holt said. “But if in the process they degrade the secu­ri­ty of the encryp­tion we all use, it’s a net nation­al dis­ser­vice.”

Mr. Holt, whose Sur­veil­lance State Repeal Act would elim­i­nate much of the esca­la­tion in the government’s spy­ing pow­ers under­tak­en after the 2001 ter­ror­ist attacks, was respond­ing to news reports about N.S.A. doc­u­ments show­ing that the agency has spent bil­lions of dol­lars over the last decade in an effort to defeat or bypass encryp­tion. The reports, by The New York Times, ProP­ub­li­ca and The Guardian, were post­ed online on Thurs­day.

The agency has encour­aged or coerced com­pa­nies to install back doors in encryp­tion soft­ware and hard­ware, worked to weak­en inter­na­tion­al stan­dards for encryp­tion and employed cus­tom-built super­com­put­ers to break codes or find math­e­mat­i­cal vul­ner­a­bil­i­ties to exploit, accord­ing to the doc­u­ments, dis­closed by Edward J. Snow­den, the for­mer N.S.A. con­trac­tor.

The doc­u­ments show that N.S.A. cryp­tog­ra­phers have made major progress in break­ing the encryp­tion in com­mon use for every­day trans­ac­tions on the Web, like Secure Sock­ets Lay­er, or SSL, as well as the vir­tu­al pri­vate net­works, or VPNs, that many busi­ness­es use for con­fi­den­tial com­mu­ni­ca­tions among employ­ees.

Intel­li­gence offi­cials say that many of their most impor­tant tar­gets, includ­ing ter­ror­ist groups, use the same Web­mail and oth­er Inter­net ser­vices that many Amer­i­cans use, so it is cru­cial to be able to pen­e­trate the encryp­tion that pro­tects them. In an intense com­pe­ti­tion with oth­er sophis­ti­cat­ed cyberes­pi­onage ser­vices, includ­ing those of Chi­na and Rus­sia, the N.S.A. can­not rule large parts of the Inter­net off lim­its, the offi­cials argue.

A state­ment from the direc­tor of nation­al intel­li­gence, James R. Clap­per Jr., crit­i­cized the reports, say­ing that it was “not news” that the N.S.A. works to break encryp­tion, and that the arti­cles would dam­age Amer­i­can intel­li­gence col­lec­tion.

The reports, the state­ment said, “reveal spe­cif­ic and clas­si­fied details about how we con­duct this crit­i­cal intel­li­gence activ­i­ty.”

“Any­thing that yesterday’s dis­clo­sures add to the ongo­ing pub­lic debate,” it con­tin­ued, “is out­weighed by the road map they give to our adver­saries about the spe­cif­ic tech­niques we are using to try to inter­cept their com­mu­ni­ca­tions in our attempts to keep Amer­i­ca and our allies safe and to pro­vide our lead­ers with the infor­ma­tion they need to make dif­fi­cult and crit­i­cal nation­al secu­ri­ty deci­sions.”

But if intel­li­gence offi­cials felt a sense of betray­al by the dis­clo­sures, Inter­net secu­ri­ty experts felt a sim­i­lar let­down — at the N.S.A. actions.

“There’s wide­spread dis­ap­point­ment,” said Dan Kamin­sky, a promi­nent secu­ri­ty researcher. “This has been the stuff of wild-eyed accu­sa­tions for years. A lot of peo­ple are heart­bro­ken to find out it’s not just wild-eyed accu­sa­tions.”

Sascha Mein­rath, the direc­tor of the Open Tech­nol­o­gy Insti­tute, a research group in Wash­ing­ton, said the reports were “a star­tling indi­ca­tion that the U.S. has been a remark­ably irre­spon­si­ble stew­ard of the Inter­net,” which he said the N.S.A. was try­ing to turn into “a mas­sive plat­form for detailed, intru­sive and unre­strained sur­veil­lance.”

Com­pa­nies like Google and Face­book have been mov­ing to new sys­tems that, in prin­ci­ple, would make gov­ern­ment eaves­drop­ping more dif­fi­cult. Google is in the process of encrypt­ing all data that trav­els via fiber-optic lines between its data cen­ters. The com­pa­ny speed­ed up the process in June after the ini­tial N.S.A. dis­clo­sures, accord­ing to two peo­ple who were briefed on Google’s plans but were not autho­rized to speak pub­licly about them. The accel­er­a­tion of the process was first report­ed Fri­day by The Wash­ing­ton Post.

For ser­vices like Gmaili, once data reach­es a user’s com­put­er it has been encrypt­ed. But as mes­sages and oth­er data like search queries trav­el inter­nal­ly among Google’s data cen­ters they are not encrypt­ed, large­ly because it is tech­ni­cal­ly com­pli­cat­ed and expen­sive to do.

Face­book announced last month that it would also tran­si­tion to a nov­el encryp­tion method, called per­fect for­ward secre­cy, that makes eaves­drop­ping far more dif­fi­cult.

...

But the per­cep­tion of an N.S.A. intru­sion into the net­works of major Inter­net com­pa­nies, whether sur­rep­ti­tious or with the com­pa­nies’ coop­er­a­tion, could hurt busi­ness, espe­cial­ly in inter­na­tion­al mar­kets.

“What buy­er is going to pur­chase a prod­uct that has been delib­er­ate­ly made less secure?” asked Mr. Holt, the con­gress­man. “Even if N.S.A. does it with the purest motive, it can ruin the rep­u­ta­tions of bil­lion-dol­lar com­pa­nies.”

In addi­tion, news that the N.S.A. is insert­ing vul­ner­a­bil­i­ties into wide­ly used tech­nolo­gies could put Amer­i­can law­mak­ers and tech­nol­o­gy com­pa­nies in a bind with regard to Chi­na.

Over the last two years, Amer­i­can law­mak­ers have accused two of China’s largest telecom­mu­ni­ca­tions com­pa­nies, Huawei Tech­nolo­gies and ZTE, of doing some­thing par­al­lel to what the N.S.A. has done: plant­i­ng back doors into their equip­ment to allow for eaves­drop­ping by the Chi­nese gov­ern­ment and mil­i­tary.

Both com­pa­nies have denied col­lab­o­rat­ing with the Chi­nese gov­ern­ment, but the alle­ga­tions have elim­i­nat­ed the com­pa­nies’ hopes for sig­nif­i­cant busi­ness growth in the Unit­ed States. After an inves­ti­ga­tion last year, the House Intel­li­gence Com­mit­tee con­clud­ed that gov­ern­ment agen­cies should be barred from doing busi­ness with Huawei and ZTE, and that Amer­i­can com­pa­nies should avoid buy­ing their equip­ment.

Some for­eign gov­ern­ments and com­pa­nies have also said that they would not rely on the Chi­nese com­pa­nies’ equip­ment out of secu­ri­ty con­cerns. Last year, Aus­tralia barred Huawei from bid­ding on con­tracts in Australia’s $38 bil­lion nation­al broad­band net­work. And this year, as part of its effort to acquire Sprint Nex­tel, Soft­Bank of Japan pledged that it would not use Huawei equip­ment in Sprint’s cell­phone net­work.

Part of what makes a back­door-decryp­tion ban so intrigu­ing is that the nature of the encryp­tion tech­niques employed today is such that, with­out a back­door or some oth­er algo­rith­mic “cheat” of some sort it’s the­o­ret­i­cal­ly real­ly real­ly real­ly hard for even an intel­li­gence agency with the capa­bil­i­ties of the NSA to break the encryp­tion. It’s one of those real­i­ties of the dig­i­tal age that Ger­man secu­ri­ty offi­cials remind­ed us of in 2007, when pol­i­cy experts request­ed a back­door into user­s’s com­put­er to get around Skype’s encryp­tion [2]:

TechDirt
Ger­man Pro­pos­al Gives A New Per­spec­tive On ‘Spy­ware’
from the big-broth­er-is-hack­ing-yo dept

by Tim­o­thy Lee

Tue, Nov 27th 2007 5:10pm

A VoIP expert has unveiled new proof-of-con­cept soft­ware that allows an attack­er to mon­i­tor oth­er peo­ples’ VoIP calls [3] and record them for lat­er review. Unen­crypt­ed VoIP real­ly isn’t very secure; if you have access to the raw net­work traf­fic of a call, it’s not too hard to recon­struct the audio. Encrypt­ed traf­fic is anoth­er sto­ry. Ger­man offi­cials have dis­cov­ered that when sus­pects use Skype’s encryp­tion fea­ture, they aren’t able to decode calls even if they have a court order autho­riz­ing them to do so. Some law enforce­ment offi­cials in Ger­many appar­ent­ly want to deal with this prob­lem by hav­ing courts give them per­mis­sion to sur­rep­ti­tious­ly install spy­ing soft­ware on the tar­get’s com­put­er. To his cred­it, Joerg Zier­cke, pres­i­dent of Ger­many’s Fed­er­al Police Office, says that he’s not ask­ing Skype to put back doors in its soft­ware. But the pro­pos­al still rais­es some seri­ous ques­tion. Once the instal­la­tion of spy­ware becomes a stan­dard sur­veil­lance method, law enforce­ment will have a vest­ed inter­est in mak­ing sure that oper­at­ing sys­tems and VoIP appli­ca­tions have vul­ner­a­bil­i­ties they can exploit. There will inevitably be pres­sure on Microsoft, Skype, and oth­er soft­ware ven­dors to pro­vide the police with back­doors. And back­doors are prob­lem­at­ic because they can be extreme­ly dif­fi­cult to lim­it to autho­rized indi­vid­u­als. It would be a dis­as­ter if the back­door to a pop­u­lar pro­gram like Skype were dis­cov­ered by unau­tho­rized indi­vid­u­als. A sim­i­lar issue applies to anti-virus soft­ware. If anti-virus prod­ucts detect and noti­fy users when court-ordered spy­ware is found on a machine, it could obvi­ous­ly dis­rupt inves­ti­ga­tions and tip off sus­pects. On the oth­er hand, if antivirus soft­ware ignores “offi­cial” spy­ware, then spy­ware ven­dors will start try­ing to cam­ou­flage their soft­ware as gov­ern­ment-installed soft­ware to avoid detec­tion. Ulti­mate­ly, there may be no way for anti-spy­ware prod­ucts to turn a blind eye to gov­ern­ment-approved spy­ware with­out under­min­ing the effec­tive­ness of their prod­ucts.

Hence, I’m skep­ti­cal of the idea of gov­ern­ment-man­dat­ed spy­ware, although I don’t think it should be ruled out entire­ly. That may sound like grim news for law enforce­ment, which does have a legit­i­mate need to eaves­drop on crime sus­pects. But it’s impor­tant to keep in mind that law enforce­ment offi­cials do have oth­er tools at their dis­pos­al. If they’re not able to install soft­ware sur­veil­lance tools, it’s always pos­si­ble to do it the old-fash­ioned way–in hard­ware. Law enforce­ment agen­cies can always sneak into a sus­pec­t’s home (with a court order, of course) and install bug­ging devices. That tried and true method works regard­less of the com­mu­ni­ca­tions tech­nol­o­gy being used.

The bat­tle over back­doors is an ongo­ing issue [4] that isn’t going away any time soon. And as the above arti­cle indi­cat­ed, one of the rea­sons that back­doors installed into hard­ware and soft­ware for use by law enforce­ment is guar­an­teed to be an ongo­ing issue is because encryp­tion done right can’t be cracked. At least not in a rea­son­able time frame. It’s a reflec­tion of the asym­met­ric nature of the math­e­mat­ics behind encryp­tion: it’s a lot eas­i­er to hide a nee­dle in a haystack than find it. At least in the­o­ry [5]:

Ars Tech­ni­ca
Cryp­to experts issue a call to arms to avert the cryp­topoca­lypse
Nobody can crack impor­tant algo­rithms yet, but the world needs to pre­pare for that to hap­pen.

by Peter Bright — Aug 1 2013, 10:49pm CST

At the Black Hat secu­ri­ty con­fer­ence in Las Vegas, a quar­tet of researchers, Alex Sta­mos, Tom Rit­ter, Thomas Ptacek, and Javed Samuel, implored every­one involved in cryp­tog­ra­phy, from soft­ware devel­op­ers to cer­tifi­cate author­i­ties to com­pa­nies buy­ing SSL cer­tifi­cates, to switch to new­er algo­rithms and pro­to­cols, lest they wake up one day to find that all of their cryp­to infra­struc­ture is ren­dered use­less and inse­cure by math­e­mat­i­cal advances.

We’ve writ­ten before about asym­met­ric encryp­tion [6] and its impor­tance to secure com­mu­ni­ca­tion. Asym­met­ric encryp­tion algo­rithms have pairs of keys: one key can decrypt data encrypt­ed with the oth­er key, but can­not decrypt data encrypt­ed with itself.

The asym­met­ric algo­rithms are built on an under­ly­ing assump­tion that cer­tain math­e­mat­i­cal oper­a­tions are “hard,” which is to say, that the time it takes to do the oper­a­tion increas­es pro­por­tion­al to some num­ber raised to the pow­er of the length of the key (“expo­nen­tial time”). This assump­tion, how­ev­er, is not actu­al­ly proven, and nobody knows for cer­tain if it is true. The risk exists that the prob­lems are actu­al­ly “easy,” where “easy” means that there are algo­rithms that will run in a time pro­por­tion­al only to the key length raised to some con­stant pow­er (“poly­no­mi­al time”).

The most wide­ly used asym­met­ric algo­rithms (Diffie Hell­man, RSA, and DSA) depend on the dif­fi­cul­ty of two prob­lems: inte­ger fac­tor­iza­tion [7], and the dis­crete log­a­rithm [8]. The cur­rent state of the math­e­mat­i­cal art is that there aren’t—yet—any easy, poly­no­mi­al time solu­tions to these prob­lems; how­ev­er, after decades of rel­a­tive­ly lit­tle progress in impro­lv­ing algo­rithms relat­ed to these prob­lems, a flur­ry of activ­i­ty in the past six months has pro­duced faster algo­rithms for lim­it­ed ver­sions of the dis­crete log­a­rithm prob­lem.

At the moment, there’s no known way to gen­er­al­ize these improve­ments to make them use­ful to attack real cryp­tog­ra­phy, but the work is enough to make cryp­tog­ra­phers ner­vous. They draw an anal­o­gy with the BEAST, CRIME, and BREACH [9] attacks used to attack SSL. The the­o­ret­i­cal under­pin­nings for these attacks are many years old, but for a long time were dis­missed as mere­ly the­o­ret­i­cal and impos­si­ble to use in prac­tice. It took new researchers and new think­ing to turn them into prac­ti­cal attacks.

When that hap­pened, it uncov­ered a soft­ware indus­try ill-pre­pared to cope. A lot of soft­ware, rather than allow­ing new algo­rithms and pro­to­cols to be eas­i­ly plugged in, has proven dif­fi­cult or impos­si­ble to change. This means that switch­ing to schemes that are immune to the BEAST, CRIME, and BREACH attacks is much more dif­fi­cult than it should be. Though there are new­er pro­to­cols and dif­fer­ent algo­rithms that avoid the prob­lems that these attacks exploit, com­pat­i­bil­i­ty con­cerns mean that they can’t be rapid­ly rolled out and used.

The attacks against SSL are at least fair­ly nar­row in scope and util­i­ty. A gen­er­al pur­pose poly­no­mi­al time algo­rithm for inte­ger fac­tor­iza­tion or the dis­crete log­a­rithm, how­ev­er, would not be nar­row in scope or util­i­ty: it would be read­i­ly adapt­ed to blow wide open almost all SSL/TLS, ssh, PGP, and oth­er encrypt­ed com­mu­ni­ca­tion. (The two math­e­mat­i­cal prob­lems, while dis­tinct, share many sim­i­lar­i­ties, so it’s like­ly that an algo­rithm that solved inte­ger fac­tor­iza­tion could be adapt­ed in some way to solve the dis­crete log­a­rithm, and vice ver­sa).

Worse, it would make updat­ing these sys­tems in a trust­wor­thy man­ner near­ly impos­si­ble: oper­at­ing sys­tems such as Win­dows and OS X depend on dig­i­tal sig­na­tures that in turn depend on these same math­e­mat­i­cal under­pin­nings to pro­tect against the instal­la­tion of fraud­u­lent or mali­cious updates. If the algo­rithms were under­mined, there would be no way of ver­i­fy­ing the authen­tic­i­ty of the updates.

While there’s no guar­an­tee that this cat­a­stro­phe will occur—it’s even pos­si­ble that one day it might be proven that the two prob­lems real­ly are hard—the risk is enough to have researchers con­cerned. The dif­fi­cul­ties of change that BEAST et al. demon­strat­ed mean that if the indus­try is to have a hope of sur­viv­ing such a rev­o­lu­tion in cryp­tog­ra­phy, it must start mak­ing changes now. If it waits for a genius math­e­mati­cian some­where to solve these prob­lems, it will be too late to do any­thing about it.

For­tu­nate­ly, a solu­tion of sorts does exist. A fam­i­ly of encryp­tion algo­rithms called ellip­tic curve cryp­tog­ra­phy (ECC) exists. ECC is sim­i­lar to the oth­er asym­met­ric algo­rithms, in that it’s based on a prob­lem that’s assumed to be hard (in this case, the ellip­tic curve dis­crete log­a­rithm). ECC, how­ev­er, has the addi­tion­al prop­er­ty that its hard prob­lem is suf­fi­cient­ly dif­fer­ent from inte­ger fac­tor­iza­tion and the reg­u­lar dis­crete log­a­rithm that break­throughs in either of those should­n’t imply break­throughs in crack­ing ECC.

How­ev­er, sup­port for ECC is still very prob­lem­at­ic. Much of the tech­nol­o­gy is patent­ed by Black­Ber­ry, and those patents are enforced [10]. There are cer­tain nar­row licens­es avail­able for imple­men­ta­tions of ECC that meet var­i­ous US gov­ern­ment cri­te­ria, but the broad­er patent issues have led some ven­dors to refuse to sup­port [11] the tech­nol­o­gy.

Fur­ther, sup­port of pro­to­cols that can use ECC, such as TLS 1.2 (the lat­est iter­a­tion of SSL tech­nol­o­gy) is still not wide­ly avail­able. Cer­tifi­cate author­i­ties have also been slow to offer ECC cer­tifi­cates.

As such, the researchers are call­ing for the com­put­er indus­try as a whole to do two things. First, embrace ECC today. Sec­ond, ensure that sys­tems that use cryp­tog­ra­phy are agile. They must not be lum­bered with lim­it­ed sets of algo­rithms and obso­lete pro­to­cols. They must instead make updat­ing algo­rithms and pro­to­cols quick and easy, to ensure that soft­ware sys­tems can keep pace with the math­e­mat­i­cal research and adapt quick­ly to new devel­op­ments and tech­niques. The cryp­topoca­lypse might nev­er happen—but we should be pre­pared in case it does.

Note that the above arti­cle was pub­lished August 1st, a month before the lat­est Snow­den leak about the advances in NSA tech­niques that includes both back­doors but also advances in decryp­tion algo­rithms. So the ref­er­ences to algo­rith­mic risks (because we don’t know how “hard [12]” the under­ly­ing math­e­mat­i­cal algo­rithms tru­ly are) in the above arti­cle might relate to the recent advances in the NSA’s decryp­tion algo­rithms. This could even include turn­ing the­o­ret­i­cal­ly “hard” (non-poly­no­mi­al-time) math­e­mat­i­cal prob­lems into some­what less hard prob­lems that can be cracked with­out the NSA’s back­doors (or any­one else’s [13] back­doors). In oth­er words, while the con­cerns about the NSA or some oth­er allied intel­li­gence agency abus­ing those encryp­tion back­doors are valid [14], there’s also the very real pos­si­bil­i­ty that oth­er 3rd par­ties (rival intel­li­gence agen­cies, orga­nized crime, pri­vate par­ties, etc) are also using the new algo­rith­mic hacks where no back­doors are required. The algo­rithm is effec­tive­ly defeat­ed. So even if those NSA back­doors (or any­one else’s back­doors) did­n’t exists there is still the pos­si­bil­i­ty that the under­ly­ing math­e­mat­i­cal algo­rithms cur­rent­ly used to encrypt the bulk of the inter­net com­mu­ni­ca­tions have already been math­e­mat­i­cal­ly effec­tive­ly hacked. And if those algo­rithms have already been hacked (in the sense that code-break­ers have found a method of find­ing the cor­rect keys with­in a pre­dictable time­frame [12]) then it might just be a mat­ter of time before that algo­rithm gets out into “the wild” and any­one with the com­put­ing resources will be able to decrypt con­ven­tion­al­ly encrypt­ed data. No back­doors or secret man­u­fac­tur­er agree­ments need­ed. Just a pow­er­ful enough com­put­er and the knowl­edge about the flaws int the encryp­tion algo­rithm. That’s the ‘cryp­topoca­lypse’.

But there’s anoth­er inter­est­ing pos­si­bil­i­ty that could emerge in the medi­um-term: Right now it’s known that NSA uses cus­tom-built chips to break the encryp­tion and it’s believed that these chips can decrypt any of the traf­fic on Tor that does­n’t use the most advanced “ellip­tic curve cryp­tog­ra­phy” encryp­tion described above [15]. Tor is sup­posed to be anony­mous.

So we should prob­a­bly expect to see a broad shift towards these new­er kinds of encryp­tion meth­ods. And if that shift towards using these new­er meth­ods takes place with­out those NSA back­doors we could start see­ing tru­ly secure encryp­tion meth­ods employed — meth­ods that no spy agency, any­where, will be able to decrypt. At least not unless there’s some super secret pow­er­ful com­put­ing tech­nol­o­gy hid­ing some­where. If that encrypt­ed future is what’s in store for us we should prob­a­bly expect a dra­mat­ic expan­sion of tra­di­tion­al spy­ing: human intel­li­gence will sim­ply become much more impor­tant because there won’t be oth­er options. Tra­di­tion­al hack­ing will also become para­mount. When a back­door clos­es, a job oppor­tu­ni­ty for a hack­er opens [16].

But also note that the Fin­Fish­er tool is report­ed­ly to be able to hack your Black­ber­ry [17] which uses “ellip­tic curve cryp­tog­ra­phy” [17]. Same with the NSA and GCHQ [18]. So what­ev­er secure encryp­tion method the world even­tu­al­ly set­tles upon will have to be more secure that cur­rent­ly rec­om­mend­ed secure meth­ods. Give it time.

Beware Soft­ware Updates Bear­ing Gifts
If we do even­tu­al­ly see an encrypt­ed future — one where direct hack­ing with the ben­e­fit of per­va­sive back­doors or algo­rith­mic trick­ery is no longer an option — we should expect an explo­sion of Tro­jan spy­ware and cus­tom hacks [18]. Even with the per­va­sive back­doors and algo­rith­mic trick­ery we should still expect an explo­sion of spy­ware because that’s what’s already hap­pen­ing. So whole the NSA hard­ware and soft­ware back­door net­work is the spy scan­dal of the moment, per­haps the UK/German Bun­de­stro­jan­er [19]/FinFisher/FinSpy [20] spy­ware scan­dals [21] should be con­sid­ered lik­li­er spy scan­dal tem­plates for tomor­row [22]:

Slate
U.S. and Oth­er West­ern Nations Met With Ger­many Over Shady Com­put­er-Sur­veil­lance Tac­tics

By Ryan Gal­lagher

Post­ed Tues­day, April 3, 2012, at 11:51 AM

Infect­ing a com­put­er with spy­ware in order to secret­ly siphon data is a tac­tic most com­mon­ly asso­ci­at­ed with crim­i­nals. But explo­sive new rev­e­la­tions in Ger­many sug­gest inter­na­tion­al law enforce­ment agen­cies are adopt­ing sim­i­lar meth­ods as a form of intru­sive sus­pect sur­veil­lance, rais­ing fresh civ­il lib­er­ties con­cerns.

Infor­ma­tion released last month by the Ger­man gov­ern­ment shows that between 2008–2011, rep­re­sen­ta­tives from the FBI; the U.K.’s Seri­ous Organ­ised Crime Agency (SOCA); and France’s secret ser­vice, the DCRI, were among those to have held meet­ings with Ger­man fed­er­al police about deploy­ing “mon­i­tor­ing soft­ware” used to covert­ly infil­trate com­put­ers.

The dis­clo­sure was made in response to a series of ques­tions tabled by Left Par­ty Mem­ber of Par­lia­ment Andrej Hunko and report­ed by Ger­man-lan­guage media [23]. It comes on the heels of an exposé by the Chaos Com­put­er Club, a Berlin-based hack­er col­lec­tive, which revealed [24] in Octo­ber that Ger­man police forces had been using a so-called “Bun­de­stro­jan­er” (fed­er­al Tro­jan) to spy on sus­pects.

The Bun­de­stro­jan­er tech­nol­o­gy could be sent dis­guised as a legit­i­mate soft­ware update and was capa­ble of record­ing Skype calls, mon­i­tor­ing Inter­net use, and log­ging mes­sen­ger chats and key­strokes. It could also acti­vate com­put­er hard­ware such as micro­phones or web­cams and secret­ly take snap­shots or record audio before send­ing it back to the author­i­ties.

Ger­man fed­er­al author­i­ties ini­tial­ly denied [25] deploy­ing any Bun­de­stro­jan­er, but it soon tran­spired that courts had in fact approved requests from offi­cials to employ such Tro­jan horse pro­grams more than 50 times [26]. Fol­low­ing a pub­lic out­cry over the use of the tech­nol­o­gy, which many believe breached the country’s strict pri­va­cy laws, fur­ther details have sur­faced.

Inquiries by Green Par­ty MP Kon­stan­tin von Notz revealed in Jan­u­ary [27] that, in addi­tion to the Bun­de­stro­jan­er dis­cov­ered by the CCC, Ger­man author­i­ties had also acquired a license in ear­ly 2011 to test a sim­i­lar Tro­jan tech­nol­o­gy called “FinSpy,”manufactured by Eng­land-based firm Gam­ma Group. Fin­Spy enables clan­des­tine access to a tar­get­ed com­put­er, and was report­ed­ly used for five months [28] by Hos­ni Mubarak’s Egypt­ian state secu­ri­ty forces in 2010 to mon­i­tor per­son­al Skype accounts and record voice and video con­ver­sa­tions over the Inter­net.

But it is the Ger­man government’s response to a series of ques­tions recent­ly sub­mit­ted by Hunko that is per­haps the most reveal­ing to date. In a let­ter from Sec­re­tary of State Ole Schröder [29] on March 6, which I have trans­lat­ed, Hunko was informed that Ger­man fed­er­al police force, the Bun­deskrim­i­nalamt (BKA), met to dis­cuss the use of mon­i­tor­ing soft­ware with coun­ter­parts from the U.S., Britain, Israel, Lux­em­burg, Liecht­en­stein, the Nether­lands, Bel­gium, France, Switzer­land, and Aus­tria. The meet­ings took place sep­a­rate­ly between Feb. 19, 2008, and Feb. 1, 2012. While this sto­ry has been cov­ered in the Ger­man media, it hasn’t received the Eng­lish-lan­guage atten­tion it deserves.

Both the FBI and Britain’s SOCA are said to have dis­cussed with the Ger­mans the “basic legal require­ments” of using com­put­er-mon­i­tor­ing soft­ware. The meet­ing with SOCA also cov­ered the “tech­ni­cal and tac­ti­cal aspects” of deploy­ing com­put­er infil­tra­tion tech­nol­o­gy, accord­ing to Schröder’s let­ter. France’s secret ser­vice and police from Switzer­land, Aus­tria, Lux­em­burg, and Liecht­en­stein were sep­a­rate­ly briefed by the BKA on its expe­ri­ences using Tro­jan com­put­er infil­tra­tion.

Inter­est­ing­ly, at a meet­ing in Octo­ber 2010 attend­ed by police from Ger­many, the Nether­lands, and Bel­gium, rep­re­sen­ta­tives from the Gam­ma Group were present and appar­ent­ly show­cased their shad­owy prod­ucts. It is pos­si­ble that the Ger­mans decid­ed at this meet­ing to pro­ceed with the Fin­Spy tri­al we now know took place in ear­ly 2011.

If noth­ing else, these rev­e­la­tions con­firm that police inter­na­tion­al­ly are increas­ing­ly look­ing to deploy eth­i­cal­ly con­tentious com­put­er intru­sion tech­niques that exist in a legal gray area. The com­bi­na­tion of the rapid devel­op­ment of Inter­net tech­nolo­gies and per­sis­tent fears about nation­al secu­ri­ty seem to have led to a par­a­digm shift in police tactics—one that appears, wor­ry­ing­ly, to be tak­ing place almost entire­ly behind closed doors and under cov­er of state secre­cy.

...

Your Pass­words Can Be Stolen. So Can Your Spy­ware
The world con­tin­ues to freak out about NSA and UK pos­sess­ing the cen­tral­ized mass-sur­veil­lance capa­bil­i­ties that come from the pow­er to col­lect and decrypt mas­sive vol­umes of inter­net traf­fic. Such a freak out is under­stand­able because, hey, cen­tral­ized mass inter­net traf­fic sur­veil­lance is kind of creepy. It’s also under­stand­able that the glob­al debate would be almost exclu­sive­ly focused on spy­ing by the NSA because that’s been the focus of the Snow­den leaks. But it might be worth incor­po­rat­ing into an ongo­ing glob­al debate about the bal­ance pri­va­cy, secu­ri­ty, and gov­ern­ment account­abil­i­ty the fact that extreme­ly pow­er­ful spy­ware is being ped­dled by major gov­ern­ments [30] and is cur­rent­ly used by gov­ern­ments [31] all over the globe. It might also be used by unknown par­ties all over the globe, because spy­ware can be stolen [32]:

Bloomberg
Fin­Fish­er Spy­ware Reach Found on Five Con­ti­nents: Report
By Ver­non Sil­ver — Aug 8, 2012 6:34 AM CT

The Fin­Fish­er spy­ware made by U.K.- based Gam­ma Group like­ly has pre­vi­ous­ly undis­closed glob­al reach, with com­put­ers on at least five con­ti­nents show­ing signs of being com­mand cen­ters that run the intru­sion tool, accord­ing to cyber­se­cu­ri­ty experts.

Fin­Fish­er can secret­ly mon­i­tor com­put­ers — inter­cept­ing Skype calls, turn­ing on Web cam­eras and record­ing every key­stroke. It is mar­ket­ed by Gam­ma for law enforce­ment and gov­ern­ment use.

Research pub­lished last month based on e‑mails obtained by Bloomberg News showed activists from the Per­sian Gulf king­dom of Bahrain were tar­get­ed by what looked like the soft­ware, spark­ing a hunt for fur­ther clues to the product’s deploy­ment.

In new find­ings, a team, led by Clau­dio Guarnieri of Boston-based secu­ri­ty risk-assess­ment com­pa­ny Rapid7, ana­lyzed how the pre­sumed Fin­Fish­er sam­ples from Bahrain com­mu­ni­cat­ed with their com­mand com­put­er. They then com­pared those attrib­ut­es with a glob­al scan of com­put­ers on the Inter­net.

The sur­vey has so far come up with what it reports as match­es in Aus­tralia, the Czech Repub­lic, Dubai, Ethiopia, Esto­nia, Indone­sia, Latvia, Mon­go­lia, Qatar and the U.S.

Guarnieri, a secu­ri­ty researcher based in Ams­ter­dam, said that the loca­tions aren’t proof that the gov­ern­ments of any of these coun­tries use Gamma’s Fin­Fish­er. It’s pos­si­ble that Gam­ma clients use com­put­ers based in oth­er nations to run their Fin­Fish­er sys­tems, he said in an inter­view.

‘Active Fin­ger­print­ing’

“They are sim­ply the results of an active fin­ger­print­ing of a unique behav­ior asso­ci­at­ed with what is believed to be the Fin­Fish­er infra­struc­ture,” he wrote in his report, which Rapid7 is pub­lish­ing today on its blog at https://community.rapid7.com/community/infosec/blog.

The emerg­ing pic­ture of the com­mer­cial­ly avail­able spyware’s reach shines a light on the grow­ing, glob­al mar­ket­place for cyber weapons with poten­tial con­se­quences.

Once any mal­ware is used in the wild, it’s typ­i­cal­ly only a mat­ter of time before it gets used for nefar­i­ous pur­pos­es,” Guarnieri wrote in his report. “It’s impos­si­ble to keep this kind of thing under con­trol in the long term.”

In response to ques­tions about Guarnieri’s find­ings, Gam­ma Inter­na­tion­al GmbH man­ag­ing direc­tor Mar­tin J. Muench said a glob­al scan by third par­ties would not reveal servers run­ning the Fin­Fish­er prod­uct in ques­tion, which is called Fin­Spy.

“The core Fin­Spy servers are pro­tect­ed with fire­walls,” he said in an Aug. 4 e‑mail.

Gam­ma Inter­na­tion­al

Muench, who is based in Munich, has said his com­pa­ny didn’t sell Fin­Fish­er spy­ware to Bahrain. He said he’s inves­ti­gat­ing whether the sam­ples used against Bahrai­ni activists were stolen demon­stra­tion copies or were sold via a third par­ty.

Gam­ma Inter­na­tion­al GmbH in Ger­many is part of U.K.-based Gam­ma Group. The group also mar­kets Fin­Fish­er through Andover, Eng­land-based Gam­ma Inter­na­tion­al UK Ltd. Muench leads the Fin­Fish­er prod­uct port­fo­lio.

Muench says that Gam­ma com­plies with the export reg­u­la­tions of the U.K., U.S. and Ger­many.

It was unclear which, if any, gov­ern­ment agen­cies in the coun­tries Guarnieri iden­ti­fied are Gam­ma clients.

A U.S. Fed­er­al Bureau of Inves­ti­ga­tion spokes­woman in Wash­ing­ton declined to com­ment.

Offi­cials in Ethiopia’s Com­mu­ni­ca­tions Min­is­ter, Qatar’s for­eign min­istry and Mongolia’s president’s office didn’t imme­di­ate­ly return phone calls seek­ing com­ment or respond to ques­tions. Dubai’s deputy com­man­der of police said he has no knowl­edge of such pro­grams when reached on his mobile phone.

Australia’s depart­ment of for­eign affairs and trade said in an e‑mailed state­ment it does not use Fin­Fish­er soft­ware. A spokesman at the Czech Republic’s inte­ri­or min­istry said he has no infor­ma­tion of Gam­ma being used there, nor any knowl­edge of its use at oth­er state insti­tu­tions.

Vio­lat­ing Human Rights?

At Indonesia’s Min­istry of Com­mu­ni­ca­tions, head of pub­lic rela­tions Gatot S. Dewa Bro­to said that to his knowl­edge the gov­ern­ment doesn’t use that pro­gram, or ones that do sim­i­lar things, because it would vio­late pri­va­cy and human rights in that coun­try. The min­istry got an offer to pur­chase a sim­i­lar pro­gram about six months ago but declined, he said, unable to recall the name of the com­pa­ny pitch­ing it.

The Eston­ian Infor­ma­tion Sys­tems Author­i­ty RIA has not detect­ed any expo­sure to Fin­Spy, a spokes­woman said. Nei­ther has Latvia’s infor­ma­tion tech­nolo­gies secu­ri­ty inci­dent response insti­tu­tion, accord­ing to a tech­ni­cal expert there.

...

If the above descrip­tion of the emerg­ing glob­al spy­ware-surviel­lance state sounds a lit­tle unset­tling, keep in mind that FinFisher/FinSpy is just one toolk­it. There could be all sorts of oth­er spy­ware “prod­ucts” out there.

Also don’t for­get that the world is still learn­ing about the FinFisher/FinSpy spy­ware’s capa­bil­i­ty: For instance, it appears that a “Fin­In­tru­sion” tool made by the same com­pa­ny can be used to col­lect WiFi sig­nals. Part of the Fin­In­tru­sion suite includes decryp­tion capa­bil­i­ties so all that WiFi traf­fic can be picked up. It’s a reminder that, whether or not the cen­tral­ized mass-surviel­lance state on the wane, the glob­al decen­tral­ized spy­ware par­ty is still going strong [33]:

ITNews.com
Fur­ther details of Fin­Fish­er govt spy­ware leaked
By Juha Saari­nen on Sep 2, 2013 6:04 AM
Filed under Secu­ri­ty

Claims it can break encryp­tion.

Sales brochures and pre­sen­ta­tions leaked online have shed fur­ther light on the Fin­Fish­er mal­ware and spy­ware toolk­it that is thought to be used by law enforce­ment agen­cies world­wide.

Fin­Fish­er is made by the Anglo-Ger­man Gam­ma Inter­na­tion­al and is mar­ket­ed to law enforce­ment agen­cies arould the world. It is also known as Fin­Spy and the sales pre­sen­ta­tion traces its ori­gins to Back­Track Lin­ux, an open source pen­e­tra­tion test­ing Lin­ux dis­tri­b­u­tion.

The spy­ware can record screen shots, Skype chats, oper­ate built-in web cams and micro­phones on com­put­ers and is able to cap­ture a large range of user data.

Last year, an inter­net scan by a secu­ri­ty com­pa­ny showed up Fin­Fish­er con­trol nodes in eleven coun­tries, includ­ing Aus­tralia. The mal­ware has been analysed [pdf] by the Cit­i­zen Lab project in which the Uni­ver­si­ty of Toron­to, Munk School of Glob­al Affairs and the Cana­da Cen­tre for Glob­al Stud­ies par­tic­i­pate in.

In July this year, the Aus­tralia Fed­er­al Police turned down a Free­dom of Infor­ma­tion Act request from the direc­tor of the Ope­nAus­tralia Foun­da­tion, Henare Degan, about the use of Fin­Fish­er by the coun­try’s top law enforce­ment agency.

The spy­ware runs on all ver­sions of Win­dows new­er than Win­dows 2000, and can infect com­put­ers via USB dri­vers, dri­ve-by web brows­er exploits or with the help of local inter­net providers that inject the mal­ware when users vis­it trust­ed sites such as Google Gmail or YouTube.

The Fin­Spy Mobile ver­sions works on Black­ber­ry, Apple IOS, Google Android and Microsoft­’s Win­dows Mobile and Win­dows Phone oper­at­ing sys­tems, the doc­u­ments claim. On these, it can record incom­ing and out­go­ing calls, track loca­tion with cel­lu­lar ID and GPS data, and sur­veil­lance by mak­ing silent calls and more.

Accord­ing to the doc­u­ments found by secu­ri­ty firm F‑Secure, the Fin­In­tru­sion portable hack­ing kit can break encryp­tion and record all traf­fic, and steal users’ online bank­ing and social media media cre­den­tials.

...

Real­ly pro­tect­ing data pri­va­cy involves a lot more than just pro­tect­ing inter­net traf­fic or stop­ping and of the NSA or GCHQ’s cus­tom back­doors. That was a intel­li­gence-con­ve­nience that’s now been thwart­ed but the spy­ing will con­tin­ue. If effec­tive­ly-unbreak­able encryp­tion is tru­ly imple­ment­ed espi­onage activ­i­ties will mere­ly shift­ed to spy­ing on data after it’s been decrypt­ed by the intend­ed recip­i­ent. And if the entire his­to­ry of spy­ing scan­dals have taught us any­thing it’s that gov­ern­ments are going to be tempt­ed to spread spy­ware around like a rapid zom­bie. Bar­ring a tru­ly pop­ulist glob­al rev­o­lu­tion that some­how leads to a gold­en age of shared pros­per­i­ty and min­i­mal suf­fer­ing Gov­ern­ments around the world will be spy­ing on oth­er coun­tries’ cit­i­zens all over the globe [34] for a whole lot of valid and invalid rea­sons. Gov­ern­ments can be kind of crazy and so can peo­ple. So the spy­ing will con­tin­ue. And don’t for­get that as spy­ware spreads more and more it’ll be hard­er to tell apart the state-spon­sored spy­ware from their private/criminal coun­ter­parts and all that pri­vate spy­ing will war­rant more pub­lic spy­ing to stop the pri­vate spy­ing. Achiev­ing dig­i­tal pri­va­cy isn’t just a mat­ter slay­ing the NSA-mass-wire­tap­ping-drag­on in the mod­ern age and seal­ing those back­doors. The public/private glob­al spy­ware chimera also roams the for­est and it can make back­doors too.