back to article Tor de farce: NSA fails to decrypt anonymised network

A new round of NSA documents snatched by master blabbermouth Edward Snowden appeared online late on Sunday, revealing spooks' internet security pet hates. The latest dump of PDFs published by Der Spiegel appeared to show what the Five Eyes surveillance buddies – the USA, the UK, Australia, Canada and New Zealand – see as …

  1. Destroy All Monsters Silver badge
    Windows

    If you've transferred your private keys to a server via SSH or VPN, they've possibly been compromised. Time to revoke everydamnthing.

    100% of non-sneakernet-connected nodes (pretty much the whole cloud for starters) fucked??

    "UK TOP SECRET STRAP1 COMINT"

    WTF does STRAPONE mean?

    1. Anonymous Coward
      Trollface

      WTF does STRAPONE mean?

      It means that they have no dick...

      1. BillG
        Joke

        Re: WTF does STRAPONE mean?

        It means that they have no dick...

        Well that's what I heard.

        (anyone get the movie reference?)

        1. Anonymous Coward
          Joke

          Re: WTF does STRAPONE mean?

          Yes...it's true... this man has no dick...

          1. Anonymous Coward
            Anonymous Coward

            Re: WTF does STRAPONE mean?

            Bill Murray, Ghostbusters, recently re-released as SPOOK Busters. Download it now.

    2. DavCrav

      "WTF does STRAPONE mean?"

      Let me Google that for you: "STRAP classification" gives you this.

      http://electrospaces.blogspot.co.uk/2013/12/the-british-classification-marking-strap.html

    3. MustyMusgrave
      Devil

      SRAP-1

      It means Level Top Secret.. Like MJ-IC-1-2...

      Although yeah, it does sound like STRAP-ON!

      They've even got Stickers.. Green is below Top Secret.. yellow is Secret for some and Red is super secret, you can read about it by doing a search for Top Level Telecommunications.. They break down all the code words, like Marina... Which is just another name for the TITAN super-computer with pretty pictures of Marine animals on the side, it's the dwelling place of O - the Octopus!

      It's really not quite as good as all the photo's that circulate the web of the huge rack of servers from all the engineers that have worked so hard at putting it all together! I've got PICS!

      See = https://en.wikipedia.org/wiki/SPECTRE

  2. e^iπ+1=0

    SSL private keys

    'SSL privates (sic) can easily be swiped by asking the CA root to hand it over.'

    What if the bad guys create their own CA? Even I've created my own CA for test purposes.

    If the bad guys use their own CA then the feds need to find them before asking for the private keys.

    1. Anonymous Coward
      Anonymous Coward

      Re: SSL private keys

      Also asking the ca will not result in them getting your private key, the ca never had your private key, you generate your public private keys and the have your public key signed by the ca. They never see the private key.

      They can give them a new signed public key for your address to do a man in the middle attack.

    2. streaky

      Re: SSL private keys

      Yeah that's probably most egregious of the nonsense points in the article. CA attests your signing request, it never sees your private key. If it did then PKI would be even more fundamentally broken that it actually is and nobody would use it because it'd have been replaced by a system that works more like PKI actually does decades ago. Yes PKI is broken, no, not that way.

      Just no.

      Even the CA handing over their [root/intermediate] keys would only allow them to create new certs pretending to be you but the thumbprints wouldn't match and that CA would go out of business 3 days later because their root certs would be revoked left, right, center and on mars so no court (secret or otherwise) would ever do it because it'd be the end of a significant number of large US tech companies which the NSA, CIA and other alphabets would full well know.

  3. resudaed

    SSL not compromised if you use your own key?

    If you generated your own private key (which you should have done to consider your certificate secure) then the SSL private cert provided by the CA is useless without the key that you never gave them.

    1. Anonymous Coward
      Anonymous Coward

      Re: SSL not compromised if you use your own key?

      Commercially signed SSL certs have traditionally been heavily promoted as a way to verify the identity of the site you're connecting to, when in fact their role in encrypting the data going over that connection is at least as important. In situations where the identity of the service isn't in doubt, self-signed certs work just fine. So maybe what we really need is a good way of identifying the provenance of services (more secure DNS?) so we can all start using certs signed by our own private keys.

  4. Gordon 10

    Seems to me

    That if Microsoft really wanted to stick 2 fingers up to the feds over the attempted Dublin data slurp they should deploy a compromise free version of Skype

    1. Anonymous Coward
      Anonymous Coward

      Re: Seems to me: how to get free unrestricted comms in 'autocratic' regimes

      I haven't talked to my friends at Microsoft recently but the entire history of Skype, (written in Eesti by Kazaa P2P programmers who actually remembered life under the Soviet Union), meant that it was originally the "compromise free" version!

      The 'attack' against Skype mostly was a paper exercise: First someone printed billions of dollars for eBay to buy Skype, then when there still wasn't a large enough attack surface, someone printed another wodge of billions more for MS, result = computer network exploitation success.

      If MS had any free-will, which they don't as they have to abide by U.S. laws, then they'd come out with SnowdenSkype based on an obfuscated SSH start-up, using similar technologies to SAIC NetEraser.

      Instead, my team has been quietly asked to look at free/open ITU-R unlicensed-band industrial/medical/scientific radio-frequency based mesh networks, no, not at Wi-Fi, but at 13.56MHz , using NVIS antenna loops (near vertical incident skywave technology, also known as cloud-warmers!)

      At least my colleagues at GCHQ can do some nice traditional radio-spookery tracking the ISM rf packets, amongst the background noise, or read the academic papers?

      1. John Gamble
        Boffin

        Re: Seems to me: how to get free unrestricted comms in 'autocratic' regimes

        I haven't talked to my friends at Microsoft recently but the entire history of Skype, (written in Eesti by Kazaa P2P programmers who actually remembered life under the Soviet Union), meant that it was originally the "compromise free" version!

        Except the original version had a self-rolled crypto system, which was about as secure as one would expect. If Skype's crypto has been unchanged since it first appeared, it has been insecure from day one. And if its crypto has been changed as it changed hands... well, it is almost certainly even less secure now.

    2. Kanhef

      Re: Seems to me

      The only way security-minded people would accept a version of Skype as 'compromise-free' is if it's completely open-source, and can be reliably compiled to be byte-for-byte identical to any distributed binaries. If we can't inspect the code and prove that there are no backdoors or weak, home-rolled crypto systems, it will still be considered compromised, no matter what anyone at Microsoft says.

    3. amanfromMars 1 Silver badge

      Re: Seems to me

      It has long been known that Skype has been thoroughly owned by the NSA and it clearly should never be used by anyone with sensitive sources.

      Seems to me that one has to also conclude and be aware that the NSA thoroughly owns Microsoft and their products and programs and applications clearly should never be used by anyone with sensitive sources if one wishes to retain and maintain leadership, command and control over and with novel sources/irregular and unconventional event planners/Creative CyberSpace Players and Ab Fab Fabless Non-State Actors/virtual reality expert teasers/SMARTR IntelAIgent Beings in the Live Operational Virtual Environment with HyperRadioProActive IT Systems of Secure Secret Administrative and FailSafe Executive Communication.

      Are you providing Uncle Sam/NSA your future plans and current running secrets free of charge and also paying them whilst using their systems with Windows Internet Exploring and Deep and Dark Semantic Webs, J Edgar Hoovering up in Mega Beta MetaDataBase Stations.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Seems to me

        NSA is http://www.urbandictionary.com/define.php?term=NSA ?

        Must be a meeting station at some place :-) .

      3. Tail Up

        Re: Seems to me

        There is a sufficient gap between Microsoft and Communications. MS and Apple's environments share the chart of consumption of browser-interface media. But - contents, dear boy, contents. Wings need air, without which they are nothing but a useless tool and a fcuk up to all efforts of the whole natural evolution (-: we're all doomed to be sectors in this pie. Until we go back to first principles.

  5. Anonymous Coward
    Anonymous Coward

    so apart from the Cisco etc router VPN pre-shared key secrets which aren't

    The NSA doc at http://www.spiegel.de/media/media-35551.pdf talks about retaining cloud metadata for a year and the gchq doc at http://www.spiegel.de/media/media-35532.pdf mentions the pleasant paragraph "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable" the techniques are so sensitive that they aren't shareable with the partners (the 9 SSeur 'France, Germany, Spain, Italy, Belgium, the Netherlands, Denmark, Norway and Sweden') but is my raw vpn data shipped across the EU by one of the 14-partners, where it is then peeled apart?

  6. Anonymous Coward
    Anonymous Coward

    ffs

    "Very naughty people use Tor"

    Is this the level of 'evidence' needed against Tor? MPs doing their expenses, that kind of very naughty?

    1. LaeMing

      Re: ffs

      Clearly Tor users didn't get a visit from Santa this year.

    2. Adam 1

      really is a good meme candidate

      > Very naughty people use ...

      Very naughty people use cars

      1. Anonymous Coward
        Anonymous Coward

        Re: really is a good meme candidate

        Very naughty people use the bus to GCHQ/NSA HQ to get to work each morning.

        1. John Hughes

          Re: really is a good meme candidate

          Have you never seen their buildings -- in both cases the notable feature is the huge parking lots.

          Not many bus riders there I guess.

    3. Any mouse Cow turd

      Re: ffs

      Very naughty people developed TOR in the first place.

  7. This post has been deleted by its author

  8. WalterAlter
    Facepalm

    I'm feeling a bit ambivalent this morning...

    So, we're referring to the man who kept the free world free and legitimized an army of conspiracy nuts and whistleblowers by verifying their worst scenarios, a "BLABBERMOUTH" now?! This is the Reg's take on the bold unswerving savant benefactors of all humanity??!! This is your idea of a rational perspective on the now realized undead fascist zombie overlord hell in waiting???!!! Has the Reg become a cold, congealed pudding of satanic SWERVERS????!!!!

    1. perlcat

      Re: I'm feeling a bit ambivalent this morning...

      Better calm down, Walter. You're lathering again.

      1. WalterAlter

        Re: I'm feeling a bit ambivalent this morning...

        Jeez guys, hop over to the 7-11 and pick up a six pack of Satire Lite on me. Lather!?...I'll tell you about my lather...! (kablooie)

        "There goes Bill..."

        (spot the cryptic film and literary references for a free week at Mel's Futon Corral)

        Sorry, It's my chronic case of internal monolog. Doctors scratch their heads, philosophers want me dead. Ugly, tragic and marginally illuminating...what ya gonna do. Thanks for being my only social contact all month. I think I'll go watch some YouTube Vine compilations now.

    2. Greg J Preece

      Re: I'm feeling a bit ambivalent this morning...

      Getting this week's FOTW out of the way early, aren't we?

      1. Mark 85

        Re: I'm feeling a bit ambivalent this morning...

        Needs some work.. a few expletives and maybe a bit more name-calling. For a Monday, let's rate that rant at a 5. If it were Friday, it would probably be a 2. Practice, Walter, practice. You'll get FOTW eventually.

  9. ZSn

    Secure?

    PGP (still secure), AES (under attack but no definitive proof that it was compromised by spooks) and OTR (secure, but the software implementing it was found to be buggy and exploitable).

    You're mixing apples and oranges, PGP can use AES, so if AES is insecure so is PGP. Don't mix cryptographic primatives and protocols.

    AES is no more compromised or attacked than any other primitive. What else do you propose to use?

    Incidentally - what happened to the edit your own post button. Am I being blind in not seeing it - or has it gone away in the latest site re-org?

    1. John Brown (no body) Silver badge

      Re: Secure?

      "Incidentally - what happened to the edit your own post button. Am I being blind in not seeing it - or has it gone away in the latest site re-org?"

      No, it's not gone away. Problem at your end.

      1. ratfox
        Angel

        Re: Secure?

        That I know, the edit your own post button is mostly only available to people with a shiny silver or gold badge.

        EDIT: like mine.

    2. 142

      Re: Secure?

      There's a time limit for edits, 10 minutes I believe. Perhaps you exceeded it?

  10. Anonymous Coward
    Anonymous Coward

    Timing...

    It seems that the obvious thing to do is for TOR internal nodes to introduce random delays before forwarding to the next node.

    While it would significantly slow the network, it would make provable timing analysis impossible.

    Heck, maybe it has already been done?

    1. Anonymous Coward
      Joke

      Re: Timing...

      But with extra delays just think how long it will take to torrent a BlueRay box set!

      (I'm abusing a system provided by volunteers to defend free speech around the world??? au contraire! I'm helping defeat traffic analysis by contributing noise. Yes indeedy, and if I eat your entire lunch and nick your wallet it's purely to give you a headstart on that New Year's resolution to lose weight...)

    2. Kanhef

      Re: Timing...

      If every node delays every packet by a random amount in the same range, all this will do is slow down the network. With enough packets to analyze, the randomness averages out and isn't a significant obstacle. A better approach might be to add delays depending on the speed of the individual connections between nodes; the idea is that all traffic takes the same amount of time to transit through a node, no matter where it came from or where it's going.

      1. Frumious Bandersnatch

        Re: Timing...

        all this will do is slow down the network

        Yes and no. If you delay packets by a random amount, then yes, the network slows down. If, on the other hand, you replace a FIFO scheduler with one that merely randomises the queue order, then throughput is maintained*. Slowing down the end-to-end routing of packets through the network like this will impact the users, though the network throughput is unaffected.

        * a simple example scheme which has a 1/2 chance of delaying the head packet in the queue if it's the first time it's been seen, and a decreasing sequence of probabilities 1/4, 1/8, 1/16, etc. each subsequent time it's due to be sent will mean packets may wait in the queue indefinitely (with infinitesimal probability), but on average will take 2x as long to get through it (sum of infinite series 1 + 1/2 + 1/4 + ...), not taking the probability of the replacement packet being sent into account...

        1. Anonymous Coward
          Anonymous Coward

          Re: Timing...

          If, on the other hand, you replace a FIFO scheduler with one that merely randomises the queue order, then throughput is maintained*.

          Eve could presumably still simply count the number of packets seen at each end though. And are all tor packets the same size?

  11. Lars Silver badge
    Happy

    Please, naughty people

    "Very naughty people use Tor". Please tell us you never fly, fart, use public transportation, the postal service, roads, dentists, hot dogs, chics. Please tell us what we can safely use that you naughty have left for us to use.

    Time, perhaps, to use Tor so that "less" naughty people use it.

  12. Anonymous Coward
    Anonymous Coward

    Meanwhile, back at the ranch...

    The US military (which includes the NSA) can't defend their own department headquarters from "cyber" attack, let alone any of the taxpaying commercial businesses and private individuals located in the US. From my perspective that means they've completely and utterly failed to do their job. Instead of begging, borrowing or stealing their way into all of our back closets, they should have been concentrating their billions in funding on the really hard work of building and deploying the systems, architectures and processes required to keep the bad guys out. It's really astounding how anyone over there kept their jobs given that level of non-performance. I guess their overseers in Congress were too distracted by all the shiny objects (financial intel on potential investments?) dangled in front of them during top secret briefings.

    1. Sureo

      Re: Meanwhile, back at the ranch...

      If they deploy anything that keeps the bad guys out, anyone can use it to keep them out. Not in their interest I'm afraid.

  13. unso

    Eh? The CA does not necessarily have the private key. Mine signs a CSR generated by yours truly.

    1. Destroy All Monsters Silver badge

      I sure hope the CA does NOT HAVE the private key, otherwise there is a bad case of PEBKAC at the end of the CA's customer.

  14. keithpeter Silver badge
    Windows

    Making the artificial fingerprint.

    http://www.bom.org.uk/2014/11/26/hello-world/

    Very near the back entrance to New Street Station should you happen to be passing. Video shows some detail on the way the artifical fingerprint can be made. I think it is still on, the CCC flag is still flying!

    1. Anonymous Coward
      Anonymous Coward

      Re: Making the artificial fingerprint.

      BOM is closed for Crimbo

      Re-opens Friday 2nd Jan

      Source

  15. Anonymous Coward
    Anonymous Coward

    Clarification needed

    "while SSL private keys can easily be swiped by asking the CA root to hand it over."

    How? My understanding is that root CA's never see the private keys - they just sign the public key. This should mean that whilst they can issue fake certificates enabling MITM attacks they can't actually provide the private key to enable decryption of existing traffic.

    So either the above understanding is incorrect. Or They have some secret methodology to obtain private keys from something the CA's have. Or They are doing MITM on a huge amount of traffic which seems unlikely as these should be easy(er) to spot...

    1. MustyMusgrave
      Facepalm

      Re: Clarification needed

      See Moxie Marlin Spike and thought-crime, when they said we've had a break through at decrypting huge bulks of private traffic what they meant is we've got hold of this long haired hippies work on defeating SSL with Man-in-the-Middle and SSL-Strip and now it's a strippers club with a free for all on Big-Data!

  16. Anonymous Coward
    Anonymous Coward

    Wait a mo.

    "The false positive rate looks low enough to suggest this technique should be carried forward."

    Oh yeah? What exactly is the FPR? If it is 1 in 1000, then a trawl of all 20,000,000 (guestimate) UK adults would yield 20,000 'suspects' by FPR alone. How many 'terrorists' are there in the UK - ignoring those mentored by the security services - 20 maybe? The FPR better be nearer 1 in 1,000,000 for this to be anything other than a total waste of taxpayer funds.

    1. Flocke Kroes Silver badge

      Wasting taxpayer funds is a strategic goal

      You can defend a much bigger budget with a high FPR.

    2. tom dial Silver badge

      Re: Wait a mo.

      The amount of work (by people and probably machines as well) associated with the deanonymising TOR users by a timing attack is far too large to apply to 20,000,000 UK citizens. The technique described requires, in practical terms, GCHQ ownership of the exit node and ability to monitor the entry node. It is worth noting that exit node ownership exposes any unencrypted exit traffic as well, without a need to infer from correlation of TOR entry/exit timing.

      1. Mark 85

        Re: Wait a mo.

        Well... maybe they "own" one or two.

        I'll get my tin foil hat and go quietly. Except... that it's possible.

    3. Anonymous Coward
      Anonymous Coward

      Re: Wait a mo.

      The FPR better be nearer 1 in 1,000,000 for this to be anything other than a total waste of taxpayer funds.

      It needs to be better than that really. The problem with this is that is trying to find a very low occurrence event really compounds the even amazingly low false positive / false negatives.

      Also, its going to be pretty hard to baseline the accuracy here as we dont really know how many terrorists there are in the first place.

  17. scrubber
    Mushroom

    Wtf?

    Why is a service I pay for (govt.) Spending my money to see what I do online rather than spending money to ensure other people/countries can't see what I do online?

    1. Flocke Kroes Silver badge

      Who is the biggest danger to an MP?

      1) A guy with a gun in Afghanistan.

      2) A comentard in the UK.

  18. Wzrd1 Silver badge

    I've said something before, which was ignored, but resulted in some personal discomfort...

    So, I will say only this.

    The NSA uses AES.

    Need I say more?

    OK, the *rest* of the US DoD uses AES.

    1. Paul Crawford Silver badge

      Re: I've said something before, which was ignored, but resulted in some personal discomfort...

      The AES was the subject of a public competition with various cryptographers around the world studying the choices and weeding out obvious weaknesses, which is how it should be and leads to a strong and trustworthy standard.

      That is not the same as saying the NSA, etc, might find a non-obvious (by global expert standards) weakness that speeds brute-forcing by some useful amount, nor that they might not have spent a small country's GDP on dedicated brute-forcing hardware to attack real high-value messages.

      Nor is it the same as saying an implementation using the AES has not screwed up on not leaking the key, etc.

      But its a damn sight better than the Dual Elliptic Curve Deterministic Random Bit Generator where the NSA basically wrote the spec with known-to-them weaknesses!

  19. Tail Up

    Fireworks were unexpected (-:

    Took my 10 minutes from the Uber Reg to correct the initial thought :-) the better XD

    В текущей (2015 н.э) парадигме практически все современное "гражданское" произошло от когда-то военного. Мы едим консервы, банки которых сделаны на снарядных заводах. Мы считаем интернет ноосферой Вернадского, несмотря на то, что когда-то его спонсировали военные Никсона. Мы смотрим дальше, чем могут себе представить иные бюрократы, и смотрим примерно так же далеко (-; как делают это телескописты Птенцов Гнезда Феникса. Не будем критиковать уровни, рекомендованные при принятии государственных бюджетов. В них не может быть заложено никаких определений реальной динамики в силу секретности отдельных статей формирования доходов, порой превышающих бюджет государства на текущий год.

    Традиционалисты (conventionalists) в области генерации убеждений уже имеют возможности оценивать перспективы неконвенциональных средств убеждения. Во-первых + во-вторых, имеется возможность обозначить анахронизм противостояния моря и суши как не имеющий питания в век мгновенного доступа к информации. Море теперь так же желанно для суши, как и ранее суша была желанна для моря, и благодаря новейшим средствам связи они взаимно понимают, что являются равноинтересными объектами. Для блага продолжения описания и изучения моря, суши и того, что вокруг, они могли бы принять текущую данность как догму, поскольку они - догматики, или иначе, если они в потенциале смогли бы освободиться от догматического диктата.

    Wish you Happy New Year. Fireworks are blowing up just above my yard!

    http://youtu.be/mfPd_JWHPQo

    1. Anonymous Coward
      Anonymous Coward

      Re: Fireworks were unexpected (-:

      39 words, says Watson.

  20. Anonymous Coward
    Anonymous Coward

    Am I the only one?

    Am I the only one who's freaking out about SSH possibly being compromised on New Year's eve?

  21. Anonymous Coward
    Anonymous Coward

    Gullible

    That's what most people are who believe information disseminated as secret reports by a self-serving rogue.

    1. Anonymous Coward
      Big Brother

      Re: Gullible

      If this self-serving rouge is Snowdon, how did he benefit?

      Was he being naive or a ill thought out plan that got him hunted across the planet? Was he after money & fame?

      He's now in Russia with his every move monitored...

      1. MustyMusgrave
        Devil

        Re: Gullible

        Yeah monitor that Kiddy, dont let him near our secret strap-on stuff he might pull out his thumb drive and tell the world, we're stealing there browsing experiance and handing it to the state along with spying on lawyers, spying on judges, spying on the legal profession in so many differant countries, wait a minute what do you mean theres a telecommunications GATS treaty, nobody told us... We're just doing what every other nation does.. It's all in accordance with strict legal guidelines and in accordance with erm.. Wait a minute what do you mean the EU is scraping US safe habor rights, they cant do that, god damn them we'll spy on them all with Reign! Oh LOLOLOLOLOLOL lets all trolololol the documents on IC off the record... Internet Consortium, hollywood, big buisness, big data, just waiting for the spoof movie to come out poking fun at all of it!

        You'll do what we say, because we're the NSA, if you dont we'll render you with the CIA!

        1. MustyMusgrave
          Angel

          Re: Gullible

          You can just imagine them screaming "thats not how we operate" yeah, target those sysadmins, target those providers, suck it all up.. It makes no differance because the hackers have always and will always be one step ahead of some texan billionare and his oil fueled chum's. Illuminati, they dont exist, oh wait is your next presidential candidate a free-mason, do the stars and stripes depict a hebrew star of david, is that the masonic eye on the 1 dollar bill? Wasnt it 9 free masons who signed the declaration of independance and isnt the OS that's now fucking everybody called Plan-9 from outer space? Formerly known as Plan-B from Bell-Laboratories.

          TAO - tailored access operations, conducted in secret by the Jewish free-mason's fraternity, no it doesnt happen, oh yes it DOES! Strap-that-On! Co-intel Pro never ceased it's operations after Nixon, they just changed the name... to preserve the holy C and the "Federal reserve!"

          1. MustyMusgrave

            Re: Gullible

            Look on the bright side, when they finally run out of fossil fuels, we can eat the rich people and rape there children all night and all day... the price was worth it!

            Nay, we'll keep it quiet, how fracking is leveling off, oil production is falling down, spy on the masses for they must be controlled in the interests of the Bildenburg Group and its exclusive members.. Whom include Microsoft, Apple & Google.. <sigh> I think history has a good lesson for all, emperor Nero watched Rome Burn!

            1. Anonymous Coward
              Anonymous Coward

              Re: Gullible

              All hail ozzy!

              https://www.youtube.com/watch?v=7TIdWKa3f9c

  22. Anonymous Coward
    Anonymous Coward

    How About?

    or even better how about a little Gold Dust!

    https://www.youtube.com/watch?v=IXDVqCP7Crg

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like