The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 47

Weds 11 September 2013

Contents

On the NSA
Matthew Green via David Rosenthal and Dewayne Hendricks
Johns Hopkins Tells Security Researcher To Remove Blog Post About NSA Encryption Attacks From University Server
Mike Masnick via Dewayne Hendricks
Crypto prof asked to remove NSA-related blog post
Nate Anderson via Dewayne Hendricks
Government Announces Steps to Restore Confidence on Encryption Standards
Nicole Perlroth
"NSA Officers Spy on Love Interests"
Siobhan Gorman via Gene Wirchenko
"NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds"
Tom Simonite
UK Internet Filter Blocks VPNs, Australia to Follow Soon?
Torrent Freak via Lauren Weinstein
FTC Says Webcam's Flaw Put Users' Lives on Display
Edward Wyatt via Jim Reisert
The Steely, Headless King of Texas Hold 'Em
Michael Kaplan via Monty Solomon
American Fantasy Football app lets hackers change team rosters
Monty Solomon
How an Austrian Used Legos to Hack Amazon's Kindle E-Book Security
Arik Hesseldahl via Monty Solomon
Review Group on Global Signals Intelligence Collection and Communications Technologies Seeks Public Comment
Lauren Weinstein
Trouble with Red Light Cameras
Ben Moore
"World's most secure smartphone" looks like snake oil, experts say
Jon Brodkin
Tiny screens spill the beans
jidanni
Re: Test 'reveals Facebook, Twitter and Google snoop on e-mails'
Geoff Kuenning
Re: HuffPo Edward Snowden Impersonated NSA Officials
Amos Shapir
Re: 'Walkie-Talkie' skyscraper melts Jaguar car parts
Martyn Thomas
Glynn Clements
Steve Loughran
Info on RISKS (comp.risks)

On the NSA (Matthew Green via David Rosenthal)

<*Dewayne Hendricks*>
Saturday, September 7, 2013
[Note:  This item comes from friend David Rosenthal.  DLH]

Matthew Green, On the NSA, 5 Sep 2013
<http://blog.cryptographyengineering.com/2013/09/on-nsa.html>

Let me tell you the story of my tiny brush with the biggest crypto story of
the year.

A few weeks ago I received a call from a reporter atProPublica, asking me
background questions about encryption. Right off the bat I knew this was
going to be an odd conversation, since this gentleman seemed convinced that
the NSA had vast capabilities to defeat encryption. And not in a 'hey, d'ya
think the NSA has vast capabilities to defeat encryption?' kind of way. No,
he'd already established the defeating. We were just haggling over the
details.

Oddness aside it was a fun (if brief) set of conversations, mostly involving
hypotheticals. If the NSA could do this, how might they do it?  What would
the impact be? I admit that at this point one of my biggest concerns was to
avoid coming off like a crank. After all, if I got quoted sounding too much
like an NSA conspiracy nut, my colleagues would laugh at me. Then I might
not get invited to the cool security parties.

All of this is a long way of saying that I was totally unprepared for
today's bombshell revelations describing the NSA's efforts to defeat
encryption. Not only does the worst possible hypothetical I discussed appear
to be true, but it's true on a scale I couldn't even imagine. I'm no longer
the crank. I wasn't even close to cranky enough.

And since I never got a chance to see the documents that sourced the
NYT/ProPublica story—and I would give my right arm to see them—I'm
determined to make up for this deficit with sheer speculation. Which is
exactly what this blog post will be.

'Bullrun' and 'Cheesy Name'

If you haven't read the NYT or Guardian stories, you probably should. The
TL;DR is that the NSA has been doing some very bad things. At a combined
cost of $250 million per year, they include:

 * Tampering with national standards (NIST is specifically
   mentioned) to promote weak, or otherwise vulnerable cryptography.
 * Influencing standards committees to weaken protocols.
 * Working with hardware and software vendors to weaken encryption
   and random number generators.
 * Attacking the encryption used by 'the next generation of 4G
   phones'.
 * Obtaining cleartext access to 'a major Internet peer-to-peer
   voice and text communications system' (Skype?)
 * Identifying and cracking vulnerable keys.
 * Establishing a Human Intelligence division to infiltrate the
   global telecommunications industry.
 * And worst of all (to me): somehow decrypting SSL connections.

All of these programs go by different code names, but the NSA's decryption
program goes by the name 'Bullrun' so that's what I'll use here.

How to break a cryptographic system

There's almost too much here for a short blog post, so I'm going to start
with a few general thoughts. Readers of this blog should know that there
are basically three ways to break a cryptographic system. In no particular
order, they are:  [...]


Johns Hopkins Tells Security Researcher To Remove Blog Post About NSA Encryption Attacks From University Server (Mike Masnick)

Dewayne Hendricks <dewayne@warpspeed.com>
September 9, 2013 5:43:31 PM EDT
Mike Masnick, TechDirt, from the now-take-a-look dept, 9 Sep 2013
<http://www.techdirt.com/articles/20130909/11193024453/johns-hopkins-tells-security-researcher-to-remove-blog-post-about-nsa-encryption-attacks-university-server.shtml>

Last week, a great blog post by cryptographer and research professor Matthew
Green was posted, providing some fantastic details about the likely attack
vectors by the NSA to compromise encryption schemes. It's a well written and
detailed piece from someone who clearly knows what he's talking about. Oh,
and it kicks off with an amusing story about how the reporters working on
the "NSA builds backdoors into encryption" story had contacted him for
comments and, because they didn't reveal too many details, he was concerned
about coming off as too paranoid or too much of a "crank." However, after
the details came out, he realized he "wasn't cranky enough."

Oddness aside it was a fun (if brief) set of conversations, mostly involving
hypotheticals. If the NSA could do this, how might they do it? What would
the impact be? I admit that at this point one of my biggest concerns was to
avoid coming off like a crank. After all, if I got quoted sounding too much
like an NSA conspiracy nut, my colleagues would laugh at me. Then I might
not get invited to the cool security parties.

All of this is a long way of saying that I was totally unprepared for
today's bombshell revelations describing the NSA's efforts to defeat
encryption. Not only does the worst possible hypothetical I discussed appear
to be true, but it's true on a scale I couldn't even imagine. I'm no longer
the crank. I wasn't even close to cranky enough.

He then goes on to explain where the most probable attacks are coming from
and what we should be most worried about and what's likely still safe. I had
hoped to write up something about the post in general, but today something
new came up. Green noted that the Dean where he teaches, at Johns Hopkins,
had asked him to remove the blog post from the university's servers. The
blog post was cross-posted both to a blog on the university's servers, as
well as to Green's personal blog on Blogger. The personal blog post is still
up (and now about to get that much more attention for the takedown). He also
notes that this "isn't my Dean's fault" though plenty of folks are curious
whose fault it might be. For what it's worth, it appears that Hopkins has a
close relationship with the NSA, and the school really isn't that far from
the NSA's headquarters. [...]

Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>


Crypto prof asked to remove NSA-related blog post (Nate Anderson)

Dewayne Hendricks <dewayne@warpspeed.com>
September 9, 2013 7:36:06 PM EDT
[Note:  Latet info on the earlier posting I made on this story today.  DLH]

Nate Anderson, ArsTechnica, 9 Sep 2013
Predictable backtrack from Johns Hopkins comes a few hours later.
<http://arstechnica.com/security/2013/09/crypto-prof-asked-to-remove-nsa-related-blog-post/>

Matthew Green is a well-known cryptography professor, currently teaching in
the computer science department of Johns Hopkins University in
Baltimore. Last week, Green authored a long and interesting blog post about
the recent revelations that the National Security Agency (NSA) has, among
much else, subverted crypto standards. In his words, "The TL;DR ['too long;
didn't read' version] is that the NSA has been doing some very bad things."
And Green went on to speculate at some length about what those "bad things"
were and what they might mean.

Today, Green's academic dean contacted him to ask that "all copies" of the
blog post be removed from university servers. Green said that the move was
not "my Dean's fault," but he did not elaborate. Were cryptology professors
at Johns Hopkins not allowed to say, as Green had, things like:

I was totally unprepared for today's bombshell revelations describing the
NSA's efforts to defeat encryption. Not only does the worst possible
hypothetical I discussed appear to be true, but it's true on a scale I
couldn't even imagine. I'm no longer the crank. I wasn't even close to
cranky enough.

Was basic academic freedom on the line? Had the request even come initially
from Johns Hopkins or from outside the school—perhaps someone at the NSA
headquarters just up the road from Baltimore?

I asked John Hopkins, and spokesman Dennis O'Shea responded with the
school's side of the story:

The university received information this morning that Matthew Green's blog
contained a link or links to classified material and also used the NSA
logo. For that reason, we asked Professor Green to remove the Johns
Hopkins-hosted mirror site for his blog.

Upon further review, we note that the NSA logo has been removed and that he
appears to link to material that has been published in the news
media. Interim Dean Andrew Douglas will inform Professor Green that the
mirror site may be restored.

The statement raised further questions, including: from whom did the school
"receive" its information? Why was the school's top administration getting
involved in the use of the NSA logo on one professor's individual blog post?
What was the point of the request given that Green had also published the
post to a mirror hosted at Blogger? Wasn't the whole episode likely to bring
far greater traffic to Green's post once word of the takedown request got
out?

Late this afternoon, Green shared his side of the story on Twitter (tweets
concatenated below for ease of reading): [...]

Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>


Government Announces Steps to Restore Confidence on Encryption Standards (Nicole Perlroth)

ACM TechNews <technews@HQ.ACM.ORG>
Wed, 11 Sep 2013 11:26:53 -0400
Nicole Perlroth, *The New York Times*, 10 Sep 2013, via ACM TechNews,

The U.S. National Institute of Standards and Technology (NIST) announced
that it will reopen the public vetting process for the Dual EC DRBG
encryption standard, after reports that the U.S. National Security Agency
(NSA) had written the standard and could break it.  "We want to assure the
IT cybersecurity community that the transparent, public process used to
rigorously vet our standards is still in place," NIST says.  "NIST would not
deliberately weaken a cryptographic standard."  The announcement comes after
recent revelations that NSA has been able to get around much of the
encryption that protects massive amounts of information on the Internet.
For encryption to be secure, the system must generate secret prime numbers
randomly.  However, one of the random number generators used in the Dual EC
DRBG standard contained a back door for the NSA.  The standard was adopted
by NIST and by the International Organization for Standardization, which has
163 member countries.  Many cryptographers previously had expressed
reservations about NSA's participation in developing encryption standards,
and some say they now have lost confidence in the NIST standards-setting
process.  "We'll have to re-evaluate that relationship," Johns Hopkins
University cryptography researcher Matthew D. Green wrote in a blog
post. "Trust has been violated."
http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/


"NSA Officers Spy on Love Interests"

Gene Wirchenko <genew@telus.net>
Sat, 07 Sep 2013 15:02:34 -0700
Siobhan Gorman, WashWire, 23 Aug 2013
http://blogs.wsj.com/washwire/2013/08/23/nsa-officers-sometimes-spy-on-love-interests/

opening text:

WASHINGTON National Security Agency officers on several occasions have
channeled their agency's enormous eavesdropping power to spy on love
interests, U.S. officials said.  The practice isn't frequent—one official
estimated a handful of cases in the last decade—but it's common enough to
garner its own spycraft label: LOVEINT.


"NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds" (Tom Simonite)

Gene Wirchenko <genew@telus.net>
Mon, 09 Sep 2013 13:01:03 -0700
Tom Simonite, *MIT Technology Review*, 9 Sep 2013
New details of the NSA's capabilities suggest encryption can still be
trusted. But more effort is needed to fix problems with how it is used.

http://www.technologyreview.com/news/519171/nsa-leak-leaves-crypto-math-intact-but-highlights-known-workarounds/


UK Internet Filter Blocks VPNs, Australia to Follow Soon?

Lauren Weinstein <lauren@vortex.com>
Fri, 6 Sep 2013 09:46:43 -0700
  "In the UK mobile Internet providers are required to block content that
  may be considered "harmful" to children. The filter mainly targets adult
  oriented content, but one provider now says that VPN services also fall
  into this category as they allow kids to bypass age restrictions."
    http://j.mp/19pyD5N  (Torrent Freak via NNSquad)


FTC Says Webcam's Flaw Put Users' Lives on Display (Edward Wyatt)

Jim Reisert AD1C <jjreisert@alum.mit.edu>
Thu, 5 Sep 2013 17:42:48 -0600
Edward Wyatt, 4 Sep 2013

The so-called Internet of Things—digitally connected devices like
appliances, cars and medical equipment—promises to make life easier for
consumers. But regulators are worried that some products may be magnets for
hackers.

On Wednesday, the Federal Trade Commission took its first action to protect
consumers from reckless invasions of privacy, penalizing a company that
sells Web-enabled video cameras for lax security practices.

According to the F.T.C., the company, TRENDnet, told customers that its
products were `secure', marketing its cameras for home security and baby
monitoring. In fact, the devices were compromised. The commission said a
hacker in January 2012 exploited a security flaw and posted links to the
live feeds, which “displayed babies asleep in their cribs, young children
playing and adults going about their daily lives.''

http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html


The Steely, Headless King of Texas Hold 'Em (Michael Kaplan)

Monty Solomon <monty@roscom.com>
Mon, 9 Sep 2013 09:43:46 -0400
Michael Kaplan, *The New York Times*, 5 Sep 2013

Stroll among the games at the Cosmopolitan, the newest casino on the Las
Vegas Strip, and you might be overwhelmed by the latest whooping and
flashing gambling machines. All the high-resolution monitors and video
effects, devoted to themes ranging from deep-sea-fishing expeditions to
Spider-Man to the unsubtlest visions of cash washing over lucky winners, are
only the most obvious signs of technology's move onto the casino
floor. Behind the scenes, server-based gaming now enables managers to
rapidly alter payouts, raise or reduce betting minimums, even change games
themselves. (In just minutes, a bank of slot machines styled for dance
clubbers can be rethemed to appeal to church ladies on a Sunday afternoon.)
But a few deceptively prim-looking machines represent an even greater
technological leap, the biggest advance in automated gambling since Charles
Fey introduced the one-armed bandit in 1895. They owe the way they play to
artificial intelligence.

The machines, called Texas Hold 'Em Heads Up Poker, play the limit version
of the popular game so well that they can be counted on to beat
poker-playing customers of most any skill level. Gamblers might win a given
hand out of sheer luck, but over an extended period, as the impact of luck
evens out, they must overcome carefully trained neural nets that
self-learned to play aggressively and unpredictably with the expertise of a
skilled professional. Later this month, a new souped-up version of the game,
endorsed by Phil Hellmuth, who has won more World Series of Poker
tournaments than anyone, will have its debut at the Global Gaming Expo in
Las Vegas. The machines will then be rolled out into casinos around the
world.

They will be placed alongside the pure numbers-crunchers, indifferent to the
gambler. But poker is a game of skill and intuition, of bluffs and
traps. The familiar adage is that in poker, you play the player, not the
cards. This machine does that, responding to opponents' moves and pursuing
optimal strategies. But to compete at the highest levels and beat the best
human players, the approach must be impeccable.  Gregg Giuffria, whose
company, G2 Game Design, developed Texas Hold 'Em Heads Up Poker, was
testing a prototype of the program in his Las Vegas office when he thought
he detected a flaw. When he played passively until a hand's very last card
was dealt and then suddenly made a bet, the program folded rather than match
his bet and risk losing more money. "I called in all my employees and told
them that there's a problem," he says. The software seemed to play in an
easily exploitable pattern. "Then I played 200 more hands, and he never did
anything like that again. That was the point when we nicknamed him Little
Bastard." ...

http://www.nytimes.com/2013/09/08/magazine/poker-computer.html


American Fantasy Football app lets hackers change team rosters

Monty Solomon <monty@roscom.com>
Mon, 9 Sep 2013 09:43:05 -0400
http://www.theregister.co.uk/2013/09/06/yahoo_gridiron_game_uncryption/


How an Austrian Used Legos to Hack Amazon's Kindle E-Book Security (Arik Hesseldahl)

Monty Solomon <monty@roscom.com>
Fri, 6 Sep 2013 23:50:40 -0400
Arik Hesseldahl, 6 Sep 2013

I wouldn't normally pay much attention to an item like this, but there's
just something about it that I find fascinating, involving Amazon's Kindle
and Legos.  A university professor in Austria has released the video below,
showing how he has automated a low-tech approach to bypassing the digital
rights management system on the Kindle.  His name is Peter Purgathofer, and
he's an associate professor at the Vienna University of Technology.

Using Lego's Mindstorms - a basic robotics kit popular with hobbyists - plus
a Kindle and a Mac, he has assembled a way to photograph what's on the
screen, and then submit it to a cloud-based text-recognition service.  It's
sort of a combination of high tech meets low. The scanning is done by way of
the Mac's iSight camera. The Mindstorms set does two things: Hits the
page-advance button on the Kindle (it appears to be an older model, like the
one in the picture above), then mashes the space bar on the Mac, causing it
to take a picture. ...

http://allthingsd.com/20130906/how-a-man-in-austria-used-legos-to-hack-amazons-kindle-e-book-security/

http://vimeo.com/73675285


Review Group on Global Signals Intelligence Collection and Communications Technologies Seeks Public Comment

Lauren Weinstein <lauren@vortex.com>
Thu, 5 Sep 2013 17:34:45 -0700
  The Review Group is seeking public comments on all matters that the
  President has directed it to examine, namely, how in light of advancements
  in communications technologies, the United States can employ its technical
  collection capabilities in a manner that optimally protects our national
  security and advances our foreign policy while respecting our commitment
  to privacy and civil liberties, recognizing our need to maintain the
  public trust, and reducing the risk of unauthorized disclosure. Comments
  can be provided via reviewgroup@dni.gov. The deadline for public
  submissions is October 4, 2013.
    http://j.mp/1aaVF1x  (Tumblr via NNSquad)


Trouble with Red Light Cameras

"Ben Moore" <ben.moore@juno.com>
Wed, 4 Sep 2013 22:04:10 GMT
Mississippi has issued two tags (and probably many more) with the same
numbers. The one photographed by the red light camera in Memphis, TN was a
handicapped tag with the prefix DB and the number 8699. The person who
received the automated citation has a normal usage tag of DB8-699.
http://wreg.com/2013/09/03/memphis-red-light-camera-has-southaven-family-seeing-red/

This is the same jurisdiction where "Councilman Myron Lowery suggested the
city add red light cameras as a way to add revenue. Under some estimates,
the city could gain up to $29 million by installing new cameras."

http://www.localmemphis.com/news/local/story/City-Council-Votes-to-Cut-Jobs-Keep-Free-Lunch/tOcEsaG9IkiU87JhkWHyYA.cspx


"World's most secure smartphone" looks like snake oil, experts say (Jon Brodkin)

Lauren Weinstein <lauren@vortex.com>
Thu, 5 Sep 2013 08:31:58 -0700
Jon Brodkin, 4 Sep 2013
"Encrypted phone concept a good one, but secrecy and FUD inspire skepticism."
http://j.mp/17S3fj2  (Ars Technica via  NNSquad)

  [QSAlpha promises `perfect security' in its prospective Kickstarter smart
  phone, while at the same time seeking `crowdfunding' so that they can
  develop it.  RISKS readers should know that perfect security is basically
  impossible when confronting realistic sets of real attacks, not to mention
  hypothetical or theoretical ones.  Insider misuse?  Denials of service?
  Software flaws?  Compromisable hardware?  Perhaps the crowdfunding is
  actually a Scam?  Or is this just sales hype?  Let us know if you spend
  $395 to reserve one for April 2014 delivery, and how that works out.  PGN]


tiny screens spill the beans

<jidanni@jidanni.org>
Tue, 10 Sep 2013 03:22:07 +0800
I whistleblew something to the authorities, and next thing you know they
call my number asking for the violator. Well at least they didn't call
the violator asking for me... Can't blame 'em, all that info cramped on
a tiny screen. (Or maybe the screens are too big?)


Re: Test 'reveals Facebook, Twitter and Google snoop on e-mails' (Delgado, RISKS-27.46)

Geoff Kuenning <geoff@cs.hmc.edu>
Sun, 08 Sep 2013 23:47:28 -0700
> Facebook, Twitter and Google have been caught snooping on messages sent
> across their networks, new research claims, prompting campaigners to express
> concerns over privacy.

I'm not sure there is actual snooping going on here.  One way to protect
naive users against phishing attacks is to open the URLs they have been sent
and examine them for "phishiness".  Bad URLs are rewritten.

If that's what's going on here and no records are kept, then it's probably
no great cause for concern (although the practice should be clearly
disclosed and customers should be given the chance to opt out).  But if
records are kept (and some techniques at least require records of the URLs
that appear, though not association with particular customers) or if the
URLs are used for other purposes such as advertising or warrantless
searches, then I see a bigger problem.

Geoff Kuenning   geoff@cs.hmc.edu   http://www.cs.hmc.edu/~geoff/


Re: HuffPo Edward Snowden Impersonated NSA Officials (RISKS-27.45)

Amos Shapir <amos083@gmail.com>
Mon, 9 Sep 2013 15:43:30 +0200
> former intelligence official told NBC, "This is why you don't hire
> brilliant people for jobs like this. You hire smart people. Brilliant
> people get you in trouble.''

If by "brilliant" he means "eccentric", the main trouble may be
embarrassment.  The real danger is not from brilliant people publicizing
secrets for ideological reasons, but from ordinary people who may sell them
to foreign agents or criminals.

It's not just the NSA—access to sensitive information in banks, medical
institutions, etc., is often protected by third-party security products.
It's easy to imagine that a developer of such a product, under financial
pressure, may be tempted to install a back door in the product and sell
access to the highest bidder.  Of course we would never hear of such cases
(which in all likelihood may have already happened) because even a rumor
that something like this is possible might bring down a security company --
and many of its customers.


Re: 'Walkie-Talkie' skyscraper melts Jaguar car parts (RISKS-27.46)

Martyn Thomas <martyn@thomas-associates.co.uk>
Thu, 05 Sep 2013 18:36:04 +0100
> A risk overlooked in the CAD program?
> http://www.bbc.co.uk/news/uk-england-london-23930675

In a a BBC interview, the developers said that their CAD program takes all
the reflections into account, but that tolerances in the specification may
have caused the problem.


Re: 'Walkie-Talkie' skyscraper melts Jaguar car parts (RISKS-27.46)

Glynn Clements <glynn@gclements.plus.com>
Thu, 5 Sep 2013 19:27:52 +0100
This isn't the first time the phenomenon has been reported, e.g.:

http://www.reviewjournal.com/news/vdara-visitor-death-ray-scorched-hair
http://en.wikipedia.org/wiki/Walt_Disney_Concert_Hall#Reflection_problems


Re: Walkie-Talkie' skyscraper melts Jaguar car parts (RISKS-27.46)

Steve Loughran <steve.loughran@gmail.com>
Mon, 9 Sep 2013 18:37:41 +0100
There's been more details on the London building that acts as a lens

http://www.theguardian.com/artanddesign/2013/sep/06/walkie-talkie-architect-predicted-reflection-sun-rays

1. "the original design of the building had featured horizontal sun louvres
on its south-facing facade , but these are believed to have been removed
during cost-cutting as the project developed."

2. "The developers have blamed the problem on "the current elevation of the
sun in the sky," a position Vinoly [n~] seems inclined to share."

It sounds more like the developers used a weather dataset from the last two
summers, so assumed that sunlight would not be an observable event during
most of the month -so cut back on preventative actions. Happily for most UK
residents, and sadly for the building developers, August has been very
sunny.  If so, blame weather datasets and cost/benefit spreadsheets, not CAD
tools.

Please report problems with the web pages to the maintainer

Top