The RISKS Digest
Volume 28 Issue 69

Monday, 15th June 2015

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Chris Roberts and Avionics Security
Bruce Schneier
Deja Vu All Over Again: The_Attack on Encryption
Gene Spafford
Why the OPM Breach is such a Security and Privacy Debacle
*WiReD*
Just Say "NON!" - France Demands Right of Global Google Censorship
Lauren Weinstein
US Navy wants 0Day Vulnerabilities
Henry Baker
White House Weighs Sanctions After Second Breach of a Computer System
Shear and Shane
Chinese Hackers Circumvent Popular Web Privacy Tools
Nicole Perlroth via Monty Solomon
If Google was really serious about Google Earth Pro now being free
Dan Jacobson
The Logjam Vulnerability against Diffie-Hellman Key Exchange
Bruce Schneier
Re: Man dies in Corvette after battery cable becomes loose
Kurt Seifried
Re: Japanese pension organization phished, 1.25M people's data leaked
Alister Wm Macintyre
Info on RISKS (comp.risks)

Chris Roberts and Avionics Security

Bruce Schneier <schneier@schneier.com>
Mon, 15 Jun 2015 03:29:18 -0500
CRYPTO-GRAM, 15 June 2015

Last month, I blogged about security researcher Chris Roberts being detained
by the FBI after tweeting about avionics security while on a United flight:

  But to me, the fascinating part of this story is that a computer was
  monitoring the Twitter feed and understood the obscure references, alerted
  a person who figured out who wrote them, researched what flight he was on,
  and sent an FBI team to the Syracuse airport within a couple of
  hours. There's some serious surveillance going on.

We know a lot more of the back story from the FBI's warrant application.  He
had been interviewed by the FBI multiple times previously, and was able to
take control of at least some of the planes' controls during flight.

  During two interviews with F.B.I. agents in February and March of this
  year, Roberts said he hacked the in-flight entertainment systems of Boeing
  and Airbus aircraft, during flights, about 15 to 20 times between 2011 and
  2014. In one instance, Roberts told the federal agents he hacked into an
  airplane's thrust management computer and momentarily took control of an
  engine, according to an affidavit attached to the application for a search
  warrant.

  "He stated that he successfully commanded the system he had accessed to
  issue the 'CLB' or climb command. He stated that he thereby caused one of
  the airplane engines to climb resulting in a lateral or sideways movement
  of the plane during one of these flights," said the affidavit, signed by
  F.B.I. agent Mike Hurley.

  Roberts also told the agents he hacked into airplane networks and was able
  "to monitor traffic from the cockpit system."

  According to the search warrant application, Roberts said he hacked into
  the systems by accessing the in-flight entertainment system using his
  laptop and an Ethernet cable.

This makes the FBI's behavior much more reasonable. They weren't scanning
the Twitter feed for random keywords; they were watching his account.

We don't know if the FBI's statements are true, though. But if Roberts was
hacking an airplane while sitting in the passenger seat...wow, is that a
stupid thing to do.

  *Christian Science Monitor*:

  But Roberts' statements and the FBI's actions raise as many questions as
  they answer. For Roberts, the question is why the FBI is suddenly focused
  on years-old research that has long been part of the public record.

  "This has been a known issue for four or five years, where a bunch of us
  have been stood up and pounding our chest and saying, 'This has to be
  fixed,'" Roberts noted.  "Is there a credible threat? Is something
  happening? If so, they're not going to tell us," he said.

  Roberts isn't the only one confused by the series of events surrounding
  his detention in April and the revelations about his interviews with
  federal agents.

  "I would like to see a transcript (of the interviews)," said one former
  federal computer crimes prosecutor, speaking on condition of
  anonymity. "If he did what he said he did, why is he not in jail? And if
  he didn't do it, why is the FBI saying he did?"

The real issue is that the avionics and the entertainment system are on the
same network. That's an even stupider thing to do. Also last month, I wrote
about the risks of hacking airplanes, and said that I wasn't all that
worried about it. Now I'm more worried.

Previous blog entry:
https://www.schneier.com/blog/archives/2015/04/hacker_detained.html

  [Lots of relevant URLS omitted ...  We had the item on Roberts by Kin
  Zetter exactly a month ago, in RISKS-28.64.  Various folks complained to
  me out of band that what Roberts claimed was impossible, because the regs
  say there must be SEPARATION between the avionics and the entertainment
  systems.  This reminds me of folks who claimed early on that Snowden could
  not have done what he claimed.  RISKS readers should know by now that when
  something is presumed to be impossible, it probably is not impossible.  PGN]


Deja Vu All Over Again: The_Attack on Encryption

Gene Spafford <spaf@cerias.purdue.edu>
Thu, 11 Jun 2015 16:20:16 -0400
About 20 years ago, there was a heated debate in the U.S. about giving the
government mandatory access to encrypted content via mandatory key escrow.
The FBI and other government officials predicted all sorts of gloom and doom
if it didn't happen, including that it would prevent them from fighting
crime, especially terrorists, child pornographers, and drug dealers.  That
didn't happen.

Once again the FBI and law enforcement agencies are clamoring for
restrictions on encryption, with predictions of grave consequences.

See the referenced item for discussion of this topic, with some historical
and technical perspective, and a touch of unofficial USACM thinking:
  https://ceri.as/usacm-encrypt


Why the OPM Breach is such a Security and Privacy Debacle

Lauren Weinstein <lauren@vortex.com>
Thu, 11 Jun 2015 20:19:11 -0700
*WiReD* via NNSquad
http://www.wired.com/2015/06/opm-breach-security-privacy-debacle/

  It turns out the hackers, who are believed to be from China, also accessed
  so-called SF-86 forms, documents used for conducting background checks for
  worker security clearances. The forms can contain a wealth of sensitive
  data not only about workers seeking security clearance, but also about
  their friends, spouses and other family members. They can also include
  potentially sensitive information about the applicant's interactions with
  foreign nationals--information that could be used against those nationals
  in their own country ... The OPM had no IT security staff until 2013, and
  it showed. The agency was harshly criticized for its lax security in an
  inspector general's report released last November that cited its lack of
  encryption and the agency's failure to track its equipment.  Investigators
  found that the OPM failed to maintain an inventory list of all of its
  servers and databases and didn't even know all the systems that were
  connected to its networks. The agency also failed to use multi-factor
  authentication for workers accessing the systems remotely from home or on
  the road.

In many states, a corporation that operated this way could be facing
criminal charges and enormous penalties.


Just Say "NON!" - France Demands Right of Global Google Censorship

Lauren Weinstein <lauren@vortex.com>
Fri, 12 Jun 2015 09:22:38 -0700
http://lauren.vortex.com/archive/001106.html

I've been waiting for this, much the way one waits for a violent case of
food poisoning.

France is now officially demanding that Google expand the hideous EU "Right
To Be Forgotten" (RTBF) to Google.com worldwide, instead of just applying it
to the appropriate localized (e.g. France) version of Google.
http://www.wsj.com/articles/french-privacy-watchdog-orders-google-to-expand-right-to-be-forgotten-1434098033

And here's my official response as a concerned individual:

To hell with this.

That's nowhere near as strong a comment as I'd really like to make, but this
is a general readership blog and I choose to avoid the use of the really
appropriate invectives here. But man, I could justifiably pile on enough
epithets here to melt your screens before your eyes.

A key reason why I've been warning all along about the disastrous nature of
RTBF is precisely this "camel's nose under the tent" situation. Giving in to
localized censorship demands from the EU and/or member countries was bound
to have this result.

What's worse, if France or other EU countries get away with this attempt to
impose their own censorship standards onto the entire planet, we can be sure
that government leaders around the world will quickly follow suit, demanding
that Google globally remove search results that are politically
"inconvenient"—or religiously "blasphemous"—or, well, you get the
idea. It's a virtually bottomless cesspool of evil censorship opportunities.

It's bad enough when the ever more censorship and surveillance loving
Western leaders have this kind of power. But how about Vladimir Putin, or
China's rulers, or Iran's Supreme Leader as GLOBAL censors?

It wouldn't be long before it would seem that every search on any
controversial topic might as well be replaced with a "404 Not found" page --
a rush to lowest common denominator mediocrity, purged of any and all
information that government leaders, politicians, or bureaucrats would
prefer people not be able to find and see.

I've written and said so much about RTBF for years that it feels like an
endless case of "Groundhog Day" at this point—e.g. early on in "The
'Right to Be Forgotten': A Threat We Dare Not Forget" (2/2012) (
http://lauren.vortex.com/archive/000938.html ) and most recently in a one
hour live RTBF hangout video discussion (about a month ago).  (
https://www.youtube.com/watch?v=ZSdhMfsxWOs )

And I'm certainly not alone in these concerns. Yet we continue to be sucked
down this rathole, now with governments using overblown security concerns as
an excuse to try justify even broader search engine censorship across a vast
range of topics.

So far, Google has resisted the concept of RTBF being applied globally. I
not only applaud their stance on this, but I strongly urge them to stand
utterly firm on this issue.

RTBF even in localized forms is bad, but if countries had the ability to
impose their individual censorship regimes onto the entire globe's
population, we'd be—with absolutely no exaggeration—talking about an
existential threat not just to "free speech" but to fundamental
communications and information rights as well.

This cannot be tolerated.

Just say NO! Non! Nein! Nahin! Nyet!


US Navy wants 0Day Vulnerabilities

Henry Baker <hbaker1@pipeline.com>
Fri, 12 Jun 2015 08:50:39 -0700
FYI: Subsidizing this type of hacking is not going to end well, just as the British govt subsidizing privateers didn't end well.  The *Navy*—of all the services—should be aware of this history!

Also, why on Earth would a truly qualified vendor sell these services --
exclusively (!)—to the US govt, which is the lowest bidder ?

My only conclusion is that this solicitation is a phishing scam, intended to
uncover targets stupid enough for FBI prosecution.

  "please include only relevant past performance on the same/similar work
  within the last 3 years" <-- presumably this means hacking subject to
  prosecution within the statute of limitations?

  "identify qualified and *experienced* sources"

  "seeking a qualified vendor capable of producing operational exploit
  products"

  "a minimum of 10 unique reports with corresponding exploit binaries"

  "Products developed under these conditions will not be available to any
  other customer"

  "[Technical support] services must be available Monday through Friday
  during normal working hours (0730 EST through 1630 EST)" <-- This will be
  a problem for hackers far outside the U.S.

Simon Sharwood, US Navy wants 0-day intelligence to develop weaponware,
*The Register*, 12 Jun 2015  [long item truncated for RISKS.  PGN]
http://www.theregister.co.uk/2015/06/12/us_navy_wants_0day_intelligence_to_develop_weaponware/


White House Weighs Sanctions After Second Breach of a Computer System (Shear and Shane)

Monty Solomon <monty@roscom.com>
Sun, 14 Jun 2015 00:10:47 -0400
Michael D. Shear and Scott Shane, *The New York Times*, 12 Jun 2015

WASHINGTON—The White House on Friday revealed that hackers had breached a
second computer system at the Office of Personnel Management, and said that
President Obama was considering financial sanctions against the attackers
who gained access to the files of millions of federal workers.

Investigators had already said that Chinese hackers appeared to have
obtained personal data from more than four million current and former
federal employees in one of the boldest invasions into a government network.

But on Friday, officials said they believed that a separate computer system
at the agency was breached by the same hackers, putting at risk not only
data about the federal employees, but also information about friends, family
members and associates that could number millions more.  Officials said that
the second system contained files related to intelligence officials working
for the F.B.I., defense contractors and other government agencies.

http://www.nytimes.com/2015/06/13/us/white-house-weighs-sanctions-after-second-breach-of-a-computer-system.html


Chinese Hackers Circumvent Popular Web Privacy Tools (Nicole Perlroth)

Monty Solomon <monty@roscom.com>
Sun, 14 Jun 2015 00:14:16 -0400
Nicole Perlroth, *The New York Times*, 12 Jun 2015

SAN FRANCISCO—Chinese hackers have found a way around widely used privacy
technology to target the creators and readers of web content that state
censors have deemed hostile, according to new research.

The hackers were able to circumvent two of the most trusted privacy tools on
the Internet: virtual private networks, or VPNs, and Tor, the anonymity
software that masks a computer's true whereabouts by routing its Internet
connection through various points around the globe, according to findings by
Jaime Blasco, a security researcher at AlienVault, a Silicon Valley security
company.

Both tools are used by Chinese businesses and by millions of citizens to
bypass China's censorship technology, often called the Great Firewall, and
to make their web activities unreadable to state snoopers.

http://www.nytimes.com/2015/06/13/technology/chinese-hackers-circumvent-popular-web-privacy-tools.html


If Google was really serious about Google Earth Pro now being free

Dan Jacobson <jidanni@jidanni.org>
Sat, 13 Jun 2015 06:58:54 +0800
"We recommend that everyone use Google Earth Pro, as it has a few extra
features and is now free. If it asks you for a licence key, just use your
email address and the key: GEPFREE."
http://www.gearthblog.com/blog/archives/2015/06/google-earth-installation-issues.html

  One would think that if Google was really serious about Google Earth Pro
  now being free they would type their license key in for us and perhaps
  even be kind enough to press return.


The Logjam Vulnerability against Diffie-Hellman Key Exchange

Bruce Schneier <schneier@schneier.com>
Mon, 15 Jun 2015 03:29:18 -0500
Bruce Schneier, CRYPTO-GRAM, 15 June 2015
CTO, Resilient Systems, Inc., https://www.schneier.com

Logjam is a new attack against the Diffie-Hellman key-exchange protocol used
in TLS. Basically:

  The Logjam attack allows a man-in-the-middle attacker to downgrade
  vulnerable TLS connections to 512-bit export-grade cryptography. This
  allows the attacker to read and modify any data passed over the
  connection. The attack is reminiscent of the FREAK attack, but is due to a
  flaw in the TLS protocol rather than an implementation vulnerability, and
  attacks a Diffie-Hellman key exchange rather than an RSA key exchange.
  The attack affects any server that supports DHE_EXPORT ciphers, and
  affects all modern web browsers. 8.4% of the Top 1 Million domains were
  initially vulnerable.

One of the problems with patching the vulnerability is that it breaks
things:

  On the plus side, the vulnerability has largely been patched thanks to
  consultation with tech companies like Google, and updates are available
  now or coming soon for Chrome, Firefox and other browsers. The bad news is
  that the fix rendered many sites unreachable, including the main website
  at the University of Michigan, which is home to many of the researchers
  that *found* the security hole.

This is a common problem with version downgrade attacks; patching them makes
you incompatible with anyone who hasn't patched. And it's the vulnerability
the media is focusing on.

Much more interesting is the other vulnerability that the researchers found:

  Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for
  Diffie-Hellman key exchange. Practitioners believed this was safe as long
  as new key exchange messages were generated for every connection. However,
  the first step in the number field sieve—the most efficient algorithm
  for breaking a Diffie-Hellman connection—is dependent only on this
  prime.  After this first step, an attacker can quickly break individual
  connections.

The researchers believe the NSA has been using this attack:

  We carried out this computation against the most common 512-bit prime used
  for TLS and demonstrate that the Logjam attack can be used to downgrade
  connections to 80% of TLS servers supporting DHE_EXPORT. We further
  estimate that an academic team can break a 768-bit prime and that a
  nation-state can break a 1024-bit prime. Breaking the single, most common
  1024-bit prime used by web servers would allow passive eavesdropping on
  connections to 18% of the Top 1 Million HTTPS domains. A second prime
  would allow passive decryption of connections to 66% of VPN servers and
  26% of SSH servers. A close reading of published NSA leaks shows that the
  agency's attacks on VPNs are consistent with having achieved such a break.

The DH precomputation easily lends itself to custom ASIC design, and is
something that pipelines easily. Using Bitcoin mining hardware as a rough
comparison, this means a couple orders of magnitude speedup.

Remember James Bamford's 2012 comment about the NSA's cryptanalytic
capabilities:

  According to another top official also involved with the program, the NSA
  made an enormous breakthrough several years ago in its ability to
  cryptanalyze, or break, unfathomably complex encryption systems employed
  by not only governments around the world but also many average computer
  users in the US. The upshot, according to this official: "Everybody's a
  target; everybody with communication is a target." [...]

  The breakthrough was enormous, says the former official, and soon
  afterward the agency pulled the shade down tight on the project, even
  within the intelligence community and Congress.  "Only the chairman and
  vice chairman and the two staff directors of each intelligence committee
  were told about it," he says. The reason? "They were thinking that this
  computing breakthrough was going to give them the ability to crack current
  public encryption."

And remember Director of National Intelligence James Clapper's introduction
to the 2013 "Black Budget":

  Also, we are investing in groundbreaking cryptanalytic capabilities to
  defeat adversarial cryptography and exploit Internet traffic.

It's a reasonable guess that this is what both Bamford's source and Clapper
are talking about. It's an attack that requires a lot of precomputation --
just the sort of thing a national intelligence agency would go for.

But that requirement also speaks to its limitations. The NSA isn't going to
put this capability at collection points like Room 641A at AT&T's San
Francisco office: the precomputation table is too big, and the sensitivity
of the capability is too high. More likely, an analyst identifies a target
through some other means, and then looks for data by that target in
databases like XKEYSCORE. Then he sends whatever ciphertext he finds to the
Cryptanalysis and Exploitation Services (CES) group, which decrypts it if it
can using this and other techniques.

Ross Anderson wrote about this earlier this month, almost certainly quoting
Snowden:

  As for crypto capabilities, a lot of stuff is decrypted automatically on
  ingest (e.g. using a "stolen cert", presumably a private key obtained
  through hacking). Else the analyst sends the ciphertext to CES and they
  either decrypt it or say they can't.

The analysts are instructed not to think about how this all works. This
quote also applied to NSA employees:

  Strict guidelines were laid down at the GCHQ complex in Cheltenham,
  Gloucestershire, on how to discuss projects relating to
  decryption. Analysts were instructed: "Do not ask about or speculate on
  sources or methods underpinning Bullrun."

I remember the same instructions in documents I saw about the NSA's CES.

Again, the NSA has put surveillance ahead of security. It never bothered to
tell us that many of the "secure" encryption systems we were using were not
secure. And we don't know what other national intelligence agencies
independently discovered and used this attack.

The good news is now that we know reusing prime numbers is a bad idea, we
can stop doing it.

https://weakdh.org/
https://weakdh.org/imperfect-forward-secrecy.pdf
  [MORE URLs...]
Good explanation of the attack by Matthew Green:
http://blog.cryptographyengineering.com/2015/05/attack-of-week-logjam.html
or http://tinyurl.com/kyvxhho


Re: Man dies in Corvette after battery cable becomes loose (Thorson, RISKS-28.68)

Kurt Seifried <kurt@seifried.org>
Thu, 11 Jun 2015 13:23:06 -0600
This is why I keep a cheap $5 car window smasher/seatbelt cutting tool in
my glove box. That way even if all the doors are physically jammed somehow
(and the windows aren't broken?!?) I can still get out.


Re: Japanese pension organization phished, 1.25M people's data leaked (ishikawa, RISKS-28.66)

"Alister Wm Macintyre \(Wow\)" <macwheel99@wowway.com>
Fri, 12 Jun 2015 10:32:53 -0500
I have to wonder how much we should educate the general public AND the
SYSTEM INTEGRATORS who hire new graduates without much experience in
security matters.

This year, I retired from a 50+ year career in IT, which included system
integration, programming, network operations, forensic analysis, and much
more.

Before I had any job in IT, I attended classes in multiple topics I
considered relevant to this career, and over the years have gone back for
additional training as there is an evolution in business needs, software
sophistication, applications new to me, but I have noted that many of my
peers skip this entirely.  There are various IT certifications available,
but very few employers seem interested in factoring them into their hiring
process.

When I was first hired, in IT, in the 1960's, computer security topics were
considered an advanced topic, denied to relatively entry level workers such
as myself.  In the 1970s & 1980s, I attended conferences of IT workers
involved in the same kind of computer systems, hardware and software, which
I had been working in.  I managed to get into classes for security topics,
and made multiple realizations.

The work which I had been doing, should have been preceded by computer
security education, because a lot of what I had been creating and managing,
was vulnerable to all sorts of security risks.  Furthermore, the educational
establishment, which taught me various programming languages, and related
topics, had been omitting this security awareness, not just for me, but for
tens of thousands of my peers.  I went and asked the teachers of entry level
IT skills, what training they had had in computer security issues, as they
apply to the systems we design, and learned that none of the ones, I spoke
with, had any such training or awareness.

I would like to see surveys of contemporary computer educators, and the
people who hire them, do they believe that security issues play any role in
the training of entry level IT workers, and have they themselves received
any formal education in such topics?

The next time one of my employers put me into the design of a major package,
I requested that between design stage, and initial programming, we have the
company auditors review the design, to see if they needed any additional
audit trails or checks & balances.  Request denied.

There is a chain of command in any organization.  If the top executives of
an organization are security illiterates, then their beliefs can be used to
over-rule what employees with specialized training believe is prudent.

I believe that an organization's links to Internet services, such as e-mail,
should never be on the same computer system, PC WAN, NC, Server, whatever,
as one which accesses, or processes confidential data.  Some operations need
to be stand-alone.  The computer engaged in e-banking should do that and
nothing else.  I realize that top executives want everything connected to
everything, because convenience is more important than security, in their
eyes.  So long as that is the rule, there will be little funding to figure
out practical alternatives.

A related issue—some government agencies mandate that confidential
information be transmitted to them by means which some of us consider to be
somewhat insecure.

Security awareness training needs to be everyone.  We had an incident at one
employer, which illustrates the need for this.  Our manager of Quality
Assurance picked up something on the Internet, which he thought was really
cool, and got it onto the PC supplied to him by the company, without asking
anyone approval.  Turned out, it supplied serious malware.  At the time, I
managed ERP systems, and another guy handled PC support.  He was not able to
fix the QC Mgr PC in one day, had other duties, and needed to research some
topics related to fixing the QC Mgr PC, so he put a note on door to QC
manager office, requesting that everyone stay off this PC until he is done
with his repairs, and he also went around to every staffer office to
verbally repeat the request.

Well, each employee's personal job requirements take precedence in their
eyes, over other people requests, except that of some bosses.  The lady, who
does HR, had a problem with her printer.  So she transferred some data and
software to a diskette, and walked around the office, trying out other
people's PC printers, until she could get one to do what she needed.

In this way, the malware traveled from QC Mgr PC to that of the lady who
does payroll, a couple other important locations, and of course her own PC.
The company had not supplied PC printers with all the same features to all
our workers.  Other people needed special functions, so were doing things
similar to what the HR lady had been doing.  The guy who's job it was to fix
PCs infected with malware, could not keep up, but could not get any top
management support, until a top executive's PC joined the collection
infected.

Please report problems with the web pages to the maintainer

x
Top