Tag Archives: SE-Linux

For free or for naught?

It is less than a day after I wrote the previous blog ‘The danger ahead’, now I read in the Guardian (at http://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-personal-data) that the quote I made in yesterday’s blog “Speed and disregard of proper development has allowed for open access to many computers and devices, which allows for almost complete collection and stored and such storage can only be done by just a few. This open level of availability allows the NSA and GCHQ (amongst others) to collect open source intelligence, hoping to gain the upper hand in the war on terror.“, which is close to what the Guardian reported, as well as what is currently shown on Sky News!

At this point, I am looking at a few issues and the more I look at the data that the press is stating, the more I see that Edward Snowden is more than just a traitor. He claims being a victim in a German TV interview (at http://www.dw.de/wanted-dead-by-us-officials-snowden-tells-german-tv/a-17388431), where he speaks the fear that he is being targeted for long term sleep therapy (aka ‘terminal sleep’).

The ‘problem’ is that the issue is not just Snowden. The more I look into the breaches, the more I look into a possible functional approach on the way the NSA server parks (plural) are set up, the more I am convinced that not only was Edward Snowden not alone in this all, I feel some level of certainty that this person might still be in the NSA, endangering both NSA and GCHQ as well as other allied monitoring agencies.

The humongous amount of ‘revelations’ that are claimed in the name of Snowden do two things. First of all it turns Benedict Arnold in a stumbling saint (I just had to wash my mouth with soap for making such a claim). Linked to this is the fact that the many dozens of operations as his ‘revelations’ seem to touch on would have been on at least a dozen of servers (as projects are spread around). The fact that NSA uses an upgraded edition of SE-LINUX means that a system with logs and mandatory access control cannot get transferred to such a degree. The fact that IT and security monitors it all, as well that he was civilian contractor means that his name should have popped up a dozen times. Even if he used other accounts, the logs should have triggered alerts all over the field when they were scanned through solutions not unlike a program like Palantir Government.

The claims I am making are growing in reliability with every ‘revelation’ that is being made. There is however another side that is now the consequence of all these whingers and whiners about ‘their privacy‘ (at http://www.theguardian.com/world/2014/jan/27/tech-giants-white-house-deal-surveillance-customer-data). We now enter a field where it is important to realise that the new situation could be regarded as a danger.

It is linked to a previous newscast where President Obama was considering moving telephony data out of government hands (at http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/23/government-privacy-board-members-say-shifting-nsa-data-to-third-parties-is-a-bad-idea/)

As stated before, this is a really bad idea. Consider that criminals, if enough money is in play, can use places like HSBC to launder their money (I am not talking about forgetting your wallet whilst washing your jeans), but the idea that commercial enterprises can get away with these events for just a 5 week fee (at http://www.forbes.com/sites/afontevecchia/2012/07/16/hsbc-helped-terrorists-iran-mexican-drug-cartels-launder-money-senate-report-says/, as well as http://uk.reuters.com/article/2014/01/23/uk-standardbank-fine-idUKBREA0M0LF20140123) is a lot more dangerous than many realise. Handing data storage out of government hands is just too dangerous. I am steering away from the issue whether the monitoring program should go on or stop. The intelligence community needs to do what it needs to do. Leaving that data with third parties is just not an option. The worst case scenario would see the US government paying out billions if any data leading to a registered IP ends up in ‘other’ hands. Once that evidence is ever given, the US would lose whatever credibility they ever thought they had.

At this point the title can be used as a joke. What is the difference between for free and for naught? Someone got rich for free, the US got rich for naught! That would end up being the reality of a project that was meant to map levels of global terrorism. This joke only gets stronger when we see another ‘view of shock’, but now from Google CLO David Drummond (at http://www.bbc.co.uk/news/world-25911266). It is hard to state against his view, or the premise of the company. These carefully pronounced statements from legal eagles are to be expected from many firms for some time to come. There is however a commercial positive view (at http://www.bbc.co.uk/news/technology-25914731). Here we see how entrepreneurs in makeup and clothing are showing options to avoid detection. In more than one instance it is stated to be metal based, so standing next to airport detectors should be fun soon enough. I wonder how much more would get checked when the boxers or briefs are also metal based.

So whether we get entertainment for free or fashion for naught will be discussed by many soon enough, the main fact remains. If we want to remain safe, then data needs to be collected. It is not for free, or for naught. It is for the simple reason that the world is filled with bad people; some will go any distance to hurt as many as they can. Our governments have a duty to keep us safe, it is only fair that they are given the tools, the methods and the opportunity to do so.

This does get us to the final part (or final side) to these events. This morning, the Guardian (at http://www.theguardian.com/world/2014/jan/28/microsoft-rules-out-back-door-access-to-mps-electronic-communications) reported on backdoor access allegations. The quote “Both Ludlam and South Australian independent senator Nick Xenophon have been concerned about the security of Australian parliamentary communications since the Prism surveillance program was first revealed by National Security Agency contractor-turned-whistleblower Edward Snowden.” gives the information that was the part of all this. So again we see more resources squandered in regards to Snowden. Do not get me wrong, the question by both Ludlam and Xenophon is fair enough and as such it should be looked at. Whoever wants access to certain information, which might always be the case, could consider Intruding a system, which, unless you are a real expert is getting harder and harder, as it should be.

Yet, capturing and copying frames sent over a router system makes a lot more sense. You just capture it all and decrypt it later. Now, most people will not have the ability to do this, but consider the amount of elements to get this all from user1 to user2 via server X. If you think that this is highly encrypted hard to achieve effort, then think again. The more common the method used, the easier it is to read into it. So, there is a level of entertainment as we see leagues of technicians concentrate on the door of the bank vault, whilst in reality one of the walls is missing.  To give you another example, we take a look at a paper by Daehyun Strobel, Benedikt Driessen, Timo Kasper et al (at https://eprint.iacr.org/2013/598.pdf). As we look at the quote “Despite the fact that nowadays strong and well-analyzed cryptographic primitives are available for a large variety of applications, very weak cryptographic algorithms are still widely deployed in real products all over the world.” This relates to the IT issue as, we might have secure servers and powerful password rules, but files are send from one computer to another via the ‘internet’, which goes via a router system (no matter how you twist or turn it). So, as someone gets to any router on the track and wireshark’s the traffic, the stream can be rebuilt. From there the hacker still faces a few obstacles, but you better believe that above a certain skill level, this data can be retrieved. So what exactly are we all crying about?


Leave a comment

Filed under IT, Media, Politics

Classes of Classification

I was about to do that horizontal thing (sleeping, in case you wondered), where one is in a natural state and loudly snores like the local sawmill! I was actually looking forward to that event. It is almost 00:30, so I need to get up in about 5 hours. However, Sky News stopped that idea pretty quick.

The reason is that the news just showed me a part involving Edward Snowden and more information he ‘leaked’. In this case it was all about spying on the EU diplomatic mission and how that was ‘strictly confidential‘, roughly 0.0324 seconds later I was more than wide awake and started this blog.

So what are the issues? Well three come to mind, but the third one is for a little later down this story.

So the first issue is the classification. No matter, whether the documents were from the CIA, NSA or Alphabet Soup Incorporated. There are levels of classification. Confidential is a lower level. Apart from the issue that there is an issue that the diplomatic integrity of an ally was ‘transgressed’ upon, is there actually any reason why such information would not be Secret or higher? I would even think that this would be Top Secret level information and as such that information remains with a small (read extremely small) group.

Let’s take a look at this ‘Strictly confidential’. I do not have the rules that the NSA applies, but I was able to get the protocol from a World Bank document as to how this is treated. They might be kids play compared to the NSA, but you will get the idea (and I have to start somewhere).

Information and documents that are deemed to be of a highly sensitive nature or to be inadequately protected by the CONFIDENTIAL classification shall be classified as STRICTLY CONFIDENTIAL and access to them shall be restricted solely to persons with a specific need to know. The staffs of the Institutions shall establish a control and tracking system for documents classified as STRICTLY CONFIDENTIAL, including the maintenance of control logs. Documents classified as STRICTLY CONFIDENTIAL shall be:
(i) marked with such classification on each page;
(ii) kept under lock and key or given equivalent protection when not in use;
(iii) in the case of physical documents, transmitted by an inner sealed envelope indicating the classification marking and an outer envelope indicating no classification, or, in the case of documents in electronic form, transmitted by encrypted or password-secured files.

So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents without others knowing this is pretty much a ‘no no’. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker. He did not get caught, not for many megabytes of duplication.

So, whether these events were true or not, there is now an issue. Not with external trust, but from my point of view with internal trust. If he remained undetected, then several alphabet groups have IT issues of an unprecedented level. Could this even be remotely true?

The second issue is that like any Intelligence organisation like the GCHQ for example, most people are assigned certain areas. The fact that Edward Snowden had such a wide access is more than questionable. The fact that the press seems to just take whatever he serves up with a certain air that whatever Edward Snowden claims is true should also be looked at. In my view it does not. Especially when we consider that he is stuck in some Russian airport terminal awaiting the option to ‘escape’ to Ecuador. You see, his access raises too many flags. It does not matter whether he is the IT guy. The NSA has dozens upon dozens of them, and as such, the fact that he was able to syphon off such a wide area of information (and get it out of the building) seems to be an issue that no one is too investigative about.

What is this all about? That is the question we should be asking. All these events do not add up. This is not some FBI leak (no attack on the FBI). This is a group that was referred to for a long time as ‘No Such Agency‘. The fact that he passed all kinds of interviews befroe the job (on psychological probing levels far above most can imagine), a man who ‘just’ walked away with the kitchen sink and a USB drive loaded with tagged documents. It does not add up in my book.

Now we get to the third issue.

If some amount of this data would be rock solid, then the US has an intelligence community that is leaky as a sieve.

1. A disillusioned intelligence operator gets a job at a department even more hush hush then the CIA and the psychological interview does not raise flags considering the conditions he left the CIA?
2. That person gets access to information on several levels and from several branches and no one is the wiser. More important no flags on these secure servers are tripped?
3. This person gets the goods into Hong Kong, then casually flies into Russia and now is waiting for his flight to Ecuador, whilst at the same time US extradition groups (according to Hong Kong media) drop the ball in getting a hold of Edward Snowden?

Is no one suspicious on what is going on? I for one see reason to distrust several sources at present.

Looking back, Julian Assange got access to his documents though military channels. There have been less than positive issues with the lack of Common Cyber Sense in several military areas. The fact that those events happened outside of the US and under military field conditions where certain security measures are hard to uphold is understandable. That does not make it right, but the circumstances were pretty unique. The fact that someone walks out of places like the NSA or GCHQ with a USB filled with all levels of information is an entirely different matter.

If we accept this article by Sky News as true http://news.sky.com/story/1109739/snowden-spying-claims-us-bugged-eu-offices, then we could be in for a rough ride.

In the end, reality is that spying goes on at all times on many levels (as stated by Mr Reardon on Sky News UK). Mi-5 tries to keep an eye on what the CIA does in the UK, the FBI keeps tabs on MI-6 in the US and none of them care what happens in Australia. Works for me!

So the fact that the CIA is keeping tabs on the EU makes perfect sense, especially with all those new states getting added. However, bugging the hell out of all these buildings is not that productive overall (as there are other sources to these kinds of information). So is the reality that there were just 2-3 bugs (the German Spiegel was aware of one of them) and some document Edward Snowden had just adds loads more?
What Intel does he have that is actually reliable? Are we being run by some wannabe laying it on thick hoping for a nice fat pay check? I wonder what happens now that Russia and China both lack interest (and Ecuador is not that appealing if one lives there without money). So what of Edward Snowden? Sky had another article on that. http://news.sky.com/story/1109235/whistleblower-snowden-may-return-to-the-us. In this article the father is afraid his son is being manipulated by different parties. Even by WikiLeaks. He might return to US if certain conditions are met.

Conditions? For a traitor? And next they claim that all politicians are straight shooters too!
Well, for those who believe that, I have a bridge to sell you, GREAT view on the Tower of London!

Leave a comment

Filed under IT, Media, Military