"I Write Mass Surveillance Software"

http://www.reddit.com/r/IAmA/comments/9kwph/i_am_a_guy_who_writes_covert_software_that_runs/

This one is sure to get you going. And whether it's true or not will certainly get you scratching your head.

Maybe we're all just little kids playing cops and robbers pretending to be safe and anonymous?

Fascinating.

 

The guy strikes me as probably being a troll. However:

Yes. All commercial encryption algorithms in the US are *required* to have a backdoor in case the NSA or FBI needs to break them as part of an investigation.

Needless to say, in a war situation some other country could take advantage of that backdoor, but apparently everybody's confident that won't happen. Sweet dreams...

 

Not quite. A lot of people thought the whole "Clipper Chip" episode back in 1993 was an end run to outlaw encryption all together or at least, require backdoors. Encryption products do not have to have a backdoor. I've seen several television documentary shows where they show evidence locker rooms FULL of hard drives with data cannot be retrieved. They are kept in certain cases for a time when maybe it's technically possible to access the data. All advertised encryption software prominently state "No Backdoors." The only laws related to encryption are restrictions on export to certain countries.

 

This person is probably not legitimate. Think about it: anyone who writes such code requires a few security clearances. Systems that are designed to break encryption or circumvent technologies are hooked up to signals intelligence and communications gathering networks for surveillance and anti-anonytmity systems. So we are to believe that he would violate his security clearances, and be stupid enough to think his own systems (and inferior ones) could not track him down from reddit?

So you are left with perhaps three logical possiblities:
1) He is a troll.
2) He is an idiot who just got himself fired.
3) He is a mastermind with the transient ability to evade global spying, but incidentally has Asperger's syndrome and does not realize he is easily tracked by the people he works for.

Pick your conclusion. Occam's razor suggests option #1. Hanlon's razor suggests option #2. Issac Asimov suggests option #3.

 

It is human nature for some folks to blab about covert things that they have been involved in. While that may seem absurd to most of us, the person who is committing the act is dying to brag about it to someone. I vote for #2.

 

3. Possibility.

It is sort of Pcode language.

 

Lacking collective intelligence to the gender of Gorbbage, omitting reasonable doubt that the name Gorbbage is an alias, my vote is for the fourth logical possibility:

4) Grobbage knows more about us than we know about Grobbage.


HKEY1952

 

I'd say that we can safely assume that:

5) Grobbage knows nothing about what he's talking about.

 

Proof? And how exactly can AES have a backdoor when the code is open for review?

 

Allow me to reorganize all the possibilities according to likelihood and add an extra one for good measure.

1) He is who he says he is (minus some of the exaggeration) and is just bored and looking for an ego boost
2) He is a troll.
3) He is an idiot who just got himself fired.
4) He is a mastermind with the transient ability to evade global spying, but incidentally has Asperger's syndrome and does not realize he is easily tracked by the people he works for.
5) Grobbage knows more about us than we know about Grobbage.
6) Grobbage knows nothing about what he's talking about.

Read the whole thread and tell me anything that he said that is inconsistent or implausible. He doesn't claim to run this stuff himself. He doesn't claim to be making huge amounts of money. He's just a software writer. Furthermore, does anyone doubt that such hardware exists?

The pertinent questions relate to the capabilities of these boxes, and sadly, he's said absolutely nothing about that. If you read the whole thread, he's never claimed to have any capability to break crypto. He's in fact made no claim about having secret hacks not available to the public. He talks about "lateral thinking". What he doesn't mention is any specifics about who these boxes target and what the success rate is when someone is targeted. And, if you read carefully, he probably doesn't have this information, since he doesn't run the boxes himself. So, he has some tricks up his sleeve to tackle powerful software such as Tor. Big deal. It doesn't mean it can be defeated if implemented properly (under most circumstances).

So, what's the big deal. His posts lack the details necessary to draw any conclusions whatsoever.

p.s. I have little doubt that 1) is correct.

 

I totally agree with you, it's not possible to draw any clear conclusions.
His example link (that he later removed) may suggest Europol/Interpol as a possible employer:
http://www.europol.europa.eu/index.asp?page=faq

or Interpol:
http://www.interpol.int/Public/OrganisedCrime/default.asp

 

I read the whloe thing, and he does seem to know what he's talking about.

He doesn't say that SSL is decoded, but that other methods are employed, ie lateral ones. Now of course this is a broad term, but as he wouldn't want to exactly reveal how, that's understandable.

I would guess that once subjects are under surveillance, they look for the weakest link/s and target them. Then work backwords on the others homing in on whatever data they can get. Pool this all together over time, and you get a bigger picture. All it takes is for just one of them to be careless, even once, and the gates begin to open.

Tech like that is undectectable on the lines, oh and pulled out of the ether too. They don't tap into things anymore, they use low loss splitters and non invasive parallel methods, whether it's coax/fibre/RF or whatever.

I'd say either he is involved, used to be, or knows someone/people who are/were.

 

There was an article, IIRC on the FBI's website, which explained the bit about required backdoors. I'll see if I can find it again...

Re AES, look here.

 

1. There are no backdoors in AES or any of the other strong ciphers that were finalists for the AES (e.g. Twofish and Serpent).

2. The U.S. government requires no backdoors.

3. Even if the U.S. government required backdoors, it would be less than meaningless because you can use any software you want produced in any country you want. U.S. laws only apply to software produced in the U.S.

4. Even if the U.S. government required all private citizens to provide their crypto keys (which it doesn't), it really means nothing. There are ways around this too that go even beyond the plausible deniability techniques of TrueCrypt.

5. The most popular cryptographic software (PGP and TrueCrypt) both deny the existence of backdoors. The full source code of TrueCrypt is available and anyone can examine the code, change it, and compile it themselves.


So, you see, there's little merit to your argument about backdoors. The NSA was anal about this for a long while. They used intimidation to try to force backdoors in the past. But with the proliferation of the internet, they saw the futility in this. In essence, they've given up on trying to control strong crypto because it is so widely available.

 

Would you expect them to admit otherwise if they did? No one would use them. Regarding the source code being available, that proves nothing. How many people are knowledgeable enough to understand it and would recognize an accidental or deliberate flaw in its implementation? Unless the individual was an expert at both coding and encryption, they wouldn't know a backdoor if they looked at it.

When PGP 6 was the current release and was owned by NAI, a group that was exporting and recompiling the code released the CKT versions of PGP. It was claimed that a backdoor was found in the original source code, the proof of which is nowhere to be found. The developer of the CKT versions was supposedly "asked" to stop development of the CKT line and hasn't been heard from in years. The sites that dealt with it are long gone. NAI changed the terms under which they'd release the source code shortly afterwards. Draw your own conclusions.

It's all quite pointless if you think about it. It doesn't matter if an encryption program is backdoored or if the source code is reviewed. The OS it runs on has to be just as secure or it means nothing. Windows has more holes in it than a screen door, and we can't review that source code.

We can be sure than anything we send over the web, phone lines, or wireless can be intercepted/monitored, and probably is. We can also assume that using strong encryption on our communications will invite scrutiny, whether the powers that be can decode it or not. Even if we can protect the contents of our communications, we can't reliably hide its existence.

 

TrueCrypt is incredibly poplular software with full source code disclosure. You may be able to hide a backdoor if your user base is small but it's hard to believe it could be hidden for this many years from this many users. Once you've reached a critical mass of users like TrueCrypt has, you'll have enough users that are knowledgeable enough to look at the source code. And I would argue that aside from the code for the crypto, there are probably plenty of users who would understand the rest of the code (where backdoors usually lie).

Regarding a closed source operating system compromising the security TrueCrypt can offer, I'm not convinced of that. TrueCrypt is meant to offer security when the computer is shut off. If every sector on the drive or partition is encrypted with a strong cipher, then TrueCrypt has done its job. This can easily be verified with a hex editor. I suppose it's possible that information about your passwords/keys could be leaked out somehow, but this would have to be a purposeful and malicious act by Microsoft, with a high risk of being caught. It doesn't really make sense to me. I don't think TrueCrypt full system encryption can be compromised by some accidental flaw in Windows (because that flaw and all of its byproducts will be encrypted along with everything else).

I guess it's possible that with future Windows updates, a way can be found to bypass TrueCrypt or other encryption software, but I don't really do automatic updates. After XP SP2, I just manually pick and choose the updates I want to apply. And it's extremely rare that I apply any patches because SP2 is working well for me.

And if some backdoor were available, it can only be used one time in any public trial (then it will be public knowledge). Since it's not public knowledge, it really can't be used against you. Many people think that the police have access to secret backdoors against crypto, but that's not true. The techniques and tactics the police use can be considered public knowledge.

So, in summary, I consider open source (or full disclosure of the source code) crypto software to be sufficient for my purposes. I don't particularly care about if the operating system is open or closed source. The reason I say that is because once the operating system itself is encrypted (and verified with a hex editor), the avenues from which a leak can occur are dramatically reduced. It's the job of the developers to make sure that their software is working properly on that OS, and there are ways for a user to verify that it is (even with little knowledge of cryptography). There's always a risk that some malicious activity is going on, and there's always a risk that you could die tomorrow in a car crash. I consider both to be minimal risks and not worth worrying about.

Regarding the hiding of encrypted data, I would agree that it's not possible to hide the fact that encrypted communications exist (for the most part), such as with Tor, because both sides have to be speaking the same language. It is possible though to hide the contents of those communications. With regards to hard drive encryption, I would argue that it's not only possible to hide the contents but also the fact that it exists (beyond the capability of any existing forensic techniques to prove otherwise).

p.s. It just occurred to me that hard drive encryption is probably off-topic for this thread because Grobbage's initial topic was about intercepting communications, not inspecting hard drives. I suppose it relates in a sense because both communications and hard drives can be encrypted and backdoored. And once communications are intercepted, the next logical step is to look at the hard drive.

 

Welcome to Wilders, 'I no more than U'. I agree with your above post 100%.

 

I'm not as familiar with PGP as I am with TrueCrypt. I've never personally used it but I have loosely followed its progression. It's worth noting that PGP Desktop is not really open source like TrueCrypt is. They do claim to be open source, but I believe they only release the source code for the cryptographic aspects of the program and nothing else (unless something has changed recently). Note that I don't believe there is a backdoor in PGP, but a backdoor could theoretically be hidden in the parts of the code not released to the public.

A complete public source code for a WDE (or FDE) was considered the holy grail at the time TrueCrypt finally accomplished it. I recall many people lamenting the lack of an open-source WDE (for many years). Now it's considered common, but many people refused to encrypt their operating systems before TrueCrypt released their product (because of fear of a backdoor). Interestingly, the TrueCrypt developers wrote frequently that they would never release a WDE (presumably because of too many headaches in supporting it), and then, completely by surprise (at least to me), they just released it one day. That was actually a pretty important day to a lot of people.

I'm not familiar with the whole CKT backdoor issue you discuss, and I have no reason to doubt you. Maybe someone more familiar with the issue can give some insights. In any case, I believe TrueCrypt is still the only one to release the full source code for their WDE. If you don't need WDE, there's another product called FreeOTFE that can encrypt partitions/drives and fully releases their source code.

If you don't trust PGP for encrypting e-mail, there is always OpenPGP.

For what it's worth, if TrueCrypt wasn't around, I would probably use PGP for WDE. I never really got into the whole encrypting e-mail thing, so I can't comment on that. I do however encrypt communications (in a sense) using Tor.

 

From my recollection, this is only a partial source code for PGP Desktop.

 

The article does appear to deal more with communications than stored data, so encrypted data storage is probably off topic to a degree. That said, there's enough in common between data and communication encryption that much of what applies to one applies to the other.

Topping that list is the security of the OS that encryption software is running on. I'm not a True Crypt user so I can't comment on it specifically. I use a different application for data encryption that's been around for years, and a strong cypher. IMO, protecting the data when the PC is powered down isn't the problem. The problem arises when the PC is running. Encryption of data and communications is only as secure as the least secure link in the chain, which is almost always the operating system. When that data is available to the user, it's also available to any malicious or monitoring code that's running on that PC. The developer of the encryption software has no control over the OS or what else may be running on it, especially code that's running at kernel level. They can design their software to be resistant against certain types of monitoring, but a lot of the OS is beyond their control. With a compromised PC, there's no need to attack or defeat the encryption software. The data/communication can be captured before it's encrypted. An e-mail encrypted with PGP is easily readable plain text while it's being written. The same applies to data that's being stored.

To date, there's no software, security, encryption, or otherwise, that can guarantee that your system isn't compromised or can't be compromised, especially on Windows. A well designed and implemented default-deny policy can get close, but Windows isn't a secure OS. It wasn't designed to be a secure environment and may well have been deliberately designed not to be. The NSA helped Microsoft make Vista secure. In a post 9/11 environment, do you really believe that was the extent of their involvement?
Quoted from the article, bold emphasis mine:

Care to bet on just what government software the NSA would be most concerned with? I find it hard to believe that this would not include or refer to "official" monitoring and surveillance software, possibly a backdoor in the OS, especially in a post 9/11 environment. If this is the case, then this "flaw" could also be discovered and used by others, possibly the professional malware coders.

The strength of the encryption algorithm and the software implementing it is only part of the picture. Those parts rarely fail, but they can't stand on their own. Encryption software isn't bypassed by operating systems and their components. The encryption software relies on OS components to function and to interface with the hardware. If those components are compromised or do more than is documented, the encryption software and its developer can't do anything about it. The only way to avoid that dependency on flawed, vulnerable, or backdoored OS components would be to include a complete OS with the encryption software. It's the exact same situation that makes a hardware firewall more resistant to attack than a software firewall, even though both are actually software firewalls. The "software firewalls" themselves aren't weaker than their "hardware" counterparts. It's the OS that they're installed on that's vulnerable, and its vulnerabilities can be used to attack and defeat or bypass the software that's installed on it.

 

I agree with almost everything you say, however when I was discussing Windows, I was talking solely about potential undocumented "features" that Microsoft might have placed that would compromise the software that is running on Windows. Of course, any other malware that you obtain by other means might also do the same thing.

Now, regarding Windows and Microsoft (and possible government backdoors), could you give an example of a flawed or altered component that would compromise TrueCrypt, PGP, DriveCrypt, Tor, JAP, etc., etc., etc. even before they know what those programs will look like on that particular operating system? They all operate in different ways. Finding some elegant way to compromise all of them is far from a trivial task. And the programs may change over time. There are too many programs to count and they all operate differently. This indicates to me that a backdoor would not take the form of any attempt to modify the functioning of any particular program. Again, it's the job of the developers of a particular program to understand how all of the components function on Windows. I wouldn't trust any program where the developers have demonstrated an inability to do this.

I think you overstate the risks to some extent. But, by the same token, I've already stated that I don't allow automatic updates, and I only install the rare update manually. So, those components have a much lower risk of being modified in some way.

I suppose there could be some surreptitious keylogger on every Windows system. Not only is this far-fetched but it probably would be discovered. I don't think every Windows machine is routinely sending out secret data (e.g. passwords/keys) surreptitiously. To my thinking, any backdoor would probably be something that would have to be activated after they identify the specific computer they want to target. And, even then, I don't think any backdoor can affect a non-networked, fully encrypted Windows machine that is turned off when not in use.

Let's say there is some secret way for the government to hack into every Windows computer with internet access. What's to stop a hacker from discovering this technique? I suppose they could just lump it in with the many exploits that Microsoft routinely patches. Somehow, I'm not too concerned about this. Of course, I can't rule out some backdoor, and it wouldn't surprise me if one existed. But you can't deny how risky it would be for Microsoft to do this.

Also, keep in mind that any operating system that can be updated (basically every modern operating system) can be compromised in similar ways to Windows. Open source or closed source makes no difference because surreptitious changes can be introduced through updates. And, other people on this thread were mentioning the difficulties in discovering a backdoor in crypto software. If that's true, what hope does anyone have of discovering backdoors in an entire operating system? With some people, nothing will ever be adequate.

Also, I would never use an operating system that came with the encryption software. I believe an operating system would be orders of magnitude more complicated to create than encryption software. I just wouldn't trust it. And it probably wouldn't be anywhere near as usable as Windows is (and maybe not even as secure). An operating system isn't just something you cobble together to complement your encryption software. I'm sticking with my view that the operating system you should use is the one that suits your needs. Just use a trusted, open-source encryption program with the OS that best suits you.

I used to be very distrusting of Microsoft in the past. I've changed my views over the last couple years. It's not that I trust them in any way, but I'm not as paranoid as I used to be. They're just a company trying to make money. They're neither good nor evil. My view of the government has also changed over the years. Again, I don't trust them by any means, but I realize now how limited they actually are in their capabilities. The difference between what they actually can do and what the average person thinks they can do (especially on this forum) is pretty staggering in my opinion. Government agencies definitely do get some help from the public perception that they have virtually unlimited resources to do whatever they want, but the truth is they have very limited resources and really do have to prioritize. They're by no means all-knowing and all-seeing like some people would like to believe. I'll just leave it at that.

This is the reason why Grobbage's claims don't ring entirely true with me. I don't doubt he writes the software he claims to, but I have a feeling it's nowhere near as powerful as he makes it out to be. Of course, he takes pride in his work, and this probably leads to considerable exaggeration on his part (e.g. Tor is just another thing out there).

 

Microsoft utilizes Rootkit Technology within the Microsoft Windows Operating System, the one visible Registry Key that is outside of the Super Registry is: HKEY_LOCAL_MACHINE\SECURITY\
Do not even tamper with that Registry Key, you will lock yourself out of the Operating System.

Results of Microsoft Rootkit Revealer:
HKLM\SECURITY\Policy\Secrets\SAC* 9/13/2008 3:39 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 9/13/2008 3:39 PM 0 bytes Key name contains embedded nulls (*)


HKEY1952

 

Ever heard of the "_NSAKEY" fiasco? M$ said it was an "unfortunate name" for the key and had nothing to do with the NSA. M$ said anyone who believes otherwise is a conspiracy theorist. I suppose that makes Bruce Schneier a conspiracy theorist, as Bruce is only one of the most eminent cryptanalysts in the world, and has said he doubts M$'s explanation.

So, one must ask oneself: do you really think the NSA would *not* try to convince M$ to put a cryptographic backdoor in Windows? And do you really think M$ would decline? And is there anyway for anyone who has not signed an NDA to know whether such a backdoor was placed somewhere in the kernel? The NSA's primary job has been and still is cryptanalysis, so it makes sense they would attempt this.

With an open-source OS, the probability of this happening is much, much less.

See the "_NSAKEY" story above.

If the _NSAKEY suspicions are true, all the adversary needs to do is enter the master pass-key and your hard drive is unlocked in seconds. Remember, WDE is intended to protect your drive when it is off, so being "non-networked" has no bearing on this.

How is it risky? If something like this was ever discovered, M$ would just use the old "we're protecting the world from terrorists" and "just doing our patriotic duty" line. Hell, most people would even cheer.

I am not so sure it would be that easy, at least on Linux. With Linux, one has a package manager and the software that the package manager has access to is maintained by the distribution. This means all upstream patches, bug fixes, etc.. are reviewed and tested by the distribution before being sent out. Of course, it is possible for there to be a malicious packager working for the distro, but his chances of running his scheme very long are slim.

I agree that there will always have to be some level of blind trust with any modern OS -- there are simply too many lines of code for any one person to completely vet. But at least being open-source makes it possible to do.

I agree 100%. The "government" is made up of human beings just like us and they are fallible just like us. While some organizations have huge budgets, most do not. And even those that do (like NSA) cannot possibly monitor all 300+ million of us (not to mention the rest of the world).

 

I have some problems with a lot of what you said, and I never denied the existence of a backdoor. What I said was: "To my thinking, any backdoor would probably be something that would have to be activated after they identify the specific computer they want to target." Then I went on to put some qualifiers. Yes, I have heard of the NSAKEY issue, and it was never fully explained. I suppose it could be a backdoor.

But I don't understand this quote above. How does the NSAKEY issue give anyone a "master pass-key" to a TrueCrypt volume. The TrueCrypt header and boot loader have a well-defined structure and leave no space for any type of "master pass-key" that is different from the password you chose. TrueCrypt has been tested successfully on thousands of Windows machines. Are you talking about something which you believe is present on every Windows machine? In that case you are totally mistaken because it would have shown up during the very first tests the TrueCrypt developers did (i.e. they would have noticed obvious changes to the headers/boot loaders that were different from their design standards).

Otherwise, you're talking about the rare compromised machine. You're going to have to clarify this "master pass-key" issue because I have a solid understanding of how TrueCrypt works, and I have no understanding of how it can be unlocked by something other than the chosen password. Where precisely would this pass-key be entered?