Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Security United States

The NSA Uses the Same Chat Protocol As Hackers 81

rossgneumann writes NSA documents obtained by Edward Snowden and reported on by Der Spiegel on Sunday reveal that the agency communicates internally with Jabber, an open source messaging service used by hackers and activists trying to skirt the NSA's internet surveillance dragnet. A document outlining the NSA's Scarletfever program—a "message driven cryptologic exploitation service" designed as part of the larger Longhaul initiative, a program that collects data and finds ways to break its encryption—contains a curious point buried near the end: "Jabber Chat Room: TBD."
This discussion has been archived. No new comments can be posted.

The NSA Uses the Same Chat Protocol As Hackers

Comments Filter:
  • OMG Jabber (Score:5, Funny)

    by rednip ( 186217 ) on Monday December 29, 2014 @05:49PM (#48692629) Journal
    Whatsapp is a jabber client as well. I fail to see why this is surprising connection. Seems more like click bait.
  • by Anonymous Coward on Monday December 29, 2014 @05:51PM (#48692641)

    i bet those sons of bitches are using imap and ethernet too! just like hackers!

    • by NoNonAlphaCharsHere ( 2201864 ) on Monday December 29, 2014 @06:04PM (#48692737)
      Yup. The difference is the internal NSA's systems are air-gapped so those sons-of-bitches at the GCHQ can't listen in.
      • by F.Ultra ( 1673484 ) on Monday December 29, 2014 @06:30PM (#48692861)
        Didn't stop Snowden though :)
      • Do your part (Score:3, Interesting)

        by Brain-Fu ( 1274756 )

        An AC in a previous Snowden story posted this link:

        Grant Snowden Clemency [aclu.org]

        You can sign this petition to pressure the government to pardon Snowden, so he can come back to the states a free man.

        Please share this link on your other forums. It is the least you can do for him, after all he has sacrificed for you.

    • by unrtst ( 777550 ) on Monday December 29, 2014 @06:57PM (#48692995)

      There's a whole lot of comments here saying this is stupid, obvious, not surprising, etc, and pointing out other clients that have used (and still use) XMPP (jabber).

      The one potentially interesting bit that brought me here... what are they using for encryption?

      I'm assuming they have TLS enabled from client to server, and from server to server. The details for that layer are not very important to me, though I'd still be interested to know.
      The end-to-end encryption used, that's what I'd be most curious to hear about. There's a lot of apps and plugins and such that boast end-to-end encryption, but there is little interoperability AFAICT. There's a fairly wide variety of implementations and specs (and lack thereof). OTR may be the best known one (http://en.wikipedia.org/wiki/Off-the-Record_Messaging). IMO, what it uses seems somewhat dated with respect to all the SSL/TLS issues that came to light this past year. Ex, OTR uses:

      * Diffie-Hellman key exchange with 1536 bit group size. (is this ADH, static DH, DHE, ECDH, ECDHE, etc)
      * AES symmetric key with 128 bit key length (AES 256 is more the norm now, and there are certainly lots of other alternatives)
      * SHA-1 hash function (SHA1 is deprecated in many situations, and SHA256 and other stronger hash functions are readily available)
      * forward secrecy (that's good... but I wonder if it's using similar and well tested methods such as used in current PFS TLS implementations)
      * NO support for multi-user group chat

      I'm betting there's better and/or more updated things out there. Seems OTR could be updated fairly easily (define new protocol version and use different set of stuff in the various places in the protocol), but what is it that others that are extremely paranoid are using?

      • by chill ( 34294 )

        OTR is mentioned as one of those things they really can't crack if you dig through the whole Spiegel article.

      • Yes, the math geeks may speak to each other that way but they are run by a bunch of horse judges and cheerleaders that just happen to know the right people (as seen by how a contractor could get hold of so much) so it's probably a safe bet that it's in the clear instead of best practice.
        After the star trek set designer getting called in the only way to go is down. The Chinese or whoever would have just needed some way to pander to a huge ego to get a backdoor into the place.
      • It may not be end-to-end : one of the ways the sixteen intelligence agencies handle security is through the use of xml-bridges. Payloads are rewritten between networks of different classifications - only data gets across, not even binary documents. XMPP is useful for more than just chat clients. source: chatty dude at a tradeshow booth a few years back (niche market). This is one of the ways corporate actors fail to grok security - they accept the bets of COTS even if it's not good enough. TLA's hire

      • This is damage control. What the docs show, is that OTR encryption is safe. You can use OTR encryption with Jabber, but Jabber isn't encrypted by default.

        What they presumably hope is that people will use Jabber and think they're safe. And Slashdot editors are being the useful idiots as usual.

      • It's likely to be something which they can read easily, so not OTR.

        SIGINT dudes are not just keen on encryption. They are keen on reading communications too. To this end they usually advocate systems with key escrow at the very least, because they want to be able to keep tabs on their agents and analysts.

        I saw a brief prepared for the UK National Health Service by GCHQ on data security, it heavily emphasised key escrow, which reveals the bias of the agency that produced it. A crypto brief prepared by doctor

      • Comment removed based on user account deletion
    • what next, you gonna tell me they use monitors too????
  • Dumb (Score:5, Insightful)

    by Anrego ( 830717 ) * on Monday December 29, 2014 @05:51PM (#48692643)

    Wow, that article said absolutely nothing interesting.

    The gist: jabber is a widely used protocol, there is a widely used way to encrypt it,and the NSA has played around with it.

    Also what is the deal with every website now using this weird scrolling hackery. I find it very unpleasant.

  • As 'Hackers'? (Score:1, Insightful)

    by Anonymous Coward

    Is this like nerd, where everyone is calling themselves that?

    Because XMPP (Jabber prior to it's adoption as a standard) is/has been used by google, plus about a hundred other chat services, including Kik (albeit a proprietary derivative, seems to be what all the kids are using nowadays).

    So really it's less a story of NSA using the same service as hackers and more 'Whoa! NSA uses the same chat protocols as *EVERYONE ELSE DOES*"

    What a non-story.

    • >Is this like nerd, where everyone is calling themselves that? Someday they will claim "obese shut-in", what is there then left for me? Go out and exercise?
  • by Chris Mattern ( 191822 ) on Monday December 29, 2014 @05:58PM (#48692691)

    They probably use the same email system hackers do!

  • by x0ra ( 1249540 ) on Monday December 29, 2014 @05:59PM (#48692701)
    NSA employees enjoy the same daily disturbing bodily functions as hackers; they poop...
    • Re: (Score:3, Informative)

      by rubycodez ( 864176 )

      in fascist USA NSA poops on you

      • by Anonymous Coward

        You can't prove you have standing not to be pooped on, says 5 assholes out of 9.

  • So does Google Talk and Facebook Messenger and countless other chat systems. Way to go article. Next you'll be telling us that the NSA uses the same operating systems as hackers (OMG LINUXESSES N SHIT)

  • I'll bet the NSA uses Linux, too. Isn't that the hacking OS that uses text on a black screen?

    And FTP, that's how the hackers move their files around. I'll bet NSA uses that too.

  • by OrangeTide ( 124937 ) on Monday December 29, 2014 @06:22PM (#48692833) Homepage Journal

    Both the NSA and Hackers are using Keyboards to input data into computers.

    Seriously, Jabber/XMPP are well known standards [rfc-editor.org] for implementing internet messaging.

    This whole article smells like misinformation to work the media up into a frenzy. I don't see how these revelations can accomplish anything positive.

    • This whole article smells like misinformation to work the media up into a frenzy. I don't see how these revelations can accomplish anything positive.

      Most people can't distinguish between Jabber and Metadata. Expecting people to come to reasonable conclusions, and be outraged about the proper things when dealing with computer related issues, is asking too much.

      Reporters don't care, they are looking for something sensationalistic to bring in eyeballs. They aren't really journalists, they're eyeball-mongers.

      The important thing is that people realize the NSA is spying on them, and presumably that would outrage them, but somehow it seems to not. I don'

      • The important thing is that people realize the NSA is spying on them, and presumably that would outrage them, but somehow it seems to not. I don't know why.

        Obviously the NSA is protecting us for terrorists.

  • by Paul Jakma ( 2677 ) on Monday December 29, 2014 @06:24PM (#48692845) Homepage Journal

    “Shocking revelations have come out today that the NSA is using the same kind of computers and Internet technologies as hackers, criminals and even paedophiles! The NSA are known to use PCs and operating systems such as Microsoft Windows - a paeophiles favourite - and even Linux - beloved by hackers. The NSA even has spent money on making Linux more secure, which may help thwart law enforcement from investigating computers used by criminals. Further reports suggest the NSA also regularly use TCP in a variety of ways. TCP is known to be heavily deployed by many criminals worldwide. We contacted the NSA and asked them to comment, but their spokesperson responded only with a sneering "Oh for fucks sake" before hanging up the phone.”

  • NSA uses same protocols on their network as everyone else (including hackers). So is this stunning revelation now what passes here as news? Is this just a slow news day or has Slashdot taken another step down?
    • by Anonymous Coward

      I submit the Anonymous Coward's hypothesis:

      Every single Slashdot article has at least one post asking if today is a slow news day.

      Please attempt to disprove.

  • I think we should name the NSA's jabber chatroom for them! I was going to throw "SexyFederalAgents" out there, but it's really not my best work.
  • ...for the next exciting article, "Cops Use Guns Too!"
  • Wow. People use Jabber? Yes, people use Jabber.

    This is not news, not now, not ever. Jabber and XMPP is a real thing, much more real than IRC. Please move along and report something worthwhile, folks.

  • *nudge* *nudge* http://incubator.apache.org/wa... [apache.org] *wink* *wink*

Be sociable. Speak to the person next to you in the unemployment line tomorrow.

Working...