Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Cellphones Communications Government Privacy United States

How NSA Spies Stole the Keys To the Encryption Castle 192

Advocatus Diaboli writes with this excerpt from The Intercept's explanation of just how it is the NSA weaseled its way into one important part of our communications: AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world's cellular communications, including both voice and data.
This discussion has been archived. No new comments can be posted.

How NSA Spies Stole the Keys To the Encryption Castle

Comments Filter:
  • No surprise (Score:3, Insightful)

    by Registered Coward v2 ( 447531 ) on Thursday February 19, 2015 @05:35PM (#49091469)
    When you have the money and will technology and people are easy to get
    • Re:A big surprise (Score:5, Insightful)

      by aberglas ( 991072 ) on Thursday February 19, 2015 @06:03PM (#49091559)

      Actually it is surprising. Many if not most large government IT projects are appallingly run. Vast amounts of money wasted on useless consultants that end up producing very little if anything at all.

      As the NSA's budget grows and grows, I suspect this will happen to them. Lots of MBAs that can only organize their own careers, while the crypto-nerds are pushed into the background.

      • Re:A big surprise (Score:5, Insightful)

        by Anonymous Coward on Thursday February 19, 2015 @06:19PM (#49091621)

        That's already sort of the case. The NSA and similar agencies in other countries are LOADED with useless incompetent staff and engineers. It has everything to do with their impossible hiring practices combined with it being a shitty unethical job. They don't even pay super well, and anyone competent can make more in the private sector.

        This makes the whole thing even more scary to me, because being utterly corrupt and not very bright are pretty much absolute requirements for the job. The fact that they get anywhere at all is because they have a huge budget and federal backing to force companies to play along.

        I'm always extremely skeptical of stories that the NSA actually broke something through math. It's way way more plausible that they simply paid someone off on the inside.

        • Re:A big surprise (Score:5, Insightful)

          by TWX ( 665546 ) on Thursday February 19, 2015 @06:29PM (#49091641)
          I think the points are though, that first, companies do not do a good job of cybersecurity, or security at all for that matter. This is the issue that allowed another party to gain access to the crypto data for the SIM cards and for other security mechanisms in order to defeat them.

          And second, while the NSA and the British equivalent might be unweildy bureaucratic monsters where those in-charge might not even know what the appendages are doing, they're well-enough funded that they can afford to buy people off to socially-engineer their way in to places where they wouldn't otherwise have the right to go. That gives them the ability to get into corporate networks or to get data from individuals working for corporations; they buy their way in and the consequences of the actions of the employee are not the NSA's concern. All they want/need is the data, and if they can buy it for cash or buy their way in for cash then they might just do that.

          Security is hard. Ultimately it comes down to the individual employee, who has to have access to what he or she works on, but by having that access, also can be a risk. A multimillion dollar system can be compromised by a single technical employee because that employee needs access through those safeguards to do the job. It's really no different than bribing the guards at the castle to get in.
      • Re:A big surprise (Score:4, Insightful)

        by Registered Coward v2 ( 447531 ) on Thursday February 19, 2015 @07:31PM (#49091929)

        Actually it is surprising. Many if not most large government IT projects are appallingly run. Vast amounts of money wasted on useless consultants that end up producing very little if anything at all.

        As the NSA's budget grows and grows, I suspect this will happen to them. Lots of MBAs that can only organize their own careers, while the crypto-nerds are pushed into the background.

        Except that this is not an IT project, but an espionage project. It just happened to have an IT component; one very different than the create a web site / database / payroll system project.

    • Why would they NEED to steal these keys? Every single cellphone company in America would need the keys so your phone would work (roaming), and American companies have proven that they will hand over anything the US Government pays for.
      • Less questions, paper trail, less names involved; more development, practical capability testing⦠Imagine this as weapons development.

      • Deniability.

        If they steal the keys, there's no public record that they have them.

        If they request them from the corporation, even if they use a national security letter, the corporation can announce that they have been requested, or use a warrant canary to stop confirming that they haven't.

      • Why would they NEED to steal these keys? Every single cellphone company in America would need the keys so your phone would work (roaming), and American companies have proven that they will hand over anything the US Government pays for.

        No need for a warrant, request for the information or dealing with foreign governments, they can simply intercept and decrypt anything of interest; including already collected calls.They can also then provide them to allies that may be able to intercept or have calls of interest in exchange for information. Finally, if they make special secure SIMS that are not used widely, well, those are compromised as well. Finally, collecting intelligence is fun.

      • by sjames ( 1099 )

        It's the only way they can shake off the last tiny little bit of half-hearted judicial oversite when they want to act outside of their charter and do things that rightfully make them a domestic enemy of the people.

    • by LF11 ( 18760 )
      Are you one of those people who would have ridiculed anyone claiming the Government can "listen to all of our phone calls any time they want" as a conspiracy theorist?
      • Are you one of those people who would have ridiculed anyone claiming the Government can "listen to all of our phone calls any time they want" as a conspiracy theorist?

        No. That's not surprising since the NSA has had some pretty serious computing power fro quite some time. The challenge is picking out the conversations of interest since there simply is too much data to sift through and get timely actionable information.

        • Are you one of those people who would have ridiculed anyone claiming the Government can "listen to all of our phone calls any time they want" as a conspiracy theorist?

          No. That's not surprising since the NSA has had some pretty serious computing power fro quite some time. The challenge is picking out the conversations of interest since there simply is too much data to sift through and get timely actionable information.

          I think it has been demonstrated that these activities are as much about having a dossier to comb through after the fact as having timely, actionable intelligence. If a person of interest catches their attention, they can go back through the records to find something to charge that person with. Although stopping terrorism is the stated goal, maintaining the status quo is also a goal and this can be a useful tool.

  • NSA... (Score:5, Insightful)

    by tekrat ( 242117 ) on Thursday February 19, 2015 @05:39PM (#49091493) Homepage Journal

    Can we all just agree that the NSA is the most nefarious hacking group, the most dangerous and out of control? That they make all the other so called "black hats" look like innocent little babies?

    I think we all need to work together to get rid of this terrible, nasty, unpredictable hacker group -- for the sake of national and international security. They represent a clear and present danger to the future of this country.

    • by Anonymous Coward

      Veterans Today on February 11, 2015

      Why the United States Always Loses Its Wars [veteranstoday.com]

      We are the global village bully that's hated by much of the world.

      America loses all its wars because it seems we've always been on the wrong side of history. Morally nor legally should any nation have the right to invade and occupy another sovereign nation, much less believe it can achieve victory in long, protracted wars.

      Yet in violation of all ethical precepts and all international laws, the sole global superpower citing its imp

      • USA! USA USA! (Score:5, Insightful)

        by Anonymous Coward on Thursday February 19, 2015 @06:46PM (#49091689)

        While I think some of the points, however plausible, are a bit on the side of paranoia, the Libertarians firmly believe that we should have only a defense force and not project power.

        The current rational now for IS - or whatever they are called now - is to fight them over there so they don't come over here. They just want control of the Middle East - they are no threat to us. Also, the Arabs, Persians, Kurds, and other people's of the Middle East have been dealing with their ethnic problems for thousands of years. And of course, being there, we the USA are going to fuck things up even more.

        Unfortunately, we have a populous who treats our military conquests like a football game. USA! USA! win! It makes small people feel big.

        We in the USA are small people who like big guns. We lost the idea of walk softly and carry a big stick.

        We bluster, shoot things up and wonder why other peoples hate us.

        But this football mentality is how you get people to volunteer to fight in idiotic and unjust wars - get the stupid people to die and get maimed for the elite.

        • > the Libertarians firmly believe that we should have only a defense force and not project power.

          Uh, ignoring the few cases of the Police over-stepping their bounds, have you completely forgotten the history of the Police or Firemen and how they have operated in say the last 100 years?

          The moto was: To Serve and To Project

          They don't go around picking fights. They were originally there to stop them, and to help people.

          On the global scene the USA is too busy putting its nose into places where it doesn't be

          • On the global scene the USA is too busy putting its nose into places where it doesn't belong. Maybe if they focused more on the mother land and made a dent in idiotic wars like "War on Drugs"...

            Excuse me, I believe the propaganda word that has been chosen to pull at our emotions and get us to rally around the State is "homeland". Boy, did my ears perk up when I first heard that word used to describe the United States.

            • You might actually want to take a look [criminalgovernment.com] at reality [laissez-fa...public.com] then.

              Let's compare the Communist Manifesto and the current state of affairs with the USA.

              1. Abolition of private property in land and application of all rents of land to public purpose.
              2. A heavy progressive or graduated income tax.
              3. Abolition of all rights of inheritance.
              4. Confiscation of the property of all emigrants and rebels.
              5. Centralization of credit in the hands of the state, by means of a national bank with state capital and an exclusive monopoly.

      • by u38cg ( 607297 )
        I considered moderating this down, but I will reply instead. This is such a warped, confused view of history it's hard to know where to start. However; there is such a thing as a just war, international security is hard, and Russia had and has no right to Crimea or the Ukraine. Iraq WMDs: I remind you that Saddam believed he had WMDs. As for the Lusitania, I would remind you Churchill had his hands full with a minor issue called Gallipoli. And in Syria and Libya, there were no good options, and the sit
        • I considered moderating this down, but I will reply instead. This is such a warped, confused view of history it's hard to know where to start. However; there is such a thing as a just war, international security is hard, and Russia had and has no right to Crimea or the Ukraine. Iraq WMDs: I remind you that Saddam believed he had WMDs. As for the Lusitania, I would remind you Churchill had his hands full with a minor issue called Gallipoli. And in Syria and Libya, there were no good options, and the situation was not of the West's making; it's difficult to know when a market trader's messy suicide will start a regional revolution.

          We are lied into every war; every single one. The actual reasons we go to war often have to do with economic or strategic interests. But people don't get ready to fight and die for economic interests. They fight and die for survival. So you make it about survival, and tell the people how the enemy is coming to kill their children in their beds. Or you appeal to their sense of righteousness and tell them how we must save this other poor downtrodden people from the dictator we installed (oops, did I say

          • by u38cg ( 607297 )
            Thank you for your opinionated, factless rant. It has really changed my point of view.
    • by Anonymous Coward

      ...can we all return the favor by pressuring the government to Grant Snowden Clemency [aclu.org]?

      If people don't stand up to protect whistleblowers, then there will be no whistle blowers, and government evil will run unchecked.

      Sign it.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      We are the NSA. We are Legion. We do not forgive. We do not forget. Expect us.

    • What? NSA is consistent with what happens in most companies. In these big corporations is a top management [government] not much aware of the tecky stuff, and takes more or less irresponsible decisions based on incompetence. How a government is supposed to decide the good and bad of actions of which they're totally incapable of understanding the implications? Something that should be understood by any gov that doesn't require much skill is that the more an entity has power, the more it has to exist a counte
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Hardly, this is their fucking job. I'm glad they did it, and sad that it got publicized.

    • Re:NSA... (Score:5, Insightful)

      by ATMAvatar ( 648864 ) on Thursday February 19, 2015 @08:50PM (#49092257) Journal
      I agree. It is becoming increasingly difficult to consider the NSA as anything other than an extremely well-funded criminal organization.
      • Comment removed based on user account deletion
      • I agree. It is becoming increasingly difficult to consider the NSA as anything other than an extremely well-funded criminal organization.

        Psssh! They need to get in line behind the CIA.

    • Re:NSA... (Score:5, Insightful)

      by Charliemopps ( 1157495 ) on Thursday February 19, 2015 @10:12PM (#49092549)

      You don't seem to get it. No one wants the NSA. The American people have been polled, and overwhelmingly despise the NSA and what it does. Local and state governments have publicly declared their actions criminal, and Congress has overwhelmingly decried their activities. But they're still here and there's literally nothing we can do about it. That should tell you something.

      It's like we're all in a coffee shop, and a man armed with a 12 gauge just barged in to rob the place and demanded we all act normally. Even the cashier is nodding and offering him a latte... but in reality we're all glancing at each other wondering who's going to be brave enough to clock him over the head with their coffee mug first. There's one feeling that I think we've all felt in this country over the past 10yrs or so, and I think that feeling is best described as "Unease"

      • It's like we're all in a coffee shop, and a man armed with a 12 gauge just barged in to rob the place...

        Yeah, in really slow motion, over a four year time period.

        The polls are bullshit. Count the votes. only there will you find what people really think. Everything else is just bad theater.

        • It's like we're all in a coffee shop, and a man armed with a 12 gauge just barged in to rob the place...

          Yeah, in really slow motion, over a four year time period.

          The polls are bullshit. Count the votes. only there will you find what people really think. Everything else is just bad theater.

          Considering the voter participation rate, I'd say the votes tell us most people think it isn't worth the effort to vote. Though I do vote, I can't really blame them. I vote because I'm acting on principle (I almost always vote third party), not because I think it will make a damn bit of difference. The Us "republic" is unresponsive to the will of the people. The people know this and act accordingly.

    • I think we all need to work together to get rid of this terrible, nasty, unpredictable hacker group -- for the sake of national and international security. They represent a clear and present danger to the future of this country.

      I think time would be better spent improving systems especially communication systems to deny all adversaries capability to "hack the planet".

      Aggregating sources of trust like this is akin to piling gold bars on the street corner, holding a press conference announcing to the world their presence and being surprised when gold turns up missing next morning.

  • by Jahoda ( 2715225 ) on Thursday February 19, 2015 @05:39PM (#49091495)
    Under what possible interpretation of the law can this be considered the actions of lawful government?
    • by Kjella ( 173770 ) on Thursday February 19, 2015 @05:57PM (#49091545) Homepage

      "We are the law."

      • by BoRegardless ( 721219 ) on Thursday February 19, 2015 @07:30PM (#49091919)

        "We are the law."? No! They invent the law out of thin air. Plus legislators can't be held liable for what they say or vote for in Congress (unless you can prove a bribe or conflict of interest.)

        This is the sort of attitude that eventually destroys institutions from within, though it takes awhile.

        I do tend to agree that secession is inevitable in the US, just as it seems heading in that direction in the EU. What that will do is return some semblance (notice I said some) to States rights and hopefully smaller government, which currently redistributes about 50% of all earnings in the US. That is double what serfs paid in around a thousand years ago.

      • by antdude ( 79039 )

        Judge Dredd, is that you?

    • Legal, schmeagle (Score:5, Insightful)

      by fyngyrz ( 762201 ) on Thursday February 19, 2015 @06:06PM (#49091571) Homepage Journal

      Under what possible interpretation of the law can this be considered the actions of lawful government?

      Oh, I'm sure they can find something. You can't do anything about it -- you can't sue -- because you don't have standing. You'd have to show they were listening to *you*, just to start with, and then you'd have to have a few million to push it through to the supreme court.

      And *then* of course you'd be facing the same idiots that think "shall not infringe" means "infringe", "intrastate" means "interstate", article 3 means article 5, and that "no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized" means "as long as we think it's reasonable, we can search and seize to our heart's content", and " no ex post facto Law shall be passed" means "retroactive punishment is no problem."

      The only privacy you have at this point is in your own head. Assuming you haven't spoken, written down, or otherwise "shared" your thoughts.

      The system is broken. Badly. And very few care -- we're stuck on this downhill-all-the-way roller coaster ride.

      • Even if you don't speak or write, you read. They note everything you read, in what order, how long you linger on which articles. They know what goes in your head, which gives them a pretty good idea what stays there.

      • Snowden cared. (Score:5, Insightful)

        by Anonymous Coward on Thursday February 19, 2015 @07:33PM (#49091935)

        And, unlike most of us, Snowden actually did something about it. As a result of his revelations, political pressure is being applied to the government from many different directions to get the situation resolved.

        Of course, it cost Snowden his job, and his ability to live in his own country, and might still land him in jail or worse.

        You could swallow some of that cynicism and at least try to improve things. Maybe ask the government to grant snowden clemency [aclu.org]?

        Nah. Why exert the effort to click an online petition when it is so much easier to just bitch about how hopeless things are?

        • And, unlike most of us, Snowden actually did something about it. As a result of his revelations, political pressure is being applied to the government from many different directions to get the situation resolved.

          Of course, it cost Snowden his job, and his ability to live in his own country, and might still land him in jail or worse.

          You could swallow some of that cynicism and at least try to improve things. Maybe ask the government to grant snowden clemency [aclu.org]?

          Nah. Why exert the effort to click an online petition when it is so much easier to just bitch about how hopeless things are?

          I'm going to go with "because an online petition won't do a damn thing" for $1000, Alex.

        • at least try to improve things.

          I think you might give me at least a little credit on that score if you were familiar my writing, research and other offerings. [fyngyrz.com]

          Maybe ask the government to grant snowden clemency? Nah. Why exert the effort to click an online petition when it is so much easier to just bitch about how hopeless things are?

          I am signatory.

    • by Ralph Wiggam ( 22354 ) on Thursday February 19, 2015 @06:49PM (#49091707) Homepage

      Gemalto is in the Netherlands. It's entirely legal for the NSA and GCHQ to do anything they want outside of their home countries. They were both chartered 60+ years ago to spy on foreign communications. You can certainly argue that this attack was unethical, or a bad idea, and it was definitely illegal under Dutch law- but it was legal under British and American law.

    • by TheGratefulNet ( 143330 ) on Thursday February 19, 2015 @06:53PM (#49091733)

      if this is true, then the NSA has blatantly broken law, STOLEN property (intellectual property, that's property, right? RIIIIGHT?) and nullified most of the network and systems security we have tried to put in place over the last 10 or 20 years.

      they also are using fear and intimidation to keep the population in check. ie, they are terrorists. state sponsored terrorists who steal without regard to their actions.

      so, when are they going to be tried for terrorism under the patriot act??

      • Re: (Score:2, Insightful)

        by meta-monkey ( 321000 )

        Broken what law? Dutch law, I guess, so the Dutch would have to find and arrest them.

        It's not a violation of American law to rob a store in Paris.

        • by NettiWelho ( 1147351 ) on Thursday February 19, 2015 @08:05PM (#49092067)

          Broken what law? Dutch law, I guess, so the Dutch would have to find and arrest them.

          It's not a violation of American law to rob a store in Paris.

          I believe the Netherlands have an extradition treaty with both UK and US.

          What's been done here is a crime in all 3 nations.. Besides, doesnt US consider hacking an act of war?

    • Under what possible interpretation of the law can this be considered the actions of lawful government?

      Oh, do you have standing to bring a suit? No? Know anyone who does? No? Well, that's that, then.

  • Rainbow tables (Score:4, Interesting)

    by ArchieBunker ( 132337 ) on Thursday February 19, 2015 @05:47PM (#49091507)

    Is this a big deal considering we already have the GSM rainbow tables?

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      GSM never used end-to-end encryption, so I don't think anyone should have considered it secure.

      It is a big deal that the US did this to their European allies.

    • Rainbow tables only worked for GSM, which is now decades out of date. Most people are going to be connected to 3G or higher in urban areas (i.e. where all the action is), which isn't so easily hacked. Hence their interest. It's in the article, even.

  • by Anonymous Coward on Thursday February 19, 2015 @05:51PM (#49091515)

    It's not just about SIM cards.

    Gemalto makes smart card readers etc. Think not just communications, nor banking. Think secure access. We use things like that to ascertain authenticity and inviolability in signed documents, emails etc.

    We used.

    • by manu0601 ( 2221348 ) on Thursday February 19, 2015 @09:54PM (#49092473)

      But on a smart card, asymmetric cryptography can be used. The private key is generated by the chip on user request. It is not supposed to leak outside of the device.

      As I understand, this SIM debacle is only possible because the cryptography used here is symmetric, which means the telephone operator must have a copy of the SIM key.

      • Yeah, that surprised me a bit.

        If you replaced the symmetric key with a genuine private-key smartcard and registering on the network involved a proper negotiation and establishment of an ephemeral session key, things would be a lot more secure.

        Oh, and more expensive, 'natch, which is why it's not designed like that - stupid legacy tech.

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Thursday February 19, 2015 @06:01PM (#49091555) Homepage

    Should Gemalto be sued by people who use their cards & other products on the grounds that they did not adequately secure their computer systems and thus let in outside crackers to steal the encryption keys ? That the crack was done by GCHQ/NSA does not really alter things -- they were cracked. The point of this is that successful legal, and expensive, action would make all corporates treat security properly; this would have great benefits -- more than just keeping the spooks at bay.

    The only problem is that to sue Gemalto the plaintiffs would need to demonstrate that they have suffered. This might be hard, although insisting that they were all given new SIMs might be a start.

    • by Kjella ( 173770 ) on Thursday February 19, 2015 @08:19PM (#49092129) Homepage

      So if somebody breaks into your house, steals your car keys and proceed to run somebody over they should sue you for manslaughter? Because you know you could have put those in a safe inside a vault inside a bunker and not in your spare pair of pants. No, what you describe is pretty much the reason the US legal system is what it is and having a ton of good lawyers on staff is a necessity. And it wouldn't really stop the NSA anyway.

      • Your analogy doesn't work. Here is a better one:

        Somebody breaks into a combination-lock factory and steals the list of serial-numbers and their associated codes. They then proceed to use this information to break into peoples homes and rifle through all their belongings.

        Don't you think that a home-owner who bought this lock thinking it was secure is going to do something about it?

        The company selling the locks now has a couple of problems: the public image of their company has been tarnished, all the the loc

  • by Anonymous Coward on Thursday February 19, 2015 @06:02PM (#49091557)

    We're not even over the NSA hard drive hacks and now this?

    Next you're gonna tell me Americans shove food up people's ass for freedom. Oh wait they do [theguardian.com].

    HUGE SPY PROGRAM EXPOSED: NSA has hidden software in hard drives around the world [businessinsider.com]
    Is the NSA Hiding in Your Hard Drive? [bloomberg.com]
    NSA Has Ability To Hide Spying Software Deep Within Hard Drives: Cyber Researchers [huffingtonpost.com]
    Is Your Hard Drive Hiding NSA Spyware? [ign.com]
    The NSA hides surveillance software in hard drives [engadget.com]
    'Breakthrough' NSA spyware shows deep grasp of makers' hard drives [www.cbc.ca]
    NSA planted surveillance software on hard drives, report says [cnet.com]
    NSA secret spying software discovered by Russian researchers [itproportal.com]
    NSA Hackers Infected Hard Drives With Impossible-To-Remove Spyware [inquisitr.com]
    NSA Has Planted Surveillance Software Deep Within Hard Drives Since 2001: Kaspersky [ibtimes.com]
    NSA program is embedding secret spying software in hard drives in Russia, China, Middle East, allowing agency to eavesdrop on most of worldâ(TM)s computers: report [nydailynews.com]
    Destroying your hard drive is the only way to stop this super-advanced malware [pcworld.com]
    Hard drives beware, the NSA is coming for you [digitaltrends.com]
    Kaspersky fingers NSA-style Equation Group for hard drive backdoor epidemic [theinquirer.net]
    There's no way of knowing if the NSA's spyware is on your hard drive [computerworld.com]
    The NSA's Undetectable Hard Drive Hack Was First Demonstrated a Year Ago [vice.com]

  • by Anonymous Coward

    At what point do we start putting these criminals away? They have broken every law on the books.

    • by jonwil ( 467024 )

      No, time to go to open source verified-by-security-audit strongly-encrypted VoIP (the kind that at the very least will require the spooks to put a lot of effort into cracking it so they cant just vacuum it all up like they do now) and secure anonymous distributed crypto-currencies that the feds cant easily track (and cant seize as part of a "random" roadside stop on the interstate)

      • by AHuxley ( 892839 )
        Lets hope the certs for that end to end link are still good as offered :)
        A lot of nations will now just go back to one time pads and number stations with all the junk Western networks used for quality disinformation.
    • by BlueStrat ( 756137 ) on Thursday February 19, 2015 @07:22PM (#49091889)

      At what point do we start putting these criminals away? They have broken every law on the books.

      One of the most insidious effects of this sort of Panopticon-level data collection & analysis is that it works as well against prosecutors, judges, AGs, and even SCOTUS justices, as it does some CEO or key IT admin somewhere they're interested in compromising.

      Parallel construction is blind, therefor the current US justice system no longer is. Along with every other government agency, bureau, department, etc, all the way down.

      Total Information = Total Control

      The US Government is under the control of those who control that information. Even if the target is squeaky-clean, they are perfectly capable of planting things like kiddie-porn or any other convenient data on a hard drive such that it would stand up to the type/depth of forensics used in the typical criminal trial.

      Threatening to leak damaging private information, especially when it involves an elected official right before a(n) (re)election, works without even involving the justice system or making a public scene.

      Strat

  • by DavenH ( 1065780 ) on Thursday February 19, 2015 @06:18PM (#49091617)
    It's what they'd do.
  • by CQDX ( 2720013 ) on Thursday February 19, 2015 @06:33PM (#49091647)

    on every US and UK government employee. Let them become life-time victims of identity theft. Let the Chinese and Russian intelligence agencies have a field day. It's the only hope we have that they'll learn.

    • Maybe you didn't hear, but companies do try to make a profit. Throwing your customers to the wolves may not be the simplest way for a company to commit suicide, but it'll do.

  • Of course... (Score:5, Interesting)

    by chill ( 34294 ) on Thursday February 19, 2015 @06:34PM (#49091653) Journal

    Why do you think all the recent cell phones that are rated for classified voice, such as the Sectera Edge and Project Fish Bowl all run VoIP for classified communications?

    Because they know better than to trust the commercial telephone networks and their voice "security".

  • by schweini ( 607711 ) on Thursday February 19, 2015 @07:40PM (#49091969)
    Could someone explain where Edward Snowden is getting these kind of leaks and infos from, so long after he fled the NSA?

    Or was this information, and the other stuff he claimed in the last couple of months, all part of the package he took with him back then?

    If he was sitting on this information, then why wait so long to release it?

    Or does he have a new source 'inside'?
    • by AHuxley ( 892839 ) on Thursday February 19, 2015 @08:53PM (#49092261) Journal
      Re "If he was sitting on this information, then why wait so long to release it? "
      All the material is now in the hands of the press. The press can release the material in any way it wants or needs to.
      Re "Could someone explain where Edward Snowden is getting these kind of leaks and infos from, so long after he fled the NSA?"
      The material released by the press is long term generational projects staff get read into as they need to work on the same projects or with staff who do.
      Re the how http://www.bbc.com/news/world-... [bbc.com] "Edward Snowden: I was a high-tech spy for the CIA and NSA" (28 May 2014)
      "...he said he had worked for the CIA and NSA undercover, overseas, and lectured at the Defense Intelligence Agency."
    • Snowden hasn't had any access to the NSA since he fled to Hong Kong.

      However, the amazing thing about this dude is he was able to do full blown web crawls of the entire NSA and GCHQ intranets, including dumps/crawls of data he didn't have access to .... all without getting noticed or caught. He appears to have provided the journalists with what is quite literally a snapshot of their internal networks at the time he was operating. It's taking them years to go through it.

  • I had no idea that the personalization venders send the actual encryption keys to their customers. This is so very very wrong. That's not how you are supposed to do it.

    The correct way is to generate the master keys (separate sets of keys for each customer) inside an HSM (hardware security module). The HSM protects the master keys from being stolen. You then split the key into parts, encode those parts on smart cards, and HAND DELIVER those smart cards to the customer (in this case cell phone carriers or

  • Snowden fatigue (Score:5, Interesting)

    by goodmanj ( 234846 ) on Thursday February 19, 2015 @09:27PM (#49092385)

    This should either be the biggest news story on the planet, or the biggest lie of the year, but the public response seems to be "meh". The problem is, Snowden stole too much. Or claims to have stolen too much. There have been so *many* earthshattering Snowden revelations that both the outrage and the fact-checking seems to have evaporated.

    This is a big problem either way.

  • ... and the message is that the NSA is omnipotent and stupid at the same time.

    They make a good scapegoat, though.

  • What can we do? (Score:4, Interesting)

    by wasteoid ( 1897370 ) on Friday February 20, 2015 @12:36AM (#49092897)
    Aside from the feckless fist-shaking at the air, what can the average person really do? Public-key encryption? That gets mentioned every time, and the general consensus is that it's too much work for the average person. Is there any other action that can be taken, or are people just too lazy to care anymore? Maybe there should be more purposeful acts to disrupt the lives of average citizens, to shake them out of their stupor. Wake people up. Perhaps those in power have realized that keeping the populace happy & sedated allows them to do whatever they want. Maybe a full belly and a scratch behind the ears is all we need to become pets to the people running the world now.
  • Cell phone SIMs are the "Encryption Castle", really? From a practical perspective, they are essentially plaintext, since everything gets fully decrypted at each hop.

    Maybe I will start calling my previous car a "Dining Palace" in honor of the epic glorious time that I once ate a chili dog while driving, shifting and making a left turn (alas, this was before I had a cell phone) without getting any chili on my shirt.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...