Schneier: Either Everyone Is Cyber-secure Or No One Is

Presto Vivace sends a new essay from Bruce Schneier called "The Democratization of Cyberattack." Quoting: When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection--basically, a technology that allows the agency to hack into computers.Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well. ... We can't choose a world where the U.S. gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance.

Re:TFS is correct

[mwvdlee]

It's already implemented.
The powers that be have chosen "No one is cyber-secure" for you.

Re:

[MightyMartian]

Because mass surveillance doesn't exist in other economic and political systems.

Re:

[losfromla]

But Our Country is better than this, said all my grade school teachers (yes, I was schooled in an inner-city school district).

Re:

[Burz]

It's already implemented.
The powers that be have chosen "No one is cyber-secure" for you.

Granted, nothing is perfect. But I'd like to see any demonstration of hacking a system like this. [qubes-os.org]

Or, rather, I'd like to see them try.

Real network security is defined by the quality of its endpoints. And to have secure endpoints we need a personal computing culture that values openness [puri.sm] as the first step to better security.

Re:

[Burz]

If the intermediaries matter, you're doing it wrong.

someone else can be first

[pbjones]

not sure how packet injection breaks into my computer.

Re:someone else can be first

[Anonymous Coward]

Zero day vulnerability even if you don't visit an infected website.

Re:

[Wootery]

Sounds like another argument in favour of HTTPS for everything.

Re:

[some old guy]

And you think the TLA's haven't compromised that too?

http://www.darkreading.com/att... [darkreading.com]?

Re:someone else can be first

[MachineShedFred]

Sounds like an argument for IPSec for anything that matters - as long as you're Doing It Right you get message integrity and authenticity. That's the whole point.

Now, if someone's cracked IKEv2, SHA, or AES all bets are off.

Re:

[Lunix Nutcase]

Ignorning all the ways HTTPS can by MITMed and/or forced to use insecure ciphers?

Re:

[kesuki]

packet injection for dummies.
1. user initiates comms
2. MITM detects comms
3. MITM rewrited packet headers and sends falsified packets AS user
4. Computer reads funny joke
5. computer spits coffee into keyboard
6. device is fried, user is blamed.
7. government sells broken device to user
8. user can't push device sold to them
9. user wishes it never happened
10. quantum paradox occurs
11. server reboots
12. ???
13. nuked from orbit
14. goto step 1.
15. bitch complains about tight loop.

Re:

[monkeyxpress]

not sure how packet injection breaks into my computer.

It's not about hacking into your computer. It's about the fact that the govt spy agencies had quite sophisticated spying infrastructure installed into key parts of the internet. Why this is a surprise to anybody is beyond me. Other than the negative PR value (which I'm sure some 'we're protecting you from pedophiles rhetoric' would fix I don't even know why the govt particularly cared if people found out.

Re:

[bigfinger76]

Taking advantage of broken infrastructure (weakened crypto, for example) is easy. Creating and maintaining ICBM technology is not.

Re:

[Gr8Apes]

I'd have to disagree given how many countries now have long range rocket technology. It's merely a matter of scale after that. The biggest issue most have is guidance technology. Apparently that's still a big problem, much like the V1/V2s in WWII, they weren't good for eliminating a target, but they were excellent for demoralizing the populace.

Re:

[Immerman]

Given the devastating effects of a nuclear or biological airburst, there's a lot of situations where actually hitting the target might not even be desirable. Still, there's a world of difference between a rocket that can go hundreds of miles, and one that can go ten thousand - and you *really* don't want that super-secret, never-been-tested ICBM to blow up on the launch pad or while it's still over friendly territory. A nuclear warhead probably wouldn't detonate, but a chemical or biological warhead would

Re:

[Gr8Apes]

There's a difference in hitting LA or the Galapagos, which is the type of error margin you can get with ICBMs.

Stating the obvious

[Anonymous Coward]

Its always seemed obvious to me that the system that you *know* grants unauthorised access cannot be considered to be secure. I never thought I was saying anything profound or even worthwhile, but apparently this fact is lost on a good number of people.

Re:

[AHuxley]

Each generation has its own ability to set aside the way a telco network can be used domestically.
The use was only for ww1, ww2, the Soviet Union, Russia, China, distant wars and long occupations.
Tame brands, academics, political leaders all thought their generation of secure hardware and software was been looked after by different brands, legal teams, oversight or respected international standards.
With the news of weak standards, academics been unaware or unsure where to look, brands letting other outs

Re: Stating the obvious

[AHuxley]

world wide wiretap AC

Re:

[gweihir]

Most people are both stupid and incompetent, and in addition do not realize either. Once you have accepted that, basically all problems the human race has have a conclusive and accurate explanation.

Insecure

[phantomfive]

Right now there's not really an option, we're all insecure. And we will continue to be insecure as long as we favor features over security (which probably won't change).

Re:

[fustakrakich]

And we will continue to be insecure...

Full stop. That's it. Nothing else. The best option is to make sure nobody has the advantage.

Re:

[phantomfive]

What? No thankyou, I'd prefer to have my system secure.

Re:

[Pieroxy]

What? No thankyou, I'd prefer to have my system secure.

It's all well and good, but how do you propose to do that ?

Re:

[phantomfive]

Unplug the network.

Seriously though, Daniel Bernstein has put a lot of thought into that question. You can start here [cr.yp.to].

Re:

[Pieroxy]

Well, you're right on one thing: unplugging is probably the only option. Given the gazillion lines of code running on any net-connected machine, there is just no way in hell all this code will ever be 100% secure. Given that anyone in the world can find a flaw and then market it for the others, I'd say the future looks pretty dark on that front.

The paper is interesting but quite idealist. No OS, driver, app is going to be rewritten with this in mind. And we need ALL of them to be rewritten. There is, for al

Re:

[rot26]

Penetrating air-gapped machines is old hat now. The next step will be discovering that the hardware we buy has been pre-compromised before purchase. Oh, that's right, that's already happening.

Hurray for megabyte sized firmware... lots of room to hide anything.

Re:

[mean pun]

Penetrating air-gapped machines is old hat now.

Some vaguely plausible demos at a few conventions is not 'old hat'.

Re:

[Noah Haders]

*all intensive purposes

Re:

[rot26]

You should go to be liberry and check up on that.

Re:

[Noah Haders]

You should go to teh dooctr and have that checked out.

Re:

[Pieroxy]

Also, don't forget they overfucked Iran's nuclear facilities infecting PCs that were on no network at all. It worked for more than 5 years. So all in all, network is just an accelerator, but they can get into anything with plugs. Fill the network plug, USB slots, CD-Rom drives and every other mean of communication from the computer and then it's become worthless.

Re:

[Aqualung812]

Unplug the network

Not enough. Quoting Spaf:

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.

http://spaf.cerias.purdue.edu/... [purdue.edu]

Re:

[Beamboom]

That's an illusion, unless you design your own hardware and the system that runs on it.

Re:

[Noah Haders]

Even that doesn't matter if you don't own your own silicon fab.

Re:

[fraxinus-tree]

Everyone preffers. Then, the relativity kicks in...

Re:

[fustakrakich]

Well then, the best of luck to you. You will need that, and a miracle or two...

Re:

[AchilleTalon]

False statement. Security and features are not mutually exclusive. Even though in the head of many security guys they are just looking forward to block features they haven't yet found how to make secure.

Re:

[phantomfive]

It takes much longer to secure a feature, which is why insecure code wins in the marketplace.

Re:

[fraxinus-tree]

We are all insecure and this is not that bad. These vulnerabilities make people and corporations equal the way Colt made them in his time. We just have to maintain acceptable level of risk.

Re:

[Immerman]

That's a false equality. A revolver is nice and all, but it's of almost no use against an army. Even less against a battalion of tanks. You might get lucky and take out a few soldiers, but that won't even slow them down.

Re:

[phantomfive]

No it doesn't. If a corporation loses your personal information, you're going to suffer more than them.

Re:

[fraxinus-tree]

It is already pretty clear that we have to (and will, some way or another) build a society where the personal information is not THAT sensitive.

Re:

[phantomfive]

That sounds harder than building a secure system.

Re:

[Bing Tsher E]

It's not that hard to build that society.

We could start by eliminating the notion of the Social Security ID being a 'secret number.'

There's no reason it needs to be a secret number for the Social Security system to operate. SS was set up as a pension savings plan and the SSN was never intended as an identification number.

The government could simply publish everyone's SSN in a publicly available digest, either online or in big phone-book like volumes.

That would fuck over the 'cheap' way that the Credit and

Re:

[fraxinus-tree]

I live in Europe and I simply do not understand the crazy SSN thing you have. Our "government IDs" are not secret. We still have a lot of room for improvement, sure, but you can use a lot of hints from us.

Re:

[JimFive]

The issue with the SSN is that with the number, a name, and a birth date you can get a credit card mailed to you. This happens because the credit card issuers make the mistake that if you know those 3 things then you must be that person (and, they have successfully pushed the pain onto the real person by coining the phrase identity theft, instead of what it really is, fraud).

In your country in Europe, what do you need to do to get a credit card?
--
JimFive

Re:

[fraxinus-tree]

At least in Bulgaria where I live, CC is never mailed. You have to go in person to a bank office and show a state-issued ID card (or passport, if you are not local), to get one. IDs are generally hard to forge (crypto-enabled coming soon here and already usual in other EU states), have your photo printed on them, last usually 10 years and are mandatory.

CCs became themselves crypto devices some 15 years ago and a lot of them do not have a magnetic strip now - good luck cloning them.

It is not that we do

Re:

[StikyPad]

This doesn't really need to be the case. We're used to carrying keys to access our cars and homes -- we could carry digital encryption keys to access our emails and data. The bug/feature is that losing the keys necessarily means permanently losing access to the data, from the past anyway. But that's not actually very different from today -- much of our data rots for other reasons anyway. Photos and documents disappear when we buy a new phone, or when our hard drives bite the dust. Endpoint encryption w

Re:

[mean pun]

He's describing what happens to many people in practice, rather than in nerd nirvana.

Actually a govrenment can be secure even if

[MouseTheLuckyDog]

other governments are not.

Just develop everything in house. And I do mean everything.

Re:

[phantomfive]

That won't make you secure. Given how government programmers operate, it will probably be less secure.

Re:

[fraxinus-tree]

This way, you can only get security by obscurity. Not much. You also get all the expenses of in-house development. A LOT.

Hey Bruce

[93 Escort Wagon]

You're preaching to the choir here... but it'd sure be great if you got a chance to explain this to the President and to Congress, though.

Re:

[losfromla]

Have you forgotten where you are? Your friends who think you are cool here would still think you were cool if you started eating boogers on a regular basis. Nerd-cred matters but cool hardly does. Still, the joke was lame so it was smart of you to disassociate yourself from it.

Re:

[Bing Tsher E]

Bruce is just a blogger and a journalist. He wrote the Cryptology book that nobody else dared publish and got it into print. He's not a credentialed cytologist, and his 'security expertise' comes from him having been a blogging journalist on the topic for over a decade.

He probably would be good at explaining the issue to the President and Congress, but that would be because he's a good communicator, not an expert or scientist.

Re:

[tburkhol]

1 Companies that sell software... better have all code open sourced (not same as free) or should be labelled "NOT TO BE TRUSTED".

No way to tell whether the provided source code matches the provided firmware

Code (including scripts and updates) is then compiled locally and before first execution hash checked automatically against non-centralized database (p2p technology similar to bitcoin block chain)

1) binary code will vary depending on the specific architecture, optimizations, and libraries during compilation. 2) a hash can be falsified as easily as a binary.

3. All hardware sold with precise technical diagrams... or should be labelled "NOT TO BE TRUSTED"

At least an order of magnitude less effective than open source, and we've seen that even "important" OSS like openssl can go decades without independent code review.

4. All encryption always on client side.

Quite sensible, although I suspect that people will rapidly become frustrated when they forget their pass

Re:

[LordLimecat]

If you use the same words to describe digital surveillance as other people use to describe the Khmer Rouge or Stalin, then you're a nutcase.

FTFY. I dont even think Stallman is nuts enough to make that comparison.

Its also hillarious that GP is saying that no closed-source hardware should be used. Remind me-- how many "open-source" processors, hard drives, SSDs, and SoCs do we have out there? Who do you trust to build your chips? You gonna label Intel's fabs "not to be trusted"? And if so-- which "FOSS Fab" do you plan to use?

The problem with asking geeks to implement policy is that a vast majority of them think they have very good ideas, wh

Re:

[HughJazz]

"Remind me-- how many "open-source" processors, hard drives, SSDs, and SoCs do we have out there? Who do you trust to build your chips? You gonna label Intel's fabs "not to be trusted"? And if so-- which "FOSS Fab" do you plan to use?" You are speaking in terms of pragmatic reality in present. Pragmatism is precisely why systems are insecure today. I am speaking in terms of principles to get us where we want to be.. real security.

facts please !

[swell]

This summary ends in a conclusion which seems appropriate for slashdot. But it grew from a questionable source.

We are expected to believe that Mr. Schneier at the Guardian, one of the anointed who had access to Snowden documents ... the NSA contacted him with concerns about exposing QUANTUM? Was this done by telephone, via intermediaries or a personal visit? How did the NSA know the Guardian/Schneier knew about QUANTUM? The logistics, the timeline, the specifics of this meeting have escaped me in this short

Re:facts please !

[Programming Ace]

The guardian team has spoken before, they raise all of their publications to the Department of Defense and NSA for comment before releasing to the public. This is why some of the information coming from the Guardian is still redacted. They're trying to make sure they're not putting anyone's lives at risk in the process of disclosure.

Re:

[swell]

"The guardian team has spoken before, they raise all of their publications to the Department of Defense and NSA for comment before releasing to the public. This is why some of the information coming from the Guardian is still redacted. They're trying to make sure they're not putting anyone's lives at risk in the process of disclosure."

Thanks. The Guardian and other publishers are still slowly releasing documents after careful scrutiny. Partly, as you say, to avoid putting lives at risk. I had not been aware

Re:

[Simon Brooke]

I imagine, using standard journalists' practice, the Guardian phoned up the NSA and said 'we've found this in your documents. Would you like to comment?' That's what professional journalists do.

Re: discussions on Slashdot were well informed

[BuGless]

Actually, discussions on Slashdot have never been well informed; they were bad back then, and they are worse now. "Well informed" died in september 1995, it existed on USENET prior to that.

Re:

[Anonymice]

It could've come from GCHQ - y'know, the guys who turned up to the Guardian's offices & forced them to "symbolically" destroy a couple of their hard drives. And also the guys who harassed journalists & their partners whilst they were in the "international" zones of our airports.

Top Secret?

[fred911]

Haven't people testing wireless security with aircrack been using packet injection for like... years??

Re:Top Secret?

[PhilHibbs]

It's not the idea that was top secret. It's the specific implementation and the fact that they were using it and what for that was secret.

Re:

[StikyPad]

There's some merit to that, in that some criminals and terrorists mistakenly believe that the infrastructure is secure, that they are not worthwhile targets, or that they are somehow anonymous. Alerting them to their mistaken beliefs doesn't make things easier for those tasked with limiting their damage.

On the other hand, as this article points out, not disclosing, or drawing attention to, the catastrophic vulnerabilities that are used in offensive operations simultaneously makes us all vulnerable to those

misleading headline

[Tom]

What's with the clickbait headlines? By itself, the headline is total BS. The actual statement made, however, is spot on. The hole in your security doesn't care who exploits it. There's no "good guy" flag in IP headers (though I'm sure some April 1st RFC will soon introduce it).

What worries me most is that we could win this fight, if it weren't for our own governments deciding to betray us. There are vastly more people interested in secure communication and other people not being able to spy on or subvert our computers and mobile devices than there are people interested in compromised communications and systems (basically only criminals and some deluded, criminal-if-the-laws-were-right elements of governments).

There is just one problem to Bruce's argument: The largest and most powerful spy agency in the world disagrees with his fundamental assumption. We often forget that the NSA has two missions, and they are exactly the two things that Bruce argues cannot co-exist: To secure the computing infrastructure of the US against foreign espionage, and to provide espionage on foreign communication.
The NSA believes, and/or is tasked with exactly these two things that Bruce says (and I agree) are mutually exclusive. No surprise they've gone rogue, their very mission statement is a recipe for a mental breakdown through cognitive dissonance.

Re:

[Anonymous Coward]

There's no "good guy" flag in IP headers (though I'm sure some April 1st RFC will soon introduce it).

Young rascals. Get off my lawn.
http://tools.ietf.org/html/rfc3514

Re:

[Tom]

Everyone knows about the evil bit. That's what prompted me to write the bracket remark. But it's not quite the same as a "we're from the NSA, nothing to see here" flag.

Re:

[swb]

The NSA used to get by with being clever because it used to be that mathematically secure communications didn't exist, or if they did, they were extremely difficult to implement without a mathematician and only useful for small messages.

Now we have trivial access to computing power and well-understood encryption technologies that turns this on its head and communications can be trivially secured in ways that can only be broken by compromising them so they are internally flawed or by statutory means of denyi

Re:

[DNS-and-BIND]

Cognitive dissonance? Those two missions aren't mutually exclusive. Defend yourself at home and go on offense abroad. It's a classic mission time-tested by history, and it has plenty of counterparts in sports metaphors. Simply asserting that something is mutually contradictory because it sounds good to use words like 'cognitive dissonance' isn't any kind of argument.

Re:

[Zalbik]

Bruce's thesis is that if spy agencies deliberately allow for weakened security infrastructure so they can monitor communications, then the enemy can make use of those weak points. That there is no way to just let the "good guys hack".

"the NSA has two missions...To secure the computing infrastructure of the US against foreign espionage, and to provide espionage on foreign communication."
If they allow hacks to propagate so they can spy, then communication is not secure. (i.e. they fail the first part of t

Re:

[Tom]

Those two missions aren't mutually exclusive. Defend yourself at home and go on offense abroad.

It works for bombs and tanks, but not for computer networks and communications. It might have even worked in the time of telegraphs and snail mail letters. But for encryption, it doesn't work. A cipher is either weak, or strong. You can compromise a foreign postal system without affecting the security of your own, but you can't secretly build a backdoor into an encryption algorithm that works only for you.

Simply asserting that something is mutually contradictory because it sounds good to use words like 'cognitive dissonance' isn't any kind of argument.

Now you're trying to reverse the chain of causality just to make a cute finishing sentence. :-)

Saaaaayyyy whaaaaat?????

[sgt_doom]

Commenter claims: . We often forget that the NSA has two missions, and they are exactly the two things that Bruce argues cannot co-exist: To secure the computing infrastructure of the US against foreign espionage, and to provide espionage on foreign communication.

Had you ever worked at the NSA, or served in military intelligence, you would know better, as their two missions are financial intelligence acquisition for the money masters, and command-and-control of the populace. Sometime you might study th

I think you will find...

[Anonymous Coward]

"... This is the NSA's program for what is called packet injection--basically, a technology that allows the agency to hack into computers.Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers." ,,,that ALL the spies have much more in common with each other than they do with civilians.

Towards the end of the Cold War the UK and Russian intelligence services were routinely exchanging data on their activities - the idea bein

This is something David Cameron is unaware of

[GauteL]

For those that don't know or have forgotten. The British PM made a statement [theguardian.com] that he wants to ban communication which cannot be intercepted and deciphered by the government. We may as well just send all our communication in plain text ascii.

Re:

[Roger Lindsjo]

Have you seen the state of some posts here? There is no chance of deciphering them, plain text or not.

It's MAD all over again

[Cigarra]

Either we're all safe, or we all get destroyed.

It's just not that simple

[Anonymous Coward]

We choose security for our homes but why don't we all live in bank vaults? cost? aesthetics?

There are some types of security that the average person simply can't have. Most of us have no choice but to use a commercial provider for our internet access and as long as we can't own and control every point between us and our target node and the development and manufacturer of every critical component in our devices - our governments will always be able to subvert our trust and spy on us anyway.

You're expecting

We are all doomed

[joker784]

Another huge problem with all this data gathering is that the amount of data is impossible to process by humans, so the agencies will have to rely on algorithms to find the "bad guys". Who can defend themself against accusations or persecution that falls out of such algorithms? It quickly becomes a case of everybody have to prove their own innocense (which of course is impossible). Add injection of false data and corruption of databases, and we are all doomed.

Perfect

[Ol Olsoc]

is the enemy of good.

By corollary ...

[CaptainDork]

... everyone has access to the same tools.

By way of example, it's damn near impossible for me to buy a grenade, but the military has lots.

The way cyber warfare is developing, it's more of a level playing field.

The major difference between capabilities of governments and civilians, on the cyber warfare stage, is money.

Trovicor Monitoring Center

[sgt_doom]

also uses DPI (packet injection) and is supposed to be the state-of-the-art full-spectrum intelligence platform: it will allow one to intercept an email, alter and forward it unknown to either the addressor or addressee, with a new meeting time and place, and then dispatch either an extreme rendition, or kill team, to the rendezvous point. Ain't life grand?

https://www.wikileaks.org/spyf... [wikileaks.org]
http://www.spiegel.de/internat... [spiegel.de]
http://www.allgov.com/news/us-... [allgov.com]
http://securityaffairs.co/word... [securityaffairs.co]

Re:

[Ol Olsoc]

Dont forget, there are two types of people - those who separate everyone into two types, and those who don't