[iwar] Interesting story - comments?
From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Thu, 15 Jun 2000 10:44:25 -0700 (PDT)
fc Thu Jun 15 10:46:13 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Thu, 15 Jun 2000 10:46:13 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Thu Jun 15 17:46:07 2000)
X-From_: sentto-279987-410-961091095-fc=all.net@returns.onelist.com Thu Jun 15 12:44:56 2000
Received: from mr.egroups.com (mr.egroups.com [207.138.41.139]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id MAA08822 for ; Thu, 15 Jun 2000 12:44:56 -0500
X-eGroups-Return: sentto-279987-410-961091095-fc=all.net@returns.onelist.com
Received: from [10.1.10.37] by mr.egroups.com with NNFMP; 15 Jun 2000 17:44:58 -0000
Received: (qmail 22491 invoked from network); 15 Jun 2000 17:44:27 -0000
Received: from unknown (10.1.10.142) by m3.onelist.org with QMQP; 15 Jun 2000 17:44:27 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta3 with SMTP; 15 Jun 2000 17:44:25 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id KAA18503 for iwar@onelist.com; Thu, 15 Jun 2000 10:44:25 -0700
Message-Id: <200006151744.KAA18503@all.net>
To: iwar@egroups.com
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Thu, 15 Jun 2000 10:44:25 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: [iwar] Interesting story - comments?
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Some of the information presented in this article has been confirmed; some
has not. Normally reliable sources have confirmed the Israeli incident.
Other normally reliable sources have said that the incidents never happened.
The reason for forwarding the article is that whether or not any of the
activities have actually taken place, the type of situation portrayed is a
potential vulnerability and I think that we in the OPSEC program need to be
aware of potential vulnerabilities as well as actual ones. Keep that in mind
as you read the article.
Subject: (ai) Cyber risks
SECRET NO MORE
The Hazards and Vulnerabilities of the Digital Age
With the evolution of electronic communications the Gilded Age of secrecy
and sub rosa is all but over. It is harder and harder to keep secrets
secret. Security is somewhat a misnomer now. The White House leaks; the
State Department is losing its statecraft; CIA's private world is almost
public; and the "Puzzle Palace" (National Security Agency) is downright
puzzled. Our dependence on the digital age jeopardizes our national security
and our right to privacy. This paper examines the problems and proposes some
possible answers; please keep in mind that simplification is adopted,
whenever possible, to interpret the complex details of this subject, and
that the author is not an expert in the field of data processing.
One can't write about the loss of secrecy without mentioning Echelon, the
Cold War surveillance system that is still in existence. This array of
"ears" that spans the globe, is part of the UKUSA intelligence alliance and
consists of deep space satellites and intercept stations that receive all
communications, whether cellular, microwave, fiber-optic or satellite and
processed by powerful computers that are programmed to pick up key words and
phrases, suspect address and specific individuals voices. Certain non-member
European countries have recently protested that the system is being abused
and used for economic espionage. Their complaints are hard to take seriously
as many of these countries have extensive electronic espionage networks of
their own which are put to a good deal of questionable use.
For example, the Clinton Administration, which never took security very
seriously from the outset, recently found that White House, State Department
and other high-level government offices communications systems were
thoroughly compromised by the Israelis. Worse, Israel's clandestine
intrusions might have been picked up a lot sooner had the administration
been more serious about security procedures and if Attorney General, Janet
Reno had not been reluctant to seek an indictment against a suspect, an
Israeli businessman working for the DC phone company. The FBI had been
tracking him and his wife for over a year and was pretty certain she was a
Mossad agent under diplomatic cover at the Israeli Washington, DC embassy.
The FBI investigation found her husband had even penetrated the Bureau's
telephone system, including the most secret and sensitive communications,
even those involving this highly classified counterespionage operation.
Besides lax telephone security procedures in the White House, (many people
just don't bother using a secure line), the key to the intrusion against the
White House supposedly secure $30 million computerized communication system,
appears to be the software installed by the local telephone company for
their billing process. It was this software, which was connected to the
White House database link, that was used to access classified and regular
communications. Another technical security lapse, unearthed during the
investigation, was the fortuitous discovery that the "electronic back door"
used by technicians to service the system, had been left wide open.
The fact that some parts of telecommunication information, such as "secret"
phone numbers, trunk lines, remote sites and passwords are accessible to
anyone with some computer knowledge is a major security hazard. Spies, with
a detailed knowledge of computer codes that are used to route telephone
traffic, pose a grave security risk since these software codes are a means
of access that enables conversations to be monitored and even remotely
transcribed to another location - as was the case involving our government's
communications system.
As an example of the security issues we are confronted with, a pair of
Israeli mathematicians, Eli Biham and Adi Shamir, have discovered a
code-breaking method that only needs a simple desktop computer and a
microwave generator. They call it Differential Fault Analysis (DFA). Their
technique is effective no matter how long the secret prime number "keys",
used to encrypt data, happens to be and it doesn't even require knowledge of
what system is being used to encrypt. It is based on the study that
microwaves can subtly corrupt the data stored in a micro chip and incite it
to make errors in encrypting information. The errors are the means of
revealing the secret of the key system used. It has been well demonstrated
by a team of computer and encryption experts that this odd, new technique
can break virtually any code system, including Data Encryption Standard
(DES) the system most employed in the world. Furthermore, the same
encryption attack can even break triple DES which, with its 168 bits of key,
was thought to be unbreakable. Moreover, this can be done without an
overload of text or a massive amount of computers.
Here is how it works: An encryption device encrypts the original text, then
the same text is fed into the device again, but this time the device is
exposed to a burst of electromagnetic radiation, i.e.: microwaves from a
high-frequency radio transmitter. This activates random errors in the
circuitry storing the secret keys. The process is repeated several times
giving a series of encrypted messages, each one produced by progressively
corrupted numerical keys. Then, by using an ordinary PC to compare the
messages with the original, one can figure out the form of the original key,
which once discovered, can be fed into a computer simulation of the
encryption system which in turn reveals the content of the message.
Kill the messenger. Human beings are the weak link in the computer and
communication security chain. They often describe the security measure
taken for all to hear, and being the ones that program the systems, hold the
ultimate master key to their secrets systems. We tend to put our
confidence blindly into a subject just to get what we think is the
consummate solution to a difficult problem, and damn the consequences. The
quintessential example would be the former major in the KGB, Victor Sheymov,
who defected 20 years ago and went to work for NSA trying to find techniques
to break into the KGB communication systems he had designed. Eventually he
left the government agency because of a dispute over money that he insisted
was owed to him by the US Government as part of the defection agreement he
had accepted. He then worked up a set of programming instructions based on
his own algorithm procedure, which he claims makes any machine hacker-proof.
His former NSA colleagues
supposedly tested his invention and found the system impregnable. He is now
the owner of his own cyber security company outside Washington, DC
and government offices are interested in his discovery. Of course the
vulnerability of the security system Mr Sheymov invented lies in the
integrity of the man.
It isn't only systems that are vulnerable, so are the very machines that
house the systems. Spies can reassemble what is written on a computer by
interpreting the intercepted radio-frequency emissions from the computer's
electronics. Electronic keyboards are susceptible to eavesdropping because
they rely on a scanning signal that radiates the pattern of keys being used.
And a new system has been developed in the United States that allows someone
to access any file on the hard drive of a targeted computer and record every
key stroke made on it. It also allows someone to read any encrypted message
regardless of the encryption used in near real time. Such surveillance
technology makes it possible for law enforcement agencies (or criminals and
spies) to remotely monitor a PC anywhere on the globe and stealthy transmit
the data back to a pre-determined covert internet address monitored and
decoded by the operating system. Rather than physically having to place a
chip surreptitiously inside a targeted computer, this new method allows one
to monitor the computer electronically by placing covert software via the
Internet into the PC.
It is an exaggeration to conclude that modern technology has revolutionized
clandestine terrorist activity, aided the criminals and made our world all
the more secure. For them to use encryption is a dead giveaway. Routine NSA
monitoring would pick out the encrypted traffic and would flag the phone
number for further monitoring. Encryption, instead of increasing one's
security, lessens it. It is back to basics for the criminal world. For
example, an ordinary cigarette paper is used to transmit information and
orders from one criminal cell to another. The paper is wrapped in plain
kitchen plastic wrap and the courier transports the message concealed in his
mouth.
While prepaid card cell phones are anonymous and untraceable, making them
useful for running illegal operations, such as drug dealing, they still can
be easily tapped. And security agencies (or spies) can eavesdrop on
conventional cell phone users by setting up a monitor station at the
exchange where cell phone calls are connected to fixed public phones via
gateways, networks, and simply tap into the link. The future harbors further
risks. The new breed of "intelligent" programmable cell phones will be open
to hacking and espionage like our computers are today. A virus could be
easily introduced via the built-in programs, record conversations and pass
them on to another phone.
Modern criminals use active scanners which have an approximate radius range
of about 1 km.(actually only a modified cell phone that simulates a phone
networks base station) to hack into another cell phone. The criminal
stations himself in a busy place such as an airport to tap into the control
channel of a cell phone and within minutes can covertly identify the numbers
of legitimate cell phones to then clone to his stolen cell phone. It is
simpler than one would think because of the way cell phones operate. Cell
phone systems constantly check the location of every cell phone in
operation, so that incoming calls can be routed to the legitimate phone.
This is done by a base station that sends out signals (a pair of numbers)
"asking" every phone in use to reply with its number pair. All the criminal
or spy has to do is to mimic this method and all the cell phones in the
proximity will respond with their pair numbers. The bogus base station is
connected to a conventional PC which builds a database of number pairs until
a match pair is captured, usually within a matter of minutes.
Our criminal or spy can also opt for a device called a dongle, if he wants
to splurge about $150. The gismo isn't any larger than a large coin and
plugs directly into the cell phone socket used for servicing purposes. This
socket contains the chip that stores the control software. Once the dongle
is plugged into the socket anyone can manipulate the stolen phone into a
clone of a legitimate one, simply by keying in a new identity number on the
phone's keyboard. To counter stolen cell phones, a new generation of phones
have a chip incorporated in them that makes them act like a microphone,
allowing someone to receive your conversations and trail your movements.
Even after being turned off, the system works for a while, taking its power
from the cell phones battery. Ironically, cloned phones and prepaid ones are
probably the only secure phones around today; at least the caller's identity
can be kept secret even if his location can be known.
You are not only being overheard, you are being increasingly watched by
high-tech hidden surveillance cameras that actually do more than just film
you. People's ordinary behavior is surprisingly alike, almost mathematically
predictable. A new generation of computers have been programmed to spot
deviate patterns that imply criminal activity, focus in on the subject and
record on film the criminal act, such as planting a bomb, stealing a car or
picking someone's pocket. In the future, an array of cameras on the street
and in public buildings, tuned to your gestures, gait and facial recognition
(called threshold values in computerspeak) will be able to follow your every
move.
Comforting thought.
So where is this invasion of privacy leading us to? Ironically, not to more
security but to diminished security. It is increasingly more difficult to
safeguard our own security secrets because clandestine intrusions have
gained the upper hand. Something has to be done to redress the situation.
Trying to build leak-proof firewalls, safe areas protected by codes and
protocols that are hacker resistant doesn't seem to be the way forward. As
we have seen, codes can be unlocked and firewalls can be by-passed and
protocols can be corrupted. Rather than trying to fence off areas to a
computer attack, an in-depth defense, made up of several layers and lying in
ambush for an intruder, might prove more efficient. The countermeasures
would begin once an intruder has broken into the system; he could be given
false data from bogus files or be ensnared by a virus that would
counter-attack the intruder. Sensitive files could be camouflaged behind
phony codes and hidden in unlikely, pedestrian places. A new breed of
hypersensitive microchips used in quantum cryptography could help in
securing optic-fiber communications. Scientists have discovered how to
detect a single photon using this new chip. They argue that if an encryption
key is superimposed on a single photon, any hacker intercepting the photon
in an optical-fiber communication would alter its quantum state, alerting
the receiver to the interception, who could then change the key. Another
principal liability, and the vectors of electronic viruses, are the
programmable devices that have a link to one another. Modern phones with
built-in programs should have their programs separated so that one program
can't self-start another one. If the virus can't get out of the program it
can
not be spread elsewhere. Some experts think the future is in mathematical
proofs that confirm when a system is secure. The dilemma is that people want
more functions and ease of operation built into their communications systems
but not the liability of viruses and eavesdropping that goes with it. A
choice has to be made; it doesn't look like we can have both. Security or
insecurity.
AUTHOR ANONYMIZED
June 2000
------------------------------------------------------------------------
Failed tests, classes skipped, forgotten locker combinations.
Remember the good 'ol days
http://click.egroups.com/1/5531/7/_/595019/_/961091095/
------------------------------------------------------------------------
------------------
http://all.net/