November 23, 2019

HTTPS reaches 80% - mission accomplished after 14 years

A post on Matthew Green's blog highlights that Snowden revelations helped the push for HTTPS everywhere.

Firefox also has a similar result, indicating a web-wide world result of 80%.

(It should be noted that google's decision to reward HTTPS users by prioritising it in search results probably helped more than anything, but before you jump for joy at this new-found love for security socialism, note that it isn't working too well in the fake news department.)

The significance of this is that back in around 2005 some of us first worked out that we had to move the entire web to HTTPS. Logic at the time was:

Why is this important? Why do we care about a small group of sites are still running SSL v2. Here's why - it feeds into phishing:
1. In order for browsers to talk to these sites, they still perform the SSL v2 Hello. 2. Which means they cannot talk the TLS hello. 3. Which means that servers like Apache cannot implement TLS features to operate multiple web sites securely through multiple certificates. 4. Which further means that the spread of TLS (a.k.a. SSL) is slowed down dramatically (only one protected site per IP number - schlock!), and 5, this finally means that anti-phishing efforts at the browser level haven't a leg to stand on when it comes to protecting 99% of the web.

Until *all* sites stop talking SSL v2, browsers will continue to talk SSL v2. Which means the anti-phishing features we have been building and promoting are somewhat held back because they don't so easily protect everything.

For the tl;dr: we can't protect the web when HTTP is possible. Having both HTTP and HTTPS as alternatives broke the rule: there is only one mode, and it is secure, and allowed attackers like phishers to just use HTTP and *pretend* it was secure.

The significance of this for me is that, from that point of time until now, we can show that a typical turn around the OODA loop (observe, orient, decide, act) of Information Security Combat took about 14 years. Albeit in the Internet protocol world, but that happens to be a big part of it.

During that time, a new bogeyman turned up - the NSA listening to everything - but that's ok. Decent security models should cover multiple threats, and we don't so much care which threat gets us to a comfortable position.

Posted by iang at 12:27 PM | Comments (0)

February 20, 2018

Tesla’s cloud was used by hackers to mine cryptocurrency

Just because I get the photo op, here's The Verge on Tesla's operations being cryptojacked.

Tesla’s cloud account was hacked and used to mine cryptocurrency, according to a security research firm. Hackers gained access to the electric car company’s Amazon cloud account, where they were able to view “sensitive data” such as vehicle telemetry.


According to RedLock, using Tesla’s cloud account to mine cryptocurrency is more valuable than any data stored within. The cybersecurity firm said in a report released Monday that it estimates 58 percent of organizations that use public cloud services, such as AWS, Microsoft Azure, or Google Cloud, have publicly exposed “at least one cloud storage service.” Eight percent have had cryptojacking incidents.

“The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data,” RedLock CTO Gaurav Kumar told Gizmodo. “In particular, organizations’ public cloud environments are ideal targets due to the lack of effective cloud threat defense programs. In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.”

Posted by iang at 03:51 PM | Comments (4)

September 12, 2017

Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far

Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far

By Catalin Cimpanu
September 12, 2017 08:33 AM 0
Cryptocurrency mining malware evolution

Telemetry data collected by Kaspersky Lab shows that in the first nine months of 2017, malware that mines for various types of cryptocurrencies has infected more than 1.65 million endpoints.

According to Kaspersky, detections for cryptocurrency mining trojans rose from a lowly 205,000 infections in 2013 to nearly 1.8 million in 2016, and 2017 looks like it will easily surpass that number.

Zcash and Monero miners on the rise

Of all virtual currencies, Zcash and Monero were the favorites, primarily because of their support for anonymous transactions, which comes in handy to anyone looking to hide a money trail from criminal operations.

While Monero is a long-time favorite of cryptocurrency mining trojans, Zcash is a recent addition, as the cryptocurrency launched only last November.

Nonetheless, one month later, several criminal mining operations had adopted the currency, with one group's earnings estimated at $75,000/year/~1,000 computers.

A review of past major operations

Since last year, the rise in cryptocurrency mining malware distribution was easily observable by the number of reports put out by cyber-security firms. Such reports often help infosec industry observers to gauge new trends.

Below is a list with the most important malware distribution campaigns that pushed cryptocurrency miners in 2017.

⬗ Terror Exploit Kit dropped a Monero miner back in January
⬗ Even some Mirai botnet variants tested a cryptocurrency mining function
⬗ Adylkuzz cryptocurrency miner deployed via EternalBlue NSA exploit
⬗ Bondnet botnet installed Monero miners on around 15,000 computers, mostly Windows Server instances
⬗ Linux.MulDrop.14 malware mines for cryptocurrency using Raspberry Pi devices exposed online
⬗ Crooks targeted Linux servers via SambaCry exploit to deploy EternalMiner malware.
⬗ Trojan.BtcMine.1259 miner uses NSA's DobulePulsar to infect Windows computers
⬗ DevilRobber cryptocurrency miner became the second most popular Mac malware in July
⬗ Linux.BTCMine.26, a Monero miner that included references to Brian Krebs in its source code.
⬗ CoinMiner campaign that used EternalBlue and WMI to infect users
⬗ Zminer trojan found infecting Amazon S3 servers
⬗ CodeFork gang used fileless malware to push a Monero miner
⬗ Hiking Club malvertising campaign dropped Monero miners via Neptune Exploit Kit
⬗ A CS:GO cheat that delivered a Monero miner for MacOS users
⬗ Jimmy banking trojan adds support for a Monero miner
⬗ New Monero miner advertised via Telegram

These are only some of the major campaigns, but there are countless of other smaller operations that went unreported.

If you're wondering why is this rise in cryptocurrency mining malware taking place, the answer is quite simple. During the past year, trading prices for virtual currencies have skyrocketed across the board, almost for all major cryptocurrencies. Bitcoin, Monero, Ethereum, Zcash, and others, have seen huge price spikes that have fueled market speculation and attracted both legitimate users and the criminal underground looking to make a quick buck.

I've copied this completely for the record as it forms the best evidence seen so far of the critical paper on Bitcoin's mining effects: Bitcoin & Gresham's Law - the economic inevitability of Collapse.

Posted by iang at 10:57 AM | Comments (18)

October 23, 2016

Bitfinex - Wolves and a sheep voting on what's for dinner

When Bitcoin first started up, although I have to say I admired the solution in an academic sense, I had two critiques. One is that PoW is not really a sustainable approach. Yes, I buy the argument that you have to pay for security, and it worked so it must be right. But that's only in a narrow sense - there's also an ecosystem approach to think about.

Which brings us to the second critique. The Bitcoin community has typically focussed on security of the chain, and less so on the security of the individual. There aren't easy tools to protect the user's value. There is excess of focus on technologically elegant inventions such as multisig, HD, cold storage, 51% attacks and the like, but there isn't much or enough focus in how the user survives in that desperate world.

Instead, there's a lot of blame the victim, saying they should have done X, or Y or used our favourite toy or this exchange not that one. Blaming the victim isn't security, it's cannibalism.

Unfortunately, you don't get out of this for free. If the Bitcoin community doesn't move to protect the user, two things will happen. Firstly, Bitcoin will earn a dirty reputation, so the community won't be able to move to the mainstream. E.g., all these people talking about banks using Bitcoin - fantasy. Moms and pops will be and remain safer with money in the bank, and that's a scary thought if you actually read the news.

Secondly, and worse, the system remains vulnerable to collapse. Let's say someone hacks Mt.Gox and makes a lot of money. They've now got a lot of money to invest in the next hack and the next and the next. And then we get to the present day:

Message to the individual responsible for the Bitfinex security incident of August 2, 2016

We would like to have the opportunity to securely communicate with you. It might be possible to reach a mutually agreeable arrangement in exchange for an enormous bug bounty (payable through a more privacy-centric and anonymous way).

So it turns out a hacker took a big lump of Bitfinex's funds. However, the hacker didn't take it all. Joseph VaughnPerling tells me:

"The bitfinex hack took just about exactly what bitfinex had in cold storage as business profit capital. Bitfinex could have immediately made all customers whole, but then would have left insufficient working capital. The hack was executed to do the maximal damage without hurting the ecosystem by putting bitfinex out of business. They were sure to still be around to be hacked again later.

It is like a good farmer, you don't cut down the tree to get the apples."

A carefully calculated amount, coincidentally about the same as Bitfinex's working capital! This is annoyingly smart of the hacker - the parasite doesn't want to kill the host. The hacker just wants enough to keep the company in business until the next mafiosa-style protection invoice is due.

So how does the company respond? By realising that it is owned. Pwn'd the cool kids say. But owned. Which means a negotiation is due, and better to convert the hacker into a more responsible shareholder or partner than to just had over the company funds, because there has to be some left over to keep the business running. The hacker is incentivised to back off and just take a little, and the company is incentivised to roll over and let the bigger dog be boss dog.

Everyone wins - in terms of game theory and economics, this is a stable solution. Although customers would have trouble describing this as a win for them, we're looking at it from an ecosystem approach - parasite versus host.

But, that stability only survives if there is precisely one hacker. What happens if there are two hackers? What happens when two hackers stare at the victim and each other?

Well, it's pretty easy to see that two attackers won't agree to divide the spoils. If the first one in takes an amount calculated to keep the host alive, and then the next hacker does the same, the host will die. Even if two hackers could convert themselves into one cartel and split the profits, a third or fourth or Nth hacker breaks the cartel.

The hackers don't even have to vote on this - like the old joke about democracy, when there are 2 wolves and 1 sheep, they eat the sheep immediately. The talk about voting is just the funny part for human consumption. Pardon the pun.

The only stability that exists in the market is if there is between zero and one attacker. So, barring the emergence of some new consensus protocol to turn all the individual attackers into one global mafiosa guild, a theme frequently celebrated in the James Bond movies, this market cannot survive.

To survive in the long run, the Bitcoin community have to do better than the banks - much better. If the Bitcoin community wants a future, they have to change course. They have to stop obsessing about the chain's security and start obsessing about the user's security.

The mantra should be, nobody loses money. If you want users, that's where you have to set the bar - nobody loses money. On the other hand, if you want to build an ecosystem of gamblers, speculators and hackers, by all means, obsess about consensus algorithms, multisig and cold storage.

ps; I first made this argument of ecosystem instability in "Bitcoin & Gresham's Law - the economic inevitability of Collapse," co-authored with Philipp Güring.

Posted by iang at 12:35 PM | Comments (0)

June 18, 2016

Ethereum is one step away from creating a workable smart contracting community

To live in interesting times!

First TheDAO started up as a crowd funded smart contract which took in about $160m of contributions. Hoorah!

Then, a programmer spotted a bug and used it to sweep about $60m across to own account. Howzat!?

Next, the Ethereum coredevs reacted in collective angst and moved to unwind the 'theft.' Hooray!

Finally, someone called "attacker" claimed credit for the actions, and reminded everyone that there was a legal contract in place. YeeHaa!

Ethereum is the reality TV of the new financial cryptographic generation. However, let's not be entirely damning, it is also important to take pause and review what they have achieved. Positively.

Firstly, Ethereum has established beyond a doubt that the smart code needs to be part of a wider agreement at law. You can see this on the Explainer page of TheDAO where it carefully lays out:

"When you click the “I Accept” button or check box presented with the terms you are agreeing that you are taking part in The DAO’s Creation under the terms set forth in The DAO’s smart contract code at your own risk."

By clicking "I Accept", you enter into a legal contract, with the above text as part thereof.

To see that it is a legal contract, imagine if it didn't exist - in the absence of an agreement, there is no party who claims responsibility for TheDAO, and therefore TheDAO is abandoned at law. Which means that anyone can do whatever they like. Indeed, that means whoever can claim the value within can do so - it's like an abandoned ship at sea or unclaimed land; first person to plant a flag is the winner.

Clearly, the founders of TheDAO were smart enough not to want their smart contract to be 'abandoned' so it/they must and did enter into a legal agreement with contributors to (a) exert existence and (b) exert its authority to control the assets on behalf of the beneficiaries.

Having asserted its capacity to act, it also asserts that the smart code dominates over the legal prose:

The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code.

This is the correct order, which you can divine if you follow the logic: the legal agreement is prime over the smart code because it can bind the humans, and the legal agreement then has to defer primacy explicitly to any or all terms in the smart code. In summary, TheDAO has now exemplified 3 principles.

  1. The smart contract is a contract at law.
  2. The smart contract includes both code and prose.
    1. The legal prose asserts the capacity of the contract to act, a role outside the capability of the code;
    2. a purported smart contract without that capacity is likely abandoned, and also a statement that the authors are not smart enough to defend the property they create;
    3. the code requests that you click "I agree," a role outside the capability of the legal prose; and
    4. if you as user haven't clicked "I agree" or otherwise recorded your intent, then the smart contract is at liberty to ignore you - no intent established, no contract entered into.
  3. The legal prose rules over the smart contract.
    1. Then, the legal prose may with words pass the legal dominance to any part or all of the smart code; and
    2. indeed that might be the only thing that the legal prose does! But see below...

With these principles in hand, we are almost at the point of a viable smart contracting industry. And, we can thank the evolutionary efforts of many for this: Nick Szabo for the abstraction now called the smart contract, Satoshi for converting Nick's abstraction into the inspired form in Bitcoin, the Ethereum team for their more Turing-complete environment, and the authors of TheDAO for their big reveal of what it takes to make a real smart contract. What a social experiment!

On behalf of the entire Internet, I thank you. But we are still one step short of a complete smart contracting environment.

Recall that the point of a contract be it smart, simple, dumb or otherwise, is to create certainty over the uncertain agreements of human agents. Think about that statement for a moment - the goal is to create certainty. Got it? Now look at TheDAO and ask what you see?


If there is a better example of uncertainty in cryptographic affairs than TheDAO, I do not know of it, off hand. Indeed, the current life of TheDAO is so uncertain, it is likely to become a catchphrase for uncertainty in smart contracting!

Right? Let's list the ways. We have half the community up in arms that the terms of the smart code are going to be overridden and thus their contractual worldview is going to be overturned. We've the other half up in arms over the fact that someone has scarfed up a good chunk of the contents, and thus has breached the intent of the contract. And, now we have the Ethereum coredev team asserting their authority for a hard fork, and "Attacker" reminding them that there is a legal contract:

I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:

"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."

A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. ...

When we have such strong, valid-on-the-face arguments, at dramatically opposing poles, we have ... a dispute. TheDAO is now in fatal dispute. And what Ethereum lacks is a clear way forward to resolve that dispute.

Let's check the options. "Attacker" suggests a United States reading of the law, which suggests a USA court. USA courts typically accept any case for any nexus. But they will likely not accept the contract as valid under the securities laws in the USA, so Attacker will likely also find surprise in the event that it goes there. No matter, at $60million or whatever it is is well worth this minute, someone might try their luck in court.

And for the most part, Ethereum people are apparently located in Europe - London, Berlin, Switzerland. I'm not saying TheDAO was done by these people, but if Attacker knows who they are, and this seems reasonable, and any lawsuit names the authors and founders of TheDAO, what have we got?

A mess. What we haven't got is resolution. We can see a law suit that ricochets around the globe and locks a lot of people up in a world of pain. Everyone loses. We can see echoes of Assange and Snowden - we'll get articles, books, movies, but the one thing we won't get is ... resolution.

Certainty, this ain't.

And this is the critical step that Ethereum is short of - resolution, certainty. The traditional courts of law are not well suited to resolving this sort of dispute for a myriad of reasons - both good and bad.

Which brings us to the inevitable discovery that Ethereum must now make. There is a way that can give certainty to this mess in the general case; there is a way to resolve this sort of dispute. It is beholden on the community to find that forum of dispute resolution that can bring certainty to the smart contract when the smart contract itself has lost certainty.

Ethereum needs to set up its own forum - its own court - a court of smart contract dispute resolution.

This is not a trivial task; but it is a lot easier than you think. It's a matter of law, the choice is called Arbitration, and if you search around you can find volumes written on it. I'll leave that as an exercise for the reader, but you might want to look at DAMN. That's not how I would do it, but hey - compare and contrast!

Know it now - you face a fork in the road. On the one hand you have the failed social experiment known as TheDAO. On the other hand, you have your own forum of dispute resolution, designed to resolve precisely this mess, the smart contract in trouble. Like some science fiction movie, the choice is clear: choose to repeat the failure in TheDAO, or choose to engage in informed dispute resolution, customised for your disputes.

Choose quickly, before the next big reveal. Good luck.

Some notes.

  1. I'm handwaving over some elements of the legal arguments above, as I haven't identified precisely where the contract is entered. But that can be left as an exercise to the reader.
  2. Vitalik argues that there is no cryptographic connection. That's an odd argument, because (a) nobody's argued in court yet that there has to be a cryptographic connnection, (b) that argument reduces to "Vitalik doesn't attest to it being the contract" whereas (c) we need to go much much more, like "it isn't the contract because this other thing is the contract." Oh, and (d) we can guarantee that the court will look favourably on anything that looks like a contract, and will be entirely skeptical of a prose-free lump of code.
  3. I haven't talked about the parties to the contract at all in the above. That's because we don't need to - in this context. A given case may need to, but actually in TheDAO case, we don't need to. It could be entirely sufficient for the ethcore team to present the evidence as expert witnesses, and the Arbitrator to return a ruling authorising a hard fork. The parties do not need to be examined unless the case demands it.
Posted by Prometheus at 11:22 AM | Comments (0)

October 25, 2015

When the security community eats its own...

If you've ever wondered what that Market for Silver Bullets paper was about, here's Pete Herzog with the easy version:

When the Security Community Eats Its Own


The CEO of a Major Corp. asks the CISO if the new exploit discovered in the wild, Shizzam, could affect their production systems. He said he didn't think so, but just to be sure he said they will analyze all the systems for the vulnerability.

So his staff is told to drop everything, learn all they can about this new exploit and analyze all systems for vulnerabilities. They go through logs, run scans with FOSS tools, and even buy a Shizzam plugin from their vendor for their AV scanner. They find nothing.

A day later the CEO comes and tells him that the news says Shizzam likely is affecting their systems. So the CISO goes back to his staff to have them analyze it all over again. And again they tell him they don’t find anything.

Again the CEO calls him and says he’s seeing now in the news that his company certainly has some kind of cybersecurity problem.

So, now the CISO panics and brings on a whole incident response team from a major security consultancy to go through each and every system with great care. But after hundreds of man hours spent doing the same things they themselves did, they find nothing.

He contacts the CEO and tells him the good news. But the CEO tells him that he just got a call from a journalist looking to confirm that they’ve been hacked. The CISO starts freaking out.

The CISO tells his security guys to prepare for a full security upgrade. He pushes the CIO to authorize an emergency budget to buy more firewalls and secondary intrusion detection systems. The CEO pushes the budget to the board who approves the budget in record time. And almost immediately the equipment starts arriving. The team works through the nights to get it all in place.

The CEO calls the CISO on his mobile – rarely a good sign. He tells the CISO that the NY Times just published that their company allegedly is getting hacked Sony-style.

They point to the newly discovered exploit as the likely cause. They point to blogs discussing the horrors the new exploit could cause, and what it means for the rest of the smaller companies out there who can’t defend themselves with the same financial alacrity as Major Corp.

The CEO tells the CISO that it's time they bring in the FBI. So he needs him to come explain himself and the situation to the board that evening.

The CISO feels sick to his stomach. He goes through the weeks of reports, findings, and security upgrades. Hundreds of thousands spent and - nothing! There's NOTHING to indicate a hack or even a problem from this exploit.

So wondering if he’s misunderstood Shizzam and how it could have caused this, he decides to reach out to the security community. He makes a new Twitter account so people don’t know who he is. He jumps into the trending #MajorCorpFail stream and tweets, "How bad is the Major Corp hack anyway?"

A few seconds later a penetration tester replies, "Nobody knows xactly but it’s really bad b/c vendors and consultants say that Major Corp has been throwing money at it for weeks."

Read on for the more deeper analysis.

Posted by iang at 06:04 AM | Comments (0)

June 17, 2015

Cash seizure is a thing - maybe this picture will convince you

There are many many people who do not believe that the USA police seize cash from people and use it for budget. The system is set up for the benefit of police - budgetary plans are laid, you have no direct recourse to the law because it is the cash that defends itself, the proceeds are carved up.

Maybe this will convince you - if cash seizure by police wasn't a 'thing' we wouldn't need this chart:

Posted by iang at 08:00 PM | Comments (1)

April 03, 2015

Training Day 2: starring Bridges & Force

Readers might have probably been watching the amazing story of the Bridges & Force arrests in USA. It's starting to look much like a film, and the one I have in mind is this: Training Day.

In short: two agents were sent in to bring down the Silk Road website for selling anything (guns, drugs, etc). In the process, the agents stole a lot of the money. And in the process, went on a rampage through the Bitcoin economy robbing, extorting, and manipulating their way to riches.

You can't make this up. Worse, we don't need to. The problem is deep, underlying and demented within our society. We're going to see much more of it, and the reason we know this is that we have decades of experience in other countries outside the OECD purview.

This is our own actions coming back to destroy us. In a nutshell here it is, here is the short story that gets me on the FATF's blacklist and you too if you spread it:

In the 1980s, certain European governments got upset about certain forms of arbitrage across nations by multinationals and rich folk. These people found a ready consensus with others in policing work who said that "follow the money" was how you catch the really bad people, a.k.a. criminals. Between these two groups of public servants they felt they could crack open the bank secrecy that was protecting criminals and rich people alike.

So the Anti Money Laundering or AML project was born, under the aegis of FATF or financial action task force, an office created in Paris under OECD. Their concept was that they put together rules about how to stop bad money moving through the system. In short: know your customer, and make sure their funds were good. Add in risk management and suspicious activity reporting and you're golden.

On passing these laws, every politician faithfully promised it was only for the big stuff, drugs and terrorism, and would never be used against honest or wealthy or innocent people. Honest Injun!

If only so simple. Anyone who knows anything about crime or wealth realises within seconds that this is not going to achieve anything against the criminals or the wealthy. Indeed, it may even make matters worse, because (a) the system is too imperfect to be anything but noise, (b) criminals and wealthy can bypass the system, and (c) criminals can pay for access. Hold onto that thought.

So, if the FATF had stopped there, then AML would have just been a massive cost on society. Westerners would paid basis points for nothing, and it would have just been a tool that shut the poor out of the financial system; something some call the problem of the 'unbanked' but that's a subject for another day (and don't use that term in my presence, thanks!). Criminals would have figured out other methods, etc.

If only. Just. But they went further.

In imposing the FATF 40 recommendations (yes, it got a lot more complicated and detailed, of course) everyone everywhere everytime also stumbled on an ancient truth of bureaucracy without control: we could do more if we had more money! Because of course the society cost of following AML was also hitting the police, implementing this wonderful notion of "follow the money" cost a lot of money.

Until someone had the bright idea: if the money is bad, why can't we seize the bad money and use it to find more bad money?

And so, it came to pass. The centuries-honoured principle of 'consolidated revenue' was destroyed and nobody noticed because "we're stopping bad people." Laws and regs were finagled through to allow money seized from AML operations to be then "shared" across the interested good parties. Typically some goes to the local police, and some to the federal justice. You can imagine the heated discussions about percentage sharing.

What could possibly go wrong?

Now the police were empowered not only to seize vast troves of money, but also keep part of it. In the twinkling of an eye, your local police force was now incentivised to look at the cash pile of everyone in their local society and 'find' a reason to bust. And, as time went on, they built their system to be robust to errors: even if they were wrong, the chances of any comeback were infinitesimal and the take might just be reduced.

AML became a profit center. Why did we let this happen? Several reasons:

1. It's in part because "bad guys have bad money" is such a compelling story that none dare question those who take "bad money from bad guys."

Indeed, money laundering is such a common criminal indictment in USA simply because people assume it's true on the face of it. The crime itself is almost as simple as moving a large pot of money around, which if you understand criminal proceedings, makes no sense at all. How can moving a large pot of money around be proven as ML before you've proven a predicate crime? But so it is.

2. How could we as society be so stupid? It's because the principle of 'consolidated revenue' has been lost in time. The basic principle is simple: *all* monies coming into the state must go to the revenue office. From there they are spent according to the annual budget. This principle is there not only for accountability but to stop the local authorities becoming the bandits The concept goes back all the way to the Magna Carta which was literally and principally about the barons securing the rights to a trial /over arbitrary seizure of their wealth/.

We dropped the ball on AML because we forgot history.

So what's all this to do with Bridges & Force? Well, recall that thought: the serious criminals can buy access. Which of course they've been doing since the beginning, the AML authorities themselves are victims to corruption.

As the various insiders in AML are corrupted, it becomes a corrosive force. Some insiders see people taking bribes and can't prove anything. Of course, these people aren't stupid, these are highly trained agents. Eventually they work out how they can't change anything and the crooks will never be ousted from inside the AML authorities. And they start with a little on the side. A little becomes a lot.

Every agent in these fields is exposed to massive corruption right from the start. It's not as if agents sent into these fields are bad. Quite the reverse, they are good and are made bad. The way AML is constructed it seems impossible that there could be any other result - Quis custodiet ipsos custodes? or Who watches the watchers?

Remember the film Training Day ? Bridges and Force are a remake, a sequel, this time moved a bit further north and with the added sex appeal of a cryptocurrency.

But the important things to realise is that this isn't unusual, it's embedded. AML is fatally corrupted because (a) it can't work anyway, and (b) they breached the principle of consolidated revenue, (c) turned themselves into victims, and then (d) the bad guys.

Until AML itself is unwound, we can't ourselves - society, police, authorities, bitcoiners - get back to the business of fighting the real bad guys. I'd love to talk to anyone about that, but unfortunately the agenda is set. We're screwed as society until we unwind AML.

Posted by iang at 06:15 PM | Comments (0)

February 16, 2015

Google's bebapay to close down, Safaricom shows them how to do it

In news today, BebaPay, the google transit payment system in Nairobi, is shutting down. As predicted in this blog, the payment system was a disaster from the start, primarily because it did not understand the governance (aka corruption) flow of funds in the industry. This resulted in the erstwhile operators of the system conspiring to make sure it would not work.

How do I know this? I was in Nairobi when it first started up, and we were analysing a lot of market sectors for payments technology at the time. It was obvious to anyone who had actually taken a ride on a Matatu (the little buses that move millions of Kenyans to work) that automating their fares was a really tough sell. And, once we figured out how the flow of funds for the Matatu business worked, from inside sources, we knew a digital payments scheme was dead on arrival.

As an aside there is a play that could have been done there, in a nearby sector, which is the tuk-tuks or motorbike operators that are clustered at every corner. But that's a case-study for another day. The real point to take away here is that you have to understand the real flows of money, and when in Africa, understand that what we westerners call corruption means that our models are basically worthless.

Or in shorter terms, take a ride on the bus before you decide to improve it.

Meanwhile, in other news, Safaricom are now making a big push into the retail POS world. This was also in the wings at the time, and when I was there, we got the inside look into this field due to a friend who was running a plucky little mPesa facilitation business for retails. He was doing great stuff, but the elephant in the room was always Safaricom, and it was no polite toilet-trained beast. Its reputation for stealing other company's business ideas was a legend; in the payment systems world, you're better off modelling Safaricom as a bank.

Ah, that makes more sense... You'll note that Safaricom didn't press over-hard to enter the transit world.

The other great takeway here is that westerners should not enter into the business of Africa lightly if at all. Westerners' biggest problem is that they don't understand the conditions there, and consequently they will be trapped in a self-fulfilling cycle of western psuedo-economic drivel. Perhaps even more surprising, they also can't turn to their reliable local NGOs or government partners or consultancies because these people are trained & paid by the westerners to feed back the same academic models.

How to break out of that trap economically is a problem I've yet to figure out. I've now spent a year outside the place, and I can report that I have met maybe 4 or 5 people amongst say 100 who actually understand the difference? Not a one of these is employed by an NGO, aid department, consultant, etc. And, these impressive organisations around the world that specialise in Africa are in this situation -- totally misinformed and often dangerously wrong.

I feel very badly for the poor of the world, they are being given the worst possible help, with the biggest smile and a wad of cash to help it along its way to failure.

Which leads me to a pretty big economic problem - solving this requires teaching what I learnt in a few years over a single coffee - can't be done. I suspect you have to go there, but even that isn't saying what's what.

Luckily however the developing world -- at least the parts I saw in Nairobi -- is now emerging with its own digital skills to address their own issues. Startup labs abound! And, from what I've seen, they are doing a much better job at it than the outsiders.

So, maybe this is a problem that will solve itself? Growth doesn't happen at more than 10% pa, so patience is perhaps the answer, not anger. We can live and hope, and if an NGO does want to take a shot at the title, I'm in for the 101th coffee.

Posted by iang at 07:59 AM | Comments (1)

June 05, 2014

Reset the Net. Don't ask for your privacy. Take it back.

"On June 5, I will take strong steps to protect my freedom from government mass surveillance. I expect the services I use to do the same."

Once you pledge, get the privacy pack.

Posted by iang at 09:20 AM | Comments (1) | TrackBack

May 19, 2014

How to make scientifically verifiable randomness to generate EC curves -- the Hamlet variation on CAcert's root ceremony

It occurs to me that we could modify the CAcert process of verifiably creating random seeds to make it also scientifically verifiable, after the event. (See last post if this makes no sense.)

Instead of bringing a non-deterministic scheme, each participant could bring a deterministic scheme which is hitherto secret. E.g., instead of me using my laptop's webcam, I could use a Guttenberg copy of Hamlet, which I first declare in the event itself.

Another participant could use Treasure Island, a third could use Cien años de soledad.

As nobody knew what each other participate was going to declare, and the honest players amongst did a best-efforts guess on a new statically consistent tome, we can be sure that if there is at least one honest non-conspiring party, then the result is random.

And now verifiable post facto because we know the inputs.

Does this work? Does it meet all the requirements? I'm not sure because I haven't had time to think about it. Thoughts?

Posted by iang at 10:19 AM | Comments (1) | TrackBack

April 08, 2014

A very fast history of cryptocurrencies BBTC -- before Bitcoin

Before Bitcoin, there was cryptocurrency. Indeed, it has a long and deep history. If only for the lessons learnt, it is worth studying, and indeed, in my ABC of Bitcoin investing, I consider not knowing anything before the paper as a red flag. Hence, a very fast history of what came before (also see podcasts 1 and 2).

The first known (to me) attempt at cryptocurrencies occurred in the Netherlands, in the late 1980s, which makes it around 25 years ago or 20BBTC. In the middle of the night, the petrol stations in the remoter areas were being raided for cash, and the operators were unhappy putting guards at risk there. But the petrol stations had to stay open overnight so that the trucks could refuel.

Someone had the bright idea of putting money onto the new-fangled smartcards that were then being trialled, and so electronic cash was born. Drivers of trucks were given these cards instead of cash, and the stations were now safer from robbery.

At the same time the dominant retailer, Albert Heijn, was pushing the banks to invent some way to allow shoppers to pay directly from their bank accounts, which became eventually to be known as POS or point-of-sale.

Even before this, David Chaum, an American Cryptographer had been investigating what it would take to create electronic cash. His views on money and privacy led him to believe that in order to do safe commerce, we would need a token money that would emulate physical coins and paper notes. Specifically, the privacy feature of being able to safely pay someone hand-to-hand, and have that transaction complete safely and privately.

As far back as 1983 or 25BBTC, David Chaum invented the blinding formula, which is an extension of the RSA algorithm still used in the web's encryption. This enables a person to pass a number across to another person, and that number to be modified by the receiver. When the receiver deposits her coin, as Chaum called it, into the bank, it bears the original signature of the mint, but it is not the same number as that which the mint signed. Chaum's invention allowed the coin to be modified untraceably without breaking the signature of the mint, hence the mint or bank was 'blind' to the transaction.

All of this interest and also the Netherlands' historically feverish attitude to privacy probably had a lot to do with David Chaum's decision to migrate to the Netherlands. When working in the late 1980s at CWI, a hotbed of cryptography and mathematics research in Amsterdam, he started DigiCash and proceeded to build his Internet money invention, employing amongst many others names that would later become famous: Stefan Brands, Niels Ferguson, Gary Howland, Marcel "BigMac" van der Peijl, Nick Szabo, and Bryce "Zooko" Wilcox-Ahearn.

The invention of blinded cash was extraordinary and it caused an unprecedented wave of press attention. Unfortunately, David Chaum and his company made some missteps, and fell foul of the central bank (De Nederlandsche Bank or DNB). The private compromise that they agreed to was that Digicash's e-cash product would only be sold to banks. This accommodation then led the company on a merry dance attempting to field a viable digital cash through many banks, ending up eventually in bankruptcy in 1998. The amount of attention in the press brought very exciting deals to the table, with Microsoft, Deutsche Bank and others, but David Chaum was unable to use them to get to the next level.

On the coattails of Digicash there were hundreds of startups per year working on this space, including my own efforts. In the mid 1990s, the attention switched from Europe to North America for two factors: the Netscape IPO had released a huge amount of VC interest, and also Europe had brought in the first regulatory clampdown on digital cash: the 1994 EU Report on Prepaid Cards, which morphed into a reaction against DigiCash.

Yet, the first great wave of cryptocurrencies spluttered and died, and was instead overtaken by a second wave of web-based monies. First Virtual was a first brief spurt of excitement, to be almost immediately replaced by Paypal which did more or less the same thing.

The difference? Paypal allowed the money to go from person to person, where as FV had insisted that to accept money you must "be a merchant," which was a popular restriction from banks and regulators, but people hated it. Paypal also leapt forward by proposing its system as being a hand-to-hand cash, literally: the first versions were on the Palm Pilot, which was extraordinarily popular with geeks. But this geek-focus was quickly abandoned as Paypal discovered that what people -- real users -- really wanted was money on the web browser. Also, having found a willing userbase in ebay community, its future was more or less guaranteed as long as it avoided the bank/regulatory minefield laid out for it.

As Paypal proved the web became the protocol of choice, even for money, so Chaum's ideas were more or less forgotten in the wider western marketplace, although the tradition was alive in Russia with WebMoney, and there were isolated pockets of interest in the crypto communities. In contrast, several ventures started up chasing a variant of Paypal's web-hybrid: gold on the web. The company that succeeded initially was called e-gold, an American-based operation that had its corporation in Nevis in the Caribbean.

e-gold was a fairly simple idea: you send in your physical gold or 'junk' silver, and they would credit e-gold to your account. Or you could buy new e-gold, by sending a wire to Florida, and they would buy and hold the physical gold. By tramping the streets and winning customers over, the founder managed to get the company into the black and up and growing by around 1999. As e-gold the currency issuer was offshore, it did not require US onshore approval, and this enabled it for a time to target the huge American market of 'goldbugs' and also a growing worldwide community of Internet traders who needed to do cross-border payments. With its popularity on the increase, the independent exchange market exploded into life in 2000, and its future seemed set.

e-gold however ran into trouble for its libertarian ideal of allowing anyone to have an account. While in theory this is a fine concept, the steady stream of ponzis, HYIPs, 'games' and other scams attracted the attention of the Feds. In 2005, e-gold's Florida offices were raided and that was the end of the currency as an effective force. The Feds also proceeded to mop up any of the competitors and exchange operations they could lay their hands on, ensuring the end of the second great wave of new monies.

In retrospect, 9/11 marked a huge shift in focus. Beforehand, the USA was fairly liberal about alternative monies, seeing them as potential business, innovation for the future. After 9/11 the view switched dramatically, albeit slowly; all cryptocurrencies were assumed to be hotbeds of terrorists and drugs dealers, and therefore valid targets for total control. It's probably fair to speculate that e-gold didn't react so well to the shift. Meanwhile, over in Europe, they were going the other way. It had become abundantly clear that the attempt to shutdown cryptocurrencies was too successful, Internet business preferred to base itself in the USA, and there had never been any evidence of the bad things they were scared of. Successive generations of the eMoney law were enacted to open up the field, but being Europeans they never really understood what a startup was, and the less-high barriers remained deal killers.

Which brings us forward to 2008, and the first public posting of the Bitcoin paper by Satoshi Nakamoto.

What's all this worth? The best way I can make this point is an appeal to authority:

Satoshi Nakamoto wrote, on releasing the code:
> You know, I think there were a lot more people interested in the 90's,
> but after more than a decade of failed Trusted Third Party based systems
> (Digicash, etc), they see it as a lost cause. I hope they can make the
> distinction that this is the first time I know of that we're trying a
> non-trust-based system.

Bitcoin is a result of history; when decisions were made, they rebounded along time and into the design. Nakamoto may have been the mother of Bitcoin, but it is a child of many fathers: David Chaum's blinded coins and the fateful compromise with DNB, e-gold's anonymous accounts and the post-9/11 realpolitik, the cypherpunks and their libertarian ideals, the banks and their industrial control policies, these were the whole cloth out of which Nakamoto cut the invention.

And, finally it must be stressed, most all successes and missteps we see here in the growing Bitcoin sector have been seen before. History is not just humming and rhyming, it's singing loudly.

Posted by iang at 07:14 PM | Comments (1) | TrackBack

April 06, 2014

The evil of cryptographic choice (2) -- how your Ps and Qs were mined by the NSA

One of the excuses touted for the Dual_EC debacle was that the magical P & Q numbers that were chosen by secret process were supposed to be defaults. Anyone was at liberty to change them.

Epic fail! It turns out that this might have been just that, a liberty, a hope, a dream. From last week's paper on attacking Dual_EC:

"We implemented each of the attacks against TLS libraries described above to validate that they work as described. Since we do not know the relationship between the NIST- specified points P and Q, we generated our own point Q′ by first generating a random value e ←R {0,1,...,n−1} where n is the order of P, and set Q′ = eP. This gives our trapdoor value d ≡ e−1 (mod n) such that dQ′ = P. (Our random e and its corresponding d are given in the Appendix.) We then modified each of the libraries to use our point Q′ and captured network traces using the libraries. We ran our attacks against these traces to simulate a passive network attacker.

In the new paper that measures how hard it was to crack open TLS when corrupted by Dual_EC, the authors changed the Qs to match the P delivered, so as to attack the code. Each of the four libraries they had was in binary form, and it appears that each had to be hard-modified in binary in order to mind their own Ps and Qs.

So did (a) the library implementors forget that issue? or (b) NIST/FIPS in its approval process fail to stress the need for users to mind their Ps and Qs? or (c) the NSA knew all along that this would be a fixed quantity in every library, derived from the standard, which was pre-derived from their exhaustive internal search for a special friendly pair? In other words:

"We would like to stress that anybody who knows the back door for the NIST-specified points can run the same attack on the fielded BSAFE and SChannel implementations without reverse engineering.

Defaults, options, choice of any form has always been known as bad for users, great for attackers and a downright nuisance for developers. Here, the libraries did the right thing by eliminating the chance for users to change those numbers. Unfortunately, they, NIST and all points thereafter, took the originals without question. Doh!

Posted by iang at 07:32 PM | Comments (0) | TrackBack

April 01, 2014

The IETF's Security Area post-NSA - what is the systemic problem?

In the light of yesterday's newly revealed attack by the NSA on Internet standards, what are the systemic problems here, if any?

I think we can question the way the IETF is approaching security. It has taken a lot of thinking on my part to identify the flaw(s), and not a few rants, with many and aggressive defences and counterattacks from defenders of the faith. Where I am thinking today is this:

First the good news. The IETF's Working Group concept is far better at developing general standards than anything we've seen so far (by this I mean ISO, national committees, industry cartels and whathaveyou). However, it still suffers from two shortfalls.

1. the Working Group system is more or less easily captured by the players with the largest budget. If one views standards as the property of the largest players, then this is not a problem. If OTOH one views the Internet as a shared resource of billions, designed to serve those billions back for their efforts, the WG method is a recipe for disenfranchisement. Perhaps apropos, spotted on the TLS list by Peter Gutmann:

Documenting use cases is an unnecessary distraction from doing actual work. You'll note that our charter does not say "enumerate applications that want to use TLS".

I think reasonable people can debate and disagree on the question of whether the WG model disenfranchises the users, because even though a a company can out-manouver the open Internet through sheer persistence and money, we can still see it happen. In this, IETF stands in violent sunlight compared to that travesty of mouldy dark closets, CABForum, which shut users out while industry insiders prepared the base documents in secrecy.

I'll take the IETF any day, except when...

2. the Working Group system is less able to defend itself from a byzantine attack. By this I mean the security concept of an attack from someone who doesn't follow the rules, and breaks them in ways meant to break your model and assumptions. We can suspect byzantium disclosures in the fingered ID:

The United States Department of Defense has requested a TLS mode which allows the use of longer public randomness values for use with high security level cipher suites like those specified in Suite B [I-D.rescorla-tls-suiteb]. The rationale for this as stated by DoD is that the public randomness for each side should be at least twice as long as the security level for cryptographic parity, which makes the 224 bits of randomness provided by the current TLS random values insufficient.

Assuming the story as told so far, the US DoD should have added "and our friends at the NSA asked us to do this so they could crack your infected TLS wide open in real time."

Such byzantine behaviour maybe isn't a problem when the industry players are for example subject to open observation, as best behaviour can be forced, and honesty at some level is necessary for long term reputation. But it likely is a problem where the attacker is accustomed to that other world: lies, deception, fraud, extortion or any of a number of other tricks which are the tools of trade of the spies.

Which points directly at the NSA. Spooks being spooks, every spy novel you've ever read will attest to the deception and rule breaking. So where is this a problem? Well, only in the one area where they are interested in: security.

Which is irony itself as security is the field where byzantine behaviour is our meat and drink. Would the Working Group concept past muster in an IETF security WG? Whether it does or no depends on whether you think it can defend against the byzantine attack. Likely it will pass-by-fiat because of the loyalty of those involved, I have been one of those WG stalwarts for a period, so I do see the dilemma. But in the cold hard light of sunlight, who is comfortable supporting a WG that is assisted by NSA employees who will apply all available SIGINT and HUMINT capabilities?

Can we agree or disagree on this? Is there room for reasonable debate amongst peers? I refer you now to these words:

On September 5, 2013, the New York Times [18], the Guardian [2] and ProPublica [12] reported the existence of a secret National Security Agency SIGINT Enabling Project with the mission to “actively [engage] the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs.” The revealed source documents describe a US $250 million/year program designed to “make [systems] exploitable through SIGINT collection” by inserting vulnerabilities, collecting target network data, and influencing policies, standards and specifications for commercial public key technologies. Named targets include protocols for “TLS/SSL, https (e.g. webmail), SSH, encrypted chat, VPNs and encrypted VOIP.”
The documents also make specific reference to a set of pseudorandom number generator (PRNG) algorithms adopted as part of the National Institute of Standards and Technology (NIST) Special Publication 800-90 [17] in 2006, and also standardized as part of ISO 18031 [11]. These standards include an algorithm called the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC). As a result of these revelations, NIST reopened the public comment period for SP 800-90.

And as previously written here. The NSA has conducted a long term programme to breach the standards-based crypto of the net.

As evidence of this claim, we now have *two attacks*, being clear attempts to trash the security of TLS and freinds, and we have their own admission of intent to breach. In their own words. There is no shortage of circumstantial evidence that NSA people have pushed, steered, nudged the WGs to make bad decisions.

I therefore suggest we have the evidence to take to a jury. Obviously we won't be allowed to do that, so we have to do the next best thing: use our collective wisdom and make the call in the public court of Internet opinion.

My vote is -- guilty.

One single piece of evidence wasn't enough. Two was enough to believe, but alternate explanations sounded plausible to some. But we now have three solid bodies of evidence. Redundancy. Triangulation. Conclusion. Guilty.

Where it leaves us is in difficulties. We can try and avoid all this stuff by e.g., avoiding American crypto, but it is a bit broader that that. Yes, they attacked and broke some elements of American crypto (and you know what I'm expecting to fall next.). But they also broke the standards process, and that had even more effect on the world.

It has to be said that the IETF security area is now under a cloud. Not only do they need to analyse things back in time to see where it went wrong, but they also need some concept to stop it happening in the future.

The first step however is to actually see the clouds, and admit that rain might be coming soon. May the security AD live in interesting times, borrow my umbrella?

Posted by iang at 11:56 PM | Comments (0) | TrackBack

March 31, 2014

NSA caught again -- deliberate weakening of TLS revealed!?

In a scandal that is now entertaining that legal term of art "slam-dunk" there is news of a new weakness introduced into the TLS suite by the NSA:

We also discovered evidence of the implementation in the RSA BSAFE products of a non-standard TLS extension called "Extended Random." This extension, co-written at the request of the National Security Agency, allows a client to request longer TLS random nonces from the server, a feature that, if it enabled, would speed up the Dual EC attack by a factor of up to 65,000. In addition, the use of this extension allows for for attacks on Dual EC instances configured with P-384 and P-521 elliptic curves, something that is not apparently possible in standard TLS.

This extension to TLS was introduced 3 distinct times through an open IETF Internet Draft process, twice by an NSA employee and a well known TLS specialist, and once by another. The way the extension works is that it increases the quantity of random numbers fed into the cleartext negotiation phase of the protocol. If the attacker has a heads up to those random numbers, that makes his task of divining the state of the PRNG a lot easier. Indeed, the extension definition states more or less that:

4.1. Threats to TLS

When this extension is in use it increases the amount of data that an attacker can inject into the PRF. This potentially would allow an attacker who had partially compromised the PRF greater scope for influencing the output.

The use of Dual_EC, the previously fingered dodgy standard, makes this possible. Which gives us 2 compromises of the standards process that when combined magically work together.

Our analysis strongly suggests that, from an attacker's perspective, backdooring a PRNG should be combined not merely with influencing implementations to use the PRNG but also with influencing other details that secretly improve the exploitability of the PRNG.

Red faces all round.

Posted by iang at 06:12 PM | Comments (0) | TrackBack

February 08, 2014

US State Department rolled, as NSA slides further off-mission. Shoulda used a BlackPhone :D

In what is either belly laugh-level hilarity, or a serious wakeup call for the American taxpayer, Reuters reports on the recent "Fuck the EU" leaks of phone calls. (h/t to zerohedge.) It turns out the recordings may have been (gasp) lifted off the airwaves:

Some U.S. officials blamed Moscow for leaking the call, noting that the recording, posted anonymously, was first highlighted in a tweet from a Russian official.

In Washington, U.S. officials said Nuland and Pyatt apparently used unencrypted cellphones, which are easy to monitor. The officials said smart phones issued to State Department officials had data encryption *but not voice encryption*.

Wtf? Where the hell are you, oh, NSA's security division aka Central Security Service?

The Information Assurance mission confronts the formidable challenge of preventing foreign adversaries from gaining access to sensitive or classified national security information.

How is it that officials of the State Department have zero, zip, nada, nuttin security while blathering on about international negotiations involving an entire strategic country, a major pipeline, and the number one PR circle-jerk for the nation-states?

I had thought that all these things were in the killing zone for the NSA. Ukraine, energy, the Olympic Games, check check check!

But apparently not. The evidence on mission drift is somewhat damning, and becoming deafening.

They have dropped the baby in many ways. They recently downgraded their irrational fear of terrorism, by prioritising the insider threat as a 'national security threat'. Without apparently understanding the bleeding obvious, that insiders such as Snowden and Manning are a threat to them, not to the people who pay their salaries:

“[Snowden and the insider threat] certainly puts us at risk of missing something that we are trying to see, which could lead to [an attack],” said Matthew Olsen, the director of the National Counterterrorism Center.

Spoken without any cynicism or humility!

If they got back to work, and crafted their mission to deliver return on investment to the taxpayer, instead of stealing from other countries' taxpayers, they wouldn't have time to worry about schoolboy plots like terrorism and rogue sysadms.

Message to the American taxpayer: demand your money back. Buy a blackphone instead.

Posted by iang at 03:36 PM | Comments (1) | TrackBack

February 03, 2014

FC++ -- Bitcoin Verification Latency -- The Achilles Heel for Time Sensitive Transactions

New paper for circulation by Ken Griffith and myself:

Bitcoin Verification Latency
The Achilles Heel for Time Sensitive Transactions

Abstract.Bitcoin has a high latency for verifying transactions, by design. Averaging around 8 minutes, such high latency does not resonate with the needs of financial traders for speed, and it opens the door for time-based arbitrage weaknesses such as market timing attacks. Although perhaps tractable in some markets such as peer to peer payments, the Achilles heel of latency makes Bitcoin unsuitable for direct trading of financial assets, and ventures seeking to exploit the market for financial assets will need to overcome this burden.

As with the Gresham's paper, developments moved fast on this question, and there are now more ventures looking at the contracts and trading question. For clarification, I am the secondary author, Ken is lead.

Posted by iang at 08:03 AM | Comments (0) | TrackBack

December 29, 2013

The Ka-Ping challenge -- so you think you can spot a bug?

It being Christmas and we're all looking for a little fun, David Wagner has posted a challenge that was part of a serious study conducted by Ka-Ping Yee and himself:

can good coders find security bugs?

Are you up to it? Are you a hacker-hero or a manager-mouse? David writes:

I believe I've managed to faithfully reconstruct the version of Ping's code that contains the deliberately inserted bug. If you would like to try your hand at finding the bug, you can look at it yourself:

I'm copying Ping, in case he wants to comment or add to this.

Some grounds rules that I'd request, if you want to try this on your own:

  1. Please don't post spoilers to the list. If you think you've found a bug, email Ping and David privately (off-list), and I'll be happy to confirm your find, but please don't post it to the list (just in case others want to take a look too).
  2. To help yourself avoid inadvertently coming across spoilers, please don't look at anything else on the web. Resist the temptation to Google for Pvote, check out the Pvote web site, or check out the links in the code. You should have everything you need in this email. We've made no attempt to conceal the details of the bug, so if you look at other resources on the web, you may come across other stuff that spoils the exercise.
  3. I hope you'll think of this as something for your own own personal entertainment and edification. We can't provide a controlled environment and we can't fully mimic the circumstances of the review over the Internet.

Here's some additional information that may help you.

We told reviewers that there exists at least one bug, in, in a region that contains 100 lines of code. I've marked the region using comments. So, you are free to focus on only that part of the code (I promise you that we did not deliberately insert any bug anywhere else outside that region). Of course, I'm providing all the code, because you may need to understand how it all interacts. The original Pvote code was written to be as secure and verifiable as we could make it; I'm giving you a modified version that was modified to add a bug after the fact. So, this is not some "obfuscated Python" contest where the entire thing was designed to conceal a malicious backdoor: it was designed to be secure, and we added a backdoor only as an afterthought, as a way to better understand the effectiveness of code review.

To help you conduct your code review, it might help to start by understanding the Pvote design. You can read about the theory, design, and principles behind Pvote in our published papers:

The Pvote code probably won't make sense without understanding some aspects of its design and how it is intended to be used, so this background material might be helpful to you.

We also gave reviewers an assurance document, which outlines the "assurance case" (a detailed argument describing why we believe Pvote is secure and fit for purpose and free of bugs). Here's most of it:

Why not all of it? Because I'm lazy. The full assurance document contains the actual, unmodified Pvote code. We wrote the assurance document for the unmodified version of Pvote (without the deliberately inserted bug), and the full assurance document includes the code of the unmodified Pvote. If you were to look at that and compare it to the code I gave you above, you could quickly identify the bug by just doing a diff -- but that would completely defeat the purpose of the exercise. If I had copious free time, I'd modify the assurance document to give you a modified document that matches the modified code -- but I don't have time to do that. So, instead, I've just removed the part of the assurance document that contained the region of the code where we inserted our bug (namely,, and I'm giving you the rest of the assurance document.

In the actual review, we provided reviewers with additional resources that won't be available to you. For instance, we outlined for them the overall design principles of Pvote. We also were available to interactively answer questions, which helped them quickly get up to speed on the code. During the part where we had them review the modified Pvote with a bug inserted, we also answered their questions -- here's what Ping wrote about how we handled that part:

Since insider attacks are a major unaddressed threat in existing systems, we specifically wanted to experiment with this scenario. Therefore, we warned the reviewers to treat us as untrusted adversaries, and that we might not always tell the truth. However, since it was in everyone’s interest to use our limited time efficiently, we settled on a time-saving convention. We promised to truthfully answer any question about a factual matter that the reviewers could conceivably verify mechanically or by checking an independent source — for example, questions about the Python language, about static properties of the code, about its runtime behaviour, and so on.

Of course, since this is something you're doing on your own, you won't get the benefit of interacting with us and having us answer questions for you (to save you time). I realize this does make code review harder. My apologies.

You can assume that someone else has done some runtime testing of the code. We deliberately chose a bug that would survive "Logic & Accuracy Testing" (a common technique in elections, where election officials conduct a test in advance where they cast some ballots, typically chosen so that at least one vote has been cast for each candidate, and then check that the system accurately recorded and tallied those votes). Focus on code review.

-- David

Posted by iang at 02:53 PM | Comments (0) | TrackBack

October 29, 2013

Confirmed: the US DoJ will not put the bankers in jail, no matter how deep the fraud

I've often asked the question why no-one went to jail for the frauds of the financial crisis, and now the US government has answered it: they are complicit in the cover-up, which means that the financial rot has infected the Department of Justice as well. Bill Black writes about the recent Bank of America verdict:

The author of the most brilliantly comedic statement ever written about the crisis is Landon Thomas, Jr. He does not bury the lead. Everything worth reading is in the first sentence, and it should trigger belly laughs nationwide.

Bank of America, one of the nation’s largest banks, was found liable on Wednesday of having sold defective mortgages, a jury decision that will be seen as a victory for the government in its aggressive effort to hold banks accountable for their role in the housing crisis."

“The government,” as a statement of fact so indisputable that it requires neither citation nor reasoning, has been engaged in an “aggressive effort to hold banks accountable for their role in the housing crisis.” Yes, we have not seen such an aggressive effort since Captain Renault told Rick in the movie Casablanca that he was “shocked” to discover that there was gambling going on (just before being handed his gambling “winnings” which were really a bribe).

There are four clues in the sentence I quoted that indicate that the author knows he’s putting us on, but they are subtle. First, the case was a civil case. “The government’s” “aggressive effort to hold banks accountable” has produced – zero convictions of the elite Wall Street officers and banks whose frauds drove the crisis. Thomas, of course, knows this and his use of the word “aggressive” mocks the Department of Justice (DOJ) propaganda. The jurors found that BoA (through its officers) committed an orgy of fraud in order to enrich those officers. That is a criminal act. Prosecutors who are far from “aggressive” prosecute elite frauds criminally because they know it is essential to deter fraud and safeguard our financial system. The DOJ refused to prosecute the frauds led by senior BoA officers. The journalist’s riff is so funny because he portrays DOJ’s refusal to prosecute frauds led by elite BoA officers as “aggressive.” Show the NYT article to friends you have who are Brits and who claim that Americans are incapable of irony. The article’s lead sentence refutes that claim for all time.

The twin loan origination fraud epidemics (liar’s loans and appraisal fraud) and the epidemic of fraudulent sales of the fraudulently originated mortgages to the secondary market would each – separately – constitute the most destructive frauds in history. These three epidemics of accounting control fraud by loan originators hyper-inflated the real estate bubble and drove our financial crisis and the Great Recession. By way of contrast, the S&L debacle was less than 1/70 the magnitude of fraud and losses than the current crisis, yet we obtained over 1,000 felony convictions in cases DOJ designated as “major.” If DOJ is “aggressive” in this crisis what word would be necessary to describe our approach?

Read on for the details of how Bill Black forms his conclusion.

Posted by iang at 05:27 AM | Comments (0) | TrackBack

May 01, 2013

MayDay! MayDay! British Banking Launches new crisis of titanic proportions...

Yes, it's the first of May, also known as May Day, and the communist world's celebration of the victory over capitalism. Quite why MayDay became the international distress message over radio is not known to me, but I'd like to know!

Meanwhile, the British Banking sector is celebrating its own version of MayDay:

The bank went through their customer base and identified which businesses were asset rich and cash poor.

Typically, the SME (small to medium enterprise) would require funding for expansion or to cover short term exposures, and the bank’s relationship manager would work with the business owner on a loan funding cover.

The loan may be for five or ten years, and the relationship manager would often call the client after a short time and say “congratulations, you’ve got the funding”.

The business owner would be delighted and would start committing the funds.

Only then would the relationship manager call them back and say, “ah, we have a concern here about interest rates”.

This would start the process of the disturbance sale of the IRSA.

The rest you can imagine - the bank sold an inappropriate derivative with false information, and without advising the customer of the true costs. This time however the costs were more severe, as it seems that many such businesses went out of business in whole or in part because of the dodgy sale.

In particular, the core issue is that no-one has defined whether the bank will be responsible for contingent liabilities.

The liabilities are for losses made by those businesses that were mis-sold these products and, as a result, have now gone into bankruptcy or been constrained so much that they have been unable to compete or grow their business as they would have if they had not taken these products.

Ouch! I have to applaud Chris Skinner and the Financial Services Club here for coming forth with this information. It is time for society to break ranks here and start dealing with the banks. If this is not done, the banks will bring us all down, and it is not clear at all that the banks aren't going to do just that.

Meanwhile back to the scandal du jour. We are talking about 40k businesses, with average suggested compensation of 2.5 million quid - so we are already up to a potential exposure of 100 billion pounds. Given this, there is no doubt that even the most thickest of the dumbest can predict what will happen next:

Mainly because of the Parliamentary investigation, the Financial Services Authority was kicked into action and, on June 29 2012, announced that it had found "serious failings in the sale of IRSAs to small and medium sized businesses and that this has resulted in a severe impact on a large number of these businesses.”

However, it then left the banks to investigate the cases and work out how to compensate and address them .

The banks response was released on January 31 2013, and it was notable that between the June announcement and bank response in January that the number of cases rose from 28,000 to 40,000. It was also noteworthy that of those 40,000 cases investigated, over 90% were found to have been mis-sold. That’s a pretty damning indictment.

Even then the real issue, according to Jeremy [of Bully Banks], is that the banks are in charge of the process.

Not only is the fox in charge of the chickens, it's also paying off them off for their slaughter. Do we really need to say more? The regulators are in bed with the banks in trying to suppress this scandal.

Obviously, this cunning tactic will save poor banks money and embarrassment. But the emerging problem here is that, as suggested many times in this blog (e.g., 2, 3, 4, ...) and elsewhere, the public is now becoming increasingly convinced that banks are not healthy, honest members of society.

Which is fine, as long as nothing happens.

But I see an issue emerging in the next systemic shock to hit the financial world: if the public's patience is exhausted, as it appeared to be over Cyprus, then the next systemic shock is going to cause the collapse of some major banks. For right or wrong, the public is not going to accept any more talk of bailouts, taxpayer subsidies, etc etc.

The chickens are going to turn on the foxes, and they will not be satisfied with anything less than blood.

One hopes that the old Lady's bank tear-down team is boned up and ready to roll, because they'll be working hard soon.

Posted by iang at 04:34 AM | Comments (3) | TrackBack

February 09, 2012

PKI and SSL - the jaws of trust snap shut

As we all know, it's a right of passage in the security industry to study the SSL business of certificates, and discover that all's not well in the state of Denmark. But the business of CAs and PKI rolled on regardless, seemingly because no threat ever challenged it. Because there was no risk, the system successfully dealt with the threats it had set itself. Which is itself elegant proof that academic critiques and demonstrations and phishing and so forth are not real attacks and can be ignored entirely...

Until 2011.

Last year, we crossed the Rubicon for the SSL business -- and by extension certificates, secure browsing, CAs and the like -- with a series of real attacks against CAs. Examples include the DigiNotar affair, the Iranian affair (attacks on around 5 CAs), and also the lesser known attack a few months back where certificates may have been forged and may have been used in an APT and may have... a lot of things. Nobody's saying.

Either way, the scene is set. The pattern has emerged, the Rubicon is crossed, it gets worse from here on in. A clear and present danger, perhaps? In California, they'd be singing "let's partly like it's 2003," the year that SB1386 slid past our resistance and set the scene for an industry an industry debacle in 2005.

But for us long term observers, no party. There will now be a steady series of these shocks, and journalists will write of our brave new world - security but no security.

With one big difference. Unlike the SB1386 breach party, where we can rely on companies not going away (even as our data does), the security system of SSL and certificates is somewhat optional. Companies can and do expose their data in different ways. We can and do invent new systems to secure or mitigate the damage. So while SB1386 didn't threaten the industry so much as briskly kicked it around, this is different.

At an attacks level, we've crossed a line, but at a wider systems level, we stand on the line.

And that line is a cliff.

Which brings us to this week's news. A CA called Trustwave has just admitted to selling a sub-root for the explicit purpose of MITM'ing. Read about that elsewhere.

Now, we've known that MITMing for fun and profit was going on for a long time. Mozilla's community first learnt of it in the mid 2000s as it was finalising its policy on CAs (a ground-breaking work that I was happy to be involved with). At that time, accusations were circulating against unknown companies listing their roots for the explicit purpose of doing MITMs on unwitting victims. Which raised the hairs, eyebrows and heckles on not a few of us. These accusations have been repeated from time to time, but in each case the "insiders" begged off on the excuse: we cannot break NDA or reputation.

Each time then the industry players were likewise able to fob it off. Hard Evidence? none. Therefore, it doesn't exist, was they industry's response. We knew as individuals, yet as an industry we knew not.

We are all agreed it does exist and it doesn't. We all have jobs to preserve, and will practice cognitive dissonance to the very end.

Of course this situation couldn't last, because a secret of this magnitude never survives. In this case, the company that sold the MITM sub-root, Trustwave, has looked at 2011, and realised the profit from that one CA isn't worth the risk of the DigiNotar experience (bankruptcy). Their decision is to 'fess up now, take it on the chin, because later may be too late.

Which leads to a dilemma, and we the players have divided on each side, one after the other, of that dilemma:

To drop the Trustwave root, or not?

That is the question. First the case for the defence: On the one hand, we applaud the honesty of a CA coming forward and cleaning up house. It's pretty clear that we need our CAs to do this. Otherwise we're not going to get anywhere with this Trust thing. We need to encourage the CAs to work within the system.

Further, if we damage a CA, we damage customers. The cost to lost business is traumatic, and the list of US government agencies that depend on this CA has suddenly become impressive. Just like DigiNotar, it seems, which spread like a wave of mistrust through the government IT departments of the Netherlands. Also, we have to keep an eye on (say) a bigger more public facing CA going down in the aftermath - and the damage to all its customers. And the next, etc.

Is lost business more important than simple faith in those silly certificates? I think lost business is much more important - revenue, jobs, money flowing keeping all of the different parts of the economy going are our most important asset. Ask any politician in USA or Europe or China; this is their number one problem!

Finally, it is pretty clear and accepted that the business purpose to which the sub-Root was put was known and tolerated. Although it is uncomfortable to spy on ones employees, it is just business. Organisations own their data systems, have the responsibility to police them, and have advised their people that this is what they are going to do. SSL included, if necessary.

This view has it that Trustwave has done the right thing. Therefore, pass. And, the more positive proponents suggest an amnesty, after which period there is summary execution for the sins - root removal from the list distributed by the browsers. It's important to not cause disruption.

Now the case for the Prosecution! On the other hand, damn spot: the CA clearly broke their promise. Out!

Three ways, did they breach the trust: It is expressed in the Mozilla policy and presumably of others that certificates are only issued to people who own/control their domains. This is no light or optional thing -- we rely on the policy because CAs and Mozilla and other vendors and auditors and all routinely practice secrecy in this business.

We *must rely on the policy* because they deny us the right to rely on anything else!

Secondly, it is what the public believe in, it is the expectations of any purchaser or user of the product, written or not. It is a simple message, and brooks no complicated exceptions. Either your connection is secure to your online bank, and nobody else can see it *including your employer or IT department*. Or not.

Try explaining this exception to your grandmother, if the words do not work for you.

Finally, the raison d'être: it is the purpose and even the entire goal of the certificate design to do exactly the opposite. The reason we have CAs like TrustWave is to stop the MITM. If they don't stop the MITM, then *we don't need the heavyweight certificate system*, we don't need CAs, and we don't need Mozilla's root list or that of any other vendor.

We can do security much more cost-effectively if we drop the 100% always-on absolutist MITM protection.

Given this breach of trust, what else can we trust in? Can we trust their promises that the purpose was maintained? That the cert never left the building? That secret traffic wasn't vectored in? That HSMs are worth something and audits ensure all is well in Denmark?

This rather being a problem with trust. Lie once, lose it.

There being two views presented, it has to be said that both views are valid. The players are lining up on either side of the line, but they probably aren't so well aware of where this is going.

Only one view is going to win out. Only one side wins this fight.

And in so-doing, in winning, the winner sews the seeds for own destruction.

Because if you religiously take your worldview, and look at the counter-argument to your preferred position, your thesis crumbles for the fallacies.

The jaws of trust just snapped shut on the players who played too long, too hard, too profitably.

Like the financial system. We are no longer worried about the bankruptcy of one or two banks or a few defaults by some fly specks on the map of European. We are now looking at a change that will ripple out and remove what vestiges of purpose and faith were left in PKI. We are now looking at all the other areas of the business that will be effected; ones that brought into the promise even though they knew they shouldn't have.

Like the financial system, a place of uncanny similarity, each new shock makes us wonder and question. Wasn't all this supposed to be solved? Where are the experts? Where is the trust?

We're about to find out the timeless meaning of Caveat Emptor.

Posted by iang at 10:54 PM | Comments (7) | TrackBack

January 29, 2012

Why Threat Modelling fails in practice

I've long realised that threat modelling isn't quite it.

There's some malignancy in the way the Internet IT Security community approached security in the 1990s that became a cancer in our protocols in the 2000s. Eventually I worked out that the problem with the aphorism What's Your Threat Model (WYTM?) was the absence of a necessary first step - the business model - which lack permitted threat modelling to be de-linked from humanity without anyone noticing.

But I still wasn't quite there, it still felt like wise old men telling me "learn these steps, swallow these pills, don't ask for wisdom."

In my recent risk management work, it has suddenly become clearer. Taking from notes and paraphrasing, let me talk about threats versus risks, before getting to modelling.

A threat is something that threatens, something that can cause harm, in the abstract sense. For example, a bomb could be a threat. So could an MITM, an eavesdropper, or a sniper.

But, separating the abstract from the particular, a bomb does not necessarily cause a problem unless there is a connection to us. Literally, it has to be capable of doing us harm, in a direct sense. For this reason, the methodologists say:

Risk = Threat * Harm

Any random bomb can't hurt me, approximately, but a bomb close to me can. With a direct possibility of harm to us, a threat becomes a risk. The methodologists also say:

Risk = Consequences * Likelihood

That connection or context of likely consequences to us suddenly makes it real, as well as hurtful.

A bomb then is a threat, but just any bomb doesn't present a risk to anyone, to a high degree of reliability. A bomb under my car is now a risk! To move from threats to risks, we need to include places, times, agents, intents, chances of success, possible failures ... *victims* ... all the rest needed to turn the abstract scariness into direct painful harm.

We need to make it personal.

To turn the threatening but abstract bomb from a threat to a risk, consider a plane, one which you might have a particular affinity to because you're on it or it is coming your way:

⇒ people dying
⇒ financial damage to plane
⇒ reputational damage to airline
⇒ collateral damage to other assets
⇒ economic damage caused by restrictions
⇒ war, military raids and other state-level responses

Lots of risks! Speaking of bombs as planes: I knew someone booked on a plane that ended up in a tower -- except she was late. She sat on the tarmac for hours in the following plane.... The lovely lady called Dolly who cleaned my house had a sister who should have been cleaning a Pentagon office block, but for some reason ... not that day. Another person I knew was destined to go for coffee at ground zero, but woke up late. Oh, and his cousin was a fireman who didn't come home that day.

Which is perhaps to say, that day, those risks got a lot more personal.

We all have our very close stories to tell, but the point here is that risks are personal, threats are just theories.

Let us now turn that around and consider *threat modelling*. By its nature, threat modelling only deals with threats and not risks and it cannot therefore reach out to its users on a direct, harmful level. Threat modelling is by definition limited to theoretical, abstract concerns. It stops before it gets practical, real, personal.

Maybe this all amounts to no more than a lot of fuss about semantics?

To see if it matters, let's look at some examples: If we look at that old saw, SSL, we see rhyme. The threat modelling done for SSL took the rather abstract notions of CIA -- confidentiality, integrity and authenticity -- and ended up inverse-pyramiding on a rather too-perfect threat of MITM -- Man-in-the-Middle.

We can also see from the lens of threat analysis versus risk analysis that the notion of creating a protocol to protect any connection, an explicit choice of the designers, led to them not being able to do any risk analysis at all; the notion of protecting certain assets such as credit cards as stated in the advertising blurb was therefore conveniently not part of the analysis (which we knew, because any risk analysis of credit cards reveals different results).

Threat modelling therefore reveals itself to be theoretically sound but not necessarily helpful. It is then no surprise that SSL performed perfectly against its chosen threats, but did little to offend the risks that users face. Indeed, arguably, as much as it might have stopped some risks, it helped other risks to proceed in natural evolution. Because SSL dealt perfectly with all its chosen threats, it ended up providing a false sense of false security against harm-incurring risks (remember SSL & Firewalls?).

OK, that's an old story, and maybe completely and boringly familiar to everyone else? What about the rest? What do we do to fix it?

The challenge might then be to take Internet protocol design from the very plastic, perfect but random tendency of threat modelling and move it forward to the more haptic, consequences-directed chaos of risk modelling.

Or, in other words, we've got to stop conflating threats with risks.

Critics can rush forth and grumble, and let me be the first: Moving to risk modelling is going to be hard, as any Internet protocol at least at the RFC level is generally designed to be deployed across an extremely broad base of applications and users.

Remember IPSec? Do you feel the beat? This might be the reason why we say that only end-to-end security cuts the mustard, because end-to-end implies an application, and this draw in the users to permit us to do real risk modelling.

It might then be impossible to do security at the level of an Internet-wide, application-free security protocol, a criticism that isn't new to the IETF. Recall the old ISO layer 5, sometimes called "the security layer" ?

But this doesn't stop the conclusion: threat modelling will always fail in practice, because by definition, threat modelling stops before practice. The place where users are being exposed and harmed can only be investigated by getting personal - including your users in your model. Threat modelling does not go that far, it does not consider the risks against any particular set of users that will be harmed by those risks in full flight. Threat modelling stops at the theoretical, and must by the law of ignorance fail in the practical.

Risks are where harm is done to users. Risk modelling therefore is the only standard of interest to users.

Posted by iang at 02:02 PM | Comments (6) | TrackBack

December 08, 2011

Two-channel breached: a milestone in threat evaluation, and a floor on monetary value

Readers will know we first published the account on "Man in the Browser by Philipp Güring way back when, and followed it up with news that the way forward was dual channel transaction signing. In short, this meant the bank sending an SMS to your handy mobile cell phone with the transaction details, and a check code to enter if you wanted the transaction to go through.

On the face of it, pretty secure. But at the back of our minds, we knew that this was just an increase in difficulty: a crook could seek to control both channels. And so it comes to pass:

In the days leading up to the fraud being committed, [Craig] had received two strange phone calls. One came through to his office two-to-three days earlier, claiming to be a representative of the Australian Tax Office, asking if he worked at the company. Another went through to his home number when he was at work. The caller claimed to be a client seeking his mobile phone number for an urgent job; his daughter gave out the number without hesitation.

The fraudsters used this information to make a call to Craig’s mobile phone provider, Vodafone Australia, asking for his phone number to be “ported” to a new device.

As the port request was processed, the criminals sent an SMS to Craig purporting to be from Vodafone. The message said that Vodafone was experiencing network difficulties and that he would likely experience problems with reception for the next 24 hours. This bought the criminals time to commit the fraud.

The unintended consequence of the phone being used for transaction signing is that the phone is now worth maybe as much as the fraud you can pull off. Assuming the crooks have already cracked the password for the bank account (something probably picked up on a market for pennies), the crooks are now ready to spend substantial amounts of time to crack the phone. In this case:

Within 30 minutes of the port being completed, and with a verification code in hand, the attackers were spending the $45,000 at an electronics retailer.

Thankfully, the abnormally large transaction raised a red flag within the fraud unit of the Commonwealth Bank before any more damage could be done. The team tried – unsuccessfully – to call Craig on his mobile. After several attempts to contact him, Craig’s bank account was frozen. The fraud unit eventually reached him on a landline.

So what happens now that the crooks walked with $45k of juicy electronics (probably convertible to cash at 50-70% off face over ebay) ?

As is standard practice for online banking fraud in Australia, the Commonwealth Bank has absorbed the hit for its customer and put $45,000 back into Craig's account.

A NSW Police detective contacted Craig on September 15 to ensure the bank had followed through with its promise to reinstate the $45,000. With this condition satisfied, the case was suspended on September 29 pending the bank asking the police to proceed with the matter any further.

One local police investigator told SC that in his long career, a bank has only asked for a suspended online fraud case to be investigated once. The vast majority of cases remain suspended. Further, SC Magazine was told that the police would, in any case, have to weigh up whether it has the adequate resources to investigate frauds involving such small amounts of money.

No attempt was made at a local police level to escalate the Craig matter to the NSW Police Fraud and Cybercrime squad, for the same reasons.

In a paper I wrote in 2008, I stated for some value below X, police wouldn't lift a finger. The Prosecutor has too much important work to do! What we have here is a very definate floor beyond which Internet systems which transmit and protect value are unable to rely on external resources such as the law . Reading more:

But the Commonwealth Bank claims it has forwarded evidence to the NSW and Federal Police forces that could have been used to prosecute the offenders.

The bank’s fraud squad – which had identified the suspect transactions within minutes of the fraud being committed - was able to track down where the criminals spent the stolen money.

A spokesman for the bank said it “dealt with both Federal and State (NSW) Police regarding the incident” and that “both authorities were advised on the availability of CCTV footage” of the offenders spending their ill-gotten gains.

“The Bank was advised by one of the authorities that the offender had left the country – reducing the likelihood of further action by that authority,” the spokesperson said.

This number goes up dramatically once we cross a border. In that paper I suggested 25k, here we have a reported number of $45k.

Why is that important? Because, some systems have implicit guarantees that go like "we do blah and blah and blah, and then you go to the police and all your problems are solved!" Sorry, not if it is too small, where small is surprisingly large. Any such system that handwaves you to the police without clearly indicating the floor of interest ... is probably worthless.

So when would you trust a system that backstopped to the police? I'll stick my neck out and say, if it is beyond your borders, and you're risking >> $100k, then you might get some help. Otherwise, don't bet your money on it.

Posted by iang at 04:34 PM | Comments (5) | TrackBack

November 15, 2011

Advanced Persistent Threat (APT) - why did we resist so long?

Bruce Schneier posts on something I've felt as well:

Advanced Persistent Threat (APT)

It's taken me a few years, but I've come around to this buzzword. It highlights an important characteristic of a particular sort of Internet attacker.

A conventional hacker or criminal isn't interested in any particular target. He wants a thousand credit card numbers for fraud, or to break into an account and turn it into a zombie, or whatever. Security against this sort of attacker is relative; as long as you're more secure than almost everyone else, the attackers will go after other people, not you. An APT is different; it's an attacker who -- for whatever reason -- wants to attack you. Against this sort of attacker, the absolute level of your security is what's important. It doesn't matter how secure you are compared to your peers; all that matters is whether you're secure enough to keep him out.

APT attackers are more highly motivated. They're likely to be better skilled, better funded, and more patient. They're likely to try several different avenues of attack. And they're much more likely to succeed.

So, this becomes a really classic case of that old saw: "What's your threat model?"

There are apparently two sterotypical attackers out there (at least in this dichotomy):

  1. the random agnostic thief: "A conventional hacker or criminal isn't interested in any particular target. He wants a thousand credit card numbers for fraud, or to break into an account and turn it into a zombie, or whatever." He doesn't share our economic beliefs of society and trade, but he certainly subscribes to the power of our money.
  2. the advanced persistent threat: the spy who's after your state-level secrets. He's not economic, in the sense that he isn't constrained by normal commercial levels of investment, instead he's got a very large budget behind, with very large strategic interests directing the target choice.

Very different agents, leading to very different models of security. And all other things, such as how we as society deal with these issues.

Schneier finishes on this:

This is why APT is a useful buzzword.

Sure, no matter how uncomfortable we are with the background, it's the buzzword we've got.

Why then did we disbelieve the APT for so long? I think there are three factors.

  • We the people aren't bothered by the APT, we're bothered by the random agnostic thief.
  • The credibility of the USA industrial-military machine is at an all time low. Since the low-point of Colin Powell's speech to the UN, the people routinely disbelieve anything said, and now demand evidence.
  • They presented no evidence. We had to wait until DigiNotar and the surrounding other events (the other CAs) to understand that this was the real deal.

We still aren't so totally accepting. We still have the problem that our attacker is the random agnostic thief.

Why still resist? My feeling is this: I'm annoyed that the state has managed more success in swinging the major Internet vendors around to dealing with selling to the state's APT -- NIST's pogrom on small numbers, ESG’s U.S. Advanced Persistent Threat Analysis, etc -- than we ever had as an open community in dealing with our random agnostic thieves.

We're still following the NSA's drumbeat.

Posted by iang at 12:57 PM | Comments (1) | TrackBack

October 20, 2011

next-gen Stuxnet targets SCADA companies for intelligence

As an example of good disclosure that we can use to analyse our risks on new attacks come from Symantec:

Key points:

  • Executables using the Stuxnet source code have been discovered. They appear to have been developed since the last Stuxnet file was recovered.
  • The executables are designed to capture information such as keystrokes and system information.
  • Current analysis shows no code related to industrial control systems, exploits, or self-replication.
  • The executables have been found in a limited number of organizations, including those involved in the manufacturing of industrial control systems.
  • The exfiltrated data may be used to enable a future Stuxnet-like attack.
  • Now, Symantec are somewhat 'interested' in this disclosure, in the commercial sense, because they gain reputation and thence sell more defences to more customers. They could just shout FUD out to the world. But in this sense, the market has moved to a sense of competition on solid disclosures, as compared by competitor McAfee also putting its own analysis out there.

    And, it turns out that Symantec is doubly interested as the new trojan was signed by one of their (Verisign?) certificates:

    *Update [October 18, 2011] - *Symantec has known that some of the malware files associated with the W32.Duqu threat were signed with private keys associated with a code signing certificate issued to a Symantec customer. Symantec revoked the customer certificate in question on October 14, 2011. Our investigation into the key's usage leads us to the conclusion that the private key used for signing Duqu was stolen, and not fraudulently generated for the purpose of this malware. At no time were Symantec's roots and intermediate CAs at risk, nor were there any issues with any CA, intermediate, or other VeriSign or Thawte brands of certificates. Our investigation shows zero evidence of any risk to our systems; we used the correct processes to authenticate and issue the certificate in question to a legitimate customer in Taiwan.

    Still, I can't fault the disclosure: they investigated and now claim it was a good cert, stolen from the client. They revoked it the same day of being shown the code/sig.

    This information is provided in a way we can RELY on it. From this we can make risk management judgements. See more here.

    Posted by iang at 09:29 PM | Comments (0) | TrackBack

    June 09, 2011

    1st round in Internet Account Fraud World Cup: Customer 0, Bank 1, Attacker 300,000

    More grist for the mill -- where are we on the security debate? Here's a data point.

    In May 2009, PATCO, a construction company based in Maine, had its account taken over by cyberthieves, after malware hijacked online banking log-in and password credentials for the commercial account PATCO held with Ocean Bank. ....

    There are two ways to look at this: the contractual view, and the responsible party view. The first view holds that contracts describe the arrangement, and parties govern themselves. The second holds that the more responsible party is required to be <ahem> more responsible. PATCO decided to ask for the second:

    A magistrate has recommended that a U.S. District Court in Maine deny a motion for a jury trial in an ACH fraud case filed by a commercial customer against its former bank. According to the order, which must still be reviewed by the presiding judge, the bank fulfilled its contractual obligations for security and authentication through its requirement for log-in and password credentials. ....

    At issue for PATCO is whether banks should be held responsible when commercial accounts, like PATCO's, are drained because of fraudulent ACH and wire transfers approved by the bank. How much security should banks and credit unions reasonably be required to apply to the commercial accounts they manage?

    "Obviously, the major issue is the banks are saying this is the depositors' problem," Patterson says, "but the folks that are losing money through ACH fraud don't have enough sophistication to stop this."

    And lost.

    David Navetta, an attorney who specializes in IT security and privacy, says the magistrate's recommendation, if accepted by the judge, could set an interesting legal precedent about the security banks are expected to provide. And unless PATCO disputes the order, Navetta says it's unlikely the judge will overrule the magistrate's findings. PATCO has between 14 and 21 days to respond.

    "Many security law commentators, myself included, have long held that *reasonable security does not mean bullet-proof security*, and that companies need not be at the cutting edge of security to avoid liability," Navetta says. "The court explicitly recognizes this concept, and I think that is a good thing: For once, the law and the security world agree on a key concept."

    My emphasis added, and it is an important point that security doesn't mean absolute security, it means reasonable security. Which from the principle of the word, means stopping when the costs outweigh the benefits.

    But that is not the point that is really addressed. The question is whether (a) how we determine what is acceptable (not reasonable), and (b) if the Customer loses out when acceptable wasn't reasonable, is there any come-back?

    In the disposition, the court notes that Ocean Bank's security could have been better. "It is apparent, in the light of hindsight, that the Bank's security procedures in May 2009 were not optimal," the order states. "The Bank would have more effectively harnessed the power of its risk- profiling system if it had conducted manual reviews in response to red flag information instead of merely causing the system to trigger challenge questions."

    But since *PATCO agreed to the bank's security methods when it signed the contract*, the court suggests then that PATCO considered the bank's methods to be reasonable, Navetta says. The law also does not require banks to implement the "best" security measures when it comes to protecting commercial accounts, he adds.

    So, we can conclude that "reasonable" to the bank meant putting in place risk-profiling systems. Which it then bungled (allegedly). However, the standard of security was as agreed in the contract, *reasonable or not*.

    That is, *reasonable security* doesn't enter into it. More on that, as the observers try and mold this into a "best practices" view:

    "Patco in effect demands that Ocean Bank have adopted the best security procedures then available," the order states. "As the Bank observes, that is not the law."

    (Where it says "best" read "best practices" which is lowest common denominator, a rather different thing to best. In particular, the case is talking about SecureId tokens and the like.)

    Patterson argues that Ocean Bank was not complying with the Federal Financial Institutions Examination Council's requirement for multifactor authentication when it relied solely on log-in and password credentials to verify transactions. Navetta agrees, but the court in this order does not.

    "The court took a fairly literal approach to its analysis and bought the bank's argument that the scheme being used was multifactor, as described in the [FFIEC] guidance," Navetta says. "The analysis on what constitutes multifactor and whether some multifactor schemes [out of band; physical token] are better than others was discussed, and, to some degree, the court acknowledged that the bank's security could have been better. Even so, it was technically multifactor, as described in the FFEIC guidance, in the court's opinion, and "the best" was not necessary."

    Navetta says the court's view of multifactor does not jibe with common industry understanding. Most industry experts, he says, would not consider Ocean Bank's authentication practices in 2009 to be true multifactor. "Obviously, the 'something you have' factor did not fully work if hackers were able to remotely log into the bank using their own computer," he says. "I think that PATCO's argument was the additional factors were meaningless since the challenge question was always asked anyway, and apparently answering it correctly worked even if one of the factors failed. In other words, it appears that PATCO was arguing that the net result of the other two factors failing was going back to a single factor."

    This problem has been known for a long time. When the "best practices" approach is used, as in this FFIEC example, there is a list of things you do. You do them, and you're done. You are encouraged to (a) not do any better, and (b) cheat. The trick employed above, to interpret the term "multi-factor" in a literal fashion, rather than using the security industry's customary (and more expensive) definition, has been known for a long long time.

    It's all part of the "best practices" approach, and the court may have been wise to avoid further endorsing it. There is now more competition in security practices, says this court, and you'll find it in your contract.

    Caveat: as with all such cases, this is a preliminary ruling, and it can be overturned including several times... before we see a precedent.

    Posted by iang at 06:10 AM | Comments (4) | TrackBack

    April 05, 2011

    If data breaches are feared more than hackers, what is the perverse result?

    This headline struck my attention:

    Data Breaches Feared More than Hackers

    The majority of compliance professionals feel that their organizations are well or very well prepared to fend off hacker attacks, however, their confidence wanes significantly when assessing other data breach threats. This according to a survey conducted by the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA).

    This mirrored my results in The Market for Silver Bullets, in that the cost of the loss to intangibles and indirects such as reputation and compliance reviews would far outweigh the direct losses to the individuals. Consequently, this would have perverse effects on the treatment of risks.

    I didn't really go into what those perverse effects were. Suffice, I thought at the time, to say, security's really screwed up, there is no way you can expect a rational result from this mess. But one thing struck me on reading that heading.

    If the indirect effects of the data breach are feared more than the direct effects of the hacker's impacted damages, then there is an easy solution. Simply share the results, and generate a win-win for both. E.g., if the hacker manages to breach, and steal X data sets, he now has two opportunities. He can either exploit the breach set for some gain X*y where y is the average gain per identity, or he can settle with the lead victim.

    Because we know that the indirect costs to the victim will far outweigh the direct gain to the attacker, there is an easy settlement. The victim is easily incentivised to pay for the breach to be settled without additional costs. And the attacker gains too as he has less work to do. Negotiation will find a convenient price between the two bounds.

    Thus, this state of affairs predicts that the market for silver bullets leads to a market for extortion. Hack citibank, sell them their data back. I have no firm data, but I am comfortable with predicting that the difference is an order of magitude. That is, the costs to the victim are around 10 times the benefit to the attacker. Plenty of room there for a win-win solution.

    (For those who are worried about the impact of an illegal contract, it is easy enough to put a silk dress on the pig and sell the breach techniques, with an NDA attached. This of course is the worry behind those breach markets. How close to extortion does it take us? Where do the morals stop and where does the crime start? A topic for another day...)

    As a slight footnote, to confirm my prediction of this particular perverse result, I followed the article. Here's the relevant section found on the survey provider's site, two groups called Society of Corporate Compliance and Ethics and Health Care Compliance Association.

    Fears of an accidental breach far outweigh fears of an intentional breach. Respondents were asked how likely they felt that data would be released through hacking attacks, intentional breaches by employees and third party vendors, and accidental breaches by employees and vendors. In general the feeling was that accidental breaches were far more likely. Just 8% felt that it was somewhat or very likely a hacker would gain access to the system, When it came to breaches by employees, 61% thought an accidental breach was somewhat or very likely, but just 30% thought the same of an intentional breach. Likewise 41% thought an accidental breach by a third party vendor was somewhat or very likely but only 13% thought an intentional breach was somewhat or very likely.

    Unfortunately, no such luck. Right crowd, different story :) Oh well. So markets in extortion won't happen, right?

    Posted by iang at 06:55 PM | Comments (0) | TrackBack

    December 18, 2010

    "Compound threats" to appear in 2011 ?

    One of the things that happened a while back was the arisal of the MITB, which spooked the online banks in Europe. They aggressively pushed forward on their multi-factor approach: using the cell-phone (which Europeans colloquially call the Handy) to confirm the transaction.

    It was recognised at the time that his was a good solution due to the divergence of the two platforms. A hacker could hack the browser, but not the phone. But the next development was also expected: an attack that covered both platforms.

    Now, there is suggestion that this might be expected to emerge:

    McDaid warned, for example, that criminals are increasingly targeting mobile banking and NFC-enabled payments. “I 100 per cent expect these kinds of attacks to increase next year, not just malware attacks but compound threats too,” he explained.

    “This is where criminals exploit SMS, email, phone calls and other channels to target victims.”

    Next step after that? Well, we go back to dumb phones. But this time, the phones are tasked just to do the online payments, and there are no other apps downloadable. Reasonable? Yes, because the basic phone price in bulk has now dropped to a few bucks. Downside is convincing consumers to use it. Upside is that we can do it if we can get them to think of them as credit cards ...

    All in a days work for the strategic marketing department of your bank. If they've got one :)

    Posted by iang at 06:23 AM | Comments (5) | TrackBack

    December 14, 2010

    Threatwatch: taking money & code from "interested parties" (OpenBSD + FBI = backdoors)

    Following email is circulating amongst crypto-plumber communities. I have no idea whether it is accurate or not. It was sent to Theo de Raadt, a shaker & mover over at security-leading OpenBSD group. He also doesn't know...

    Offered here in the spirit of documenting the potential threats to the ITSec world.

    From: Gregory Perry <>
    To: "" <deraadt@o.o>
    Subject: OpenBSD Crypto Framework

    Hello Theo,

    Long time no talk. If you will recall, a while back I was the CTO at NETSEC and arranged funding and donations for the OpenBSD Crypto Framework. At that same time I also did some consulting for the FBI, for their GSA Technical Support Center, which was a cryptologic reverse engineering project aimed at backdooring and implementing key escrow mechanisms for smart card and other hardware-based computing technologies.

    My NDA with the FBI has recently expired, and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.

    This is also probably the reason why you lost your DARPA funding, they more than likely caught wind of the fact that those backdoors were present and didn't want to create any derivative products based upon the same.

    This is also why several inside FBI folks have been recently advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments, for example Scott Lowe is a well respected author in virtualization circles who also happens top be on the FBI payroll, and who has also recently published several tutorials for the use of OpenBSD VMs in enterprise VMware vSphere deployments.

    Merry Christmas...

    Gregory Perry
    Chief Executive Officer
    GoVirtual Education

    "VMware Training Products & Services"

    540-........ x111 (local)
    866-........ x111 (toll free)
    540-........ (mobile)
    877-........ (fax)

    Posted by iang at 10:22 PM | Comments (2) | TrackBack

    November 06, 2010

    NSA loses the crown jewels, or, Law of Unintended Consequences meets Flights of Brittleness

    Lynn points to a long story in The New Yorker that gives a well-written and strong story by Seymour M. Hersh on the origins of the current Cyber War propaganda push by the US Department of Defence. I and many others of the community called this a budgetary war, not a real threat, and it is good to see that there are many in the USA administration that have called "bull" on the Cyber War claim.

    Picking up from page 7:

    Why not ignore the privacy community and put cyber security on a war footing? Granting the military more access to private Internet communications, and to the Internet itself, may seem prudent to many in these days of international terrorism and growing American tensions with the Muslim world. But there are always unintended consequences of military activity—some that may take years to unravel.

    Of particular note for those who subscribe to the "heavy" approach to secure systems, and poo-poo the doctrine of risk management in favour of absolute security, is an example of the Law of Unintended Consequences, and how complicated it is when you push the envelope at so many levels.

    Ironically, the story of the EP-3E aircraft that was downed off the coast of China provides an example. The account, as relayed to me by a fully informed retired American diplomat, begins with the contested Presidential election between Vice-President Al Gore and George W. Bush the previous November. That fall, a routine military review concluded that certain reconnaissance flights off the eastern coast of the former Soviet Union—daily Air Force and Navy sorties flying out of bases in the Aleutian Islands—were redundant, and recommended that they be cut back.

    “Finally, on the eve of the 2000 election, the flights were released,” the former diplomat related. “But there was nobody around with any authority to make changes, and everyone was looking for a job.” The reality is that no military commander would unilaterally give up any mission. “So the system defaulted to the next target, which was China, and the surveillance flights there went from one every two weeks or so to something like one a day,” the former diplomat continued. By early December, “the Chinese were acting aggressively toward our now increased reconnaissance flights, and we complained to our military about their complaints. But there was no one with political authority in Washington to respond, or explain.” The Chinese would not have been told that the increase in American reconnaissance had little to do with anything other than the fact that inertia was driving day-to-day policy. There was no leadership in the Defense Department, as both Democrats and Republicans waited for the Supreme Court to decide the fate of the Presidency.

    The predictable result was an increase in provocative behavior by Chinese fighter pilots who were assigned to monitor and shadow the reconnaissance flights. This evolved into a pattern of harassment in which a Chinese jet would maneuver a few dozen yards in front of the slow, plodding EP-3E, and suddenly blast on its afterburners, soaring away and leaving behind a shock wave that severely rocked the American aircraft. On April 1, 2001, the Chinese pilot miscalculated the distance between his plane and the American aircraft. It was a mistake with consequences for the American debate on cyber security that have yet to be fully reckoned.

    For what went wrong after that, read the rest of the story!

    Posted by iang at 05:24 PM | Comments (0) | TrackBack

    October 23, 2010

    Apple's Mac moment of truth arriving? Or just the silver bullet salesman?

    Mac's moment of truth is arriving:

    "We are approaching a tipping point, where it will soon be financially viable for cybercriminals to target their efforts at Mac users," says Ivan Fermon, senior vice president of product management, Panda Security. "When Apple reaches 15 percent market share worldwide, which Panda expects will happen very soon, we predict that hackers will begin to aggressively target attacks against this platform. The rapid increase in use of Apple-powered devices--iPhones, iPods, iPads--is also making the Mac platform a much more attractive target."

    Not just any tipping point, the one where crooks target the platform. It is an interesting phenomena when such a large user base as Macs aren't an appealing target, but what can one say? It's a theory... More numbers:

    "We receive an average of 55,000 new threats every day at PandaLabs. .... Panda has identified approximately 5,000 malware variants that specifically target Apple systems, and claims to see an average of 500 new samples each month. The Mac has been getting more security research and attention as well. There were only 34 vulnerabilities identified for the Mac in 2009, but with two months to go that number is already at 175 for 2010.

    I'm not sure what to make of 55,000 new threats per day, does that mean PandaLabs has a factory of 1000 people with targets to qualify 55 threats per day? Outstanding productivity! But I know what to make of this:

    So, the short answer to the question of whether or not your Mac needs malware protection is "Yes". Or, at least, it will soon need malware protection if the Apple platform continues to grow as a lucrative target. Consider it a badge of honor in recognition of gaining enough market share for cyber criminals to care. That is why Panda Security is launching Panda Antivirus for Macintosh.

    Ahhh... So all the rest is in support of a sales call from our friendly silver bullet salesman. Well, of course :)

    Posted by iang at 05:15 AM | Comments (6) | TrackBack

    October 05, 2010

    Cryptographic Numerology - our number is up

    Chit-chat around the coffeerooms of crypto-plumbers is disturbed by NIST's campaign to have all the CAs switch up to 2048 bit roots:

    On 30/09/10 5:17 PM, Kevin W. Wall wrote:
    > Thor Lancelot Simon wrote:
    > See below, which includes a handy pointer to the Microsoft and Mozilla policy statements "requiring" CAs to cease signing anything shorter than 2048 bits.
    > These certificates (the end-site ones) have lifetimes of about 3 years maximum. Who here thinks 1280 bit keys will be factored by 2014? *Sigh*.
    No one that I know of (unless the NSA folks are hiding their quantum computers from us :). But you can blame this one on NIST, not Microsoft or Mozilla. They are pushing the CAs to make this happen and I think 2014 is one of the important cutoff dates, such as the date that the CAs have to stop issuing certs with 1024-bit keys.

    I can dig up the NIST URL once I get back to work, assuming anyone actually cares.

    The world of cryptology has always been plagued by numerology.

    Not so much in the tearooms of the pure mathematicians, but all other areas: programming, management, provisioning, etc. It is I think a desperation in the un-endowed to understand something, anything of the topic.

    E.g., I might have no clue how RSA works but I can understand that 2048 has to be twice as good as 1024, right? When I hear it is even better than twice, I'm overjoyed!

    This desperation to be able to talk about it is partly due to having to be part of the business (write some code, buy a cert, make a security decision, sell a product) and partly a sense of helplessness when faced with apparently expert and confident advice. It's not an unfounded fear; experts use their familiarity with the concepts to also peddle other things which are frequently bogus or hopeful or self-serving, so the ignorance leads to bad choices being made.

    Those that aren't in the know are powerless, and shown to be powerless.

    When something simple comes along and fills that void people grasp onto them and won't let go. Like numbers. As long as they can compare 1024 to 2048, they have a safety blanket that allows them to ignore all the other words. As long as I can do my due diligence as a manager (ensure that all my keys are 2048) I'm golden. I've done my part, prove me wrong! Now do your part!

    This is a very interesting problem [1]. Cryptographic numerology diverts attention from the difficult to the trivial. A similar effect happens with absolute security, which we might call "divine cryptography." Managers become obsessed with perfection in one thing, to the extent that they will ignore flaws in another thing. Also, standards, which we might call "beliefs cryptography" for their ability to construct a paper cathedral within which there is room for us all, and our flock, to pray safely inside.

    We know divinity doesn't exist, but people demand it. We know that religions war all the time, and those within a religion will discriminate against others, to the loss of us all. We know all this, but we don't; cognitive dissonance makes us so much happier, it should be a drug.

    It was into this desperate aching void that the seminal paper by Lenstra and Verheul stepped in to put a framework on the numbers [2]. On the surface, it solved the problem of cross-domain number comparison, e.g., 512 bit RSA compared to 256 bit AES, which had always confused the managers. And to be fair, this observation was a long time coming in the cryptographic world, too, which makes L&V's paper a milestone.

    Cryptographic Numerology's star has been on the ascent ever since that paper: As well as solving the cipher-public-key-hash numeric comparison trap, numerology is now graced with academic respectability.

    This made it irresistible to large institutions which are required to keep their facade of advice up. NIST like all the other agencies followed, but NIST has a couple of powerful forces on it. Firstly, NIST is slightly special, in ways that other agencies represented in only wish to be special. NIST, as pushed by the NSA, is protecting primarily US government resources:

    This document has been developed by the National Institute of Standards and Technology (NIST) in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets, but such standards and guidelines shall not apply to national security systems.

    That's US not us. It's not even protecting USA industry. NIST is explicitly targetted by law to protect the various multitude of government agencies that make up the beast we know as the Government of the United States of America. That gives it unquestionable credibility.

    And, as has been noticed a few times, Mars is on the ascendancy: *Cyberwarfare* is the second special force. Whatever one thinks of the mess called cyberwarfare (equity disaster, stuxnet, cryptographic astrology, etc) we can probably agree, if anyone bad is thinking in terms of cracking 1024 bit keys, then they'll be likely another nation-state interested in taking aim against the USG agencies. c.f., stuxnet, which is emerging as a state v. state adventure. USG, or one of USG's opposing states, are probably the leading place on the planet that would face a serious 1024 bit threat if one were to emerge.

    Hence, NIST is plausibly right in imposing 2048-bit RSA keys into its security model. And they are not bad in the work they do, for their client [3]. Numerology and astrology are in alignment today, if your client is from Washington DC.

    However, real or fantastical, this is a threat model that simply doesn't apply to the rest of the world. The sad sad fact is that NIST's threat model belongs to them, to US, not to us. We all adopting the NIST security model is like a Taurus following the advice in the Aries section of today's paper. It's not right, however wise it sounds. And if applied without thought, it may reduce our security not improve it:

    Writes Thor:
    > At 1024 bits, it is not. But you are looking
    > at a factor of *9* increase in computational
    > cost when you go immediately to 2048 bits. At
    > that point, the bottleneck for many applications
    > shifts, particularly those ...
    > Also,...
    > ...and suddenly...
    > This too will hinder the deployment of "SSL everywhere",...

    When US industry follows NIST, and when worldwide industry follows US industry, and when open source Internet follows industry, we have a classic text-book case of adopting someone else's threat, security and business models without knowing it.

    Keep in mind, our threat model doesn't include crunching 1024s. At all, any time, nobody's ever bothered to crunch 512 in anger, against the commercial or private world. So we're pretty darn safe at 1024. But our threat model does include

    *attacks on poor security user interfaces in online banking*

    That's a clear and present danger. And one of the key, silent, killer causes of that is the sheer rarity of HTTPS. If we can move the industry to "HTTPS everywhere" then we can make a significant different. To our security.

    On the other hand, we can shift to 2048, kill the move to "HTTPS everywhere", and save the US Government from losing sleep over the cyberwarfare it created for itself (c.f., the equity failure).

    And that's what's going to happen. Cryptographic Numerology is on a roll, NIST's dice are loaded, our number is up. We have breached the law of unintended consequences, and we are going to be reducing the security of the Internet because of it. Thanks, NIST! Thanks, Mozilla, thanks, Microsoft.

    [1] As well as this area, others have looked at how to make the bounty of cryptography more safely available to non-cognicenti. I especially push the aphorisms of Adi Shamir and Kerckhoffs. And, add my own meagre efforts in Hypotheses and Pareto-secure.

    [2] For detailed work and references on Lenstra & Verheul's paper, see which includes calculators of many of the various efforts. It's a good paper. They can't be criticised for it in the terms in this post, it's the law of unintended consequences again.

    [3] Also, other work by NIST to standardise the PRNG (psuedo-random-number-generator) has to be applauded. The subtlety of what they have done is only becoming apparent after much argumentation: they've unravelled the unprovable entropy problem by unplugging it from the equation.

    But they've gone a step further than the earlier leading work by Ferguson and Schneier and the various quiet cryptoplumbers, by turning the PRNG into a deterministic algorithm. Indeed, we can now see something special: NIST has turned the PRNG into a reverse-cycle message digest. Entropy is now the MD's document, and the psuedo-randomness is the cryptographically-secure hash that spills out of the algorithm.

    Hey Presto! The PRNG is now the black box that provides the one-way expansion of the document. It's not the reverse-cycle air conditioning of the message digest that is exciting here, it's the fact that it is now a new class of algorithms. It can be specified, paramaterised, and most importantly for cryptographic algorithms, given test data to prove the coding is correct.

    (I use the term reverse-cycle in the sense of air-conditioning. I should also stress that this work took several generations to get to where it is today; including private efforts by many programmers to make sense of PRNGs and entropy by creating various application designs, and a couple of papers by Ferguson and Schneier. But it is the black-boxification by NIST that took the critical step that I'm lauding today.)

    Posted by iang at 10:55 AM | Comments (1) | TrackBack

    September 28, 2010

    Crypto-plumbers versus the Men in Black, round 16.

    Skype, RIM, and now CircleTech v. the governments. This battle has been going on for a while. Here's today's battle results:

    BIS [Czech counter-intelligence] officers first offered to Satanek that his firm would supply an encryption system with "a defect" to the market which would help the secret service find out the content of encrypted messages. "This is out of question. It is as if we were proclaiming we are selling bullet-proof vests that would actually not be bullet-proof," Satanek told MfD.

    This is why BIS offered a deal to the firm's owners. BIS wanted CircleTech to develop a programme to decipher the codes. It would only partially help the secret service since not even CircleTech is capable of developing a universal key to decipher all of its codes. Nevertheless, software companies are offering such partial services, and consequently it would not be a problem for CircleTech to meet the order, MfD notes.

    However, BIS officers said the firm need not register the money it would receive from BIS for the order, the paper writes. "You will have on opportunity to get an income that need not be subject to taxation," MfD cites the secret recording of a BIS officer at a meeting with the firm. Satanek rejected the offer and recorded the meetings with BIS.

    BIS then gave it up. However, two months ago it contacted Satanek again, MfD writes. "They told me that we are allegedly meeting suspicious persons who pose a security risk to the state. In such a case we may not pass security vetting of the National Security Office (NBU)," Satanek told MfD.

    Subversion, bribes, and threats, it's all in there! And, no wonder every hot new code jockey goes all starry-eyed at the thought of working on free, open encryption systems.

    Posted by iang at 07:55 AM | Comments (0) | TrackBack

    September 13, 2010

    threatwatch: 1st signs of attacks on certificates?

    An Adobe PDF is being circulated in spam that exploits bugs in Adobe's Reader and/or Windows. The PDF itself is code-signed by a stolen certificate:

    The attack, which has been spotted attached to e-mails touting renowned golf coach and author David Leadbetter, also includes a malicious file that's digitally signed with a valid signature from Missouri-based Vantage Credit Union.

    VeriSign has revoked the signature, but the already baked malware will still carry what appears to be a valid digital signature, Wisniewski said.

    Then, there's a hint of speculation that the expected users of the certificate will be fine. That is, people logging into the Vantage Credit Union will be facing a new certificate as soon as it is in place.

    No mention of what happens to the people who aren't doing that, and when they can expect their fix, sometimes known as revocation.

    [Wisniewski] compared the Reader zero-day exploit with the Stuxnet worm, which caused concern in July when it was discovered attacking industrial control systems at large manufacturing and utility companies. Symantec traced Stuxnet back to June 2009, with attacks likely beginning the following month, when hackers apparently stole digital certificate keys from a pair of Taiwanese software firms and then used them to sign two versions of the worm.

    "This makes two [attacks] that have used valid certificates," Wisniewski said. "I'm starting to wonder if [hackers] aren't using other malware that's specifically targeting certificates and their keys."

    One of the things that was very evident in the last decade as phishing rose up to challenge secure browsing, and now similar things like Money/Quicken "embedded" access over SSL, is this: why aren't more attacks simply stealing the certificates or buying them with bad intentions?

    We theorised that the ordinary downgrade to HTTP was the best alternative. Crooks being economic, that is. This may be the first public signs of a shift or broadening to attacking the certificate itself. There have been private signs of worry for the last year or so.

    Posted by iang at 07:37 PM | Comments (0) | TrackBack

    September 09, 2010

    Security Planning - who watches the watchers?

    I spotted this on a Git doco page:

    As the comments on miskan's page intimate, there is a logic there if one is desperate...

    Posted by iang at 02:08 AM | Comments (0) | TrackBack

    September 01, 2010

    profound misunderstandability in your employee's psyche

    Speaking of profound misunderstandings, this:

    BitDefender created a "test profile" of a nonexistent, 21-year-old woman described as a "fair-haired" and "very, very naïve interlocutor" -- basically a hot rube who was just trying to "figure out how this whole social networking thing worked" by asking a bunch of seemingly innocent, fact-finding questions.

    With the avatar created, the fictitious person then sent out 2,000 "friendship requests," relying on the bogus description and made-up interests as the presumptive lure. Of the 2,000 social networks pinged with a "friendship" request, a stunning 1,872 accepted the invitation. And the vast majority (81 percent) of them did it without asking any questions at all. Others asked a question or two, presumably like, "Who are you?" or "How do I know you?" before eventually adding this new "friend."


    But it gets worse. An astonishing 86 percent of those who accepted the bogus profile's "friendship" request identified themselves as working in the IT industry. Even worse, 31 percent said they worked in some capacity in IT security.

    Posted by iang at 09:46 PM | Comments (1) | TrackBack

    August 13, 2010

    Turning the Honeypot

    I'm reading a govt. security manual this weekend, because ... well, doesn't everyone?

    To give it some grounding, I'm building up a cross-reference against my work at the CA. I expected it to remain rather dry until the very end, but I've just tripped up on this Risk in the section on detecting incidents:

    2.5.7. An agency constructs a honeypot or honeynet to assist in capturing intrusion attempts, resulting in legal action being taken against the agency for breach of privacy.


    Posted by iang at 08:06 PM | Comments (4) | TrackBack

    August 11, 2010

    Hacking the Apple, when where how... and whether we care why?

    One of the things that has been pretty much standard in infosec is that the risks earnt (costs incurred!) from owning a Mac have been dramatically lower. I do it, and save, and so do a lot of my peers & friends. I don't collect stats, but here's a comment from Dan Geer from 2005:

    Amongst the cognoscenti, you can see this: at security conferences of all sorts you’ll find perhaps 30% of the assembled laptops are Mac OS X, and of the remaining Intel boxes, perhaps 50% (or 35% overall) are Linux variants. In other words, while security conferences are bad places to use a password in the clear monoculture on the back of the envelope over a wireless channel, there is approximately zero chance of cascade failure amongst the participants.

    I recommend it on the blog front page as the number 1 security tip of all:

    #1 buy a mac.

    Why this is the case is of course a really interesting question. Is it because Macs are inherently more secure, in themselves? The answer seems to be No, not in themselves. We've seen enough evidence to suggest, at an anecdotal level, that when put into a fair fight, the Macs don't do any better than the competition. (Sometimes they do worse, and the competition ensures those results are broadcast widely :)

    However it is still the case that the while the security in the Macs aren't great, the result for the user is better -- the costs resulting from breaches, installs, virus slow-downs, etc, remain lower [1]. Which would imply the threats are lower, recalling the old mantra of:

    Business model ⇒ threat model ⇒ security model

    Now, why is the threat (model) lower? It isn't because the attackers are fans. They generally want money, and money is neutral.

    One theory that might explain it is the notion of monoculture.

    This idea was captured a while back by Dan Geer and friends in a paper that claimed that the notion of Microsoft's dominance threated the national security of the USA. It certainly threatened someone, as Dan lost his job the day the paper was released [2].

    In brief, monoculture argues that when one platform gains an ascendency to dominate the market, then we enter a situation of particular vulnerability to that platform. It becomes efficient for all economically-motivated attackers to concentrate their efforts on that one dominant platform and ignore the rest.

    In a sense, this is an application of the Religion v. Darwin argument to computer security. Darwin argued that diversity was good for the species as a whole, because singular threats would wipe out singular species. The monoculture critique can also be seen as analogous to Capitalism v. Communism, where the former advances through creative destruction, and the latter stagnates through despotic ignorance.

    A lot of us (including me) looked at the monoculture argument and thought it ... simplistic and hopeful. Yet, the idea hangs on ... so the question shifts for us slower skeptics to how to prove it [3]?

    Apple is quietly wrestling with a security conundrum. How the company handles it could dictate the pace at which cybercriminals accelerate attacks on iPhones and iPads.

    Apple is hustling to issue a patch for a milestone security flaw that makes it possible to remotely hack - or jailbreak - iOS, the operating system for iPhones, iPads and iPod Touch.

    Apple's new problem is perhaps early signs of good evidence that the theory is good. Here we have Apple struggling with hacks on its mobile platform (iPads, iPods, iPhones) and facing a threat which it seemingly hasn't faced on the Macs [4].

    The differentiating factor -- other than the tech stuff -- is that Apple is leading in the mobile market.

    IPhones, in particular, have become a pop culture icon in the U.S., and now the iPad has grabbed the spotlight. "The more popular these devices become, the more likely they are to get the attention of attackers," says Joshua Talbot, intelligence manager at Symantec Security Response.

    Not dominating like Microsoft used to enjoy, but presenting enough of a nose above the pulpit to get a shot taken. Meanwhile, Macs remain stubbornly stuck at a reported 5% of market share in the computer field, regardless of the security advice [5]. And nothing much happens to them.

    If market leadership continues to accrue to Apple in the iP* mobile sector, as the market expect it does, and if security woes continue as well, I'd count that as good evidence [6].

    [1] #1 security tip remains good: buy a Mac, not because of the security but because of the threats. Smart users don't care so much why, they just want to benefit this year, this decade, while they can.

    [2] Perhaps because Dan lost his job, he gets fuller attention. The full cite would be like: Daniel Geer, Rebecca Bace, Peter Gutmann, Perry Metzger, Charles P. Pfleeger, John S. Quarterman, Bruce Schneier, "CyberInsecurity: The Cost of Monopoly How the Dominance of Microsoft's Products Poses a Risk to Security." Preserved by the inestimable, a forerunner of the now infamous

    [3] Proof in the sense of scientific method is not possible, because we can't run the experiment. This is economics, not science, we can't run the experiment like real scientists. What we have to do is perhaps psuedo-scientific-method; we predict, we wait, and we observe.

    [4] On the other hand, maybe the party is about to end for Macs. News just in:

    Security vendor M86 Security says it's discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution.

    Bradley Anstis, vice president of technology strategy at M86 Security, said the security firm uncovered the situation in late July while tracking how one ZeuS botnet had been specifically going after the U.K.-based bank and its customers. The botnet included a few hundred thousand PCs and even about 3,000 Apple Macs, and managed to steal funds from about 3,000 customer accounts through unauthorized transfers equivalent to roughly $892,755.


    [4] I don't believe the 5% market share claim ... I harbour a suspicion that this is some very cunning PR trick in under-reporting by Apple, so as to fly below the radar. If so, I think it's well past its sell-by date since Apple reached the same market cap as Microsoft...

    [5] What is curious is that I'll bet most of Wall Street, and practically all of government, notwithstanding the "national security" argument, continue to keep clear of Macs. For those of us who know the trick, this is good. It is good for our security nation if the governments do not invest in Macs, and keep the monoculture effect positive. Perverse, but who am I to argue with the wisdom in cyber-security circles?

    Posted by iang at 09:30 AM | Comments (1) | TrackBack

    August 01, 2010

    memes in infosec I - Eve and Mallory are missing, presumed dead

    Things I've seen that are encouraging. Bruce Schneier in Q&A:

    Q: We've also seen Secure Sockets Layer (SSL) come under attack, and some experts are saying it is useless. Do you agree?

    A: I'm not convinced that SSL has a problem. After all, you don't have to use it. If I log-on to Amazon without SSL the company will still take my money. The problem SSL solves is the man-in-the-middle attack with someone eavesdropping on the line. But I'm not convinced that's the most serious problem. If someone wants your financial data they'll hack the server holding it, rather than deal with SSL.

    Right. The essence is that SSL solves the "easy" part of the problem, and leaves open the biggest part. Before the proponents of SSL say, "not our problem," remember that AADS did solve it, as did SOX and a whole bunch of other things. It's called end-to-end, and is well known as being the only worthwhile security. Indeed, I'd say it was simply responsible engineering, except for the fact that it isn't widely practiced.

    OK, so this is old news, from around March, but it is worth declaring sanity:

    Q: But doesn't SSL give consumers confidence to shop online, and thus spur e-commerce?

    A: Well up to a point, but if you wanted to give consumers confidence you could just put a big red button on the site saying 'You're safe'. SSL doesn't matter. It's all in the database. We've got the threat the wrong way round. It's not someone eavesdropping on Eve that's the problem, it's someone hacking Eve's endpoint.

    Which is to say, if you are going to do anything to fix the problem, you have to look at the end-points. The only time you should look at the protocol, and the certificates, is how well they are protecting the end-points. Meanwhile, the SSL field continues to be one for security researchers to make headlines over. It's BlackHat time again:

    "The point is that SSL just doesn't do what people think it does," says Hansen, an security researcher with SecTheory who often goes by the name RSnake. Hansen split his dumptruck of Web-browsing bugs into three categories of severity: About half are low-level threats, 10 or so are medium, and two are critical. One example...

    Many observers in the security world have known this for a while, and everyone else has felt increasingly frustrated and despondent about the promise:

    There has been speculation that an organization with sufficient power would be able to get a valid certificate from one of the 170+ certificate authorities (CAs) that are installed by default in the typical browser and could then avoid this alert ....

    But how many CAs does the average Internet user actually need? Fourteen! Let me explain. For the past two weeks I have been using Firefox on Windows with a reduced set of CAs. I disabled ALL of them in the browser and re-enabled them one by one as necessary during my normal usage....

    On the one hand, SSL is the brand of security. On the other hand, it isn't the delivery of security; it simply isn't deployed in secure browsing to provide the user security that was advertised: you are on the site you think you are on. Only as we moved from a benign world to a fraud world, around 2003-2005, this has this been shown to matter. Bruce goes on:

    Q: So is encryption the wrong approach to take?

    A: This kind of issue isn't an authentication problem, it's a data problem. People are recognising this now, and seeing that encryption may not be the answer. We took a World War II mindset to the internet and it doesn't work that well. We thought encryption would be the answer, but it wasn't. It doesn't solve the problem of someone looking over your shoulder to steal your data.

    Indeed. Note that comment about the World War II mindset. It is the case that the entire 1990s generation of security engineers were taught from the military text book. The military assumes its nodes -- its soldiers, its computers -- are safe. And, it so happens, that when armies fight armies, they do real-life active MITMs against each other to gain local advantage. There are cases of this happening, and oddly enough, they'll even do it to civilians if they think they can (ask Greenpeace). And the economics is sane, sensible stuff, if we bothered to think about it: in war, the wire is the threat, the nodes are safe.

    However, adopting "the wire" as the weakness and Mallory as the Man-In-The-Middle, and Eve as the Eavesdropper as "the threat" in the Internet was a mistake. Even in the early 1990s, we knew that the node was the problem. Firstly, ever since the PC, nodes in commercial computing are controlled by (dumb) users not professional (soldiers). Who download shit from the net, not operate trusted military assets. Secondly, observation of known threats told us where the problems lay: floppy viruses were very popular, and phone-line attacks were about spoofing and gaining entry to an end-point. Nobody was bothering with "the wire," nobody was talking about snooping and spying and listening [*].

    The military model was the precise reverse of the Internet's reality.

    To conclude. There is no doubt about this in security circles: the SSL threat model was all wrong, and consequently the product was deployed badly.

    Where the doubt lies is how long it will take the software providers to realise that their world is upside down? It can probably only happen when everyone with credibility stands up and says it is so. For this, the posts shown here are very welcome. Let's hear more!

    [*] This is not entirely true. There is one celebrated case of an epidemic of eavesdropping over ethernets, which was passwords being exchanged over telnet and rsh connections. A case-study in appropriate use of security models follows...

    PS: Memes II - War! Infosec is WAR!

    Posted by iang at 04:33 PM | Comments (3) | TrackBack

    March 24, 2010

    Why the browsers must change their old SSL security (?) model

    In a paper Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL_, by Christopher Soghoian and Sid Stammby, there is a reasonably good layout of the problem that browsers face in delivering their "one-model-suits-all" security model. It is more or less what we've understood all these years, in that by accepting an entire root list of 100s of CAs, there is no barrier to any one of them going a little rogue.

    Of course, it is easy to raise the hypothetical of the rogue CA, and even to show compelling evidence of business models (they cover much the same claims with a CA that also works in the lawful intercept business that was covered here in FC many years ago). Beyond theoretical or probable evidence, it seems the authors have stumbled on some evidence that it is happening:

    The company’s CEO, Victor Oppelman confirmed, in a conversation with the author at the company’s booth, the claims made in their marketing materials: That government customers have compelled CAs into issuing certificates for use in surveillance operations. While Mr Oppelman would not reveal which governments have purchased the 5-series device, he did confirm that it has been sold both domestically and to foreign customers.

    (my emphasis.) This has been a lurking problem underlying all CAs since the beginning. The flip side of the trusted-third-party concept ("TTP") is the centralised-vulnerability-party or "CVP". That is, you may have been told you "trust" your TTP, but in reality, you are totally vulnerable to it. E.g., from the famous Blackberry "official spyware" case:

    Nevertheless, hundreds of millions of people around the world, most of whom have never heard of Etisalat, unknowingly depend upon a company that has intentionally delivered spyware to its own paying customers, to protect their own communications security.

    Which becomes worse when the browsers insist, not without good reason, that the root list is hidden from the consumer. The problem that occurs here is that the compelled CA problem multiplies to the square of the number of roots: if a CA in (say) Ecuador is compelled to deliver a rogue cert, then that can be used against a CA in Korea, and indeed all the other CAs. A brief examination of the ways in which CAs work, and browsers interact with CAs, leads one to the unfortunate conclusion that nobody in the CAs, and nobody in the browsers, can do a darn thing about it.

    So it then falls to a question of statistics: at what point do we believe that there are so many CAs in there, that the chance of getting away with a little interception is too enticing? Square law says that the chances are say 100 CAs squared, or 10,000 times the chance of any one intercept. As we've reached that number, this indicates that the temptation to resist intercept is good for all except 0.01% of circumstances. OK, pretty scratchy maths, but it does indicate that the temptation is a small but not infinitesimal number. A risk exists, in words, and in numbers.

    One CA can hide amongst the crowd, but there is a little bit of a fix to open up that crowd. This fix is to simply show the user the CA brand, to put faces on the crowd. Think of the above, and while it doesn't solve the underlying weakness of the CVP, it does mean that the mathematics of squared vulnerability collapses. Once a user sees their CA has changed, or has a chance of seeing it, hiding amongst the crowd of CAs is no longer as easy.

    Why then do browsers resist this fix? There is one good reason, which is that consumers really don't care and don't want to care. In more particular terms, they do not want to be bothered by security models, and the security displays in the past have never worked out. Gerv puts it this way in comments:

    Security UI comes at a cost - a cost in complexity of UI and of message, and in potential user confusion. We should only present users with UI which enables them to make meaningful decisions based on information they have.

    They love Skype, which gives them everything they need without asking them anything. Which therefore should be reasonable enough motive to follow those lessons, but the context is different. Skype is in the chat & voice market, and the security model it has chosen is well-excessive to needs there. Browsing on the other hand is in the credit-card shopping and Internet online banking market, and the security model imposed by the mid 1990s evolution of uncontrollable forces has now broken before the onslaught of phishing & friends.

    In other words, for browsing, the writing is on the wall. Why then don't they move? In a perceptive footnote, the authors also ponder this conundrum:

    3. The browser vendors wield considerable theoretical power over each CA. Any CA no longer trusted by the major browsers will have an impossible time attracting or retaining clients, as visitors to those clients’ websites will be greeted by a scary browser warning each time they attempt to establish a secure connection. Nevertheless, the browser vendors appear loathe to actually drop CAs that engage in inappropriate be- havior — a rather lengthy list of bad CA practices that have not resulted in the CAs being dropped by one browser vendor can be seen in [6].

    I have observed this for a long time now, predicting phishing until it became the flood of fraud. The answer is, to my mind, a complicated one which I can only paraphrase.

    For Mozilla, the reason is simple lack of security capability at the *architectural* and *governance* levels. Indeed, it should be noticed that this lack of capability is their policy, as they deliberately and explicitly outsource big security questions to others (known as the "standards groups" such as IETF's RFC committees). As they have little of the capability, they aren't in a good position to use the power, no matter whether they would want to or not. So, it only needs a mildly argumentative approach on the behalf of the others, and Mozilla is restrained from its apparent power.

    What then of Microsoft? Well, they certainly have the capability, but they have other fish to fry. They aren't fussed about the power because it doesn't bring them anything of use to them. As a corporation, they are strictly interested in shareholders' profits (by law and by custom), and as nobody can show them a bottom line improvement from CA & cert business, no interest is generated. And without that interest, it is practically impossible to get the various many groups within Microsoft to move.

    Unlike Mozilla, my view of Microsoft is much more "external", based on many observations that have never been confirmed internally. However it seems to fit; all of their security work has been directed to market interests. Hence for example their work in identity & authentication (.net, infocard, etc) was all directed at creating the platform for capturing the future market.

    What is odd is that all CAs agree that they want their logo on their browser real estate. Big and small. So one would think that there was a unified approach to this, and it would eventually win the day; the browser wins for advancing security, the CAs win because their brand investments now make sense. The consumer wins for both reasons. Indeed, early recommendations from the CABForum, a closed group of CAs and browsers, had these fixes in there.

    But these ideas keep running up against resistance, and none of the resistance makes any sense. And that is probably the best way to think of it: the browsers don't have a logical model for where to go for security, so anything leaps the bar when the level is set to zero.

    Which all leads to a new group of people trying to solve the problem. The authors present their model as this:

    The Firefox browser already retains history data for all visited websites. We have simply modified the browser to cause it to retain slightly more information. Thus, for each new SSL protected website that the user visits, a Certlock enabled browser also caches the following additional certificate information:
    A hash of the certificate.
    The country of the issuing CA.
    The name of the CA.
    The country of the website.
    The name of the website.
    The entire chain of trust up to the root CA.

    When a user re-visits a SSL protected website, Certlock first calculates the hash of the site’s certificate and compares it to the stored hash from previous visits. If it hasn’t changed, the page is loaded without warning. If the certificate has changed, the CAs that issued the old and new certificates are compared. If the CAs are the same, or from the same country, the page is loaded without any warning. If, on the other hand, the CAs’ countries differ, then the user will see a warning (See Figure 3).

    This isn't new. The authors credit recent work, but no further back than a year or two. Which I find sad because the important work done by TrustBar and Petnames is pretty much forgotten.

    But it is encouraging that the security models are battling it out, because it gets people thinking, and challenging their assumptions. Only actual produced code, and garnered market share is likely to change the security benefits of the users. So while we can criticise the country approach (it assumes a sort of magical touch of law within the countries concerned that is already assumed not to exist, by dint of us being here in the first place), the country "proxy" is much better than nothing, and it gets us closer to the real information: the CA.

    From a market for security pov, it is an interesting period. The first attempts around 2004-2006 in this area failed. This time, the resurgence seems to have a little more steam, and possibly now is a better time. In 2004-2006 the threat was seen as more or less theoretical by the hoi polloi. Now however we've got governments interested, consumers sick of it, and the entire military-industrial complex obsessed with it (both in participating and fighting). So perhaps the newcomers can ride this wave of FUD in, where previous attempts drowned far from the shore.

    Posted by iang at 07:52 PM | Comments (1) | TrackBack

    December 05, 2009

    Phishing numbers

    From a couple of sources posted by Lynn:

    • A single run only hits 0.0005 percent of users,
    • 1% of customers will follow the phishing links.
    • 0.5% of customers fall for phishing schemes and compromise their online banking information.
    • the monetary losses could range between $2.4 million and $9.4 million annually per one million online banking clients
    • in average ... approximately 832 a year ... reached users' inboxes.
    • costs estimated at up to $9.4 million per year per million users.
    • based on data colleded from "3 million e-banking users who are customers of 10 sizeable U.S. and European banks."

    The primary source was a survey run by an anti-phishing software vendor, so caveats apply. Still interesting!

    For more meat on the bigger picture, see this article: Ending the PCI Blame Game. Which reads like a compressed version of this blog! Perhaps, finally, the thing that is staring the financial operators in the face has started to hit home, and they are really ready to sound the alarm.

    Posted by iang at 06:35 PM | Comments (1) | TrackBack

    November 26, 2009

    Breaches not as disclosed as much as we had hoped

    One of the brief positive spots in the last decade was the California bill to make breaches of data disclosed to effected customers. It took a while, but in 2005 the flood gates opened. Now reports the FBI:

    "Of the thousands of cases that we've investigated, the public knows about a handful," said Shawn Henry, assistant director for the Federal Bureau of Investigation's Cyber Division. "There are million-dollar cases that nobody knows about."

    That seems to point at a super-iceberg. To some extent this is expected, because companies will search out new methods to bypass the intent of the disclosure laws. And also there is the underlying economics. As has been pointed out by many (or perhaps not many but at least me) the reputation damage probably dwarfs the actual or measurable direct losses to the company and its customers.

    Companies that are victims of cybercrime are reluctant to come forward out of fear the publicity will hurt their reputations, scare away customers and hurt profits. Sometimes they don't report the crimes to the FBI at all. In other cases they wait so long that it is tough to track down evidence.

    So, avoidance of disclosure is the strategy for all properly managed companies, because they are required to manage the assets of their shareholders to the best interests of the shareholders. If you want a more dedicated treatment leading to this conclusion, have a look at "the market for silver bullets" paper.

    Meanwhile, the FBI reports that the big companies have improved their security somewhat, so the attackers direct at smaller companies. And:

    They also target corporate executives and other wealthy public figures who it is relatively easy to pursue using public records. The FBI pursues such cases, though they are rarely made public.

    Huh. And this outstanding coordinated attack:

    A similar approach was used in a scheme that defrauded the Royal Bank of Scotland's (RBS.L: Quote, Profile, Research, Stock Buzz) RBS WorldPay of more than $9 million. A group, which included people from Estonia, Russia and Moldova, has been indicted for compromising the data encryption used by RBS WorldPay, one of the leading payment processing businesses globally.

    The ring was accused of hacking data for payroll debit cards, which enable employees to withdraw their salaries from automated teller machines. More than $9 million was withdrawn in less than 12 hours from more than 2,100 ATMs around the world, the Justice Department has said.

    2,100 ATMs! worldwide! That leaves that USA gang looking somewhat kindergarten, with only 50 ATMs cities. No doubt about it, we're now talking serious networked crime, and I'm not referring to the Internet but the network of collaborating, economic agents.

    Compromising the data encryption, even. Anyone know the specs? These are important numbers. Did I miss this story, or does it prove the FBI's point?

    Posted by iang at 01:23 PM | Comments (0) | TrackBack

    October 01, 2009

    Man-in-the-Browser goes to court

    Stephen Mason reports that MITB is in court:

    A gang of internet fraudsters used a sophisticated virus to con members of the public into parting with their banking details and stealing £600,000, a court heard today.

    Once the 'malicious software' had infected their computers, it waited until users logged on to their accounts, checked there was enough money in them and then insinuated itself into cash transfer procedures.

    (also on El Reg.) This breaches the 2-factor authentication system commonly in use because it (a) controls the user's PC, and (b) the authentication scheme that was commonly pushed out over the last decade or so only authenticates the user, not the transaction. So as the trojan now controls the PC, it is the user. And the real user happily authenticates itself, and the trojan, and the trojan's transactions, and even lies about it!

    Numbers, more than ordinarily reliable because they have been heard in court:

    'In fact as a result of this Trojan virus fraud very many people - 138 customers - were affected in this way with some £600,000 being fraudulently transferred.

    'Some of that money, £140,000, was recouped by NatWest after they became aware of this scam.'

    This is called Man-in-the-browser, which is a subtle reference to the SSL's vaunted protection against Man-in-the-middle. Unfortunately several things went wrong in this area of security: Adi's 3rd law of security says the attacker always bypasses; one of my unnumbered aphorisms has it that the node is always the threat, never the wire, and finally, the extraordinary success of SSL in the mindspace war blocked any attempts to fix the essential problems. SSL is so secure that nobody dare challenge browser security.

    The MITB was first reported in March 2006 and sent a wave of fear through the leading European banks. If customers lost trust in the online banking, this would turn their support / branch employment numbers on their heads. So they rapidly (for banks) developed a counter-attack by moving their confirmation process over to the SMS channel of users' phones. The Man-in-the-browser cannot leap across that air-gap, and the MITB is more or less defeated.

    European banks tend to be proactive when it comes to security, and hence their losses are miniscule. Reported recently was something like €400k for a smaller country (7 million?) for an entire year for all banks. This one case in the UK is double that, reflecting that British banks and USA banks are reactive to security. Although they knew about it, they ignored it.

    This could be called the "prove-it" school of security, and it has merit. As we saw with SSL, there never really was much of a threat on the wire; and when it came to the node, we were pretty much defenceless (although a lot of that comes down to one factor: Microsoft Windows). So when faced with FUD from the crypto / security industry, it is very very hard to separate real dangers from made up ones. I felt it was serious; others thought I was spreading FUD! Hence Philipp Güring's paper Concepts against Man-in-the-Browser Attacks, and the episode formed fascinating evidence for the market for silver bullets. The concept is now proven right in practice, but it didn't turn out how we predicted.

    What is also interesting is that we now have a good cycle timeline: March 2006 is when the threat first crossed our radars. September 2009 it is in the British courts.

    Postscript. More numbers from today's MITB:

    A next-generation Trojan recently discovered pilfering online bank accounts around the world kicks it up a notch by avoiding any behavior that would trigger a fraud alert and forging the victim's bank statement to cover its tracks.

    The so-called URLZone Trojan doesn't just dupe users into giving up their online banking credentials like most banking Trojans do: Instead, it calls back to its command and control server for specific instructions on exactly how much to steal from the victim's bank account without raising any suspicion, and to which money mule account to send it the money. Then it forges the victim's on-screen bank statements so the person and bank don't see the unauthorized transaction.

    Researchers from Finjan found the sophisticated attack, in which the cybercriminals stole around 200,000 euro per day during a period of 22 days in August from several online European bank customers, many of whom were based in Germany....

    "The Trojan was smart enough to be able to look at the [victim's] bank balance," says Yuval Ben-Itzhak, CTO of Finjan... Finjan found the attackers had lured about 90,000 potential victims to their sites, and successfully infected about 6,400 of them. ...URLZone ensures the transactions are subtle: "The balance must be positive, and they set a minimum and maximum amount" based on the victim's balance, Ben-Itzhak says. That ensures the bank's anti-fraud system doesn't trigger an alert, he says.

    And the malware is making the decisions -- and alterations to the bank statement -- in real time, he says. In one case, the attackers stole 8,576 euro, but the Trojan forged a screen that showed the transferred amount as 53.94 euro. The only way the victim would discover the discrepancy is if he logged into his account from an uninfected machine.

    Posted by iang at 09:26 AM | Comments (1) | TrackBack

    September 14, 2009

    OSS on how to run a business

    After a rather disastrous meeting a few days ago, I finally found the time to load up:

    OSS's Simple Sabotage Field Manual

    The Office of Strategic Services was the USA dirty tricks brigade of WWII, which later became the CIA. Their field manual was declassified and published, and, lo and behold, it includes some mighty fine advice. This manual was noticed to the world by the guy who presented the story of the CIA's "open intel" wiki, he thought it relevant I guess.

    Sections 11, 12 are most important to us, the rest concentrating on the physical spectrum of blowing up stuff. Onwards:

    (11) General Interference with Organizations and Production

    (a) Organizations and Conferences

    (1) Insist on doing everything through "channels." Never permit short-cuts to be taken in order to, expedite decisions.

    (2) Make "speeches." Talk as frequently as possible and at great length. Illustrate your "points" by long anecdotes and accounts of personal experiences. Never hesitate to make a few appropriate "patriotic" comments.

    (3) When possible, refer all matters to committees, for "further study and consideration." Attempt to make the committees as large as possible - never less than five.

    (4) Bring up irrelevant issues as frequently as possible.

    (5) Haggle over precise wordings of communications, minutes, resolutions.

    (6) Refer back to matters decided upon at the last meeting and attempt to reopen the question of the advisability of that decision.

    (7) Advocate "caution." Be "reasonable" and urge your fellow-conferees to be "reasonable" and avoid haste which might result in embarrassments or difficulties later on.

    (8) Be worried about the propriety of any decision -raise the question of whether such action as is contemplated lies within the jurisdiction of the group or whether it might conflict with the policy of some higher echelon.

    Read the full sections 11,12 and for reference, also the entire manual. As some have suggested, it reads like a modern management manual, perhaps proving that people don't change over time!

    Posted by iang at 09:42 PM | Comments (1) | TrackBack

    September 10, 2009

    Hide & seek in the terrorist battle

    Court cases often give us glimpses of security issues. A court in Britain has just convicted three from the liquid explosives gang, and now that it is over, there are press reports of the evidence. It looks now like the intelligence services achieved one of two possible victories by stopping the plot. Wired reports that NSA intercepts of emails have been entered in as evidence.

    According to Channel 4, the NSA had previously shown the e-mails to their British counterparts, but refused to let prosecutors use the evidence in the first trial, because the agency didn’t want to tip off an alleged accomplice in Pakistan named Rashid Rauf that his e-mail was being monitored. U.S. intelligence agents said Rauf was al Qaeda’s director of European operations at the time and that the bomb plot was being directed by Rauf and others in Pakistan.

    The NSA later changed its mind and allowed the evidence to be introduced in the second trial, which was crucial to getting the jury conviction. Channel 4 suggests the NSA’s change of mind occurred after Rauf, a Briton born of Pakistani parents, was reportedly killed last year by a U.S. drone missile that struck a house where he was staying in northern Pakistan.

    Although British prosecutors were eager to use the e-mails in their second trial against the three plotters, British courts prohibit the use of evidence obtained through interception. So last January, a U.S. court issued warrants directly to Yahoo to hand over the same correspondence.

    So there are some barriers between intercept and use in trial. The reason they came from the NSA is probably that old trick of avoiding prohibitions on domestic surveillance: if the trial had been in the USA, GCHQ might have provided the intercepts.

    What however was more interesting is the content of the alleged messages. This BBC article includes 7 of them, here's one:

    4 July 2006: Abdulla Ahmed Ali to Pakistan Accused plotter Abdulla Ahmed Ali

    Listen dude, when is your mate gonna bring the projectors and the taxis to me? I got all my bits and bobs. Tell your mate to make sure the projectors and taxis are fully ready and proper I don't want my presentation messing up.

    WHAT PROSECUTORS SAID IT MEANT Prosecutors said that projectors and taxis were code for knowledge and equipment because Ahmed Ali still needed some guidance. The word "presentation" could mean attack.

    The others also have interesting use of code words, such as Calvin Klein aftershave for hydrogen peroxide (hair bleach). The use of such codes (as opposed to ciphers) is not new; historically they were well known. Code words tend not to be used now because ciphers cover more of the problem space, and once you know something of the activity, the listener can guess at the meanings.

    In theory at least, and code words clearly didn't work to protect the liquid bombers. Worse for them, it probably made their conviction easier, because Muslims discussing the purchase of 4 litres of aftershave with other Mulsims in Pakistan seems very odd.

    One remaining question was whether the plot would actually work. We all know that the airlines banned liquids because of this event. Many amateurs have opined that it is simply too hard to do liquid explosives. However, the BBC employed an expert to try it, and using what amounts to between half a litre to a liter of finished product, they got this result:

    Certainly a dramatic explosion, enough to kill people within a few metres, and enough to blow a 2m hole in the fuselage. (The BBC video is only a minute long, well worth watching.)

    Would this have brought down the aircraft? Not necessarily as there are many examples of airlines with such damage that have survived. Perhaps if the bomb was in a strategic spot (over wing? or near the fuel lines?) or the aircraft was stuck over the Atlantic with no easy vector. Either way, a bad day to fly, and as the explosives guy said, pity the passengers that didn't have their seat belt on.

    Score one for the intel agencies. But the terrorists still achieved their second victory out of two: passengers are still terrorised in their millions when they forget to dispose of their innocent drinking water. What is somewhat of a surprise is that the terrorists have not as yet seized on the disruptive path that is clearly available, a la John Robb. I read somewhere that it only takes a 7% "security tax" on a city to destroy it over time, and we already know that the airport security tax has to be in that ballpark.

    the state of the CAPTCHA nation:

    The biggest flaw with all CAPTCHA systems is that they are, by definition, susceptible to attack by humans who are paid to solve them. Teams of people based in developing countries can be hired online for $3 per 1,000 CAPTCHAs solved. Several forums exist both to offer such services and parcel out jobs. But not all attackers are willing to pay even this small sum; whether it is worth doing so depends on how much revenue their activities bring in. “If the benefit a spammer is getting from obtaining an e-mail account is less than $3 per 1,000, then CAPTCHA is doing a perfect job,” says Dr von Ahn.

    And here, outside our normal programme, is news from RAH that people pay for the privilege of being a suicide bomber:

    A second analysis with Palantir uncovered more details of the Syrian networks, including profiles of their top coordinators, which led analysts to conclude there wasn't one Syrian network, but many. Analysts identified key facilitators, how much they charged people who wanted to become suicide bombers, and where many of the fighters came from. Fighters from Saudi Arabia, for example, paid the most -- $1,088 -- for the opportunity to become suicide bombers.

    It's important to examine security models remote to our own, because it it gives us neutral lessons on how the economics effects the result. An odd comparison there, that number $1088 is about the value required to acquire a good-but-false set of identity documents.

    Posted by iang at 09:25 AM | Comments (2) | TrackBack

    July 15, 2009

    trouble in PKI land

    The CA and PKI business is busy this week. CAcert, a community Certification Authority, has a special general meeting to resolve the trauma of the collapse of their audit process. Depending on who you ask, my resignation as auditor was either the symptom or the cause.

    In my opinion, the process wasn't working, so now I'm switching to the other side of the tracks. I'll work to get the audit done from the inside. Whether it will be faster or easier this way is difficult to say, we only get to run the experiment once.

    Meanwhile, Mike Zusman and Alex Sotirov are claiming to have breached the EV green bar thing used by some higher end websites. No details available yet, it's the normal tease before a BlabHat style presentation by academics. Rumour has it that they've exploited weaknesses in the browsers. Some details emerging:

    With control of the DNS for the access point, the attackers can establish their machines as men-in-the-middle, monitoring what victims logged into the access point are up to. They can let victims connect to EV SSL sites - turning the address bars green. Subsequently, they can redirect the connection to a DV SSL sessions under a certificates they have gotten illicitly, but the browser will still show the green bar.

    Ah that old chestnut: if you slice your site down the middle and do security on the left and no or lesser security on the right, guess where the attacker comes in? Not the left or the right, but up the middle, between the two. He exploits the gap. Which is why elsewhere, we say "there is only one mode and it is secure."

    Aside from that, this is an interesting data point. It might be considered that this is proof that the process is working (following the GP theory), or it might be proof that the process is broken (following the sleeping-dogs-lie model of security).

    Although EV represents a good documentation of what the USA/Canada region (not Europe) would subscribe as "best practices," it fails in some disappointing ways. And in some ways it has made matters worse. Here's one: because the closed proprietary group CA/B Forum didn't really agree to fix the real problems, those real problems are still there. As Extended Validation has held itself up as a sort of gold standard, this means that attackers now have something fun to focus on. We all knew that SSL was sort of facade-ware in the real security game, and didn't bother to mention it. But now that the bigger CAs have bought into the marketing campaign, they'll get a steady stream of attention from academics and press.

    I would guess less so from real attackers, because there are easier pickings elsewhere, but maybe I'm wrong:

    "From May to June 2009 the total number of fraudulent website URLs using VeriSign SSL certificates represented 26% of all SSL certificate attacks, while the previous six months presented only a single occurrence," Raza wrote on the Symantec Security blogs.

    ... MarkMonitor found more than 7,300 domains exploited four top U.S. and international bank brands with 16% of them registered since September 2008.
    .... But in the latest spate of phishing attempts, the SSL certificates were legitimate because "they matched the URL of the fake pages that were mimicking the target brands," Raza wrote.

    VeriSign Inc., which sells SSL certificates, points out that SSL certificate fraud currently represents a tiny percentage of overall phishing attacks. Only two domains, and two VeriSign certificates were compromised in the attacks identified by Symantec, which targeted seven different brands.

    "This activity falls well within the normal variability you would see on a very infrequent occurrence," said Tim Callan, a product marketing executive for VeriSign's SSL business unit. "If these were the results of a coin flip, with heads yielding 1 and tails yielding 0, we wouldn't be surprised to see this sequence at all, and certainly wouldn't conclude that there's any upward trend towards heads coming up on the coin."

    Well, we hope that nobody's head is flipped in an unsurprising fashion....

    It remains to be seen whether this makes any difference. I must admit, I check the green bar on my browser when online-banking, but annoyingly it makes me click to see who signed it. For real users, Firefox says that it is the website, and this is wrong and annoying, but Mozilla has not shown itself adept at understanding the legal and business side of security. I've heard Safari has been fixed up so probably time to try that again and report sometime.

    Then, over to Germany, where a snafu with a HSM ("high security module") caused a root key to be lost (also in German). Over in the crypto lists, there are PKI opponents pointing out how this means it doesn't work, and there are PKI proponents pointing out how they should have employed better consultants. Both sides are right of course, so what to conclude?

    Test runs with Germany's first-generation electronic health cards and doctors' "health professional cards" have suffered a serious setback. After the failure of a hardware security module (HSM) holding the private keys for the root Certificate Authority (root CA) for the first-generation cards, it emerged that the data had not been backed up. Consequently, if additional new cards are required for field testing, all of the cards previously produced for the tests will have to be replaced, because a new root CA will have to be generated. ... Besides its use in authentication, the root CA is also important for card withdrawal (the revocation service).

    The first thing to realise was that this was a test rollout and not the real thing. So the test discovered a major weakness; in that sense it is successful, albeit highly embarrassing because it reached the press.

    The second thing is the HSM issue. As we know, PKI is constructed as a hierarchy, or a tree. At the root of the tree is the root key of course. If this breaks, everything else collapses.

    Hence there is a terrible fear of the root breaking. This feeds into the wishes of suppliers of high security modules, who make hardware that protect the root from being stolen. But, in this case, the HSM broke, and there was no backup. So a protection for one fear -- theft -- resulted in a vulnerability to another fear -- data loss.

    A moment's thought and we realise that the HSM has to have a backup. Which has to be at least as good as the HSM. Which means we then have some rather cute conundrums, based on the Alice in Wonderland concept of having one single root except we need multiple single roots... In practice, how do we create the root inside the HSM (for security protection) and get it to another HSM (for recovery protection)?

    Serious engineers and architects will be reaching for one word: BRITTLE! And so it is. Yes, it is possible to do this, but only by breaking the hierarchical principle of PKI itself. It is hard to break fundamental principles, and the result is that PKI will always be brittle, the implementations will always have contradictions that are swept under the carpet by the managers, auditors and salesmen. The PKI design is simply not real world engineering, and the only thing that keeps it going is the institutional deadly embrace of governments, standards committees, developers and security companies.

    Not the market demand. But, not all has been bad in the PKI world. Actually, since the bottoming out of the dotcom collapse, certs have been on the uptake, and market demand is present albeit not anything beyond compliance-driven. Here comes a minor item of success:

    VeriSign, Inc. [SNIP] today reported it has topped the 1 billion mark for daily Online Certificate Status Protocol (OCSP) checks.

    [SNIP] A key link in the online security chain, OCSP offers the most timely and efficient way for Web browsers to determine whether a Secure Sockets Layer (SSL) or user certificate is still valid or has been revoked. Generally, when a browser initiates an SSL session, OCSP servers receive a query to check to see if the certificate in use is valid. Likewise, when a user initiates actions such as smartcard logon, VPN access or Web authentication, OCSP servers check the validity of the user certificate that is presented. OSCP servers are operated by Certificate Authorities, and VeriSign is the world's leading Certificate Authority.

    [SNIP] VeriSign is the EV SSL Certificate provider of choice for more than 10,000 Internet domain names, representing 74 percent of the entire EV SSL Certificate market worldwide.

    (In the above, I've snipped the self-serving marketing and one blatant misrepresentation.)

    Certificates are static statements. They can be revoked, but the old design of downloading complete lists of all revocations was not really workable (some CAs ship megabyte-sized lists). We now have a new thing whereby if you are in possession of a certificate, you can do an online check of its status, called OCSP.

    The fundamental problem with this, and the reason why it took the industry so long to get around to making revocation a real-time thing, is that once you have that architecture in place, you no longer need certificates. If you know the website, you simply go to a trusted provider and get the public key. The problem with this approach is that it doesn't allow the CA business to sell certificates to web site owners. As it lacks any business model for CAs, the CAs will fight it tooth & nail.

    Just another conundrum from the office of security Kafkaism.

    Here's another one, this time from the world of code signing. The idea is that updates and plugins can be sent to you with a digital signature. This means variously that the code is good and won't hurt you, or someone knows who the attacker is, and you can't hurt him. Whatever it means, developers put great store in the apparent ability of the digital signature to protect themselves from something or other.

    But it doesn't work with Blackberry users. Allegedly, a Blackberry provider sent a signed code update to all users in United Arab Emirates:

    Yesterday it was reported by various media outlets that a recent BlackBerry software update from Etisalat (a UAE-based carrier) contained spyware that would intercept emails and text messages and send copies to a central Etisalat server. We decided to take a look to find out more.

    Whenever a message is received on the device, the Recv class first inspects it to determine if it contains an embedded command — more on this later. If not, it UTF-8 encodes the message, GZIPs it, AES encrypts it using a static key (”EtisalatIsAProviderForBlackBerry”), and Base64 encodes the result. It then adds this bundle to a transmit queue. The main app polls this queue every five seconds using a Timer, and when there are items in the queue to transmit, it calls this function to forward the message to a hardcoded server via HTTP (see below). The call to http.sendData() simply constructs the POST request and sends it over the wire with the proper headers.

    Oops! A signed spyware from the provider that copies all your private email and sends it to a server. Sounds simple, but there's a gotcha...

    The most alarming part about this whole situation is that people only noticed the malware because it was draining their batteries. The server receiving the initial registration packets (i.e. “Here I am, software is installed!”) got overloaded. Devices kept trying to connect every five seconds to empty the outbound message queue, thereby causing a battery drain. Some people were reporting on official BlackBerry forums that their batteries were being depleted from full charge in as little as half an hour.

    So, even though the spyware provider had a way to turn it on and off:

    It doesn’t seem to execute arbitrary commands, just packages up device information such as IMEI, IMSI, phone number, etc. and sends it back to the central server, the same way it does for received messages. It also provides a way to remotely enable/disable the spyware itself using the commands “start” and “stop”.

    There was something wrong with the design, and everyone's blackberry went mad. Two points: if you want to spy on your own customers, be careful, and test it. Get quality engineers on to that part, because you are perverting a brittle design, and that is tricky stuff.

    Second point. If you want to control a large portion of the population who has these devices, the centralised hierarchy of PKI and its one root to bind them all principle would seem to be perfectly designed. Nobody can control it except the center, which puts you in charge. In this case, the center can use its powerful code-signing abilities to deliver whatever you trust to it. (You trust what it tells you to trust, of course.)

    Which has led some wits to label the CAs as centralised vulnerability partners. Which is odd, because some organisations that should know better than to outsource the keys to their security continue to do so.

    But who cares, as long as the work flows for the consultants, the committees, the HSM providers and the CAs?

    Posted by iang at 07:13 AM | Comments (7) | TrackBack

    April 02, 2009

    Are the "brightest minds in finance" finally onto something?

    [Lynn writes somewhere else, copied without shame:]

    A repeated theme in the Madoff hearing (by the person trying for a decade to get SEC to do something about Madoff) was that while new legislation and regulation was required, it was much more important to have transparency and visibility; crooks are inventive and will always be ahead of regulation.

    however ... from The Quiet Coup:

    But there's a deeper and more disturbing similarity: elite business interests -- financiers, in the case of the U.S. -- played a central role in creating the crisis, making ever-larger gambles, with the implicit backing of the government, until the inevitable collapse. More alarming, they are now using their influence to prevent precisely the sorts of reforms that are needed, and fast, to pull the economy out of its nosedive. The government seems helpless, or unwilling, to act against them.

    From The DNA of Corruption:

    While the scale of venality of Wall Street dwarfs that of the Pentagon's, I submit that many of the central qualities shaping America's Defense Meltdown (an important new book with this title, also written by insiders, can be found here) can be found in Simon Johnson's exegesis of America's even more profound Financial Meltdown.

    ... and related to above, Mark-to-Market Lobby Buoys Bank Profits 20% as FASB May Say Yes:

    Officials at Norwalk, Connecticut-based FASB were under "tremendous pressure" and "more or less eviscerated mark-to-market accounting," said Robert Willens, a former managing director at Lehman Brothers Holdings Inc. who runs his own tax and accounting advisory firm in New York. "I'd say there was a pretty close cause and effect."

    From Now-needy FDIC collected little in premiums:

    The federal agency that insures bank deposits, which is asking for emergency powers to borrow up to $500 billion to take over failed banks, is facing a potential major shortfall in part because it collected no insurance premiums from most banks from 1996 to 2006.

    with respect to taxes, there was roundtable of "leading expert" economists last summer about current economic mess. their solution was "flat rate" tax. the justification was:

    1. eliminates possibly majority of current graft & corruption in washington that is related to current tax code structure, lobbying and special interests
    2. picks up 3-5% productivity in GNP. current 65,000 page taxcode is reduced to 600 pages ... that frees up huge amount of people-hrs in lost productivity involved in dealing directly with the taxcode as well as lost productivity because of non-optimal business decisions.

    their bottom line was that it probably would only be temporary before the special interests reestablish the current pervasive atmosphere of graft & corruption.

    a semi-humorous comment was that a special interest that has lobbied against such a change has been Ireland ... supposedly because some number of US operations have been motivated to move to Ireland because of their much simpler business environment.

    with respect to feedback processes ... I (Lynn) had done a lot with dynamic adaptive (feedback) control algorithms as an undergraduate in the 60s ... which was used in some products shipped in the 70s & 80s. In theearly 80s, I had a chance to meet John Boyd and sponsor his briefings. I found quite a bit of affinity to John's OODA-loop concept (observe, orient, decide, act) that is now starting to be taught in some MBA programs.

    Posted by iang at 06:51 PM | Comments (3) | TrackBack

    February 13, 2009

    this one's significant: 49 cities in 30 minutes!

    No, not this stupidity: "The Breach of All Breaches?" but this one, spotted by JP (and also see Fraud, Phishing and Financial Misdeeds, scary, flashmob, and fbi wanted poster seen to right):

    * Reported by John Deutzman

    Photos from security video (see photo gallery at left at bottom right) obtained by Fox 5 show of a small piece of a huge scam that took place all in one day in a matter of hours. According to the FBI , ATMs from 49 cities were hit -- including Atlanta, Chicago, New York, Montreal, Moscow and Hong Kong.

    "We've seen similar attempts to defraud a bank through ATM machines but not, not anywhere near the scale we have here," FBI Agent Ross Rice told Fox 5.

    "Over 130 different ATM machines in 49 cities worldwide were accessed in a 30-minute period on November 8," Agents Rice said. "So you can get an idea of the number of people involved in this and the scope of the operation."

    Here is the amazing part: With these cashers ready to do their dirty work around the world, the hacker somehow had the ability to lift those limits we all have on our ATM cards. For example, I'm only allowed to take out $500 a day, but the cashers were able to cash once, twice, three times over and over again. When it was all over, they only used 100 cards but they ripped off $9 million.

    This lifts the level of capability of the attacker several notches up. This is a huge coordinated effort. Are we awake now to the problems that we created for ourselves a decade ago?

    (Apologies, no time to do the real research and commentary today! Thanks, JP!)

    Posted by iang at 08:25 AM | Comments (0) | TrackBack

    January 19, 2009

    Microsoft: Phishing losses greatly over-estimated

    Seen on the net:

    09 Jan 2009 14:21

    Phishers make much less from their scams than analysts have estimated, according to research from the software maker. The financial losses experienced by victims of phishing scams may be up to 50 times less than estimated by analysts, according to a Microsoft study. Previous studies by organisations such as Gartner, which in 2007 estimated US phishing losses at $3.2bn (£2bn), "crumble upon inspection", Microsoft researchers said in their report, published on Tuesday.

    Nevertheless, stories of easy money may be encouraging a phishing "gold rush" effect, where large numbers of newcomers enter the phishing business expecting huge returns, only to be preyed upon by more experienced phishers, according to A Profitless Endeavor: Phishing as Tragedy of the Commons.

    The study, undertaken by Microsoft researchers Cormac Herley and Dinei Florencio, also suggests there is less profit than thought in phishing because there is only a limited number of people who will be fooled by the scams, and that pool gets smaller as the scams claim victims.

    "Phishing is a classic example of tragedy of the commons, where there is open access to a resource that has limited ability to regenerate," the authors say in their report. "Since each phisher independently seeks to maximise his return, the resource is over-grazed and [on average] yields far less than it is capable of." Instead of getting a maximum return for a minimum effort, the majority of phishers make a weekly wage of hundreds, rather than thousands, of dollars, the researchers said.


    No comment from here, because I haven't read the source as yet.

    Posted by iang at 05:10 PM | Comments (0) | TrackBack

    December 07, 2008

    Unwinding secrecy -- how to do it?

    The next question on unwinding secrecy is how to actually do it. It isn't as trivial as it sounds. Perhaps this is because the concept of "need-to-know" is so well embedded in the systems and managerial DNA that it takes a long time to root it out.

    At LISA I was asked how to do this; but I don't have much of an answer. Here's what I have observed:

    • Do a little at a time.
    • Pick a small area and start re-organising it. Choose an area where there is lots of frustration and lots of people to help. Open it up by doing something like a wiki, and work the information. It will take a lot of work and pushing by yourself, mostly because people won't know what you are doing or why (even if you tell them).
    • What is needed is a success. That is, a previously secret area is opened up, and as a result, good work gets done that was otherwise inhibited. People need to see the end-to-end journey in order to appreciate the message. (And, obviously, it should be clear at the end of it that you don't need the secrecy as much as you thought.)
    • Whenever some story comes out about a successful opening of secrecy, spread it around. The story probably isn't relevant to your organisation, but it gets people thinking about the concept. E.g., that which I posted recently was done to get people thinking. Another from Chandler.
    • Whenever there is a success on openness inside your organisation, help to make this a showcase (here are three). Take the story and spread it around; explain how the openness made it possible.
    • When some decision comes up about "and this must be kept secret," discuss it. Challenge it, make it prove itself. Remind people that we are an open organisation and there is benefit in treating all as open as possible.
    • Get a top-level decision that "we are open." Make it broad, make it serious, and incorporate the exceptions. "No, we really are open; all of our processes are open except when a specific exception is argued for, and that must be documented and open!" Once this is done, from top-level, you can remind people in any discussion. This might take years to get, so have a copy of a resolution in your back pocket for a moment when suddenly, the board is faced with it, and minded to pass a broad, sweeping decision.
    • Use phrases like "security-by-obscurity." Normally, I am not a fan of these as they are very often wrongly used; so-called security-by-obscurity often tans the behinds of supposed open standards models. But it is a useful catchphrase if it causes the listener to challenge the obscure security benefits of secrecy.
    • Create an opening protocol. Here's an idea I have seen: when someone comes across a secret document (generally after much discussion ...) that should not have been kept secret, let them engage in the Opening-Up Protocol without any further ado. Instead of grumbling or asking, put the ball in their court. Flip it around, and take the default as to be open:
      "I can't see why document X is secret, it seems wrong. Therefore, in 1 month, I intend to publish it. If there is any real reason, let me know before then."
      This protocol avoids the endless discussions as to why and whether.

    Well, that's what I have thought about so far. I am sure there is more.

    Posted by iang at 01:24 PM | Comments (0) | TrackBack

    November 20, 2008

    Unwinding secrecy -- busting the covert attack

    Have a read of this. Quick summary: Altimo thinks Telenor may be using espionage tactics to cause problems.

    Altimo alleges the interception of emails and tapping of telephone calls, surveillance of executives and shareholders, and payments to journalists to write damaging articles.

    So instead of getting its knickers in a knot (court case or whatever) Altimo simply writes to Telenor and suggests that this is going on, and asks for confirmation that they know nothing about it, do not endorse it, etc.

    Who ya bluffin?

    ...Andrei Kosogov, Altimo's chairman, wrote an open letter to Telenor's chairman, Harald Norvik, asking him to explain what Telenor's role has been and "what activity your agents have directed at Altimo". He said that he was "reluctant to believe" that Mr Norvik or his colleagues would have sanctioned any of the activities complained of.

    .... Mr Kosogov said he first wrote to Telenor in October asking if the company knew of the alleged campaign, but received no reply. In yesterday's letter to Mr Norvik, Mr Kosogov writes: "We would welcome your reassurance that Telenor's future dealings with Altimo will be conducted within a legal and ethical framework."

    Think about it: This open disclosure locks down Telenor completely. It draws a firm line in time, as also, gives Telenor a face-saving way to back out of any "exuberance" it might have previously "endorsed." If indeed Telenor does not take this chance to stop the activity, it would be negligent. If it is later found out that Telenor's board of directors knew, then it becomes a slam-dunk in court. And, if Telenor is indeed innocent of any action, it engages them in the fight to also chase the perpetrator. The bluff is called, as it were.

    This is good use of game theory. Note also that the Advisory Board of Altimo includes some high-powered people:

    Evidence of an alleged campaign was contained in documents sent to each member of Altimo's advisory board some time before October. The board is chaired by ex-GCHQ director Sir Francis Richards, and includes Lord Hurd, a former UK Foreign Secretary, and Sir Julian Horn-Smith, a founder of Vodafone.

    We could speculate that those players -- the spooks and mandarins -- know how powerful open disclosure is in locking down the options of nefarious players. A salutory lesson!

    Posted by iang at 06:25 PM | Comments (1) | TrackBack

    November 19, 2008

    Unwinding secrecy -- how far?

    One of the things that I've gradually come to believe in is that secrecy in anything is more likely to be a danger to you and yours than a help. The reasons for this are many, but include:

    • hard to get anything done
    • your attacker laughs!
    • ideal cover for laziness, a mess or incompetence

    There are no good reasons for secrecy, only less bad ones. If we accept that proposition, and start unwinding the secrecy so common in organisations today, there appear to be two questions: how far to open up, and how do we do it?

    How far to open up appears to be a personal-organisational issue, and perhaps the easiest thing to do is to look at some examples. I've seen three in recent days which I'd like to share.

    First the Intelligence agencies: in the USA, they are now winding back the concept of "need-to-know" and replacing it with "responsibility-to-share".

    Implementing Intellipedia Within a "Need to Know" Culture

    Sean Dennehy, Chief of Intellipedia Development, Directorate of Intelligence, U.S. Central Intelligence Agency

    Sean will share the technical and cultural changes underway at the CIA involving the adoption of wikis, blogs, and social bookmarking tools. In 2005, Dr. Calvin Andrus published The Wiki and The Blog: Toward a Complex Adaptive Intelligence Community. Three years later, a vibrant and rapidly growing community has transformed how the CIA aggregates, communicates, and organizes intelligence information. These tools are being used to improve information sharing across the U.S. intelligence community by moving information out of traditional channels.

    The way they are doing this is to run a community-wide suite of social network tools: blogs, wikis, youtube-copies, etc. The access is controlled at the session level by the username/password/TLS and at the person level by sponsoring. That latter means that even contractors can be sponsored in to access the tools, and all sorts of people in the field can contribute directly to the collection of information.

    The big problem that this switch has is that not only is intelligence information controlled by "need to know" but also it is controlled in horizontal layers. For same of this discussion, there are three: TOP SECRET / SECRET / UNCLASSIFIED-CONTROLLED. The intel community's solution to this is to have 3 separate networks in parallel, one for each, and to control access to each of these. So in effect, contractors might be easily sponsored into the lowest level, but less likely in the others.

    What happens in practice? The best coverage is found in the network that has the largest number of people, which of course is the lowest, UNCLASSIFIED-CONTROLLED network. So, regardless of the intention, most of the good stuff is found in there, and where higher layer stuff adds value, there are little pointers embedded to how to find it.

    In a nutshell, the result is that anyone who is "in" can see most everything, and modify everything. Anyone who is "out" cannot. Hence, a spectacular success if the mission was to share; it seems so obvious that one wonders why they didn't do it before.

    As it turns out, the second example is quite similar: Google. A couple of chaps from there explained to me around the dinner table that the process is basically this: everyone inside google can talk about any project to any other insider. But, one should not talk about projects to outsiders (presumably there are some exceptions). It seems that SEC (Securities and Exchange Commission in USA) provisions for a public corporation lead to some sensitivity, and rather than try and stop the internal discussion, google chose to make it very simple and draw a boundary at the obvious place.

    The third example is CAcert. In order to deal with various issues, the Board chose to take it totally open last year. This means that all the decisions, all the strategies, all the processes should be published and discussable to all. Some things aren't out there, but they should be; if an exception is needed it must be argued and put into policies.

    The curious thing is why CAcert did not choose to set a boundary at some point, like google and the intelligence agencies. Unlike google, there is no regulator to say "you must not reveal inside info of financial import." Unlike the CIA, CAcert is not engaging in a war with an enemy where the bad guys might be tipped off to some secret mission.

    However, CAcert does have other problems, and it has one problem that tips it in the balance of total disclosure: the presence of valuable and tempting privacy assets. These seem to attract a steady stream of interested parties, and some of these parties are after private gain. I have now counted 4 attempts to do this in my time related to CAcert, and although each had their interesting differences, they each in their own way sought to employ CAcert's natural secrecy to own advantage. From a commercial perspective, this was fairly obvious as the interested parties sought to keep their negotiations confidential, and this allowed them to pursue the sales process and sell the insiders without wiser heads putting a stop to it. To the extent that there are incentives for various agencies to insert different agendas into the inner core, then the CA needs a way to manage that process.

    How to defend against that? Well, one way is to let the enemy of your enemy know who we are talking to. Let's take a benign example which happened (sort of): a USB security stick manufacturer might want to ship extra stuff like CAcert's roots on the stick. Does he want the negotiations to be private because other competitors might deal for equal access, or does he want it private because wiser heads will figure out that he is really after CAcert's customer list? CAcert might care more about one than they other, but they are both threats to someone. As the managers aren't smart enough to see every angle, every time, they need help. One defence is many eyeballs and this is something that CAcert does have available to it. Perhaps if sufficient info of the emerging deal is published, then the rest of the community can figure it out. Perhaps, if the enemy's enemy notices what is going on, he can explain the tactic.

    A more poignant example might be someone seeking to pervert the systems and get some false certificates issued. In order to deal with those, CAcert's evolving Security Manual says all conflicts of interest have to be declared broadly and in advance, so that we can all mull over them and watch for how these might be a problem. This serves up a dilemma to the secret attacker: either keep private and lie, and risk exposure later on, or tell all upfront and lose the element of surprise.

    This method, if adopted, would involve sacrifices. It means that any agency that is looking to impact the systems is encouraged to open up, and this really puts the finger on them: are they trying to help us or themselves? Also, it means that all people in critical roles might have to sacrifice their privacy. This latter sacrifice, if made, is to preserve the privacy of others, and it is the greater for it.

    Posted by iang at 05:16 PM | Comments (0) | TrackBack

    September 29, 2008

    Clickjacking -- the new browser wipe-out

    News is circulating about Clickjacking, an undisclosed vulnerability that effects all browsers (with the exception of Lynx, which you don't use :) . Apparently although exploit code is somewhat hard, it is an impressive result. Your browser is owned, once again.

    Hattip to BigMac, who might be the last person on the planet using Lynx. There appears to be limited options right now:

    From my side, I wonder whether another possibility is to close all tabs, restart the browser, do your sensitive work, then shut it all down again.

    OK, that's just idle speculation on my part, but it is worth thinking about. A large component of the current breaches are a result of the browser being a general purpose tool with not only cross-admin-border protocols, but also parallel applications in play. Not generally a good idea in security thinking, and it means that the browser can only ever work in medium security modes.

    Also, I have another open question: should NoScript become standard recommendations for Mon'N'Pop ?

    Posted by iang at 10:21 AM | Comments (6) | TrackBack

    April 09, 2008

    another way to track their citizens

    Passports were always meant to help track citizens. According to lore, they were invented in the 19th century to stop Frenchmen evading the draft (conscription), which is still an issue in some countries. BigMac points to a Dutch working paper "Fingerprinting Passports," that indicates that passports can now be used to discriminate against the bearer's country of issue, to a distance of maybe 25cm. Future Napoleons will be happy.

    Because terrorising the reader over breakfast is currently good writing style by governments and media alike, let's highlight the dangers first. The paper speculates:

    Given that we can remotely detect the presence of a passport of a particular country, how could this functionality be abused? One abuse case that has been suggested is a passport bomb, designed to go off if someone with a passport of a certain nationality comes close. One could even send such a bomb by post, say to an embassy. A less spectacular, but possibly more realistic, use of this functionality would by passport thieves, who can remotely check if someone is carrying passport and if it is of a ‘suitable’ nationality, before they decide to rob them.

    From the general fear department, we can also add that overseas travellers sometimes have a fear of being mugged, kidnapped, hijacked or simply shot because of their mere membership of a favourable or unfavourable country.

    Now that we have the FUD off our chest, let's talk details. The trick involves sending a series of commands (up to 4) to the RFID in the passport, each of which are presumably rejected by the passport. The manner of rejection differs from country to country, so a precise fingerprint-of-country can be formed simply by examining each rejection, and then choosing a different command to further narrow the choices.

    How did this happen? I would speculate that the root failure is derived from bureaucrats' never-ending appetite for complex technological solutions to simple problems. In this case, the first root cause is the use of the RFID, being by intention and design something that can be read from up to 10 cm.

    It is inherently attackable, and therefore by definition a very odd choice for security. The second complexity, then, involved implementing something to stop the attackers reading off the RFIDs without permission. The solution to an active read-off attack is encryption, of course! Which leads to our third complexity, a secret key, which is written inside the passport, of course! Which immediately raises issues of brute-forcing (of course!) and, as the paper references, it turns out, brute forcing attacks work on some countries' passports because the secret key is .. poorly chosen.

    All of this complexity, er, solution, means something called Basic Access Control is added to the RFID in order to ensure the use of the secret key. Which means a series of commands meant to defend the RFID. If we factor in the tendency for each country to implement passports entirely alone (because they are more scared of each other than they are of their citizens), we can see that each solution is proprietary and home-grown. To cope with this, the standard was written to be very flexible (of course!). Hence, it permits wide diversity in response to errors.

    Whoops! Security error. In the world of security, we say that one should be precise in what we send, and precise in what we return.

    From that point of view, this is poor security work by the governments of the world, but that's to be expected. The US State Department can now derive some satisfaction from earlier blunders; because of their failure to implement any form of encryption or access control, American passports can be read by all (terrorists and borderists alike), which apparently forced them to add aluminium foil into the passport cover to act as a Faraday cage. Likely, the other countries will now have to follow suit, and the smugness of being sophisticated and advanced in security terms ("we've got BAC!") will be replaced by a dawning realisation that they should have adopted the simpler solutions in the first place.

    Posted by iang at 03:33 AM | Comments (3) | TrackBack

    March 06, 2008

    Economics not repealed, just slow: Paypal blames Browsers for Phishing

    Well, it had to happen one day. A major player has finally broken the code of silence and blamed the browsers. In this case, it is PayPal, and Safari.

    Infoworld last week quoted Michael Barrett, PayPal’s CIO, saying the following:
    “Apple, unfortunately, is lagging behind what they need to do, to protect their customers. Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera.”

    The browser is the user's security tool. The browser is the only thing between you and the phisher. The browser is the point of all attack attention. The browser is it. That's why it had SSL built in -- to correctly identify the website as the one you wanted to go to.

    So above, Paypal blames Safari for not doing enough about phishing. It's true, Safari does nothing (as I found out recently and had to switch back to Firefox). It likely had to be Paypal because the regulated banks won't say boo without permission, and Paypal might be supposed to be net-savvy. It had to be Safari because (a) there is that popular alternate now, and (b) Apple is still small enough not to be offended, and (c) others have done something in the phishing area.

    A take-away then is not the names involved, but the fact that a large player has finally lost patience and is pointing fingers at those who are not addressing phishing:

    At issue is the fact that Safari lacks a built-in phishing filter to warn users about shady Web sites. Safari also doesn’t support so-called Extended Validation certificates, which turn the address bar green if a site is legit. Extended Validation certificates aren’t the complete answer but are a help.

    OK, so those are some ideas, and Safari could do something. However there may be more to this than meets the eye:

    An emerging technology, EV certificates are already supported in Internet Explorer 7, and they've been used on PayPal's Web site for more than a year now. When IE 7 visits PayPal, the browser's address bar turns green -- a sign to users that the site is legitimate. Upcoming versions of Firefox and Opera are expected to support the technology.

    Aha! It's not a general complaint to Apple at all. It is a complaint that EV has not been implemented in Safari. It's a very specific complaint!

    ( Long term readers know that EV implements the basic steps necessary to complete the SSL security model: By naming the CA that makes the claim, it clearly encapsulates the statement. By making it more clear what was going on to the user the final step was made to the risk-bearing party. )

    Paypal has purchased a green certificate. And now they want it to work. It works on IE, but not on others. (Firefox and Opera say "soon" and so are given a pass. For now.) Apple rarely comments on its plans, so it has been named and shamed for not adopting the agreed solution. More for not playing the game than anything.

    The sad thing about the EV is that it is (approximately) what the browsers should have done years ago, when phishing became apparent.

    But nothing could be done. I know, I tried. If there is any more elegant proof of the market for silver bullets, I'm hard pressed to find it. To break the equilibrium around SSL+cert-user-CA (that reads SSL plus cert minus user minus CA), EV had to be packaged as an industry consortium agreeing on an expensive product. Once so packaged, it was then sold to Microsoft and to some major websites. Once in the major places, influence is then brought to bear to get the rest to come into line.

    The problem with this, as I lay out in silver bullets, is that shifting from one equilibrium to another is a strictly weaker strategy. Firstly, we are not that confident in our choice of equilibrium. That's by definition; we wouldn't play this game if we knew how to play the game. Secondly, and to spin a leaf from John Boyd, the attacker can turn inside our OODA loop. Which is to say, he can create and modify his attacks faster than we can change equilibrium. Or, he is better at playing his game than we are.

    You can read a much more extended argument in the essay (new, improved with extra added focus!). But for now, what I find interesting is the questions we don't yet have answers to.

    What would be the attacker's best strategy, knowing all we do about the market and our claim that this is equilibrium shifting? Would the attacker destroy EV? Would he protect EV? Would he milk it?

    Another question is, what is Apple's best strategy? It is currently outside the consortium, but has been attacked. Should it join and implement EV? Go it alone? Ignore? Invent an own strategy?

    Posted by iang at 11:17 AM | Comments (0) | TrackBack

    December 30, 2007

    Why Security Modelling doesn't work -- the OODA loop of today's battle

    Editor's note: now with a Chinese translation

    I've been watching a security modelling project for a while now, and aside from the internal trials & tribulations that any such project goes through, it occurs to me that there are explanations of why there should be doubts. Frequent readers of FC will know that we frequently challenge the old wisdom. E.g., a year ago I penned an explanation of why, for simple money reasons, you cannot build security into the business from the early days.

    Another way of expressing this doubt surrounding Security Modelling is by reference to Col. Boyd's OODA loop. That stands for Observe, Orient, Decide, Act and it expresses Boyd's view of fighter combat. His thesis was that this was a loop of continuous cycles that characterised the fighter pilot's essential tactics.

    Two things made it more sexy: firstly, as a loop, he was able to suggest that the pilot with the tighter OODA loop would turn inside the other. This was a powerful metaphor because turning inside the enemy in fighter combat is as basic as it gets; every schoolboy knew how Spitfires could turn inside Messerschmitt 109s, and thus was won the Battle of Britain.

    Obviously things aren't quite so simple, but this made it easy to understand what Boyd was getting at. The second thing that made the concept sexy was that he then went on to show it applied to just about every form of combat. And, that's true: I recall from early soldiering lessons on soviet army doctrine, that the russkies could turn their defence into a counter-attack faster than our own army could turn our attack into a defence. At all unit sizes, the instructors pointed out.

    Taking a leaf from Sun Tzu's Art of War, the OODA loop concept may also be applied to other quasi-combat scenarios such as security and business. If we were to translate it to security modelling, we can break the process simply into four phases:

    • threat modelling
    • security modelling
    • architecture
    • implementation & deployment

    To do it properly, each of these phases is important. You can't skip them, says the classical wisdom. We can agree with that, at a simple level. Which leaves us a problem: each of those phases costs time and effort.

    A proper threat model for a medium sized project should take a month or so. A proper security model, I'd suggest 3 months and up. The other two phases are also 3 months and climbing, with overruns. So, for anything serious, we are talking a year, in total, for the project.

    Now consider the attacker. Today's aggressor appears very fast. So-called 0-day viruses, month-long migration cycles, etc. A couple of days ago, there was this report that talked about the ability of Storm and Son-of-Storm's ability to migrate dynamically: "what emerges is a picture of a group of skilled, professional software developers learning from their mistakes, improving their code on a weekly basis and making a lot of money in the process."

    Which means that the enemy is turning in his OODA loop in less than a month, sometimes as quickly as a day. Either way, the enemy today is turning faster than any security model-driven project is capable of doing.

    What to do? Adolf Galland apocryphally told Reichsmarschall Göring that he could win the Battle of Britain with a squadron of Spitfires, but he was only behind by a few percentage points. In security terms we are looking at an order of magnitude, at least, which seems to lead to two possible conclusions: either your security model results in perfect security, there are no weaknesses, and it matters not how fast the enemy spins on his own dime. Or, classical security modelling is simply and utterly too slow to help in today's battle.

    We need a new model. Now, this isn't to say "stop all security modelling." Even in the worst case, if the technique is completely outdated, it will remain a tremendously useful pedagogical discipline.

    Instead, what I am suggesting is that the conventional wisdom doesn't hold scrutiny; something has to break. Whatever it is, security modelling is likely to have to change its practices and wisdoms, if it is to survive as the wisdom of the future.

    Quite dramatically, indeed, as it possibly needs to achieve a 10-100 fold increase in its OODA loop performance in order to match the current enemy. In other words, a revolution in security thinking.

    Editor's note: now with a Chinese translation

    Posted by iang at 08:59 PM | Comments (10) | TrackBack

    December 15, 2007

    MITM spotted in Tor

    Bruce Schneier wrote in cryptogram:

    Man-in-the-middle attack by Tor exit node. So often man-in-the-middle attacks are theoretical; it's fascinating to see one in the wild. The guy claims that he just misconfigured his Tor node. I don't know enough about Tor to have any comment about this. [German commetary.] I've written about anonymity and the Tor network before.

    Can't agree more! MITMs are so rare that they really should not drive any threat model until shown to be economic. Making that mistake was one of the core failures that led to phishing (thanks guys!). Here's a more simple sniffing attack on the same network:

    I previously wrote about Dan Egerstad, a security researcher who ran a Tor anonymity network and was able to sniff some pretty impressive usernames and passwords. Swedish police arrested him last month.

    Pure eavesdropping is also worth recording because we need to establish the frequency so as to calculate how much attention to pay to it. For the interest of financial cryptographers here, let's add this one from the same source, pointing to BoingBoing pointing to b.wsj:

    In 1941, the British Secret Service asked the game's British licensee John Waddington Ltd. to add secret extras to some sets, which had become standard elements of the aid packages that the Red Cross delivered to allied prisoners of war. Along with the usual dog, top hat and and thimble, the sets had a metal file, compass, and silk maps of safe houses (silk, because it folds into small spaces and unfolds silently). Even better, real French, German and Italian currency was hidden underneath the game's fake money. Departing allied soldiers and pilots were told that if they were captured they should look out for the special editions, identified by a red dot in the Free Parking space. Any sets remaining in the U.K. were destroyed after the war. Of the 35,000 prisoners of war who escaped German prison camps by the end of the war, "more than a few of those certainly owe their breakout to the classic board game," says Mr. McMahon.
    Posted by iang at 08:10 AM | Comments (1) | TrackBack

    September 10, 2007

    Threatwatch - more data on cost of your identity

    In the long-running threatwatch theme of how much a set of identity documents will cost you, Dave Birch spots new data:

    Other than data breaches, another useful rule-of-thumb figure, I reckon, might come from identity card fraud since an identity card is a much better representation of a persons identity than a credit card record. Luckily, one of the countries with a national smart ID card just had a police bust: in Malyasia, the police seized fake MyKad, foreign workers identity cards, work permits and Indonesian passports and said that they thought the fake documents were sold for between RM300 and RM500 (somewhere between $100 to $150) each. That gives us a rule-of-thumb of $20 for a "credit card identity" and $100, say, for a "full identity". Since we don't yet have ID cards in the U.K., I thought that fake passports might be my best proxy. Here, the police says that 1,800 alleged counterfeit passports recovered in raid in North London were valued at £1m. If we round it up to 2,000 fakes, then that's £500 each. This, incidentally, was the largest seizure of fake passports in the U.K. so far and vincluded 200 U.K. passports, which, according to police, are often considered by counterfeiters to be too difficult to reproduce. Not!

    The point I actually wanted make is not that these figures a very variable, which they are, but that they're not comparing apples with apples. Hence the simplistic "what's your identity worth?" question cannot be answered with a simple number.

    OK, that's consistent with my long-standing estimate of 1000 (in the major units, pounds, dollars, euros) to get a set of docs. It is important to track this because if you are building a system based on identity, this gives you a solid number on which to base your economic security. E.g., don't protect much more than 1000 on the basis of identity, alone.

    As a curious footnote, I recently acquired a new high-quality document from the proper source, and it cost me around 1000, once all the checking, rechecking, couriered documents and double phase costs were all added up. If a data set of one could be extrapolated, this would tell us that it makes no difference to the user whether she goes for a fully authentic set or not!

    Luckily my experiences are probably an outlier, but we can see a fairly damning data point here: the cost of an "informal" document is far to similar to the cost of a "formal" document.

    Postscript: It turns out that there is no way to go through FC archives and see all the various categories, so I've added a button at the right which allows you to see (for example) the cost of your identity, in full posted-archive form.

    Posted by iang at 05:27 AM | Comments (1) | TrackBack

    July 23, 2007

    Threatwatch: how much to MITM, how quickly, how much lost

    It costs $500 for a kit to launch an MITM phishing attack. (Don't forget to add labour costs at 3rd world rates...)

    David Franklin, vice president for the Europe, Middle East and Africa told IT PRO that these sites are proliferating because they are actually easier for hackers to set up than traditional 'fake' phishing sites because they don't even have to maintain a fake website. He also said man-in-the-middle attacks defeat weak authentication methods including passwords, internet protocol (IP) geolocation, device fingerprinting, cookies and personal security images and tokens, for example.

    "A lot of the attacks you hear about are just the tip of the iceberg. Banks often won't even tell an affected customer that they have been a victim of these man-in-the-middle attacks," said Franklin, adding that kits that guide cybercriminals through setting up a man-in-the-middle attack are now so popular they can be bought for as little as $500 (£250) on the black market now.

    He also said "man-in-the-browser" attacks are emerging to compete in popularity with middleman threat.

    A couple of interesting notes from the above: it is now accepted that MITM is what phishing is (in the form mentioned above, the original email form, and the DNS form). These MITMs defeat the identity protection of SSL secure browsing, a claim made hereabouts first. and one that is still widely misunderstood: This is significant because SSL is engineered to defeat MITMs, but it only defeats internal or protocol MITMs, and can not stop the application itself being MITM'd. This typical "bypass attack" has important economic ramifications, such that SSL is now shown to be too heavy-weight to deliver value, unless it is totally free of cost and setup.

    Secondly, note that the mainstream news has picked up the MITB threat (also reported and documented here first). It's still rare, but in the next 6 months, expect your boss to ask what it's about, because he read it in Yahoo.

    More juicy threat modelling numbers:

    Analysts at RSA Security early last month spotted a single piece of PHP code that installs a phishing site on a compromised server in about two seconds,


    Despite efforts to quickly shut sites down, phishing sites averaged a 3.8-day life span in May, according to the Anti-Phishing Working Group, which released its latest statistics on Sunday.

    Data from market analyst Gartner released last month showed that phishing attacks have doubled over the last two years.

    Gartner said 3.5 million adults remembered revealing sensitive personal or financial information to a phisher, while 2.3 million said that they had lost money because of phishing. The average loss is US$1,250 per victim, Gartner said.

    In the past (June 2004: 1, 2), I've reported that phishing costs around one billion per year. Multiply those last two numbers above from Gartner, and we get around a billion over the last three years. Still a good rule of thumb then.

    Posted by iang at 06:39 AM | Comments (4) | TrackBack

    April 20, 2007

    Counting Chickens at eTrade, bankruptcy in Europe, and costs in America

    Gunnar Peterson posts:

    Identity Chickens Coming Home to 8 Figure Roost

    Reason number 2,503,201 why 1995 security architectures based on SSL, network firewalls, and a prayer are not good enough any more. Etrade's 10Q filing (hat tip Dan Geer):

    Other expenses increased 97% to $45.7 million and 55% to $101.9 million for the three and nine months ended September 30, 2006, respectively, compared to the same periods in 2005. These increases were primarily due to fraud related losses during the third quarter of 2006 of $18.1 million, of which $10.0 million was identity theft related. The identity theft situations arose from recent computer viruses that attacked the personal computers of our customers, not from a breach of the security of our systems. We reimbursed customers for their losses through our Complete Protection Guarantee. These fraud schemes have impacted our industry as a whole. While we believe our systems remain safe and secure, we have implemented technological and operational changes to deter unauthorized activity in our customer accounts.

    Over on EC I suggested that the cost depends on whether you are left or right of the Atlantic. In Europe, the Data Directive mandates fines, I was told it was around 25-50 thousand Euros per record lost . Lose your database, file for bankruptcy.

    (OK, so I make this claim. I heard it in a pub... I'd better check on it!)

    While we're counting cost, if not coup, here's some US numbers, finally with some serious if unconfirmed attention by Forrester Research:

    The average security breach can cost a company between $90 and $305 per lost record, according to a new study from Forrester Research. The research firm surveyed 28 companies that had some type of data breach.

    "After calculating the expenses of legal fees, call centers, lost employee productivity, regulatory fines, stock plummets, and customer losses, it can be dizzying, if not impossible, to come up with a true number," wrote senior analyst Khalid Kark in the report. "Although studies may not be able to determine the exact cost of a security breach in your organization, the loss of sensitive data can have a crippling impact on an organization's bottom line, especially if it is ill-equipped, and it's important to be able to make an educated estimate of its cost."

    Posted by iang at 01:31 AM | Comments (0) | TrackBack

    April 02, 2007

    Threatwatch: MITB spotted: MITM over SSL from within the browser

    A long awaited browser MITB attack -- in essence an MITM against SSL launched within the browser -- has been spotted (by Lynn) in Netherlands:

    ...customers opened an email attachment that resulted in a virus being executed on their machines. This virus changed their browsers' behaviour so when they went to open the real ABN Amro online banking site, they were instead re-directed to a spoof site.

    The customers then typed in their passwords, which the attacker in turn used to access the bank's real Web site. The customer's own transactions were passed along to the real site, so they didn't notice anything wrong right away, while the attacker simultaneously made their own fraudulent transactions using the bank's urgent payment feature.

    ABN Amro has issued its customers with two-factor authentication tokens for several years. But the man-in-the middle attack gets around this security measure by passing the ever-changing part of the password from the token to the bank along with the never-changing part - essentially piggybacking on a legitimate log-in.

    Now, if it has been spotted here, it has been going on for some time. The first signs seen of an attack on SSL were late 2004. In essence it was still an uneconomic attack, but the proof of concepts were there. What remains to be seen is whether we are about to see a large scale shift into browser MITM attacks (known as Man-in-the-Browser) or whether we are seeing only tentative experimentation.

    Meanwhile, over at Mozilla, "our man in the SSL/UI security team" Johnath is trying to draft up a proposal to work with Firefox. State of play so far:

    Creating a simple UI to repair the padlock is no easy matter. EV is a complicating factor in that we need at least 3 states, and that means we need more than 3. This ain't new, but it is easier said than done.

    Further, nobody has any hope that EV changes anything. Firstly, it is very confusing, too small, rare, and ultimately spoofable. So people are looking to Mozilla to see whether it will break away and start working on the far stronger user-bank relationship, directly, a.k.a Petnames and Zooko's Triangle and all that.

    Maybe. As Gervase does not tire of pointing out, users won't do that. Worse, the above attack slices its way through both of those approaches, because it changes the browser from the inside.

    The number of balls in the air is now too many. We've all noticed the migration away from Microsoft to Mac because of security failures. (The press worms bury deeply into the wet soil on this one.) Will there be a wholesale migration away from online banking as all browsers are declared no more solid than swiss cheese in a fondue?

    This was what the European banks were worried about when we reported MITB earlier in 2006. One year later there has been no epidemic, and that gave them time to respond. Hopefully they are ready. Chances are, nobody else has or is. To live in interesting times...

    Posted by iang at 02:44 PM | Comments (6) | TrackBack

    April 01, 2007

    Threatwatch - bots, selling Ameritradelity, all your DNS belong to US

    In our side project of collecting reported threat statistics, here's lots of them:

    MessageLabs, a company that counts spam, recently stopped counting bot-infected computers because it literally could not keep up. It says it quit when the figure passed about 10 million a year ago. Symantec Corp. recently said it counted 6.7 million active bots during an Internet scan. Since all bots are not active at any given time, the number of infected computers is likely much higher. And Dave Dagon, who recently left Georgia Tech University to start a bot-fighting company named Damballa, pegs the number at closer to 30 million. The firm uses a "capture, mark, and release," strategy borrowed from environmental science to study the movement of bot armies and estimate their size.

    "It's like asking how many people are on the planet, you are wrong the second you give the answer. : But the number is in the tens of millions," Dagon said. "Had you told me five years ago that organized crime would control 1 out of every 10 home machines on the Internet, I would have not have believed that. And yet we are in an era where this is something that is happening."

    This transcript of a trading account fencing ("selling of stolen goods") spree reveals:

    Two accounts on TD Ameritrade. One has $7,000, $2,000 on the other. Plus I have a account which has $1,300. I will sell all for $250. I also have a Fidelity valued at $50,000 that I'll sell for $350. Purse on webmoney Zxxxxxxxxxxxx. I can send them in parts so you can be sure I am not a fraud, but you make the first transaction, and then I send you the money.

    Funnily enough, the "fence" wasn't that smart, as the TV Intern doing the 'buying' tipped him off fairly early that he was probably an investigator.

    Not a number, but a threat (posted by Duane, pointed out by Philipp):

    DNSSec is poorly adopted already, and now the US Gov wants IANA to hand over private keys, giving people even less incentive to adopt.

    "At an ICANN meeting in Lisbon, the US Department of Homeland Security made it clear that it has requested the master key for the DNS root zone. The key will play an important role in the new DNSSec security extension, because it will make spoofing IP-addresses impossible. By forcing the IANA to hand out a copy of the master key, the US government will be the only institution that is able to spoof IP addresses and be able to break into computers connected to the Internet without much effort. There's a further complication, of course, because even 'if the IANA retains the key ... the US government still reserves the right to oversee ICANN/IANA. If the keys are then handed over to ICANN/IANA, there would be even less of an incentive [for the U.S.] to give up this role as a monitor. As a result, the DHS's demands will probably only heat up the debate about US dominance of the control of Internet resources.'"

    A Cook Report around 1997 laid out the basic case that it is US government formal but unstated policy that the net is controlled and kept as a US-managed institution. That makes the above an old and well understood threat; serious high security Internet systems do their "own DNS," including Skype, eCash, WebMoney, Ricardo. (All except the last are from memory and anecdotes.)

    The above can be seen as a power play between the overseers of the poodle ICANN (Commerce Dept?) and the DHS, being the new kid on the block. The solution to the above problem is simply to issue the DNS root zone master key to every government agency that asks for it. If the crazies in DHS have a right to it (as they will argue) then so do the mad mullahs of Persia ... and all points in between.

    Then, the root key moves to where Spire put it: 150,000 people with legitimate access to it, so no longer a security tool. Problem solved.

    Addendum: dead link was this:

    Hackers Pillaging Your Hard-Earned Retirement Funds
    The Following Are E-mail Exchanges Between a Russian Hacker and an ABC News
    Intern Dubbed 'Svetlana'

    March 20, 2007- -

    Hacker (March 9, 10:44 AM): Hello Svetlana! You need TD Ameritrade accounts?
    I have a couple and as well. On one there is 7k for cash
    trading/withdrawal. How much are you willing to offer for it? Write me and
    we will discuss )

    Svetlana (11:42 AM): Hello! Thank you for responding...what percent do you
    usually take for the information and what exactly will you give me if we
    make a deal? Is the 7K in TD Ameritrade or in

    Hacker (11:46 AM): Ok 7k is on the Ameritrade and I do not take a
    percentage. I can just simply sell you the account. I am not a fraud you can
    ask Egold he knows me. A couple of hundred dollars will satisfy me

    Svetlana (11:53 AM): Ok, do you have the password and the number of that
    account? And is this account American? How much money is in the Fidelity? A
    couple of hundred is feasible, how much exactly do you want?

    Hacker (12:03 PM): Two accounts on TD Ameritrade. One has $7,000, $2,000 on
    the other. Plus I have a account which has $1,300. I will sell
    all for $250. I also have a Fidelity valued at $50,000 that I'll sell for
    $350. Purse on webmoney Zxxxxxxxxxxxx. I can send them in parts so you can
    be sure I am not a fraud, but you make the first transaction, and then I
    send you the money.

    Hacker (12:05 PM): Yes, all the accounts are American.

    Svetlana (12:14 PM): Ok, so I will send you the money, and you will give me
    1) username 2) password?

    Hacker (12:16 PM): Of course, I have these accounts from time to time and if
    you need them we can work together permanently. As soon as you make the
    transaction I will send you the information in the email.

    Hacker (12:34 PM): Svetlana, how do you like my offer? Are you going to buy,
    I need to know that they are yours so I don't sell them. Write back.

    Svetlana (12:52 PM): I will pay you double if along with this information
    you have the names of these people and their SS #.

    Hacker (12:56 PM): Ok when you enter you will see the owner's information.
    When are you planning to buy the accounts? Today?

    Hacker (1:00 PM): I also have two accounts valued a
    little under $40,000. Need them?

    Svetlana (1:09 PM): Yes, I DEFINITELY need them. I never used a webmoney
    account, how do I sign up to it?

    Hacker (1:23 PM): Ok fine Svetlana I will help you make the transfer. Go to, select "exchange electronic money," "forward," in the
    window select USD e-gold. For the receiver choose WMZ. Type in the amount in
    your e-golds and below it will say how much that equals in webmoney. Copy
    the number of the purse from the email Zxxxxxxxxxxxx. That's it, press
    "exchange," the money will be instantaneously transferred to me and I will
    send you the information for accessing the accounts, which will complete the

    Hacker (1:45 PM) So Svetlata, did you understand? Write back as soon as you

    Hacker (2:07 PM): Svetlana...

    Svetlana (2:07 PM) Ok I signed up. However, $600 is big money, how would I
    know FOR SURE that you will send them to me? Can you give me some kind of

    Hacker (2:11 PM): I told you, Egold works with me, write him, he serves as
    the guarantee during transactions. He is also the forum's moderator on which
    you made the announcement. This is guarantee in itself. Believe me, I am not
    a fraud, I am a salesperson of accounts. I make money from this, I have no
    reason to ruin my reputation, especially since you are paying me good money
    and there is no point to lose you as a client, which I have to find anyway.

    Hacker (2:13 PM): My nickname is koloxxxx, he knows.

    Hacker (2:38 PM): Svetlana, did you make the transaction, or am I
    misunderstanding something?

    Hacker (2:40 PM): For proof, I can send you one small account. Look and
    understand that I am a real seller, this is my fraud-free business.
    Log on to TD AMERITRADE

    Svetlana (2:50 PM): I can not find the person's name and SSN# on this

    Hacker (2:54 PM): Ok this is just with Ameritrades, Fidelity has them. Make
    the transfer and I will send you the rest, then we will talk in detail.

    Hacker (2:56 PM): Fidelity has the SS #.

    Svetlana (3:02 PM): So Ameritrades never have SSN#'s? I need the people's
    names and their SSN#'s.

    Hacker (3:11 PM): Ok Svetlana you wrote: "I need to access Schwab, E-trade,
    TD Ameritrade accounts. I do not need credit cards -- only savings accounts
    or 401(K)s. Pay good money, willing to make a deal. Write back asap, or
    email me at". So I showed you an account,
    Ameritrade...unfortunately it lacks the information you need, specifically
    the name of the owner, but on the Fidelity I have that information plus the
    SS#. I also have where the person's information can be seen. I
    am completing my part of the deal, and am awaiting the same on your part.
    Svetlana, what do you want from me, let's make the exchange and and I will
    send you your accounts, or consequently I will open them up for sale. Make a

    Hacker (3:31 PM): Do you need them or not?

    Hacker (3:37 PM): Svetlana, are you still there?

    Svetlana (3:47 PM): Yes, I need them but I will not have the money till
    Monday (I am awaiting a transfer), can you wait till then? If not, will you
    have anything remaining or will you have anything new on Monday?

    Hacker (3:51 PM): Of course, and I will keep this material for you. It would
    be nice if you would send me at least $50 as a sort of a guarantee for me.
    If not then not...I will keep the accounts till Monday and I will be online
    at that time so feel free to write me. Good luck Svetlana.

    Svetlana (4:06 PM): I would rather send you the total amount on
    Monday...thank you very much for your to you soon!!

    Hacker (March 12, 11:44 AM): Hello Svetlana! How are you today? Are you able
    to make the transfer to the purse? As I promised I left you those accounts
    and I also have 6-8 new fidelity each valued at $20-40k. Of course each has
    a SS# and FIO of the owner as you needed. Write back as soon as you get

    Svetlana (11:54 AM): Hello! Yes I have the money, but how do I extract the
    money from these accounts?

    Hacker (12:01 PM): Svetlana I merely sell the accounts, the people that
    purchase them they do everything as they wish and I have nothing to do with
    it...You asked me to find accounts and I found them for you, will you be
    buying those for $600?

    Svetlana (12:08 PM): Sergey, actually I work for ABC News in New York. We
    are doing a report on hackers that break into accounts. What you showed me
    is very interesting, and we would like to interview you about your business.

    Hacker (12:11 PM): ) Best of luck to you.

    This exchange was translated from Russian to English.

    Copyright © 2007 ABC News Internet Ventures

    Posted by iang at 04:51 PM | Comments (1) | TrackBack

    March 27, 2007

    Cost of an identity

    Some figures on the cost to build a new identity:

    In all, seven defendants pleaded guilty in Corpus Christi this past week to charges of selling their birth certificates and Social Security cards for $100 each. Seven other defendants pleaded guilty to buying or reselling those documents as part of a ring that sold documents to illegal immigrants seeking jobs in Dodge City, Kan.

    One other figure:

    Tim Counts, an Immigration and Customs Enforcement spokesman in Bloomington, Minn., said that investigation revealed documents were available for a price in places as open as Kmart parking lots. He said genuine documents were the most expensive, costing up to $1,500, and the most effective against detection.

    That remark looks suspicious, I'd guess he's talking about something else than SS cards and birth certificates.

    Also over in that center of expertise in identity theft, USA, a blog entry by Spire says:

    1. For as long as we continue to pretend that SSNs are secret and therefore may be used as authenticators, they will be.
    2. There are over 150,000 people (my estimate) with "defendable" access to your SSN right now. They aren't secret.
    3. You are more likely by a factor of 10 to be a victim of identity fraud via one of these "authorized" folks.
    4. The real problem is not how easy it is to get your SSN, but how creditors allow the SSN to be used as an authenticator (See #1).
    5. The SSN is fine as an identifier. No, it is not perfect, but its main benefit is that it is already used in so many places.

    Right. That's a number we wanted: 150k people in that country have access (legal, he says defendable) to the SSN. Presumably they have access to all the other PII as well.

    Posted by iang at 05:51 AM | Comments (7) | TrackBack

    March 17, 2007

    Finally, someone gets done for Money Laundering....

    Money Laundering (ML) was once tightly defined as washing the proceeds of (very) serious crime through an organised cycle.

    How you could tell was supposed to be that there was (a) an awful lot of it, (b) there was a hot-button crime like drugs, and (c) an organisation that processed the cash. That's what the big drugs rings did; in effect, they outsourced the money problem to the professionals.

    This is "real" money laundering:

    Three members of a money laundering gang were jailed for a total of 15 years at Ipswich Crown Court today. Between June 2003 and September 2005 the gang laundered more than £100 million in cash for criminal organisations and individuals throughout the United Kingdom.

    The court heard that this large scale money laundering operation was centred around a Money Services Bureau (MSB) on the London Road in Croydon, called Deans Exchange. This was run by Zaka Ud Din, with the assistance of Sabz Ali Khojo. As well as offering legitimate money services to the local community, Deans Exchange was being used as a front for a much larger operation, offering the laundering of cash.

    My hat off to the guys who busted that ring.

    These days, however, ML is a catch-all crime of no semantic meaning, given the massive preponderance of convictions where the only relationship was that it was a crime of some trivial amount of value. ML these days is more likely to mean a well-off professional goes down for one count of slapping his wife and 6 counts of ML.

    Technically, this is the best it gets:

    BRITAIN'S biggest and most feared gangster got away with murder yesterday when he was jailed for just seven years. Terry Adams, linked by police to 25 unsolved killings, was finally brought to justice after running a £200million crime empire for more than 25 years.

    Like Al Capone, police were unable to make any serious charges stick against the crime kingpin and it was a financial scam that proved his downfall. Adams pleaded guilty to a single charge of money laundering - but was told he will be eligible for parole in three and a half years.

    More public applaud to the British criminal authorities (and MI5 apparently). That was the case that AML (anti-money laundering) was designed for: get a notorious crime boss on the financials, because he killed all the witnesses (25 in the above case). You can't kill the flow of money, so the theory goes.

    La Procuraduría General de la República investiga los vínculos internacionales de la compañía Unimed Pharm Chem de México, la cual fue fachada para que por lo menos desde 2004 un grupo de presuntos productores de drogas sintéticas acumulara en una residencia de las Lomas de Chapultepec más de 205 millones de dólares en efectivo, así como unos 200 mil euros y 157 mil pesos FOTO Ap /PGR

    (Sorry about the spanish, haven't found an english article yet.) Which is why there was a rationale that if you could seize the cash, you did the crimeboss harm. The $205 million in cash in the photo above was seized this week in Mexico in some sort of financing deal for a complete factory to produce drugs.

    When cash like that gets seized from MLers, this helps. Nobody can object to that!

    But the more popular meaning of ML seizures is "police need money to finance more ML seizures." When someone you know gets accused of 5 counts of ML and 1 count of using the postal service, all because he rubbed the local FBI agent up the wrong way, AML becomes the enemy of civil society.

    Relevance to FC: as we design systems of value, we must protect our users from illegal ML and from immoral AML. No easy task, given the lack of discrimination in the tools. Above, all the cases are clearly bad guys being caught by the good guys, and we applaud. Indeed, an honest ML bust is so rare that it's worth posting about.

    Posted by iang at 08:35 AM | Comments (0) | TrackBack

    An ordinary crime: stock manipulation

    Sometimes when we can't seem to get anywhere on analysing our own sector of criminal activity, it helps to look at some ordinary stuff. Here's one:

    According to the Commission's complaint, between July and November 2006, the Defendants repeatedly hijacked the online brokerage accounts of unwitting investors using stolen usernames and passwords. Prior to intruding into these accounts, the Defendants acquired positions in the securities of at least fourteen securities, including Sun Microsystems, Inc., and "out of the money" put options on shares of Google, Inc. Then, without the accountholders' knowledge, and using the victims' own accounts and funds, the Defendants placed scores of unauthorized buy orders at above-market prices. After these unauthorized buy orders were placed, the Defendants sold the positions held in their own accounts at the artificially inflated prices, realizing profits of over $121,500.

    To achieve this benefit, the prosecution alleges that $875,000 of damage was done.

    It's a point worth underscoring: a criminal attack in our world often involves doing much more damage than the gain to the criminal. For that reason, we must focus on the overall result and not on the headline number. Here's a more aggressive damages number:

    The pump and dump scheme, which occured between July and November 2006, has cost one brokerage firm at least $2m in losses. An estimated 60 customers and nine US brokerage firms were identified as victims.

    Also, funds seized.

    Posted by iang at 08:05 AM | Comments (0) | TrackBack

    February 23, 2007

    Any good definitions of Phishing?

    Somehow I ended up on Wikipedia's entry on phishing, and added a link from the AOL playtime era to its more modern incarnation of the rape & pillage of a financial district swollen with multi-nationals, conglomerates and fat, bloated merchant banks:

    Transition from AOL to Financial Institutions

    Capture of AOL account information may have led phishers to capture and misuse of (real) credit card information, which then evolved to attacks against online payment systems. The first direct attempt against a payment system may have been against e-gold, "going out of biz," June 2001, and was followed by "post-911 id check" shortly after 9/11.[14] Both were viewed at the time as failures, but can now be seen as early experiments towards more fruitful attacks against mainstream banks. By 2004, phishing was recognised as fully industrialised, in the sense of an economy of crime: specialisations emerged on a global scale and provided components for cash which were assembled into a finished attack. [15][16]


    Anyone can edit that page, honest injun! Also, at the top, it defines:

    In computing, phishing is a criminal activity using social engineering techniques.[1]

    Come on, surely we can do better than that!? What happened to the successful MITM? What happened to the failure of the browser security model? I think at least we need to inject some hubris in there: security designs failed. Sorry about that, let's get it fixed.

    What are the potential definitions of phishing, then?

    Posted by iang at 03:27 PM | Comments (1) | TrackBack

    February 22, 2007

    Threatwatch: $400 to 'own' your account

    Some numbers from Guillaume Lovet on what it costs to gain control of an online bank account:

    The most straightforward is to buy the 'finished product'. In this case we'll use the example of an online bank account. The product takes the form of information necessary to gain authorised control over a bank account with a six-figure balance. The cost to obtain this information is $400 (cybercriminals always deal in dollars).

    Also, roles:

    Coders - comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, 'coders' produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cybercrime labour force - the 'kids'. Coders can make a few hundred dollars for every criminal activity they engage in.

    Kids - so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. 'Kids' will make less than $100 a month, largely because of the frequency of being 'ripped off' by one another.

    Drops - the individuals who convert the 'virtual money' obtained in cybercrime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent 'safe' addresses for goods purchased with stolen financial details to be sent, or else 'safe' legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately.

    Mobs - professionally operating criminal organisations combining or utilising all of the functions covered by the above. Organised crime makes particularly good use of safe 'drops', as well as recruiting accomplished 'coders' onto their payrolls.

    And now for the big picture:

    All of the following phishing tools can be acquired very cheaply: a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name. With all this taken care of, the total costs for sending out 100,000 phishing emails can be as little as $60. This kind of 'phishing trip' will uncover at least 20 bank accounts of varying cash balances, giving a 'market value' of $200 - $2,000 in e-gold if the details were simply sold to another cybercriminal. The worst-case scenario is a 300% return on the investment, but it could be ten times that.

    Better returns can be accomplished by using 'drops' to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as commission, and instances of 'ripping off' or 'grassing up' to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their spoils via a series of 'drops' that do not know one another. However, even taking into account the 50% commission, and a 50% 'rip-off' rate, if we assume a single stolen balance of $10,000 - $100,000, then the phisher is still looking at a return of between 40 and 400 times the meagre outlay of his/her phishing trip.

    Good foundation for the risk analysis.

    Posted by iang at 12:56 PM | Comments (1) | TrackBack

    November 22, 2006

    CFP: 6W on the Economics of Information Security (WEIS 2007)

    The Sixth Workshop on the Economics of Information Security (WEIS 2007)

    The Heinz School, Carnegie Mellon University Pittsburgh (PA), USA
    June 7-8, 2007

    C A L L F O R P A P E R S

    Submissions due: March 1, 2007

    How much should we spend on security? What incentives really drive privacy decisions? What are the trade-offs that individuals, firms, and governments face when allocating resources to protect data assets? Are there good ways to distribute risks and align goals when securing information systems?

    The 2007 Workshop on the Economics of Information Security builds on the success of the previous five Workshops and invites original research papers on topics related to the economics of information security and the economics of privacy. Security and privacy threats rarely have purely technical causes. Economic, behavioral, and legal factors often contribute as much as technology to the dependability of information and information systems. Until recently, research in security and dependability focused almost exclusively on technical factors, rather than incentives. The application of economic analysis to these problems has now become an exciting and fruitful area of research.

    We encourage economists, computer scientists, business school researchers, law scholars, security and privacy specialists, as well as industry experts to submit their research and attend the Workshop. Suggested topics include (but are not limited to) empirical and theoretical economic studies of:

    - Optimal security investment
    - Software and system dependability
    - Privacy, confidentiality, and anonymity
    - Vulnerabilities, patching, and disclosure
    - DRM and trusted computing
    - Trust and reputation systems
    - Security models and metrics
    - Behavioral security and privacy
    - Information systems liability and insurance
    - Information threat modeling and risk management
    - Phishing and spam

    **Important dates**

    - Submissions due: March 1, 2007
    - Notification of acceptance: April 10, 2007
    - Workshop: June 7-8, 2007

    For more information visit

    Posted by iang at 09:56 AM | Comments (0) | TrackBack

    October 18, 2006

    Tracking email - the disappearing myth, the #1 threat, versus ultra rare sighting of eavesdropping attack

    Shades of OTR -- off-the-record -- a protocol that claims to provide plausible deniability.

    A START-UP communications outfit is flogging a web-based email system that destroys the message after it has been read.

    VaporStream system from Void Communications, which apparently is not a euphemism for VapourWare, works from an encrypted webpage. A punter visits the site, lists the person they want to talk too and chats away.

    The names of the parties, or their messages are not stored anywhere and details can't be cut and pasted. Instead it is held on a temporary memory segment in a VaporStream server. When it is delivered, the server forgets that it ever existed.

    The big problem is that these approaches completely fail to understand the real threat models for real people, and arguably make matters worse by creating a false sense of security, and encouraging people to deny the truths that can be proved in other ways.

    The non-sexy #1 threat to email is breach of the node, and that threat breaches both of those approaches. Here's a reminder:

    Last fall, agents on the FBI's public corruption squad faced a problem: They couldn't read encrypted e-mail seized from State Sen. Vincent J. Fumo's offices.

    On Oct. 18, they got a break. Donald Wilson, a state Senate computer technician who had been granted immunity, suddenly remembered something, according to a newly unsealed FBI affidavit. He still had two portable data cards - with all the passwords to open the e-mail.

    Wilson's lawyer called authorities and turned over the passwords. The feds were in.

    With that breakthrough, the affidavit said, agents were able to read more Fumo office e-mails talking about destroying records and fretting about the FBI - a trail that helped lead to obstruction-of-justice charges against two other Fumo computer technicians, Leonard Luchko and Mark Eister.

    An actual eavesdropping attack on "aircraft email" spotted by Steve Bellovin:

    ... ACARS is like an automated email system used by aircraft and ground control. An ACARS-enabled plane will transmit all kinds of information about what the plane is doing: where it is and where it's going, how much fuel it has, what the weather is like, and so on. These automated "emails" between aircraft and their ground controllers are encoded into radio signals clustered around the 131 megahertz and 136 megahertz frequencies.

    A good scanner can receive these radio signals. To the ear, the transmissions sound like noise, but when filtered through a computer equipped with a software-based decoder the information contained in the airplanes' messages becomes comprehensible. Like notebooks filled with tail numbers and landing times, ACARS monitoring produces an endless stream of ridiculously detailed information, which ACARS enthusiasts from around the world dutifully post online.

    The "open source" attack (c.f. John Robb) on the CIA's illegal renditions -- known as the torture taxi -- makes for fascinating reading. How relevant is such a threat model to general FC? In the past I would have said not relevant due to the context, but the recent open source work on the AOL privacy breach makes me think it is a valid threat, and the article is therefore valid case material.

    It is curious to see how they would solve the ACARS problem. The only way that I can see is to use open source techniques of opportunistic cryptography, something that obviously has been fought against by the CIA and others. So the eavesdropping attack on plane traffic can be considered to be yet another example of how the USG's policy of low Internet security bites back. Chalk up another "Own Goal" like the Israeli "Defence" Force (IDF) results of last month (1, 2).

    September 27, 2006

    Threatwatch - the Feds are back, Israel finds it cuts both ways, Cybersecurity Enemy #1

    A while back I postulated that email spying was now a present danger, and only lacking in clarity before it becomes a full-blooded validated threat. This sets us the task of tracking the trackers of email, so that we can create a model to predict how that threat effects us and our designs.

    I haven't seen statistics on email snooping as yet, but here's some related news. The FBI is back with intent to spy:

    The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping, CNET has learned.

    FBI Agent Barry Smith distributed the proposal at a private meeting last Friday with industry representatives and indicated it would be introduced by Sen. Mike DeWine, an Ohio Republican, according to two sources familiar with the meeting.

    News of tracking email in US universities aimed at those protesting against unpopular policies:

    The Department of Defense monitored e-mail messages from college students who were planning protests against the war in Iraq and against the military's "don't ask, don't tell" policy against gay and lesbian members of the armed forces, according to surveillance reports released last month. While the department had previously acknowledged monitoring protests on campuses as national-security threats, it was not until recently that evidence surfaced showing that the department was also monitoring e-mail communications that were submitted by campus sources.

    The surveillance reports -- which were released to lawyers for the Servicemembers Legal Defense Network on June 15 in response to a Freedom of Information Act request filed by the organization last December -- concern government surveillance at the State University of New York at Albany, Southern Connecticut State University, the University of California at Berkeley, and William Paterson University of New Jersey. The documents contain copies of e-mail messages sent in the spring semester of 2005 detailing students' plans to protest on-campus military recruitment.

    The reports are part of a government database known as Talon that the Department of Defense established in 2003 to keep track of potential terrorist threats. Civilians and military personnel can report suspicious activities through the Talon system using a Web-based entry form. A Pentagon spokesman, Greg Hicks, would not verify whether the reports released last month were follow-ups to tips from military or government personnel, or from civilians at the universities.

    This is a little different in that civilians seem to monitor and report the emails to the Pentagon. Universities are places were one would expect at least passing familiarity with civil rights and so forth, so it is somewhat curious to speculate who on campuses would be tipping off the authorities about protests against on-campus military activities...

    The Talon reporting system gained national attention in December 2005 when NBC News obtained a copy of a 400-page Department of Defense document listing more than 1,500 "suspicious incidents" that had taken place across the country. Only 21 pages were released to the Servicemembers Legal Defense Network, since the group requested only documents related to lesbian, gay, bisexual, and transgender individuals and student groups. Mr. Hicks would not disclose the total number of reports that have been filed under the Talon program.

    OK, Numbers! We can conclude that minority sexual preferences represent 5% of the current threat level to the DoD. If each page has an email on it, that gives 1500 emails reported in the programme -- that's not a particularly robust estimate but it might represent a lower bound.

    And, wait until they get their mits on phone viruses, which store all that juicy lovetalk.

    A company, Trust Digital of McLean, Va., bought 10 different phones on eBay this summer to test phone-security tools it sells for businesses. The phones all were fairly sophisticated models capable of working with corporate e-mail systems.

    Curious software experts at Trust Digital resurrected information on nearly all the used phones, including the racy exchanges between guarded lovers. The other phones contained:

    1. One company's plans to win a multimillion-dollar federal transportation contract.
    2. E-mails about another firm's $50,000 payment for a software license.
    3. Bank accounts and passwords.
    4. Details of prescriptions and receipts for one worker's utility payments.

    A while back I reported that people worrying about cell/mob/handy phone tapping where missing the point - there is tracking ability which is far more useful than tapping ability. Sad to say, that battle is pretty much all over as phones move to include GPS by default.

    One Facebook user, signing the petition opposing the recent changes, noted: "I find it sad this is one of the few issues our generation can band together, complain online and take little real action over. (ROFL)". Therein lies the crux about privacy and tracking: most vehement complaining takes place after people feel they have been victimised by technology, and long after it has been popularised.

    We are moving as a society to total tracking, and the privacy community didn't notice until it was all over.

    So who loses? Well, the Israeli Defence Force, for one. Alexander Klimov made the connection on the crypto list (which I missed even as I reported on the Sigint story):

    My guess that at least some information was leaked due to cellular phones (the solders were routinely calling their families).
    "Besides radio transmissions, the official said Hezbollah also monitored cell phone calls among Israeli troops. But cell phones are usually easier to intercept than military radio, and officials said Israeli forces were under strict orders not to divulge sensitive information over the phone."

    Even if one don't care what was said over the phone, a lot of information can be extracted from mere location of a phone (especially, if one knows the owner of each phone):

    "Israeli officials said the base also had detailed maps of northern Israel, lists of Israeli patrols along the border and cell phone numbers for Israeli commanders."

    The Hezbollah tracking was on the individuals. They tracked the commanders as indicative of where the units were. Oops. I'd just love to be part of the design exercise to fix that blooper :)

    This is the core failure that the US government foistered on the world. Since time immemorial, the USG has maintained crypto as a munition, and thus it is to be suppressed. This has led to two effects: firstly, the civilian Internet infrastructure is weak and brittle, due to the effect of lots of little barriers against crypto. Our best ally in security suffered the "death of a thousand cuts," as it were.

    Secondly, as the civilian infrastructure overtook the military infrastructure, it left the military operations vulnerable when inevitably civilian assets were used for military tasks. If you've ever used military radio gear, you know you have a big problem when every soldier carries a much more powerful device in his pocket, albeit one deliberately weakened by government intervention.

    Without dwelling on these points, we can also suggest that this explains why the job of Cybersecurity Czar is a woftam: the employer is cybersecurity's enemy number one.

    Posted by iang at 09:03 AM | Comments (3) | TrackBack

    September 20, 2006

    Threatwatch - sigint by Hezbollah, nyms by torture units, closed source weaponry

    Felix points to a Newsday article that describes signals intelligence in the recent Lebanon battle.

    Hezbollah guerrillas were able to hack into Israeli radio communications during last month's battles in south Lebanon, an intelligence breakthrough that helped them thwart Israeli tank assaults, according to Hezbollah and Lebanese officials.

    Using technology most likely supplied by Iran, special Hezbollah teams monitored the constantly changing radio frequencies of Israeli troops on the ground. That gave guerrillas a picture of Israeli movements, casualty reports and supply routes. It also allowed Hezbollah anti-tank units to more effectively target advancing Israeli armor, according to the officials.

    "We were able to monitor Israeli communications, and we used this information to adjust our planning," said a Hezbollah commander involved in the battles, speaking on the condition of anonymity.

    First off, article tries and fails to make the case that the codes were cracked. If that article is anything to go by, it was straightforward -- and well done -- signals intelligence, not code cracking. (El Reg describes it more fairly.) Secondly, it provides more evidence for the reasons behind the Israeli defeat at the hands of the Hezbollah (defeat in straight military mission terms):

    "The Israelis did not realize that they were facing a guerrilla force with the capabilities of a regular army," said a senior Lebanese security official who asked not to be identified. "Hezbollah invested a lot of resources into eavesdropping and signals interception."

    The Israelis like many modern political movements have been so well fed on a diet of terrorism that they missed the transition. Hezbollah has moved from terrorism through guerilla and up to army status, as laid out in the theory of guerilla warfare. The depth of sigint capability bears this out.

    Aside from minor criticisms, a good article. Why talk matters military on an FC blog? One of the reasons that the Internet is so messed up, security wise, is that the threat models derived from military and spook lore. For example, the MITM is more of a threat in the military, less of a threat on the net (rising commercial use of wireless might have been expected to change that, but there isn't much empirical evidence). This failure to understand the different threat models caused massive rollouts of unneeded infrastructure, stuff that could help us now but is instead being slowly built around by banks, merchants and other institutions.

    Just because we were fooled once doesn't mean we can't be fooled again, so it is important to keep an eye on related threat fields. Here's some older notes on recent threats in the military world.

    In the ongoing saga of institutional torture in the US forces, the NYT published a new case regarding an elite terrorist unit known briefly as Task-Force 6-26 (SMH). Not only does the unit change its name from time to time the individual soldiers have picked up the trick:

    Army investigators were forced to close their inquiry in June 2005 after they said task force members used battlefield pseudonyms that made it impossible to identify and locate the soldiers involved. The unit also asserted that 70 percent of its computer files had been lost.

    Pseudonyms are not perfect. But, they can do a lot to help privacy, in that they break the chain of investigation. It's not so easy in digital systems, because the pseudonyms are generally used to communicate with other pseudonyms or persons, and that leaves a chain to track back, as well as the tendency for server software to log lots of events. But with persons, it is a grand trick.

    Military and legal experts say the full breadth of abuses committed by Task Force 6-26 may never be known because of the secrecy surrounding the unit, and the likelihood that some allegations went unreported. In the summer of 2004, Camp Nama closed and the unit moved to a new headquarters in Balad, 45 miles north of Baghdad. The unit's operations are now shrouded in even tighter secrecy.

    Secrecy is always a threat to your operations. It may bring benefits, but the costs are severe as secrecy hides weaknesses from yourself as well as your enemy, and there is no easy way to know who can breach that veil. It is the canonical two-edged sword, and we generally address such threats-to-self with governance techniques - separation of roles also known as the 4 eyes principle, publication of key events, entangled logging, shared signed receipts, and so forth.

    Which leads us to the age-old problem of buying stuff from people you don't trust. Ben pointed to:

    The UK has warned America that it will cancel its £12bn order for the Joint Strike Fighter if the US does not hand over full access to the computer software code that controls the jets. Lord Drayson, minister for defence procurement, told the The Daily Telegraph that the planes were useless without control of the software as they could effectively be "switched off" by the Americans without warning.

    Well, of course. The software for those planes is quite something, and only the source code is going to give you some confidence that there aren't any backdoors.

    In a related episode, Washington DC discovered around the same timeframe that there may be an issue with the Boeing 787, so they have asked Boeing to not hand over any military or secret related material to the Chinese. Whoops, too late, it turns out the wing is being manufactured in China ... for those who don't know, in avionics terms, the wing is the prize as it is the one component that limits and dominates everything else, design wise.

    Posted by iang at 06:27 AM | Comments (1) | TrackBack

    July 18, 2006

    Threatwatch - "you again operate impulsively in the manner"

    Apparently, I sent this email to someone, and it bounced, possibly because of the attached viruses!

    Subject: Re: The Proof !!!
    From: iang
    Date: Tue, 18 Jul 2006 09:26:04 +0200
    To: anton


    Monday, July 17, 2006,3:14:35 PM, you wrote:

    > >I think that you again operate impulsively in the manner
    > >calm down and tell though that any that simply more than
    > >simple charges your jealousy does not know a limit!!!!!

    I do not understand why you still screen its all.
    I have collected already so much proofs, that
    listening to your remarks is inclined to think
    as at you with it something too was.
    Now I already avoiding half-words send photos
    where it does sucked to my boss!
    Well, also what you to me on it will tell?

    P.S. To anybody it do not show.
    If I from your neighbour learn as you have transformed it into a
    circus, I to you guarantee troubles. Within the next few days
    do not write, I have already drunk in office and I think
    to go for city that and you I wish.

    Best regards,
    iang mailto:iang

    What answer is there to that?

    Posted by iang at 06:49 AM | Comments (3) | TrackBack

    July 10, 2006

    Threatwatch - 2-factor tokens attacked by phishers - another "must-have" security tool shown to be fighting the last war

    Lance James points out that Phishers have moved on to attacking 2-factor authentication tokens:

    The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the "man in the middle" -- it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real.

    This news (Brian Krebs in a Washington Post blog) has been expected (#10.3) for a long time. It's a timeline point -- we've moved to that stage.

    More bad news for suppliers of 2-factor tokens and also US Banks which got a quasi-recommendation to implement something like this. I say, quasi-something, because the FDIC carefully did not recommend any specific technology, choosing instead to recommend that banks carefully review their risk-based exposure (although I also called it wrongly, initially). The banks themselves may have assumed tokens or similar, for whatever reason.

    It has been interesting to watch RSASecurity deal with this. I'd say they saw the writing on the wall maybe a year or two ago. They aggressively expanded from their older PKI roots and their staple SecureId 2-factor token by buying more modern companies such as Cyota in Britain. It was Cyota that pushed them into "defence in depth" which involved transaction monitoring and risk-graduated authentication mechanisms.

    RSASecurity also purchased PassMark which had a big deal to provide Bank Of America with unique pictures for each account user, in what they call their "2-factor-2way" solution. Between the two of them, these two companies buried the older "2-way authentication" system known as SSL which RSASecurity had had so much to do with in the early days (the one the phishers showed to be a Maginot defence).

    Now the phishers count coup again -- PassMark's technology is also vulnerable to the new phishing attack. Being bought out by EMC might have been a good move alround.

    Now, the casual marketeer will take this as gloating. We've predicted this for so long, we must be overjoyed. No such. That would be their own lack of familiarity at open criticism, an essential tool in risk management, because attackers brook no marketing fools. Here's where we are at.

    Firstly, the industry is in dire straights and the sooner we recognise it the better. RSASecurity, or Cyota as it happens, recognised the broken SSL system a while back.

    Secondly, it is absolutely vital that this information be put out in to the wider community. European banks have been working like mad for 6 months. American banks are still fighting the last war, and while they are looking backwards, there are more enemies coming up. American banks, for lethargy and bad advice, and American security suppliers, for liability *1, 2) and overzealous histories, are especially vulnerable.

    It is American account holders to whom this column is devoted, today.

    Posted by iang at 05:48 PM | Comments (3) | TrackBack

    Galileo (EuroGPS) cracked

    Darren points to a development reminiscent of satellite TV: the codes to protect the European Galileo satellite's positioning signals have been cracked by a team from Cornell University in USA. Full story below:

    Cracking the secret codes of Europe's Galileo satellite

    Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites.

    The codes and the methods used to extract them were published in the June issue of GPS World.

    The navigational satellite, GIOVE-A (Galileo In-Orbit Validation Element-A), is a prototype for 30 satellites that by 2010 will compose Galileo, a $4 billion joint venture of the European Union, European Space Agency and private investors. Galileo is Europe's answer to the United States' GPS.

    Because GPS satellites, which were put into orbit by the Department of Defense, are funded by U.S. taxpayers, the signal is free -- consumers need only purchase a receiver. Galileo, on the other hand, must make money to reimburse its investors -- presumably by charging a fee for PRN codes. Because Galileo and GPS will share frequency bandwidths, Europe and the United States signed an agreement whereby some of Galileo's PRN codes must be "open source." Nevertheless, after broadcasting its first signals on Jan. 12, 2006, none of GIOVE-A's codes had been made public.

    In late January, Mark Psiaki, associate professor of mechanical and aerospace engineering at Cornell and co-leader of Cornell's GPS Laboratory, requested the codes from Martin Unwin at Surrey Space Technologies Ltd., one of three privileged groups in the world with the PRN codes.

    "In a very polite way, he said, 'Sorry, goodbye,'" recalled Psiaki. Next Psiaki contacted Oliver Montenbruck, a friend and colleague in Germany, and discovered that he also wanted the codes. "Even Europeans were being frustrated," said Psiaki. "Then it dawned on me: Maybe we can pull these things off the air, just with an antenna and lots of signal processing."

    Within one week Psiaki's team developed a basic algorithm to extract the codes. Two weeks later they had their first signal from the satellite, but were thrown off track because the signal's repeat rate was twice that expected. By mid-March they derived their first estimates of the code, and -- with clever detective work and an important tip from Montenbruck -- published final versions on their Web site ( on April 1. The next day, NovAtel Inc., a Canadian-based major manufacturer of GPS receivers, downloaded the codes from the Web site and within 20 minutes began tracking GIOVE-A for the first time.

    Galileo eventually published PRN codes in mid-April, but they weren't the codes currently used by the GIOVE-A satellite. Furthermore, the same publication labeled the open source codes as intellectual property, claiming a license is required for any commercial receiver. "That caught my eye right away," said Psiaki. "Apparently they were trying to make money on the open source code."

    Afraid that cracking the code might have been copyright infringement, Psiaki's group consulted with Cornell's university counsel. "We were told that cracking the encryption of creative content, like music or a movie, is illegal, but the encryption used by a navigation signal is fair game," said Psiaki. The upshot: The Europeans cannot copyright basic data about the physical world, even if the data are coming from a satellite that they built.

    "Imagine someone builds a lighthouse," argued Psiaki. "And I've gone by and see how often the light flashes and measured where the coordinates are. Can the owner charge me a licensing fee for looking at the light? … No. How is looking at the Galileo satellite any different?"

    Adam pointed to more here and slashdot.

    Posted by iang at 05:26 AM | Comments (4) | TrackBack

    June 25, 2006

    FC++3 - Concepts against Man-in-the-Browser Attacks

    This emerging threat has sent a wave of fear through the banks. Different strategies have been formulated and discussed in depth, and just this month the first roll-outs have been seen in Germany and Austria. This information cries out for release as there are probably 10,000 other banks out there that would have to go through and do the work again.

    Philipp Gühring has collected the current best understanding together in a position paper entitled "Concepts against Man-in-the-Browser Attacks."

    Abstract. A new threat is emerging that attacks browsers by means of trojan horses. The new breed of new trojan horses can modify the transactions on-the-fly, as they are formed in in browsers, and still display the user's intended transaction to her. Structurally they are a man-in-the-middle attack between the the user and the security mechanisms of the browser. Distinct from Phishing attacks which rely upon similar but fraudulent websites, these new attacks cannot be detected by the user at all, as they are use real services, the user is correctly logged-in as normal, and there is no difference to be seen.

    The WYSIWYG concept of the browser is successfully broken. No advanced authentication method (PIN, TAN, iTAN, Client certificates, Secure-ID, SmartCards, Class3 Readers, OTP, ...) can defend against these attacks, because the attacks are working on the transaction level, not on the authentication level. PKI and other security measures are simply bypassed, and are therefore rendered obsolete.

    If you are not aware of these emerging threats, you need to be. You can either get it from sellers of private information or you can get it from open source information sharing circles like FC++ !

    Posted by iang at 12:43 PM | Comments (8) | TrackBack

    June 24, 2006

    SWIFT breached - Big Badda Boom - will this hasten dollar shift?

    SWIFT has been breached. We can argue about the definition of this, but we'll knock that one right on the head:

    CIA operatives trying to track Osama bin Laden's money in the late 1990s figured out clandestine ways to access the SWIFT network. But a former CIA official said Treasury officials blocked the effort because they did not want to anger the banking community.
    Unlike telephone lines and e-mail communications, the SWIFT network cannot be easily tapped. It uses secure log-ins and state-of-the-art encryption technology to prevent intercepted messages from being deciphered. "It is arguably the most secure network on the planet," said the former SWIFT executive who spoke on condition of anonymity. "This thing is locked down like Fort Knox."

    So what was holding back the CIA from tracing Osama's cash through SWIFT in the late 1990s? The Treasury department, that's who:

    Historically, "there was always a line of contention" inside the government, said Paul Pillar, former deputy director of the CIA's counterterrorism center. "The Treasury position was placing a high priority on the integrity of the banking system. There was considerable concern from that side about anything that could be seen as compromising the integrity of international banking."

    The money system is the be-all and end-all. It is the rock on which society is built - it intermediates all transactions. It counts all wealth, at the end of the day. It delivers the information that makes the economy work. So when the Treasury said to the spooks "mitts off" it was speaking with more than ordinary concern.

    Which all vanished when 9/11 came along. The economy -- the money system -- became second priority, and the US isn't a country for second places. Damage control is immediate by John Snow, Treasury Secretary:

    "President Bush has made it clear that ensuring the safety of the American people and citizens around the globe must be our number one priority.

    "Consistent with this charge, one of the most important things we at Treasury do is to follow the flow of terrorist monies. They don't lie. Skillfully followed, they lead us to terrorists themselves, thereby protecting our citizens.

    Some more damage control here.

    The danger of breaching SWIFT and putting the database into the hands of the various and many US agencies is still present, or the US Treasury was talking out its hat to the CIA in the 1990s. This is obviously going to surprise the banks around the world, not to mention governments like Iran which are "by US fiat" terrorist supporting, China that is locked in a resource battle, and Russia which is emerging from the old cold war days as power that wants reckoning with. Even in the cold war, Russia and allies like Cuba dealt in dollars.

    Does this system work? Does John Snow have the picture? We have to make a judgement call here. Every official will leap to the defence, but these are the same officials that kept it secret in the first place. But we can expect some ex-officials to express their skepticism:

    Current and former U.S. officials said the effort has been only marginally successful against Al Qaeda, which long ago began transferring money through other means, including the highly informal banking system common in Islamic countries.

    The value of the program, Levey and others said, has been in tracking lower- and mid-level terrorist operatives and financiers who believe they have not been detected, and militant groups, such as Hezbollah, Hamas and Palestinian Islamic Jihad, that also operate political and social welfare organizations.

    Of course there is another reason why this won't be much good: If Osama Bin Laden or his team were congenitally stupid, they might imagine that SWIFT had not been breached, and the somewhat famed Belgian penchant for banking secrecy would protect them. Sadly for all his victims, we have plenty of evidence that he is fairly smart, he is very far from dumb, and even if this were the case, even the stupidist and thuggiest of drugs dealers seem to be quite adept at hiring good money launderers, if the claimed growth of that money flow is any guide.

    (To be frank, I'm a bit surprised at the blow up of this one. I suppose I simply assumed from way back that SWIFT records were already being funnelled to the UST. Consider any outrage written here to be journalistic.)

    In effect, the Bush administration have taken on the ire of the banking world, for no gain. It remains to be seen what will be made of this in other countries. John Snow, Treasury Secretary, says response is isolated to the Press. Keep reading those papers, Mr Snow - Banks normally do not signal their displeasure so openly, so you can be sure that you won't have too much worry there...

    Moving on from the mild gossip stuff, let's get to the harder governance questions.

    We can imagine that many banks and many governments will be going through that "Big Badda Boom" moment as they realise who's reading their traffic. Expect more pressure on the dollar, and more pressure for independent systems. The islamic world will almost certainly push for something, but probably not Sealand, which burnt out today. Any country on the axis-of-evil list is a gonna, as they are by US-definition terrorist-related.

    Examine the case of SWIFT. In comes the subpoena, which they make great stress of as compulsory. But let's make no bones about it -- this was a force-based subpoena, and probably an illegal one at that, or backed up by an Executive Order that was probably itself "presidential writ of the novel kind."

    What then to do? Comply, probably, in the instance. There is no point in SWIFT leaving the United States, as there are more banks there than the rest of the world put together (an artifact of State banking, not necessarily anything else.) But, in the meantime, design of systems to very carefuly limit the damage would be appreciated. Minimal information, and oversight.

    Oversight? Let's talk about oversight.

    In a major departure from traditional methods of obtaining financial records, the Treasury Department uses a little-known power - administrative subpoenas - to collect data from the SWIFT network, which has operations in the U.S., including a main computer hub in Manassas, Va. The subpoenas are secret and not reviewed by judges or grand juries, as are most criminal subpoenas. ... Treasury shares the data with the CIA, the FBI and analysts from other agencies, who can run queries on specific individuals and accounts believed to have terrorist connections, Levey said Thursday in an interview with The Times. ... Levey said the program is subject to "robust" checks and balances designed to prevent misuse of the data. He noted that requests to access the data are reviewed by Treasury's assistant secretary for intelligence; that analysts can only access the data for terrorism-related searches; and that records are kept of each search and are reviewed by an outside auditor for compliance.

    Levey said there had been one instance of abuse in which an analyst had conducted a search that did not meet the terrorist-related criteria. The analyst was subsequently denied access to the database, he said. New safeguards have been added, he said, noting that SWIFT officials are now allowed to be present when analysts search the data and to raise objections with top officials.

    Officials from other government agencies have raised the issue of accessing the records for other investigative purposes, but Levey said such proposals have been rejected - largely out of concern that doing so might erode support for the program.

    Asked what would prevent the data from being used for other purposes in the future, Levey said doing so would likely trigger objections from SWIFT and the outside auditor. A SWIFT representative said that Booz Allen Hamilton, an international consulting firm, is the auditor, but provided no further details on how the oversight process works.

    OK, so this time they have taken data sharing seriously. They know this data is hot, hot, hot, given the unprecedented step to protect it before being caught. They have 3 sets of guardians (2 better than hapless Sealand).

    Unfortunately the oversight is crippled: An internal review of requests. SWIFT officers, who are already compromised and an auditor who is unlikely to blow the lid on it, as he's covered by national security, secrecy, and great pay. In short, nothing independent, nothing open and nothing with teeth. No judge, not even FISA. Signs are Congressional oversight is limited to the extent that they cannot see what it does:

    Lee Hamilton, a former congressman and co-chairman of the commission who said he has been briefed on the SWIFT program, said U.S. intelligence agencies have made significant progress in recent years, but are still falling short. "I still cannot point to specific successes of our efforts here on terrorist financing," he said.

    I'd give it 3 years before it is comprehensively breached. If they didn't want that then they would have set up the tracking in Brussels, and put in international oversight. Curiously, maybe Congress will wake up at this point and realise that they've got a tiger by the tail. When that transaction tracking starts getting used for non-terrorist purposes, there are going to be some very annoyed people.

    Posted by iang at 02:10 PM | Comments (3) | TrackBack

    June 19, 2006

    White Helicopter - Is eavesdropping a "Clear and Present Danger" - the definition of a validated threat?

    We have often discussed how threats arise and impact security models. The hugely big question is whether to include this threat or this other threat? I think there is a metaphor to address part of this question - whether a threat is a clear and present danger. Let me meander in that general direction before I try and define it.

    We cannot include all threats as to some extent everything is a threat - a chance of stubbing ones toe, a harsh word from your spouse, a neighbour looking over the fence, the theft of your notebook. Removal of all threats would result in death of the soul, and can probably only be accomplished by death of the body.

    So we must choose - which threats to protect against and which to accept. We give it the exotic title of risk management, but a more common definition is real life: we can only live by choosing to accept the greater body of the minor threats to us, and minimising the dangerous ones.

    How we choose which threats to address is based on many factors. Some are easy - we can defend against them for free. Others are so cheap that we don't notice, or they come with substantial other benefits. So, to preserve our modesty, we wear clothes - and that keeps us warm so we get the security for free. Except in summer, where humans are exposed to interesting social games between the threat model of modesty and the heat of the sun, which raise for some deep questions as to whether nudity is the threat, or is the modesty? But then winter comes again and the argument is shelved for another year.

    Other threats are not so easy nor so endearing to discuss. These are the ones that run slap bang into costs. The canonical case in financial cryptography is the MITM - the man in the middle attack -- and its defence in the SSL protocol. I think I have shown in compelling, albeit long winded, terms, that this threat was not valid and not worth protecting against in the application sometimes known as ecommerce. It raised many costs, one amongst them being a heightened risk of MITM in another form - phishing. See many rants on that elsewhere.

    One of the things that came out of that long research into SSL and its failure to preserve the very harm it was intended to protect is the concept that a threat should be validated. I only had a hazy idea that this meant that we should be able to prove its danger to us, clearly, enough for us to protect against it.

    Now, in addressing the emerging threat of eavesdropping, the question arises whether it is validated? We can see it, we can feel it - it is in the papers and the blogs and in the "denials." But is it validated?

    I think not. Until we know how much it is, we don't know how what the risk of it happening to us is, and therefore we do not know how much to spend protecting against it. We simply do not know -- yet -- how much the eavesdropping is going to cost us, either individually or as a society. So we are not informed enough to make economic decisions.

    But wait! I've laid out a case that the danger of eavesdropping is right there in front of us -- how can we possibly ignore it? Let's look a little further.

    The possibility of eavesdropping by national agencies has always been there. I first heard of Echelon in the early 80s -- so far back in time that I can't recall where or when it was mentioned. But, I also knew -- or discovered at that time -- that it was ineffective. That is, it did not achieve the dream of the technologists at the UKUSA agencies. (For the answer to why you probably need to resort to computer science and the emergence of datamining.)

    So we know that eavesdropping has always been there, in Internet time. It is present. But also, we know that traditionally, societies did not permit the eavesdroppers to share that information. History is replete with examples where the spooks were not permitted to pass valuable local intelligence to the authorities, and no doubt they all have stories about how they know who the killer was in this or that unsolved murder case.

    So we know that however effective the eavesdropping was, it wasn't dangerous to us because it was so tightly constrained that it would never be passed into general society. That was the quid pro quo, the deal with the devil.

    And indeed, that is what has changed -- the eavesdropping information is now being shared across a wide group of agencies. It's only a step away from being commercially shared, once you can pick and choose which agency to pervert. So it is now dangerous to society - to you, me and everyone - because there is always someone with money to pay for data that we are trying to keep private.

    But we lack clarity. As a community of Internet engineers, we still do not know how much this danger is going to cost us. I simply do not know whether to drop everything I'm doing and start working on cryptoplumbing again, or whether for the most part, someone can still hide in the noise levels of the net? We lack clarity, or clearness, in our threat.

    Out of which thoughts gives me a general definition for a validated threat: Is it a clear and present danger?

    • It is Clear if I can measure it and risk-analyse it, so as to present a cost model to drive our economic choices.
    • It is Present if I can show it to exist, actively, today.
    • It is a Danger if it can do our beneficiaries harm.

    Eavesdropping is Present and Dangerous. It is not yet Clear, so we are now challenged as a community to measure it. Once we can inform ourselves of the clarity of the threat, we can declare it to be a validated threat - a clear and present danger. We're not there yet, but at least I can propose a definition on how to get there!

    Posted by iang at 05:56 PM | Comments (0) | TrackBack

    Black Helicopter #2 (ThreatWatch) - It's official - Internet Eavesdropping is now a present danger!

    A group of American cryptographers and Internet engineers have
    criticised the FCC for issuing an order that amounts to a wiretap instruction for all VoIP providers.

    For many people, Voice over Internet Protocol (VoIP) looks like a nimble way of using a computer to make phone calls. Download the software, pick an identifier and then wherever there is an Internet connection, you can make a phone call. From this perspective, it makes perfect sense that anything that can be done with a telephone, including the graceful accommodation of wiretapping, should be able to be done readily with VoIP as well.

    The FCC has issued an order for all ``interconnected'' and all broadband access VoIP services to comply with Communications Assistance for Law Enforcement Act (CALEA) --- without specific regulations on what compliance would mean. The FBI has suggested that CALEA should apply to all forms of VoIP, regardless of the technology involved in the VoIP implementation.

    In brief the crypto community's complaint is that it is very difficult to implement such enforced access, and to do so may introduce risks. I certainly agree with the claim of risks, as any system that has confused requirements becomes brittle. But I wouldn't bet on a company not coming out with a solution to these issues, if the right way to place the money was found. I've previously pointed out that Skype left in a Centralised Vulnerability Party (CVP, sometimes called a TTP), and last week we were reminded of the PGP Inc blunder by strange and bewildering news over in Mozilla's camp.

    So where are we? The NSA has opened up the ability to pen-trace all US phones, more or less. Anyone who believes this is as far as it goes must be disconnected from the net. The EFF's suit alleges special boxes that split out the backbone fibre and suck it down to Maryland in real time. The FBI has got the FCC to order all the VoIP suppliers into line. Mighty Skype has been brought to heel by the mighty dollar, so it's only a phone call away.

    Over in other countries - where are they, again? - there is some evidence that police in European countries have routine access to all cellphone records. There is other evidence that the EU may already have provided the same call records to the US (but not the other way around, how peculiar of those otherwise charming Europeans) in much the same way as last week the EU were found to be illegally passing private data on air travellers. To bring this into perspective, China of course leads the *public* battle for most prominent and open eavesdropper with their Cisco Specials, but one wonders whether they would be actually somewhat embarrassed if their capabilities were audited and compared?

    If you are a citizen of any country, it seems, you need not feel proud. What can we conclude?

    1. Eavesdropping has now moved to a real threat for at least email and VoIP, in some sense or other.
    2. Can we say that it is a validated threat? No, I think not. We have not measured the frequency and cost levels so we have no actuarial picture. We know it is present, but we don't know how big it is. I'll write more on this shortly.
    3. The *who* that is doing it is no longer the secure, secret world of the spooks who aren't interested in you. The who now includes the various other agencies, and they *are* interested in you.
    4. Which means we are already in a world of widespread sharing across a wide range of government agencies. (As if sharing intel has not been a headline since 9/11 !)
    5. it is only one step from open commercial access. Albeit almost certainly illegal, there isn't likely to be anything you can do about illegally shared data, because it is the very agents of the law which are responsible for the breach, and they will utter the defence of "national security," to you, and the price, to your attacker.
    6. An assault on crypto can't be that far off. The crypto wars are either already here again, or so close we can smell them.
    7. We are not arguing here, today, whether this is a good thing for the mission to keep us safe from terrorists, or a bad thing. Which is just as well, because it appears that when they are given the guy's head on a plate, the law enforcement officers still prefer to send out for takeaway.

    My prediction #1for 2006 that government will charge into cyberspace in a big way is pretty much confirmed at this stage. Obviously this was happening all along, so it was going to come out. How important is this to you the individual? Here's an answer: quite important. And here's
    some evidence:

    What is Political Intelligence?Political intelligence is information collected by the government about individuals and groups.
    Files secure under the Freedom of Information Act disclose that government officials have long been
    interested in all forms of data. Information gathered by government agents ranges from the most personal data about sexual liaisons and preferences to estimates of the strength of groups opposing U.S. policies. Over the years, groups and individuals have developed various ways of limiting the collection of information and preventing such intelligence gathering from harming their work.

    It has now become routine for political activists -- those expressing their rights under democracy -- to be investigated by the FBI. In what is a blowback to the days of J.Edgar Hoover, these activists now routinely advising their own people on how to lawfully defend themselves.

    Hence the pamphlet above. There are two reasons for gathering information on 'sexual liasons and preferences.' Firstly, blackmail or extortion. Once an investigator has secret information on someone, the investigator can blackmail -- reveal that information -- in order to extort the victim to turn on someone else. Secondly, there may be some act that is against the law somewhere, which gives a really easy weapon against the person. Actually, they are both the same reason.

    If there is anyone on the planet who thinks that such information shouldn't be protected then, I personally choose not to be persuaded by that person's logic ("I've got nothing to hide") and I believe that we now have a danger. It's not only from the harvesting by the various authorities:

    Peter G, 41, asked for a divorce from his wife of six years, Lori G, 38, in March 2001. ... Lori G filed a counterclaim alleging the following: <snip...> and wiretapping. The wiretapping charges are what make this unfortunate case relevant to Police Blotter. ... But Peter admitted to "wiretapping" Lori's computer.

    The description is general: Peter used an unspecified monitoring device to track his wife's computer transactions and record her e-mails. Lori was granted $7,500 on the wiretapping claim. ...

    This is hardly the first time computer monitoring claims have surfaced in marital spats. As previously reported by CNET, a Florida court ruled last year that a wife who installed spyware on her husband's computer to secretly record evidence of an extramarital affair violated state law.

    Some hints on how to deal with that danger. Skype is probably good for the short term in talking to your loved one while he still loves you, notwithstanding their CVP, as that involves an expensive, active aggressive act which incurs a risk for the attacker. However, try and agree to keep the message history off - you have to trust each other on this, as the node and your partner's node remain at greater danger. Email remains poor because of the rather horrible integration of crypto into standard clients - so use Skype or other protected chat tools.

    Oh, and buy a Mac laptop. Although we do expect Macs to come under increased attention as they garner more market share, there is still a benefit in being part of a smaller population, and the Mac OS is based on Unix and BSD, which has approximately 30 years of attention to security. Windows has approximately 3 years, and that makes a big difference.

    (Disclosure: I do not own a Mac myself, but I do sometimes use one. I hate the GUI, and the MacMini keyboards are trash.)

    Posted by iang at 01:20 PM | Comments (1) | TrackBack

    Black Helicoptor #1 - Is the data theft epidemic more than coincidental?

    [Note - don't normally post speculative or black helicoptor stuff, but this one is at least tantalisingly plausible, and deserves to be debunked. Darren posts:]

    According to Wayne Madsen

    "June 17, 2006 -- What's behind all the personal data thefts?

    Populating the surveillance databases specified by John Poindexter's Total Information Awareness (TIA) system. WMR has learned that the thefts of personal data from corporations and government agencies, most of which were accomplished by stealing computer hard drive devices, is more than coincidental. Intelligence sources report that many of the large scale thefts are part of a well-planned covert intelligence operation to obtain data on hundreds of millions of people in order to accomplish what former Defense Advanced Research Projects Agency (DARPA) official John Poindexter was not able to bring about through his defunct (but secretly restored) Total Information Awareness (TIA) system -- the population of intelligence and surveillance databases with files on the financial, medical, employment, telecommunications, and other sensitive data of Americans and foreigners. Much of the new TIA work is being conducted under the umbrella of the National Security Agency and Department of Homeland Security Advanced Research Projects Agency.

    A number of computer security experts have said the recent rash of data thefts is unprecedented in scope, method, and frequency. Some claim that the thefts appear to be coordinated and targeted at
    specific data types."

    Huge Table, followed by ...

    "Amid all the above personal data thefts, WMR has learned from a U.S. intelligence source that these data thefts pale in comparison to the largest, and as yet, largely unreported, personal data theft in history. Some 30 million Americans were affected and they included customers of Citigroup, Bank of America, and SunTrust. The thefts were conducted between March and April of this year."
    Posted by iang at 07:12 AM | Comments (3) | TrackBack

    June 07, 2006

    Firefox to check in with Google-central - Is Mozilla in unconstrained commercial rampage already?

    It would be remiss of me not to pass on news that Mozilla have finally crafted a strategy for phishing protection in Firefox. It actually took me a few days to realise this is news, indeed, the news we had been working towards for when the fight against phishing was still browser-centric. But I'm no longer looking in that area as the threats have moved on - frequent readers of FC need no reminder of that - and Mozilla's actions may be welcome albeit late.

    Unfortunately, Mozilla appear to be shooting themselves in the feet. At least, they have taken a direction that is mysterious to those of us in the open source world: They have partnered with Google to use their central database to monitor for phishing sites.

    The more I think of it, the only way to understand it is if one considers Mozilla Corporation as a commercial entity, only. They have partnered with another big player, rather than work with the community of software developers. This is what companies do - there is a preference to work with players larger than themselves if possible as that improves their brand and strength, and which helps them for the next deal. As Google and Mozilla have a strong relationship, and much funding has come via their google search box placement and other deals, it makes sense to further the relationship rather than go with Netcraft or Microsoft or the other central database players. And if one considers the offerings of other parties in the central database wars, it may well be that Google's are the best, or the least bad, depending on how you view it.

    This all makes good business sense. But it comes with dangers - serious if not blindingly obvious ones. Firstly, Google's reputation has shifted from being the honest white knight riding in to save us from the evil Microsoft with amazing googley solutions .. to one of being the sneaky invader of all our data. Although not yet seen as 'evil' as Microsoft, their original strong capital from the 'do no evil' motto is now frittered away and they are seen as somewhere like 'evil in evolution' or perhaps 'evil in training'. (I see this a lot in the arts community where there are many projects looking at a future world of Google as master of our data - Google's recent foray in court against USG helped some there, but not enough to sway the undercurrent of concern.)

    Mozilla for their part had a fantastic image in the public's mind as being a volunteer, open source, public minded organisation. But this view has also suffered, perhaps inevitably due to growth and the runaway success of Firefox, but also due to decisions made. Now, Mozilla is quite happily planning to pass all the URLs across without even debating it with the users ... Mozilla's good reputation can only suffer from this arrogance.

    Mozilla's support base still believes that it is an open source operation, and this is a second danger. Such deals are not acceptable in that world and over on Mitchell's blog, she tussles with that dilemma:

    A number of the comments I received refer to the dangers of doing anything with money. They express the concern that any programs involving money run the risk of contaminating our community, or of turning it into a mercenary group interested only in money. I understand the risks. I also believe there are risks in ignoring money. Firefox generates revenue now, that's a fact. So we need to deal with money. (And we have the privilege of being able to employ people to work full time on Mozilla, which I believe is necessary for a project of our size and scope. Not all open source projects believe this however, and some are wary of employees or almost any activity that requires the distribution of funds.)

    When volunteers work for free and take away slices of their own lives to devote to the cause of getting good, free software out there, they do not expect someone else to then take it and rape it for their own profit. Especially, in preferring a good financial deal over the user's needs for privacy, and ignoring the free offerings of their own community, these decisions will only serve to exacerbate the split between Mozilla Corp's newly discovered commerciality and the original long-term support-base of volunteers.

    This calls for a quite serious change management exercise, and also has severe ramifications for the brand. It's pretty clear that Mozilla knows as much about branding as the average brand manager knows about software. E.g., so close to nothing it is worthless or dangerous, notwithstanding their accidental acquiring of the stunning Firefox brand. Or, perhaps that underscores the point - the brand was as much or more built by community efforts.

    To their credit, Mozilla now seems to know this: MBA preferred. Thank heavens for that. Some tips, to be violently ignored like all the earlier free "community" advice, no doubt: MBAs know the basics of branding but they are not specialists, and Mozilla probably needs a specialist in this area now, as well as a PR specialist. Evidently... Further, MBAs are just as useful over on the tech side. Some recent writings by Mitchell may also indicate that the coding monoculture that is Mozilla's archilles heel is finally being addressed:

    Another issue is that we don't have an established path to meritocracy for non-technical roles. For potential developers, we know about several paths for getting involved and developing legitimacy - we know about the Quality Assurance path, we know about fixing bugs, we know something about hacking on the code, we know about writing a great extension and so on. We also have clear ways of identifying a person's known expertise -- they may be a peer for code, a "module owner" for code, etc. All of these are reasonably well understood roles within the project that convey a person's expertise.

    We don't have analogous paths for non-engineering roles. We don’t yet have ways for the non-engineering staff to indicate the scope of expertise of their colleagues.

    Why is this Mozilla's archillies heel? It's been two years since people outside the above formal 'meritocracy' paths have been suggesting the path that was announced last week!

    All that said, and drying our eyes over spilt milk, I'm not sure you need an MBA to tell you that handing over data is not a good strategy for the today's market. If you read the newspapers (any of them in America at least since February of 2005) you would have known that the hot issue for the public mind when it comes to IT and the net was and remains data safety - identity theft and the like.

    So at a minimum, there must be some expectation that this has to have been discussed at great length within the company. So why no realisation that this could be a PR disaster?

    Posted by iang at 12:10 PM | Comments (3) | TrackBack

    June 02, 2006

    ThreatWatch - the war on our own fears

    Several articles on scary, ooo, so scary cyberwar scenarios. We will see a steady stream of this nonsense as the terrorist-watchers, china-watchers and every-other-bogeyman-watchers all combine in a war on our own fears.

    A hyperventilating special from the US DHS:

    According to cyber-security experts, the terror attacks of 11 September and 7 July could be seen as mere staging posts compared to the havoc and devastation that might be unleashed if terrorists turn their focus from the physical to the digital world.

    Scott Borg, the director and chief economist of the US Cyber Consequences Unit (CCU), a Department of Homeland Security advisory group, believes that attacks on computer networks are poised to escalate to full-scale disasters that could bring down companies and kill people. He warns that intelligence "chatter" increasingly points to possible criminal or terrorist plans to destroy physical infrastructure, such as power grids. Al-Qa'ida, he stresses, is becoming capable of carrying out such attacks.

    Summarised over on risks, the US DOD also partakes liberally of the oxygen tank:

    From the nation that enjoys U.S. Most Favored Nation trade status, and a permanent member of the WTO...

    China is stepping up its information warfare and computer network attack capabilities, according to a Department of Defense (DoD) report released last week. The Chinese People's Liberation Army (PLA) is developing information warfare reserve and militia units and has begun incorporating them into broader exercises and training. Also, China is developing the ability to launch preemptive attacks against enemy computer networks in a crisis, according to the document, ...

    The tendency for public officials to try and scare the public into more funding is never-ending. The positive feedback loop is stunningly safe for them - if there is a cyber attack, they are proved right. If there isn't a cyber attack, it's just about to happen and they'll be proven right. And every one of our enemies is ... Huff, puff, huff!

    Is D.C. ready for terrorist attack? Two unrelated traffic accidents within an hour of each other yesterday in Northeast shut down two major highways during the busy morning commute, causing massive gridlock and seemingly endless delays -- but also providing an ominous warning: What if it had been a terrorist attack?

    About the best we can do is patiently point out that what they are talking about doesn't happen because in most cases it is evidently uneconomic. When the economic attack develops, we'll deal with it. Londoners walked home, that one day, and those that were a bit late that morning like me stayed home. The next day everyone went back to work, the same way as before. The next week, nobody noticed. It's not a particularly economic attack.

    Some things you deal with by preparation. But other things you just have to let happen, because the attack goes around your preparations. By definition. Can anybody guess what would have happened if instead of a couple of traffic accidents, it was a couple of bombs? All of the greater Washington area would probably enter gridlock, because the authorities would hand it to the terrorists.

    Posted by iang at 05:27 PM | Comments (1) | TrackBack

    May 26, 2006

    How much is all my email worth?

    I have a research question. How much is all my email worth? As a risk / threat / management question.

    Of course, that's a difficult thing to price. Normally we would price a thing by checking the market for the thing. So what market deals with such things?

    We could look at the various black markets but they are more focussed on specific things not massive data. Sorry, bad guys, not your day.

    Alternatively, let's look at the US data brokers market. There, lots and lots of data is shared without necessarily concentrating on tiny pickings like credit theft identifiers. (Some of it you might know about, and you may even be rewarded for some of it. Much is just plain stolen out of sight. But that's not today's question.) So how much would one of those data broker's pay for *full* access to my mailbox?

    Let's assume I'm a standard boring rich country middle class worker bee.

    Another way to look at this is to look at google. It makes most of the money in advertising, and it does this on the tiny hook of your search query. It is also experimenting with "catalogue your hard drive" products (as with Apple's spotlight and no doubt Microsoft and Yahoo are hyperventilating over this already). So it must have a view as to the value of *everything*.

    So, what would it be worth to those companies to *sell* the entire monitoring contents of my email, etc, for a year to Yahoo, Google, Microsoft, or Apple? Imagine a market where instead of credit card offers to my dog clogging up mailbox, I get data sharing agreements from the big friendly net media conglomerates.

    Sponsored Link
    Google Head Specials
    Failing to nail your hammer?   Your marketing seems like all thumbs?
    Try Google's get-in-his-head program.
    Today's only, Iang's emails, buy one, get two free.

    Does anyone know any data brokers? Does anyone have hooks into google that can estimate this?

    Posted by iang at 06:43 AM | Comments (6) | TrackBack

    May 23, 2006

    ThreatWatch - markets in loss, Visa's take, 419 "chairmen"

    Two articles tracking hackers and looking into
    markets for trading stolen assets. The latter has better info:

    Gaffan says these credit card numbers and data are almost never obtained by criminals as a result of legitimate online card use. More often the fraudsters get them through offline credit card number thefts in places like restaurants, when computer tapes are stolen or lost, or using "pharming" sites, which mimic a genuine bank site and dupe cardholders into entering precious private information. Another source of credit card data are the very common "phishing" scams, in which an e-mail that looks like it's from a bank prompts someone to hand over personal data.

    Also available on TalkCash is access to hijacked home broadband computers - many of them in the United States - which can be used to host various kinds of criminal exploits, including phishing e-mails and pharming sites.

    RSA's Einav says there are about a dozen marketplace sites like TalkCash in operation at any given time. Unfortunately, he and Gaffan suggest it's unlikely this nefarious activity will end anytime soon (though of course that's good for their business).

    "When the FBI shuts down a site they just move to another site," says Einav, "The URL changes but the community stays intact."

    RSA doesn't even bother trying to shut down such sites, because by monitoring them it can help banks protect themselves. Says Einav: "If you see abnormal demand for accounts from a specific bank, you can assume an exploit is underway."

    That's when it goes into action. RSA Cyota claims to have shut down 10,000 phishing and other schemes since Cyota was formed in 1999. (RSA Security bought Cyota last December.) The company maintains a blacklist of sites, which partners use to warn customers.

    Over on payment news:

    Visa USA has posted its summary of performance data for the first quarter 2006 (PDF) detailing year over year growth rates across its various card products. Net fraud as a percentage of total volume increased from 6 to 7 basis points during the quarter.

    OK, so either net fraud went up by a sixth ... or overall net fraud is so low that it's lost in the noise ... or Visa just doesn't know how to count. We could be forgiven for thinking it's so low we can all rest easy, but check out this:

    Akin buys things online - laptops, BlackBerries, cameras, flat-screen TVs - using stolen credit cards and aliases. He has the loot shipped via FedEx or DHL to safe houses in Europe, where it is received by friends, then shipped on to Lagos to be sold on the black market. (He figures Americans are too smart to sell a camera on eBay to a buyer with an address in Nigeria.)

    Akin's main office is an Internet cafe in the Ikeja section of Lagos. He spends up to ten hours a day there, seven days a week, huddled over one of 50 computers, working his scams.

    And he's not alone: The cafe is crowded most of the time with other teenagers, like Akin, working for a "chairman" who buys the computer time and hires them to extract e-mail addresses and credit card information from the thin air of cyberspace. Akin's chairman, who is computer illiterate, gets a 60 percent cut and reserves another 20 percent to pay off law enforcement officials who come around or teachers who complain when the boys cut school. That still puts plenty of cash in Akin's pocket.

    A sign at the door of the cafe reads, WE DO NOT TOLERATE SCAMS IN THIS PLACE. DO NOT USE E-MAIL EXTRACTORS OR SEND MULTIPLE MAILS OR HACK CREDIT CARDS. YOU WILL BE HANDED OVER TO THE POLICE. NO 419 ACTIVITY IN THIS CAFE. The sign is a joke; 419 activity, which refers to the section of the Nigerian law dealing with obtaining things by trickery, is a national pastime. There are no coherent laws relating to e-scams, the police are mostly computer illiterate, and penalties for financial crimes are light.

    Posted by iang at 12:58 PM | Comments (2) | TrackBack

    May 15, 2006

    Tracking you, tracking me, tracking everyone

    You, me, everyone is trackable by our cellphones. Not just Greek Prime Ministers. Here's how.

    Each phone has a SIM ("subscriber identity module?") card, which is the smart card that holds the billing arrangement. Each SIM card has a number, so it is uniquely identified in the packets of information flashing across the network. That made it trackable.

    So a common trick was for mafia bosses and other delightful characters was to keep the same phone but change the SIM (by opening the back up, dropping the battery out, and switching the little chip card). This meant that access to the billing records would not automatically be useful for tracking purposes, as the SIM number is what is billed.

    This trick was known as far back as the early 90s, when some drugs dealer was caught with 80 SIMs in his briefcase. He'd use them for one call each.

    Unfortunately this was futile, and here's why. Each phone has a number, which is internationally and centrally coordinated in the standard telco committee fashion. That is, the mobile phone manufacturers get together in a smoke-filled room and allocate a batch of numbers to each of them, so each phone the world around is unique.

    This number is called the IMEI, or international mobile equipment identity, which includes the manufacturer's prefix and the phone's number (it's the same concept as your ethernet card's MAC address if you know what that means). The IMEI is also trackable, but you need a separate set of records to get access to it: call records. These are the technical records of what traffic is passing up and down, phone to phone. This is the real time stuff, and it has the raw IMEIs in there, which are later filtered out for billing purposes.

    So our friendly mafiosa were caught by anyone who could get access to those traffic records. And, if you think about it, the bad guys stuck out like a sore thumb because the SIMs kept changing and the IMEI did not. Now of course this trick is widely known:

    ICE officials said that they're working with Mexican authorities to return [Castorena-Ibarra] to the United States but that the mustachioed fugitive moves frequently and changes cellphones every few days.

    It's also possible to rewrite the IMEI if you have the right phones and the know-how. But, a good friend advises me, that's illegal in many countries, and you'll get into heap big trouble if you're caught doing it.

    Another little trick - it turns out that it is possible to ping anyones cell phone by sending a zero-length SMS message. As it is zero length, the phone drops it without further ado but if the "acknowledge receipt" bit is set the phone replies. This reply SMS is free, but it still shows up bright and clear in the records. Which leads us to the next issue. [this paragraph edited improved heavily!]

    Think about how the network works. You are walking down the street, and you are always in contact. You can always be phoned. Yet, the transmitters in built-up areas only have a range of less than a kilometer ... sometimes only a few hundred meters.

    How do they do that? It's called "hand-off". Each tower recognises the phone's presence and tells the "center" that it's in comms with your phone. Then, when you walk past the next tower, the two towers have a little chit chat and hand you over. Of course, the center has to know so as to re-route incoming calls to you.

    So the center knows where you are - to the accuracy of the towers. And, anyone who is looking at that feed of information knows where you are. And, anyone who shares that info also knows.

    That's why there is all this talk about adverts popping up on your phone saying "turn left here for a special price on lunch!" Actually it gets even more juicy as there is a thing called triangulation where the towers can reveal signal strengths, times, and directions, and a bit of maths will coordinate you down to tens of metres.

    None of this is secret. In conferences, and in articles, people have been talking about the marketing implications of such cellphone "traffic analysis" for years. Some of this is directed at sales opportunities, other at "social networking" analysis, and some of course at the "tracking bad guys" angle.

    This is so un-secret that in the USA and other places, they have been trying to make it law that cell phone operators provide your location every time you punch in 911.

    What has not been discussed at all are the ramifications of your telco knowing where you are. Within pretty close paramaters. Every moment your cellphone is switched on.

    What has not been thought about at all is who they are selling this information to and who they are sharing it with - inadvertently or otherwise. And whether those that are doing the listening are operating with due regard to your privacy, with oversight, or what.

    Instead, there is the steady rumble of scandals, as the public finds out what the insiders have known all along. Let's close with this one:

    Alexis Papahelas -- so you are saying even the crypto phones that the [Greek] prime minister/government/military are using they are vulnerable to this kind of penetration you say.

    James Bamford: Well, crypto phones are probably NSA's biggest targets around the world, whether or not the NSA was able to break the encryption of the algorithm to get into those phones I don't know. I don't have this information, but I know obviously NSA's key job, NSA's first job is intercepting communications, and second job is breaking codes such as the codes that encrypts that communications, and third job is making USA encryption systems.

    (oops, sorry, that'll all be greek to you!)

    Posted by iang at 07:41 AM | Comments (5) | TrackBack

    May 12, 2006

    Tracking Threats - USA Telco, Inc., shares billing records with NSA, Pretexters, foreign governments, anyone, really

    More evidence that tracking by cell/mobile is a routine threat to all - this time from America, and this time concerning the billing records as opposed to the tower handoff records.

    A congressional panel investigating the fraudulent acquisition and sale of mobile phone records by Internet Web firms has collected evidence that indicates law enforcement officials at the local, state and federal levels use the Internet-based services as an investigative short-cut, has learned. At least one Web-based data seller has told Congress that the FBI is a client.

    As I've asserted before, if this was limited to law enforcement pursuent to lawful warrants, etc, etc there would be no complaint. (Citizens not having anything to hide, right?) But it is not.

    The phone records are generally acquired by the resellers through fraudulent means and would not be admissible in court as evidence, but they are still helpful as an investigative tool, say officials familiar with the investigation. ... One seller, Advanced Research Inc., which operates, told the committee that it has sold data to the FBI. "On occasion, ARI (Advanced Research) has done work for municipalities, banks, mortgage and insurance companies, private companies, foreign governments, law enforcement, even the FBI," ARI's letter to Congress said. ... The dozens of Web sites now being investigated by Congress sell to a wide cross-section of customers buying data. Evidence gathered so far suggests many purchasers are involved in debt collection. But a steady stream of evidence also implicates law enforcement officials, who occasionally use the services as a shortcut, avoiding the need for court orders generally required to see phone records.

    The phone records are often obtained by private investigators through a tactic known as "pretexting." Investigators call mobile-phone companies posing as legitimate customers and trick service representatives into delivering copies of records.

    Many Web site sellers maintain the practice is legal, but cell phone companies, the Federal Communications Commissions and numerous state attorneys general have said impersonation of consumers is fraud. Several states also have sued data brokers over the acquisition and sale of phone records in recent months.

    The tracking of people by cellphone is equally shared by law enforcement - without a warrant - and anyone else with a credit card number, raising the amusing prospect of your own card paying for someone to spy on you. Hardly a high standard of protection.

    A further indication that the NSA is operating outside the law comes from Chris Walsh's comment over on EC:

    Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest's patriotic side: In one meeting, an NSA representative suggested that Qwest's refusal to contribute to the database could compromise national security, one person recalled.

    In addition, the agency suggested that Qwest's foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more.

    Unable to get comfortable with what NSA was proposing, Qwest's lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.

    The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events.

    (Also see CDT.) US Congress is or has moved to rule it more difficult, but recent attempts to regulate technology abuses don't raise many hopes in this area. Indeed, even Congress seems to be getting skeptical. Chris Walsh posts on EC:

    Massachusetts Congressman Ed Markey asks Dennis Hastert whether legislation protecting mobile phone users' privacy has been sent to a "legislative 'Guantanamo Bay'" in order to modify it so that intelligence gathering activities analogous to those affecting land lines would be unimpeded.

    The problem is a little more deep-seated than that I fear. Probably, the battle to protect cell phone records from the intel community is already lost. (Including other than with your own national agencies who are looking out for your interests. Above, it mentions foreign governments buying US records, and I wouldn't be surprised if the NSA already has access in Europe.) The question is whether anything else can be saved.

    Probably not, I would guess, if the data mining juggernauts are anything to go by. But it does bring up the amusing contrast between Europeans and Americans. Europeans don't mind that much if government gets their records, but are horrified if private companies do. Whereas Americans speak with utter fear of their government spying on them, but happily accept that it is the private sector's right to trade this information. Perhaps for the first time, people on both sides of the Atlantic have some angst to share.

    Posted by iang at 02:26 PM | Comments (1) | TrackBack

    April 19, 2006

    Numbers on British Fraud and Debt

    A list of numbers on fraud, allegedly from The Times (also) repeated here FTR (for the record).


    Regular credit card number: $1
    Credit card with 3-digit security code: $3-$5
    Credit card with code and PIN: $10-$100
    Social security number (US): $5-$10
    Mother's maiden name: $5-$10
    £56.4 ($100) billion:Total amount owed on British credit cards
    141.1 million:Number of credit, debit and charge cards in Britain
    1.9 billion:Number of purchases on credit and charge cards in Britain a year
    £123 billion:Total value of credit and charge card purchases a year
    5:Number of credit, debit and charge cards held by 1 in 10 consumers
    £58:Average value of a purchase on a credit card
    £41:Average value of a debit card purchase
    88 percent:Proportion of applicants who have been issued with a credit card without providing proof of income
    £504.8 ($895) million:Total plastic-card fraud losses on British cards a year
    £1.3 ($2.3) million:Amount of fraud committed against cards each day
    7:Number of seconds between instances of fraud
    £696 ($1,235):Average size of fraud, 2004

    (Printing them in USD is odd, but there you go... I've preferred the Times' UKP amounts above, as there were a number of mismatches.)

    Posted by iang at 10:01 AM | Comments (2) | TrackBack

    April 11, 2006

    Threatwatch - Voice Threat Models are Snafu - Situation Normal All F***ed Up

    Something bothers me about the recent spate of crypto voice news - it looks like we have bungled the threat model, yet again. Do we never learn?

    For some reason phone tapping, VoIP and the like is much in the news, and a couple of references have been spotted to suggestions that we should rise to defend that space. Firstly over at the cryptography list, where all are agog about wiretapping in Greece, secondly in many articles to-ing and fro-ing over zFone and Skype (go guys!) and now a more serious call from Bruce Schneier in Wired:

    "This is why encryption for VOIP is so important. VOIP calls are vulnerable to a variety of threats that traditional telephone calls are not. Encryption is one of the essential security technologies for computer data, and it will go a long way toward securing VOIP."

    I'm all for it! But the repeated references to encryption have that earthly Douglas Adams feel to them - somewhere between "mostly harmless" and downright dangerous through systemic underestimation.

    We all love encryption. But when it comes down to it, encrypting the voice channel is such a small part of the equation that I wonder why the fuss? Is it because we all get that wonderful geeky buzz when we shove 256 bits of full blooded AES right back up the NSA's pipe? Smoke that, spook!

    I think that's a lot to do with it. And I wouldn't want to ruin anyone's fun - coz crypto should be fun - but while all the cryptographers are dancing around counting bits on a pinhead, they are in danger of missing the real threat.

    No, I'll go further than that. We, they, me, all of us - the whole Internet security community - has actually missed the threat. Quite possibly by a decade or so.

    The real threat is tracking.

    Why is this? Lots of reasons, but unfortunately they are ho-hum, low tech, under the radar reasons. Not things that the geeks can get addicted to, not ones that give them a buzz. Nothing you can write about in Wired, or in cryptography lists, or the popular journalism of the security press, I suppose.

    Still, let's give it a shot and see if we can't save the voice threat model before it follows its predecessors into a decade of confusion, waste, and endless laugh value for the attackers. There are a number of ways of looking at this. I'm not shy, I'll try them all.

    Consider GSM, as a great forerunner to encrypted VoIP. It uses something like a 40-bit crypto algorithm that's as weak as water. After cryptoplumber Lucky Green reverse-engineered it out of the chips in a 3 month marathon hacking effort, cryptobuddies Dave and Iang (the other one) cracked the actual algorithm in an afternoon. By the time that was done, GSM as a cryptosystem was just so many bits strewn across the floor, or at least the standard version of A5 was. The journalists loved it!

    Or so it seems. In fact, the security model was still good! GSM was unchallenged because Lucky and friends weren't in GSM's threat model - the papparazzi and the phone spoofers were the threat and those scum still have some deal of trouble making their attack.

    Meanwhile, the GSM juggernaut rumbled on, untroubled. We are now in a Europe where there are as many phones as people - everyone but everyone has one, and every Finn has two. (And they're all encrypted - Yoo Hoo! Plus, if you have one of those supercool cryptophones, they are doubly encrypted at 256+256 volts .. er .. bits!)

    The Americans aren't that far behind, with the slight notable exception of having many different systems. Asian and Latino cultures show no real slackening in cellphone worship either, probably because the lack of good copper systems overcame any braking effect of lower incomes.

    Now, consider the facts. That is, the facts that are extracted from tracking versus the facts that are extracted from wiretapping. The facts we can get from tracking are hard - when, where, with whom. They look good in a database, they cross-correlate, they datamine, they stand in court. Indeed, all of society's investigative, dispute and judicial processes are based on these sorts of facts, so the new technology of person tracking fits in well with the old ways of doing things.

    In contrast consider the facts in a voice conversation. They are hard to put in a database (so forget about datamining), they consume racks and racks of data storage, they have to be searched for quality, and when it comes down to it, they are pretty darn soft - recordings of voice don't stand well in court. Ludicrously, there seems to be research that suggests that use of wiretaps correlates negatively with conviction rates.

    So we have this little thing in our pocket - all of us - and it's trackable. It generates a quality set of facts. All the time, whenever it's powered on. Which leaves one question only - are the facts available?

    Nominally, most governments and telcos will say that such data are not available. But evidence is starting to suggest another picture. I have it on reasonable but anecdotal authority that the police in a few countries in Europe have full access to GSM tracking - at the tower. The developments in the US would suggest that the NSA isn't that far behind, unless they are already there (there's that silly story about machines collecting data not being against the rules -- what to make of that? -- well, the story is there and repeated by the spooks, so they must be saying it for a reason . . .). And, plans proceed afoot to integrate this data-that's-not-illegal across the usual suspects, the TLAs.

    Here's one anecdote I might have heard. Police - your ordinary plod - can pick you up off the streets, like at a demonstration or something, and show you on TV in the vicinity of other demonstrations ... other months ... other places ... with other people ... using public surveillance cameras.

    Now, how could they have correlated all that information? Perhaps they were using a blue tooth rifle on your iPod? Maybe the police are tracking the RFIDs in your clothing?

    Nah - the only systems approach that makes sense is that they are datamining the tower hand-off records. How this works we leave as an exercise to the victim.

    This all would have been fine and dandy 20-30 years ago when governments in the west were a bit better behaved. But these days, suppression of civil liberties, tracking the naysayers, secret databases and so forth is all the rage (much to the chagrin of the newly liberated eastern european peoples. "What, we got rid of communism . . . for this?").

    As it all seems to be happening in secrecy, and as there are therefore no safeguards in place, this is a valid threat. If your local police can track you, they can also blackmail you. Even before we get to dishonest police, there are the telcos.

    Here's how this this threat evolves. First, they say they don't collect the data. Then they say they don't use it, except for engineering purposes. Then, they say that there are safeguards. Then, they say they don't supply it outside the company. Then, they sell it.

    Then, they just make it up. It takes less than 10 years across the full life-cycle from total privacy to total piracy, and telcos have had a decade or two, already. Governments aren't any help.

    Your power in anonymity is stripped away by the secret availability of such tracking databases. We the people have no clue how this information is being used - and likely the first time we find out is when we can buy it ourselves to start spying on our spouses. (oops.)

    Other than switching off the phone, what's to be done?

    Well, all those cryptophone projects out there are still good - they just have to adjust their threat models. They've covered threats 2 through 9, now they need to think about threat #1. VoIP phones with any encryption are still fantastically good while there isn't massive and pervasive IP# tracking. (oops.)

    To advance that theme - continue to support the cryptophones - Skype, Zfone, etc. They are your friends, both. But also cast an eye to the IP detrackers: Tor and the like. In my opinion, the whole P2P space (Jim says here) is far more relevent to the future of security, privacy, etc than any product that knows how to spell AES.

    Give me RC4 layered over hazenet any day. Hell, give me Rot13 if you can make a good showing that it's deeply hidden in the noise. Fixing Rot13 is child's play compared to unfixing a static IP# or a Sim#.

    Posted by iang at 12:49 PM | Comments (1) | TrackBack

    April 10, 2006

    Threatwatch - pricing the password crack

    Some stats on how much it costs to crack a password:

    MSN Hotmail$175

    Found on crackspider. I'm a bit suspicious of the site as it sent firefox and konqueror into contortions ... so I'll refrain from posting the URL.

    Posted by iang at 11:08 AM | Comments (2) | TrackBack

    April 08, 2006

    ThreatWatch - Sony is your friend, Game Over?, Meccano costs, and it'll all be better in two years

    Dan Kaminsky writes on the Sony experience:

    Learning from Sony: An External Perspective

    ‘What happens when the creators of malware collude with the very companies we hire to protect us from that malware?’ Bruce Schneier, one of the godfathers of computer security, was pretty blunt when he aired his views on the AVindustry’s disappointing response to the Sony rootkit (for an overview of the rootkit and its discovery see VB, December 2005, p.11). His question was never answered, which is fine, but his concerns were not addressed either, and that’s a problem.

    The incident represents much more than a black eye on the AV industry, which not only failed to manage Sony’s rootkit, but failed intentionally. The AV industry is faced with a choice. It has long been accused of being an unproductive use of system resources with an insufficient security return on investment. It can finally shed this reputation, or it can wait for the rest of the security industry to finish what Sony started. Is AV useful? The Sony incident is a distressingly strong sign that it is not.

    I'm not sure what to make of the threats situation here. On the one hand, it is shocking, simply shocking to think of corporates deliberately increasing the risks of consumers so as to make more money. But, in reality, this has been going on for decades. So what we need is not less but more of the Sony threats. We need more information out in the public view so that we can all more clearly analyse the threats here. I call for more Sony rootkits :)

    Has Microsoft declared Game Over?

    In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.

    "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.

    Basically, the OS cannot be protected, and in the event of infection, you have to re-install. That's one brave disclosure, but better they start seeding the public with this info less later than later still.

    Fear of security is starting to bite in the US - in contrast to anecdotal evidence. Entrust did a survey that said:

    Fear of alienating customers

    Banks recognize they must increase online security, but are equally concerned that making Web sites harder to use will drive customers back to telephone and branch banking.

    "Telephone transactions cost banks 10 times as much to process as Internet transactions. And an in-branch transactions cost 100 times Internet transactions," Voice said.

    About 18 percent of online bank customers have already cut back or stopped banking online completely because of security worries, according to an Entrust survey.

    It is the cutting back or stopping that is causing the fear from the Meccano trojans I reported on a bit back (also known as MITB or Man-in-the-Browser). Forcing people back to phone or branch has massive cost and deployment ramifications. In the face of these costs, expect many banks to simply suffer the losses. Unfortunately, this won't be socially acceptable, as the majority of the costs are borne by the consumer, not the institution.

    Lynn spots the latest crazy threat to invade media mindspace - Beware the 'pod slurping' employee

    A U.S. security expert who devised an application that can fill an iPod with business-critical data in a matter of minutes is urging companies to address the very real threat of data theft. ....

    "(Microsoft Windows) Vista looks like it's going to include some capability for better managing USB devices, but with the time it's going to take to test it and roll it out, we're probably two years away from seeing a Microsoft operating system with the functionality built in," Usher said. "So companies have to ask themselves, 'Can we really wait two years?'"

    This is not a new threat, just an old threat with a sexy new toy. Don't believe we had to wait for Apple for the innovative solution to employees' desperate needs to walk out with lots of data...

    On the other hand, read that second paragraph above carefully. If you don't like today's scenario, you'll have to wait about 2 years, assuming that Vista has some sort of answer to whatever it is you don't like. I don't normally do stock picks but here's one that screams: buy Apple, sell Microsoft. Users will, even if you don't.

    A bit of BitTorrent bother. In brief, ISPs have been using "traffic shaping" to identify Bittorrent traffic and drop it. In response, the top three clients have added an RC4 encryption capability. Threats everywhere...

    In closing, 1 in 10 Laptops Stolen:

    "Up to 1 in 10 laptops will be stolen during their lifetime according to one of the Law Enforcement Officers behind the new Web site"
    Posted by iang at 07:46 PM | Comments (0) | TrackBack

    March 25, 2006

    Meccano Trojans coming to a desktop near you

    Scuttlebut is circulating in the anti-virus world about the new class of trojan about to emerge. Details - facts - are scanty, and several exaggerations seem to already have fallen flat on their face already. Having said that, a general pattern is emerging, and it looks like a significant advance in the threat state of the Internet. Here's what I've picked up so far.

    The new class of trojan evidences an ability to deconstruct and reconstruct the browser in the phisher's image. That is, it is a sort of meccano kit for phishers, which allows the construction of a new phisher-friendly browser. The meccano trojan operates on the Microsoft Windows operating system and allegedly is coded up for both IE and Firefox, so Firefox has crossed GP.

    I say above "evidences an ability" because the view is that the kit is not quite there yet, but it's near enough to be "just around the corner." There is substantial uncertainty about this, because the details are being shared hush-hush. My feeling from the scuttlebut is that the first meccano trojans will roll into Windows machines within a month or so, in what could be considered to an alpha test of the concept. Within 6 months, that should shake out and the meccano concept will be well tried and tested. But that's just a feeling based on a secret stacked up on a prediction.

    If you prefer to think in classical PKI terms, this means that the MITM is now inserted into the browser. Hence, this attack was later named as the Man in the Browser, or MITB (note inserted 2009). PKI is rendered bypassed, in a way that is indefensible to PKI at least. Deep security readers will recall that one hard-wired assumption of PKI was that the threat was on the wire, and the node was safe, and we've now reached the point where that assumption is broken in theory and in practice.

    Let's summarise. First the facts: A new trojan class is capable of taking over the browser on Windows platforms. It covers both IE and Firefox. It renders all security within the browser theoretically breached.

    Second, the anti-facts. Everything written above is unconfirmed, so they are not facts at all! Next, the notion that suddenly the browser disappears into a puff of smoke and the user is left naked and unprotected just doesn't make sense - to me at least. There still remain substantial economic defences against any given attack - just because one component is broken doesn't mean the system starts handing out your cash left and right. There are also things that users - both individuals and corporates - can do to protect themselves, and there many many things that sites can do to change the economics.

    What then makes me believe that this is substantial without waiting for the unobtainable facts? Three things. Firstly, this is predicted in concept if not in detail. Any security researcher worth their salt has written off the nodal security model as far as Windows goes - I wrote about the fatal conceit of the threat reversal some time ago, and to many that was good logic but oh-so-ho-hum. Next, it is only the timeframe that we are arguing about, and we are about due for this. Note how last week's news predicts the browser attack:

    "MetaFisher uses HTML injection techniques to phish information from victims after they've logged into a targeted bank account, said Dunham, which lets attackers steal legitimate TAN numbers (one-time PINs used by some banks overseas) and passwords without having to draw them onto phony sites."

    Finally, those that are vulnerable and have seen more of the story are taking it seriously. Banks in one place that I know have already formulated their response and are moving to put it in place. In this case, it is a banking sector that is not particularly vulnerable anyway, and their solution will work - which already tells you what corner of the world it is. For the financial cryptographers, the solution is simply moving more towards the model Ricardo and x9.59 pioneered, c.f., Anne & Lynn, Gary & myself.

    So where does that leave us? The fundamental statement would seem to be that the Windows platform can no longer be considered secure, not for any security that you might actually need. That day has arrived. Beyond that there is a huge amount of analysis needed to say more, far more than I can do in one post. I'll stop with these broad questions, recognising that asking the question is easier than answering it.

    • Is the Mac safe? Is it next, and when does the Mac cross GP?
    • Is the authentication model dead? Or can it be redeemed?
    • Where does this leave PKI?
    • Should online banking stick with the browser? Or go for another platform?
    • Online banks have the resources to fix these things, but what about the rest of us?
    • Are the actions of the anti-virus community helping or hindering?
    • Where goes Microsoft? Is it game over?

    Far too much for one day. I'll leave you with Dan Kozen's fine bull, which symbolised my 2006 prediction of more government intervention, and today stands in for the running of the other more successful bulls.

    Thankfully, the regulators appear to be showing restraint, in that they are signalling that the problem belongs to the banks. The central banks have confirmed their intention to put risk sharing in place for online banking: the user will be on the hook for something like the first 150-250 of the fraud. After that, the bank picks up the rest. This is critical - both the bank and the user must engage in the security protocol, and any attempt to do otherwise is living in state of sin, to paraphrase John von Neumann.

    Let's hope the regulators hold the line on that one, and prove at least one of my predictions dead wrong.

    Posted by iang at 10:33 AM | Comments (12) | TrackBack

    March 18, 2006

    Threatwatch - trojan hijacking, proxy victims, breaching conflicts of legal interest, semi-opaque blue hats

    Bad news for Microsoft, but (other) browsers may breath a sigh of small relief. It seems that there is a shift from email-based phishing across to trojan hijacking. Predictable - as people gradually wake up to phishing, and as the easy targets are phished out, we can expect the well-funded attackers to shift to new waters.

    LURHQ’s description of an E-gold Trojan was an early foreshadowing of things to come. E-gold is an e-cash operation, similar to Paypal. Turns out they’ve been under constant attack from these advanced Trojans for a few years now.

    The E-gold Trojan waits for the victim to successfully authenticate to E-gold’s Web site, creates a second hidden browser session, and uses various spoofing tricks until it drains the victim’s account. Because the stealing and spoofing is started after the authentication is completed, no amount of fancy log-on authentication would prevent the heist. All too telling is LURHQ’s prediction that “other banking institutions are sure to be attacked in this manner in the future.”

    In the more mundane and routine phishing waters (thanks, Gordon):

    In a smart site redirection, the attacker creates several identical copies of the spoofed site, each with a different URL, often hosted by different ISPs. When the phishing e-mails go out, all include a link to yet another site, a "central redirector." When the potential victim clicks on the e-mailed link, the redirector checks all the phishing sites, identifies which are still live, and invisibly redirects the user to one.

    I see signs of a new trend in reportage of threats to US financial institutions. Above, and here:

    The report cites the W32/Grams Trojan that targets 'e-gold' but doesn't launch an attack until the authentication process has been monitored and completed, as e-gold uses a number of security measures, such as limiting account access to an individual IP address and the use of one-time passphrases.

    Spot it? If you can name e-gold then you can get away with embarressing someone who can't fight back. But if it is a regulated financial institution, it shouldn't be named - if the debit card PIN debacle in the US is anything to go by. Nobody quite knows what is going on there, what happened, and who it happened to. Other than the consumers, that is.

    Knowing what happened is critical to security. Only with hard facts as to the real breach can we understand the risks. Only with understanding the risks can we counter them. If big banks have to be embarressed in that process then so be it - the goal is security, right?

    Which means that naming e-gold is a net good - they become a proxy for the banks' woeful security practices. "Sucks to be them." But at least they got invited into a new coalition of the willing:

    A group of 18 financial institutions and internet providers have joined forces with child advocacy groups in the US and Europe in an effort to eradicate commercial child pornography by 2008. The internet has allowed child pornography to become a multi-billion dollar industry, and the newly formed Financial Coalition Against Child Pornography aims to kill the business model behind the sites by blocking access to payment services including credit cards.

    Again, e-gold have been a favourite target of blame for child pornography, and it is not exactly clear that the mud sticks. The reason for putting together a group is possibly explained here:

    One problem for the card companies is that it is illegal for anyone other than law-enforcement officials to look at child porn. This has made it difficult to proceed with their own internal controls.

    "The great thing about this coalition is that it gives us for the first time an independent entity to decide the validity of a particular image - and if it is child porn or not - and gives us actionable information," says Joshua Peirez, group executive of global public policy at MasterCard in Purchase, N.Y.

    How the coalition gets around that illegality question is an open question - but it certainly points the way towards a nominally independent body that can govern the question without other conflicts of interest. And, conflicts of interest and other disasters are the rule with such investigations, as reported here by Adam:

    An international investigation of internet-based child pornography has led to accusations against innocent victims of credit card fraud, a CBC News investigation has found. In other cases, victims of identity theft found themselves fighting to save their reputations, jobs and marriages after their names were used to buy child pornography.

    Just exactly how do you deal with a false accusation so severe that due process is foregone? Any security strategies for that?

    And finally, to return to Microsoft's bad news. They seem to have run something of a coup in security forums:

    MARCH 16, 2006 (IDG NEWS SERVICE) - Microsoft Corp. is going public with some of the hacking information discussed at its Blue Hat Security Briefings event. Just days after the end of its third Blue Hat conference, the software vendor today posted the first blog entries at a new Web site. Microsoft is also promising to publish more details on the secretive invitation-only event.

    The Web site will include Microsoft staffer's "reflections on BlueHat 3" as well as photos, podcasts and video interviews with some of the presenters, said Security Program Manager Kymberlee Price in a blog posting. "We sincerely hope that our BlueHat 3 speakers (and BlueHat 1 & 2 speakers) will post their comments to the site as well and share their BlueHat experience," she wrote.

    Which at first blush sounds almost convincing. So, if it is so open and touchy feely, why is it also so secretive? Routine champions of open process such as Adam have supported the secrecy agenda (albeit under a label of privacy) so we are definately hearing two messages here, among the many echoes of the past.

    The normal reason for secrecy is so as to control the agenda for own gain, whatever the headline reason is. In Microsoft's case they benefit if they can get the information they need and not reveal any themselves. Obviously, nobody is quite that naive these days, so some stuff may have to be revealed. Especially, what they do reveal should not reveal their more controversial intentions, so maybe what is not revealed is likely more interesting than what is not. And, as we saw with the "high assurance" case, there is a definate advantage in getting everyone else to respect privacy, as it gives Microsoft first-announcer privileges.

    Aside from that, I think we are still in net positive. Microsoft have failed to get their house in order, and we see more and more signs that they are trying various ideas to get outside help. Without admitting this, that is, but the observation remains that they are the only organisation that is doing any out-reach on security at all, and they are the only player that is looking at security for security's sake, albeit highly filtered with other monetary interests.

    (I should hasten to add that I doubt this is caused by any new-found public spirit on their part, it's almost certainly a rational analysis of the huge and growing risks Microsoft face in the security field.)

    Posted by iang at 01:46 PM | Comments (3) | TrackBack

    March 07, 2006

    ThreatWatch - the Mac gets hacked

    ZDNet Australia reports more substantial evidence that Mac OS X has a real problem with security has surfaced. In the interests of fairness and seeing my own predictions bite the dust, here's the news:

    On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

    Participants were given local client access to the target computer and invited to try their luck.

    Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".

    The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.

    "It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .

    Yowsa! Some work to do, guys! Maybe we're all back to OpenBSD again... A little more digging, and Arstechnica and MacWorld both indicate the hack was less dramatic than it sounds:

    Firstly, the hack was that of privilege escalation, not a pure remote exploit. The web site author had enabled SSH, the Unix "Secure Shell" tool that has replaced telnet as a means for accessing networked machines from the command line. He then configured an LDAP (Lightweight Directory Access Protocol) database and added a web-based interface so that visitors to the site could add their own shell accounts to the system. These shell accounts were given limited user access, so in theory they should not have been able to access or modify any files that were owned by the system or by other accounts. The hacker used a vulnerability in OS X to promote the privileges of this account, thus "gaining root" and becoming able to modify any file on the computer at will.

    Ah. You have to have a shell account on there in the first place. That's different. To counterbalance that, CS news reports:

    "In response to the woefully misleading ZDnet article, 'Mac OS X hacked under 30 minutes', the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). The challenge is as follows: simply alter the web page on this machine, The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open."

    Cool. Stopwatches running...

    Posted by iang at 02:47 PM | Comments (4) | TrackBack

    FraudWatch - Chip&Pin, a new tenner (USD10)

    Chip&Pin in Britain measured a nearly full year of implementation (since February) and found fraud had dropped by 13%. They say that's good. Well, it's not bad but it is a far cry from the 80% figures that I recall being touted when they were pushing it through.

    The Chip and Pin system cut plastic card fraud by 13% in 2005, according to the Association of Payment Clearing Services (Apacs). Losses due to the fraudulent use of credit and debit cards fell last year by £65m to £439m.

    Most categories of fraudulent card use dropped, except for transactions over the phone, internet or by mail. Chip and Pin cards were introduced in 2004, with their use becoming required in shops from February this year.

    The new type of card appears to have brought a decisive turnaround with fraud levels now back to the levels last seen in 2003. In 2004, as the new cards were being introduced, card fraud continued to shoot up, by 20%, costing banks and retailers more than half a billion pounds.

    Sandra Quinn of Apacs hailed the impact of Chip and Pin, which has been rolled out to most of the UK retailing and banking industries since October 2003:

    "Seeing card fraud losses come down is cast-iron proof that Chip and Pin is doing its job. Back in 2002 we forecast that fraud would have risen to £800m in 2005 if we didn't make the move to Chip and Pin so it's heartening to see total losses well beneath this figure" she said.

    So maybe if we factor in such a prediction of 800m, down now to 439, we are seeing a drop of 45%. I'd say that according to GP they moved too late and ended up with an institutionalised fraud at a high and economic level. Clawing that back is going to take some doing.

    And, also from PaymentNews, the US mint continues its sly dance to use other colours than green:

    Security Features
    The redesigned $10 note also retains three of the most important security features that were first introduced in the 1990s and are easy to check: color-shifting ink, watermark and security thread.

    Color-Shifting Ink: Tilt your ten to check that the numeral "10" in the lower right-hand corner on the face of the note changes color from copper to green. The color shift is more dramatic on the redesigned notes, making it even easier for people to check their money.

    Watermark: Hold your ten up to the light to see if a faint image of Treasury Secretary Alexander Hamilton appears to the right of his large portrait. It can be seen from both sides of the note. On the redesigned $10 note, a blank oval has been incorporated into the design to highlight the watermark's location.

    Security Thread: Hold your ten up to the light and make sure there's a small strip embedded in the paper. The words "USA TEN" and a small flag are visible in tiny print. It runs vertically to the right of the portrait and can be seen from both sides of the note. This thread glows orange when held under ultraviolet light.

    To protect our economy and your hard-earned money, the U.S. government expects to redesign its currency every seven to ten years.

    Everything is good fun about that page, even the URL!

    Posted by iang at 05:10 AM | Comments (16) | TrackBack

    February 19, 2006

    More dots than you or I can understand (Internet Threat Level is Systemic)

    fm points to Gadi Evron who writes an impassioned plea for openness in security. Why? He makes a case that we don't know the half of what the bad guys are up to. His message goes something like this:

    DDoS -> recursive DNS -> Fast Flux -> C2 Servers -> rendevous in cryptographic domainname space -> bots -> Phishing

    Connecting the dots is a current fad in america, and I really enjoyed those above. I just wish I knew what even half of them meant. Evron's message is that there are plenty of dots for us all to connect, so many that the tedium of imminent solution is not an issue. He attempted to describe them a bit later with his commentary on the recent SSL phishing news:

    Some new disturbing phishing trends from the past year:

    POST information in the mail message
    That means that the user fills his or her data in the HTML email message itself, which then sends the information to a legit-looking site. The problem with that, is how do you convince an ISP that a real (compromised) site is indeed a phishing site, if there is no phishy-looking page there, but rather a script hiding somewhere?

    Trojan horses
    This is an increasing problem. People get infected with these bots, zombies or whatever else you’d like to call them and then start sending out the phishing spam, while alternating the IP address of the phishing server, which brings us to…

    Fast Flux is a term coined in the anti spam world to describe such Trojan horses’ activity. The DNS RR leading to the phishing server keeps changing, with a new IP address (or 10) every 10 minutes to a day. Trying to keep up and eliminate these sites before they move again is frustrating and problematic, making the bottle-neck the DNS RR which needs to be nuked.

    We may be able to follow that, but the bigger question is how to cope with it. Even if you can follow the description, dealing with all three of the above is going to stretch any skilled practitioner. And that's Evron's point:

    What am I trying to say here?

    All these activities are related, and therefore better coordination needs to be done much like we do on the DA and MWP groups, cross-industry and open-minded. R&D to back up operations is critical, as what’s good for today may be harmful tomorrow (killing C&C’s as an example).

    The industry needs to get off its high tree and see the light. There are good people who never heard about BGP but eat Trojans (sounds bad) for breakfast, and others need to see that just because some don’t know how to read binary code doesn’t mean they are not amazingly skilled and clued with how the network runs.

    This is not my research alone. I can only take credit for seeing the macro image and helping to connect the dots, as well as facilitate cooperation across our industry. Still, as much as many of this needs to remain quiet and done in secret-hand-shake clubs, a lot of this needs to get public and get public attention.

    Over-compartmentalizing and over-secrecy hurts us too, not just the US military. If we deal in secret only with what needs to be dealt in secret, people may actually keep that secret better, and more resources can be applied to deal with it.
    Some things are handled better when they are public, as obviously the bad guys already know about them and share them quite regularly. “Like candy” when it comes to malware samples, as an example.

    The Internet threat level is now systemic, and has been since the arisal of industrialised phishing, IMO. I've written many times before about the secrecy of the browser sector in dealing with phishing, and how the professional cryptographic community washed its hands of the problem. Microsoft's legendary castles of policy need no reminder, and it's not as if Apple, Sun, Symantec, Verisign or any other security company would ever do any better in measures of openness.

    Now someone over the other side of the phishing war is saying that he sees yet other tribes hiding in their fiefdoms, and I don't even know which tribes he's referring to. Gadi Evron concludes:

    -opinion-Our fault, us, the people who run these communities and global efforts, for being over-secretive on issues that should be public and thus also neglecting the issues that should really remain under some sort of secrecy, plus preventing you from defending yourself.

    Us, for being snobbish dolts and us, for thinking we invented the wheel, not to mention that we know everything or some of us who try to keep their spots of power and/or status by keeping new blood out (AV industry especially, the net-ops community is not alone in the sin of hubris).

    It’s time to wake up. The Internet is not about to die tomorrow and there is a lot of good effort from a lot of good people going around. Amazing even, but it is time to wake up and move, as we are losing the battle and the eventual war.

    Cyber-crime is real crime, only using the net. Cyber-terrorism will be here one day. If we can’t handle what we have on our plate today or worse, think we are OK, how will we handle it when it is here?

    Posted by iang at 08:03 AM | Comments (2) | TrackBack

    February 14, 2006

    SSL phishing, Microsoft moves to brand, and nyms

    fm points to Brian Krebs who documents an SSL-protected phishing attack. The cert was issued by Geotrust:

    Now here's where it gets really interesting. The phishing site, which is still up at the time of this writing, is protected by a Secure Sockets Layer (SSL) encryption certificate issued by a division of the credit reporting bureau Equifax that is now part of a company called Geotrust. SSL is a technology designed to ensure that sensitive information transmitted online cannot be read by a third-party who may have access to the data stream while it is being transmitted. All legitimate banking sites use them, but it's pretty rare to see them on fraudulent sites.

    (skipping details of certificate manufacturing...)

    Once a user is on the site, he can view more information about the site's security and authenticity by clicking on the padlock located in the browser's address field. Doing so, I was able to see that the certificate was issued by Equifax Secure Global eBusiness CA-1. The certificate also contains a link to a page displaying a "ChoicePoint Unique Identifier" for more information on the issuee, which confirms that this certificate was issued to a company called Mountain America that is based in Salt Lake City (where the real Mountain America credit union is based.)

    The site itself was closed down pretty quickly. For added spice beyond the normal, it also had a ChoicePoint unique Identifier in it! Over on SANS - something called the Internet Storm Center - Handler investigates why malware became a problem and chooses phishing. He has the Choicepoint story nailed:

    I asked about the ChoicePoint information and whether it was used as verification and was surprised to learn that ChoicePoint wasn't a "source" of data for the transaction, but rather was a "recipient" of data from Equifax/GeoTrust. According to Equifax/GeoTrust, "as part of the provisioning process with QuickSSL, your business will be registered with ChoicePoint, the nation's leading provider of identification and credential verification services."

    LOL... So now we know that the idea is to get everyone to believe in trusting trust and then sell them oodles of it. Quietly forgetting that the service was supposed to be about a little something called verification, something that can happen when there is no reason to defend the brand to the public.

    Who would'a thunk it? In other news, I attended an informal briefing on Microsoft's internal security agenda recently. The encouraging news is that they are moving to put logos on the chrome of the browser, negotiate with CAs to get the logos into the certificates, and move the user into the cycle of security. Basically, Trustbar, into IE. Making the brand work. Solving the MITM in browsers.

    There are lots of indicators that Microsoft is thinking about where to go. Their marketing department is moving to deflect attention with 10 Immutable Laws of Security:

    Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
    Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
    Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
    Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
    Law #5: Weak passwords trump strong security
    Law #6: A computer is only as secure as the administrator is trustworthy
    Law #7: Encrypted data is only as secure as the decryption key
    Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
    Law #9: Absolute anonymity isn't practical, in real life or on the Web
    Law #10: Technology is not a panacea

    Immutable! I like that confidence, and so do the attackers. #9 is worth reading - as Microsoft are thinking very hard about identity these days. Now, on the surface, they may be thinking that if they can crack this nut about identity then they'll have a wonderful market ahead. But under the covers they are moving towards that which #9 conveniently leaves out - the key is the identity is the key, and its called psuedonymity, not anonymity. Rumour has it that Microsoft's Windows operating system is moving over to a psuedonymous base but there is little written about it.

    There was lots of other good news, too, but it was an informal briefing, so I informally didn't recall all of it. Personally, to me, this means my battle against phishing is drawing to a close - others far better financed and more powerful are carrying on the charge. Which is good because there is no shortage of battles in the future.

    To close, deliciously, from Brian (who now looks like he's been slashdotted):

    I put a call in to the Geotrust folks. Ironically, a customer service representative said most of the company's managers are presently attending a security conference in Northern California put on by RSA Security, the company that pretty much wrote the book on SSL security and whose encryption algorithms power the whole process. When I hear back from Geotrust, I'll update this post.

    That's the company that also ditched SSL as a browsing security method, recently. At least they've still got the conference business.

    Posted by iang at 06:21 AM | Comments (1) | TrackBack

    February 07, 2006

    The Market Price of a Vulnerability

    More on threats. A paper Paul sent to me mentions that:

    Stuart Schechter’s thesis [11] on vulnerability markets actually discusses bug challenges in great detail and he coined the term market price of vulnerability (MPV) as a metric for security strength.

    A good observation - if we can price the value of a vulnerability then we can use that as a proxy for the strength of security. What luck then that this week, we found out that the price of the Windows Metafile (WMF) bug was ... $4000!.

    The Windows Metafile (WMF) bug that caused users -- and Microsoft -- so much grief in December and January spread like it did because Russian hackers sold an exploit to anyone who had the cash, a security researcher said Friday.

    The bug in Windows' rendering of WMF images was serious enough that Microsoft issued an out-of-cycle patch for the problem in early January, in part because scores of different exploits lurked on thousands of Web sites, including many compromised legitimate sites. At one point, Microsoft was even accused of purposefully creating the vulnerability as a "back door" into Windows.

    Alexander Gostev, a senior virus analyst for Moscow-based Kaspersky Labs, recently published research that claimed the WMF exploits could be traced back to an unnamed person who, around Dec. 1, 2005, found the vulnerability.

    "It took a few days for exploit-enabling code to be developed," wrote Gostev in the paper published online, but by the middle of the month, that chore was completed. And then exploit went up for sale.

    "It seems that two or three competing hacker groups from Russian were selling this exploit for $4,000," said Gostev.

    (That's a good article, jam-packed with good info.) Back to the paper. Rainer Bohme surveys 5 different vulnerability markets. Here's one:

    Vulnerability brokers are often referred to as “vulnerability sharing circles”. These clubs are built around independent organizations (mostly private companies) who offer money for new vulnerability reports, which they circulate within a closed group of subscribers to their security alert service. In the standard model, only good guys are allowed to join the club. The customer bases are said to consist of both vendors, who thus learn about bugs to fix, and corporate users, who want to protect their systems even before a patch becomes available. With annual subscription fees of more than ten times the reward for a vulnerability report, the business model seems so profitable that there are multiple players in the market: iDefense, TippingPoint, Digital Armaments, just to name a few.

    OK! He also considers Bug Challenges, Bug Auctions, Exploit derivatives, and insurance. Conclusion?

    It appears that exploit derivatives and cyber-insurance are both acceptable, with exploit derivatives having an advantage as timely indicator whereas cyber-insurance gets adeduction in efficiency due to the presumably high transaction costs. What’s more, both concepts complement one another. Please note the limitations of this qualitative assessment, which should be regarded as a starting point for discussion and exchange of views.
    Posted by iang at 10:52 AM | Comments (1) | TrackBack

    Picturing her location

    On this article there is a picture. Which is worth a thousand words.

    Coming to a mobile/cell near you. The text says "as of 04/11/2005 15:30:51 (2 months, 2 weeks ago), the GPS Device PERSONAL TRACKER was in the vicinity of Wimbledon"

    Which reminds me of the recent Woody Allen movie, Match Point. I should also pass on Fm's pointer that as of 05/23/2005 12:00:00 (2 years, 9 months ago), the NTK Threats Tracker was in the vicinity of spot on:

    Still, technology marches on. If you ask us, the real future is in *massively parallel peer-to-peer* elves. Take FLEET ONLINE. This Dutch business-oriented service was introduced a month ago to the UK. It's a pay-as-you-go site that lets companies instantly locate their employees' mobile phones, to a granularity of the nearest cell (ie 50m in urban areas). Positioning costs 25p a shot. Here's the real gimmick, though: you can sign up yourself, and then add any mobile phone you'd like to be geolocated. Oh sure, your victim will get an initial "Do you want to be tracked?" opt-in message, and then another in two weeks. But think of all the phones you can get physical access to long enough to say yes to that original text. Friends! Spouses! Potential stalking fodder! And what you could do in two weeks. Supposing you're a burgling elf: you could nick that phone, sign it up, give it back, find out where they live via the geolocator. And then *find out when they're out*! It's a RISKS Digest all of its own! - that'll give the geourl people something to play with

    Posted by iang at 05:10 AM | Comments (1) | TrackBack

    February 05, 2006

    Threatwatch - tracking you, tracking me, tracking us all

    We all know that cell-phones have been trackable to the tower point quite trivially, and even beyond that if the operator deigns to do some triangulation. That's how they - allegedly - tracked the London bomber through Italy.

    But I admit to being surprised that the telco operators would *sell* this information. I suppose it is obvious, in hindsight, but what cojones!

    I unplugged her phone and took it upstairs to register it on a website I had been told about. It looks as if the service is mainly for tracking stock and staff movements: the Guardian, rather sensibly, doesn't want me to tell you any more than that. I ticked the website's terms and conditions without reading them, put in my debit card details, and bought 25 GSM Credits for £5 plusvat.

    Almost immediately, my girlfriend's phone vibrated with a new text message. "Ben Goldacre has requested to add you to their Buddy List! To accept, simply reply to this message with 'LOCATE'". I sent the requested reply. The phone vibrated again. A second text arrived: "WARNING: [this service] allows other people to know where you are. For your own safety make sure that you know who is locating you." I deleted both these text messages.

    On the website, I see the familiar number in my list of "GSM devices" and I click "locate". A map appears of the area in which we live, with a person-shaped blob in the middle, roughly 100 yards from our home. The phone doesn't go off at all. There is no trace of what I'm doing on her phone. I can't quite believe my eyes: I knew that the police could do this, and telecommunications companies, but not any old random person with five minutes access to someone else's phone. I can't find anything in her mobile that could possibly let her know that I'm checking her location. As devious systems go, it's foolproof. I set up the website to track her at regular intervals, take a snapshot of her whereabouts automatically, every half hour, and plot her path on the map, so that I can view it at my leisure. It felt, I have to say, exceedingly wrong.

    Well, that basically means we all now have the tracking devices that we all were scared off. Never mind the bluster about warning messages, somehow we all slipped into the tracking society without even knowing it.

    The tracking threat meter is now pegged hard ON. The response is likely to be IP telephony with bluetooth/802.11 bridging into the open network. Not because of the eavesdropping - that old silly worry about encryption - but because of the location searching. Eavesdropping is not an economic threat to most people most of the time, but tracking is. Tracking location can be used years afterwards, whereas nobody on the planet except the NSA has time to listen to 1000's of hours of chit chat with the spouse.

    Meanwhile something that didn't surprise me was the Greek Prime Minister's affair:

    Athens - Mobile phones belonging to top Greek military and government officials — including the Prime Minister — and the U.S. embassy were tapped for nearly a year beginning in the weeks before the 2004 Olympic games, the government said Thursday. .... Mr. Roussopoulos said the surveillance was carried out through spy software installed in the central system of Vodafone, the mobile telephony provider that served the targets. Calls were then diverted to mobile phones using pay-as-you-go services, which are difficult to trace.

    So, someone connected into the switches and installed some diverts or conference shares. Cunningly, they diverted the conference sharing to pre-paid mobiles which were probably hacked to record.

    Now, my experience in telcos doesn't go very far, having only worked twice for them, and then only peripherally to switches. But here's what I recall, FWIW (please, anyone with more uptodate info, chime in!) :

    Switches have very basic security. They are all digital, these days. They are all centrally manageable. And the source code is secret. e.g., it's almost as bad as windows - you google around, download a few docs and programs, hack in and you're in. The only reason this is unknown is because switches just aren't that interesting. (Waddya gonna do - divert your mother's few phone calls? Download Paris Hilton's billing records? Roight... Phone phreaking disappeared the minute Internet came along because the net was more fun.)

    Better, or worse, the security departments work hand in glove with the national authorities. The switches are after all built by very big companies, almost always "national champions." They are generally sold to other very big companies, who all used to be national champions back in the good old days, but these days are more likely to be wannabe champions with the same mindset.

    So I would conclude that this is in the "of course" basket. Of course you - anyone - can do this, the challenge would be to show that you couldn't. More apropos would be to ask if this sort of capability is built into Cisco routers. Just in the "China specials" or all of them?

    Cisco also released a statement recently aimed at dispelling the persistent rumor that it sold China custom hardware designed to make censorship simple. The company, it says , "has not designed or marketed products for any government to censor Internet content." Reporters without Borders disagrees - and they were the ones who had the Congressional ear today.

    Or, to ask what the Greek counter-intelligence people are up to - what were they doing all these years letting their assets use unprotected mobile phones over unprotected and wide-open commercial telco networks? How dumb is that?

    The list of about 100 people whose telephones were tapped included the ministers of foreign affairs, defence, public order and justice. Most of Greece's top military and police officers were also targeted, as were foreign ministry officials, a US embassy number and the prime minister's wife, Natasha.

    My advise - if Natasha divorces the PM, she should name the chief of counter-intelligence agencies in the filing.

    Greece reveals cellphone tap spy scandal
    Thursday, February 2, 2006 Posted at 7:35 PM EST
    Associated Press
    Athens - Mobile phones belonging to top Greek military and government officials — including the Prime Minister — and the U.S. embassy were tapped for nearly a year beginning in the weeks before the 2004 Olympic games, the government said Thursday.
    It was not known who was responsible for the taps, which numbered about 100 and included Greek Prime Minister Costas Caramanlis and his wife, and the ministers of foreign affairs, defence, public order and justice. Most of Greece's top military and police officers were also targeted, as were foreign ministry officials and a U.S. embassy number. Also tapped were some journalists and human rights activists.
    The phone tapping “started before the 2004 Olympic Games and probably continued until March 2005, when it was discovered,” government spokesman Theodoros Roussopoulos said at a news conference.
    Mr. Roussopoulos said it had not been possible to identify who was behind the tapping.

    “It was an unknown individual, or individuals, who used high technology,” he said.
    Mr. Roussopoulos said the surveillance was carried out through spy software installed in the central system of Vodafone, the mobile telephony provider that served the targets.
    Calls were then diverted to mobile phones using pay-as-you-go services, which are difficult to trace.
    An investigation showed that these mobiles had been used in a central Athens area where many foreign embassies are located, though Mr. Roussopoulos refused to speculate on whether foreign agencies might be involved.
    “I estimate that no harm was caused to our national issues,” Mr. Roussopoulos said. “The prime minister does not just use one mobile phone.”
    He said the government first heard of the tapping in March 2005, when it was tipped off by Vodafone Greece CEO Giorgos Koronias.
    Vodafone — one of the country's four mobile telephony providers — discovered the tapping after receiving complaints from customers over problems operating their phones.
    Mr. Koronias issued a statement saying the company removed the spyware immediately after it was located, and informed the competent state authorities.
    Athens prosecutor Dimitris Papangelopoulos brought misdemeanor charges of breaching the privacy of phone calls against “unknown persons” earlier Thursday, the Justice Minister said.
    The prosecutor will also investigate whether there are grounds for bringing criminal charges of espionage, the Minister said.
    The government pledged the inquiry would be full and fair.

    Posted by iang at 08:49 AM | Comments (7) | TrackBack

    February 04, 2006

    The Price for Your Identity

    So what does it cost to forge an identity? Here's a list of costs (with updates moved to end) that lead us to the answer. First off, in Britain:

    When interviewed the duo said they were conducting at least eight transactions a day, totalling around 5,000 sales over two years. A passport would cost £350, a national insurance card or a driving license would cost £50 to £75.

    In Japan, driver's licences are no trouble if you know a Colombian (sorry, URL is duff, see below for full story).

    The Hyogo prefectural police and other police headquarters have arrested 12 members of the ring, nine of them Colombians. The police reported that some of the suspects said that in addition to the forged passports, they bought bogus driver's licenses and cash cards before entering Japan for only 20 dollars.

    Back to Britain, and the Sunday Herald dives into the business of undercover policework. Here's a heavily redacted snippage indicating a top-drawer contender.

    He tells us one passport costs just over £1000, but if we buy more, the price drops to around £800. ... There, Pavel brings out a sample of the kind of passport he will be able to get for us. The passports are 100% authentic to the eye. ... British immigration and passport experts who examined the document on guarantee of anonymity said it was “the very best [they’d] ever seen”. It even passed an ultraviolet light test which British passport controllers use to show up hidden watermarks which are in every genuine document.

    They said it was “real” and could easily be used to open a bank account without alerting any suspicion.
    The officer, who takes the lead on ID theft within the SDEA, added: “There has been an upswing in the trade in fake documentation.

    Addendums. Just found some numbers from an old post on EC:

    Social Security cards run about $20, green cards about $70 and a California driver's license between $60 and $250. The price jumps up for higher-quality documents, such as IDs with magnetic strips containing real information — often from victims of identity theft.

    Maybe that's where I got the idea from...

    Please note that the purpose of collecting this information is for security researchers to form a validated view of what it costs an attacker to breach their designs (so I won't bother to point out where you can buy them).

    Most security designs simply assume that collecting the identity of someone grants the holder magical security properties; unfortunately the truth is far less encouraging and the result is that relying on identity collection is probably only reliable for stopping honest people and your poorer class of criminal from defrauding the system.

    Here's my predicted benchmark - forging any identity costs approximately 1000 (in today's major units). I'll update that as we get better into it.

    20 dollars IDs foil immigration officials

    The Yomiuri Shimbun

    Colombians arrested here over their suspected involvement in a burglary ring entered Japan on fake passports and other forms of counterfeit identification purchased for only 20 dollars, police learned Thursday.

    The Hyogo prefectural police quoted one of the suspects as saying there is an organization in Colombia that forges such documents.

    The ring is suspected of committing more than 100 burglaries in 11 prefectures, including Osaka and Hyogo, over the last three years, netting items and cash worth hundreds of millions of yen.

    The Hyogo prefectural police and other police headquarters have arrested 12 members of the ring, nine of them Colombians. The police reported that some of the suspects said that in addition to the forged passports, they bought bogus driver's licenses and cash cards before entering Japan for only 20 dollars.

    Some of the suspects reportedly told the police that many houses are left unlocked in Japan, and people here pay little thought to crime prevention.

    The suspects are believed to have sold electrical appliances and other stolen items and sent the money to relatives in Colombia.

    According to the Hyogo prefectural police, one of the suspects previously had been deported from Japan, but returned on a fake passport.

    The police arrested the alleged ringleader Akihiro Nagashima, 36, and two Colombian men in November on suspicion of stealing a television and other items from a house in Wakayama. Nagashima has been indicted on the charge.

    The burglary ring is believed to comprise about 20 members, about 80 percent of whom are believed to be Colombians.

    (Jan. 28, 2006)

    ¿ The Yomiuri Shimbun.


    20060305 USA reports how much it costs to find false identities:

    Glendining offers his doormen $20 gift certificates for each fake ID pulled. In recent years, the fake IDs have gotten better. “You really gotta make the best effort you can,” Glendining said.

    The bar keeps a sample of real and fake IDs around for doormen to learn from. Telltale signs of a fake include IDs that crack when bent, eye color or height that doesn’t match or a nervous person shuffling. But oftentimes, it comes down to the feel of the ID.

    Spotted in EC.

    20060223. Israel:

    The Israeli passport is considered to be one of the easiest passports to forge and can be purchased in Asia, and especially in Thailand's markets, for anywhere from USD 500 to 2000. The Israeli passport is in great demand because people carrying it can enter Asian countries without a visa. .... During interrogation, [six Iranians] confessed that they purchased the passports in Thailand for USD 1,000 for the purpose of entering Macau easily.

    20060216, Britain:

    LONDON: The head of security at Arsenal’s new stadium ran a racket supplying guards on the site with fake passports. Ademola Adeniran, 39, an illegal immigrant, supplied documents stamped with "indefinite leave to remain" for men working there. Adeniran, of Hackney, was caught with more than 100 fake Nigerian and South African passports when police raided his home. They are thought to be worth £200 each on the black market.

    20060212. In Britain

    London is a major centre for Asian and African gangs based in Thailand to sell counterfeit European passports, mostly to people from the Middle East, immigration police chief Pol Lt-Gen Suwat Thamrongsrisakul says. Immigration police last year seized 572 fake passports, of which 184 were Belgian, 155 Portuguese, 139 Spanish and 94 French, he said yesterday. All the counterfeits were printed in Bangkok, taken to London and sold for about 1,000 (about 68,000 baht) each by brokers who made about 20% profit on them, he said.

    20060516. In Britain

    "I charge £700 for each one but can give you a £100 discount if you order two. I can do most EU countries including Greece, Denmark, Spain, Italy, Poland, Latvia and Lithuania."
    Posted by iang at 04:56 PM | Comments (1) | TrackBack

    January 19, 2006

    The node is the threat: Mozilla, the CIA, Skype, Symantec, Sony, .... and finally a WIRE THREAT: Bush

    Firefox reaches around 20% market share in one "weekend" survey in Europe. Bull-rating! If this keeps going on, I'll run out of predictions by the end of January.

    In other news, a Firefox developer caused a furore on slashdot by adding a URL tracking feature. Firefox needs to meet the interests of parties other than yourself in your browsing habits. In this case, it is probably Google; the fact that the developer put the feature in without any way to turn it off is telling.

    Readers will recall a recent thread on governance in non-profits which goes some way to explaining this confusion (1, 2). Mozilla now has two interested groups - those that supply money and those that don't. How Mozilla brings itself to reconcile the conflicts between these two groups is worth watching - but also difficult to divine, as Mozilla have a fairly consistent policy of debating in secret and announcing later (the root list policy was a notable exception!).

    The threats situation is daily growing more complex. Let's review more evidence (as if it is needed) on threat models. Over in Milan, prosecutors have revealed some details of the CIA kidnapping case. The alleged kidnappers left behind disk drives with emails that warned the agents to get out of Italy, as well as indicated who was the leader of the kidnapping crew.

    On June 23, the day the warrants were issued, police searched the villa in the Italian wine region of Asti where Lady had retired with his wife at the end of 2003. From the hard drive of one of his computers police recovered the e-mail message, which someone had attempted to delete, plus other documents they say establish Lady as the organizer of the kidnapping.

    The prosecutors have distributed 22 search warrants throughout Europe and intend to seek extradition from the US next. One of the alleged kidnappers was reached by reporters in Washington DC, but her name was not published at the request of the CIA, who say she is still active and undercover. (Which would then put the reporters in the curious position of obstructing justice if they ever travel to Europe!)

    Back to threat models. That email on that drive! Darn it, the threat is on the node, says I. For a long time now I have been asserting that _the node is the threat_ and I've conducted a search for evidence that there is any threat to the wire. Long, boring, and ultimately futile was the quest! But now, I can at last reveal the quest may be over:

    The Bush administration is engaged in the novel legal experiment of ordering illegal wiretaps so as to show why it needs the facility to harvest Americans' conversations without a court supervision. We now have an Executive Order, no less, mandating the NSA to threaten the wires of civilian America. Now, in times past one could have said that the NSA would have been strictly interested in bad guys outside the country, giving some protection to the populace who weren't plotting the overthrow of the USA. But those days are gone, even inside supporters of the administration are admitting that these extraordinary powers are desperately needed to get back at the internal enemies that made life so difficult for them in the past years. And I'm not just referring to the democrats or democracy. So this means we have bona fide evidence of a major eavesdropping threat to the wire - albeit one to Americans only.

    Still, even with this stunning Executive Order, no less, the threat to the node remains more severe, I claim. News just in from Skype in China:

    Skype had a dilemma. The Internet telephony and messaging service wanted to enter China with TOM Online (TOMO), a Beijing company controlled by Hong Kong billionaire Li Ka-shing. Li's people told their Skype Technologies (EBAY) partners that, to avoid problems with the Chinese leadership, they needed filters to screen out words in text messages deemed offensive by Beijing. No filtering, no service.

    At first Skype executives resisted, says a source familiar with the venture. But after it became clear that Skype had no choice, the company relented: TOM and Skype now filter phrases such as "Falun Gong" and "Dalai Lama." Neither company would comment on the record.

    First blood! This might be the first news that Skype is not protecting its users, which might explain why that other panda-shaped company, eBay, was ready to buy it. OTOH, the news comes from BusinessWeek, who aren't exactly above a hatchet job for political favours.

    Either way, Skype was good while it lasted. In the department of corporate attackers it seems that Symantec has also been caught out installing root kits on Windows machines. They issued a patch, but not before saying that they were unaware of any hackers taking advantage... Oh, and poor old Sony, another corporate attacker caught with its hands in the root kit cookie jar has waved the white flag:

    Federal judge Naomi Rice Buchwald gave tentative approval on Jan. 12th to a settlement in one of the many lawsuits filed against Sony over the rootkits. The settlement terms included offering cash payments or free music downloads to buyers of the affected CD's, and prevents Sony from selling any CD's with copy-protected software until 2008 at the earliest.

    Lawsuits filed by Texas Attorney General Greg Abbott and the Electronic Frontier Foundation against Sony are still going ahead.

    Thank heavens someone is taking on the attackers. Security observers (I no longer use the term 'security expert', a new year's resolution) scurried for cover in case they were asked to suggest whether a crime had been committed. Windows users may as well get used to it - with friends like that, they're not in dire need of new enemies.

    Posted by iang at 06:53 AM | Comments (0) | TrackBack

    December 28, 2005

    2006 - The Year of the Bull

    2005 was when the Snail lost its identity. What is to come in 2006? Prediction always being a fool's game compared to the wiser trick of waiting until it happens and then claiming credit, here's a list of strategic plays for the year to come.

    1. Government will charge into cybersecurity. So far, the notion of government involvement has been muted, as there have been enough voices pointing out that while the private sector may not have a good idea, it certainly has a less bad idea than the government. Cybersecurity departments have been duly and thankfully restricted.

    I suspect in 2006, the Bull will begin to Roar through our China Shop. Calls seem to be escalating in all areas. This is a reflection of many factors:

    For all that, calls to send in the cavalry will increase. Oh course, we know that we the user will be more insecure and poorer as a result of the Bull market for cybersecurity. What we don't know is how much worse it will be, and I daren't predict that :)

    2. Anti-virus manufacturers will have a bad year. Not so much in profits, which might perversely go up, but in terms of their ability to make a difference. Kapersky of eponymously named company points out that it is getting much harder. We know the crooks are getting much more focussed due to their revenues cycle. Also of note is that Microsoft has entered the game of selling you (not me) protection for their OS breaches - bringing with it a whole messy smelly pile of conflicts which will make it even harder for the "independent" anti-virus providers.

    3. Firefox will continue to grow. My guess is that it will get past 15%, probably to 20%. Microsoft won't fight back seriously, they have other battles, even though this would leave them at say 70-75% (Safari, Opera, Konqueror take 5-10%).

    3.b But sometime by the end of the 2006, Firefox will be seriously bloodied as it runs into security attacks targetted directly at it. What does this mean? Firefox crosses GP sometime soon, in terms of financial fraud.

    The only ones this will surprise will be Mozilla. Most observers with a clue have realised that Firefox has enjoyed its reputation due to reasonably sound factors, but these factors are just basic engineering issues like a re-write and solid coding practices, not those high level practices that distinguish the security projects (BSD, PGP, etc).

    This probably won't hold back Firefox's growth, as their mission to give browser users a choice remains aligned with our needs, and it remains tremendously useful even if the security rep takes a knock. So be it. But by the end of the year, expect some hand-wringing and moaning and more than usually confusing comments from Mozo Central's revolving security spokesman of the day.

    3.c Also expect Mozilla to start talking about the next step in commercialisation -- the IPO. The discipline of the public company will start to look very attractive to those tasked with sorting out intractable internal conflicts inherited from the touchy-feely open source world.

    4. In payments, the number of non-bank payment systems looks like it will increase dramatically. Gift card systems are exploding as companies discover that they take the money up front so they get financing at a better rate than the bank offers -- Free! -- and the wastage rate is better than any retail margin seen outside monopoly products. It doesn't take much for these to be integrated into an online account system - after all, what is a gift card but a psuedonymous account identifier. Then, once the alignment takes place, adding user-to-user payments is just a switch to throw one the weekend when your bank isn't looking. Maybe 2006 will be the year of the indie payment system?

    5. No predictions for the gold sector. Even though the gold unit is skyrocketing and will continue to do that, there are continuing woes facing the issuers which they haven't sorted out long term. The bounty of people rushing up the gold price curve is offset by the cowboy image of the gold issuers.

    6. Mac OSX will get to 7 or 8% of the market, maybe 10% if the intel change goes well. Given the aggressiveness of the PC world, that can be considered to be a stunning result. The BSDs and the Linuxes still won't penetrate the desktop as much as we'd like, but it will become reasonable to talk about a Microsoft-free environment.

    6.b I might finally acquire a Mac. Not because I want to -- I hate the UI, the keyboards suck, and they haven't got the reliability of the old thinkpad workhorses -- but for reasons too irrelevent and arcane to go into today.

    7. Google will grow and prosper and survive. This might be an odd thing to predict, but the thing with Google is that it is a bit like a Netscape with an endless supply of revenue. As one insider put it to me recently, it was a boon to the world when Netscape was cleaned out as that meant we could get on with business. Unfortunately, google has lots of revenue, so the mad cats will be financed and the projects just go on and on and on... I expect by the end of the year, though, we'll see adverts for cat herders as long term insiders realise that some chaos is good but most is just chaos.

    8. Microsoft will not succeed in sorting out its security mess and will continue to lose market share. Let's get this in perspective - it will probably drop down from around 90% to around 80% allround. Nothing worth crying over, and indeed, it will give the company some sorely lacking focus.

    Some time around the end of 2006, some soul searching will result in serious investigation of other operating systems. So, who wants to bet on what OS Microsoft will pick up? Here's my anti-picks: it won't be Unix, and it won't be Java (which in its J2EE form is more or less a server OS, and then there's Swing...).

    9. Macs won't be seriously hit by security issues, but will suffer a few minor embarrassments which will be trumped up in the press. The Mac application space will come under attack. On the other hand, Apple doesn't look ready for a security war, and will muff it, regardless. Welcome to the Hotel California!

    10. I've predicted these before and not seen them so I'll predict them again:

    • class action suites on security against suppliers.
    • the perfect phish - one that includes the SSL+certs within, rather than goes around
    • Also look for a real-time phish to defeat the two-factor authentication tools that the banks are rushing out now.

    In the security world, it is important to avoid the disclosure of being completely and utterly wrong; these above predictions are my way of avoiding that terrible fate. Neat, huh? On the other hand, I probably needn't have bothered. The security discipline is missing, presumed dead. Experts have hummed and hahed and shuffled feet over the mess for so long that it is now at the point where when anyone hears a so-called 'security expert' talk, they mentally discount most of what is said.

    Try it! By the end of the year, I predict open derision of anyone who pretends to be a security professional. Dilbert, anyone?

    11. By the end of 2006, the secure browsing system that we know and love to hate -- SSL, $30 certificates, popup madness and that sodding padlock -- will have been bypassed. By the good guys, I mean -- it's been bypassed by the bad guys for several years, already.

    It will no longer be part of the security model for browsing. What will become the security model will depend on what sector is doing the securing:

    • banks will have their two-factor tokens because they were told to,
    • smart users (and their mothers) will have their Trustbars and Petnames,
    • smart companies will customise the above plugins, and
    • even smarter operators will send out confirmations by email and by cell/mob

    That's for the lightweight stuff. For the heavyweight stuff, look for alternate plaforms, like....

    12. We'll see the much more use of two-factor authentication by cellular or mobile phone. I.e., SMS messages, or downloadable programs on phones to calculate the challenge/response. Why? Everyone's got a phone and they are a separate means of communication. (Why it's taking so long bothers me - is there something I'm missing?)

    13. Unluckily for authors, artists, and blog writers, nothing much will change in DRM. Music sellers will sue file swappers, concentrating on the demographic of 12-17. File swappers will continue to swap, and learn how much better their own music is. The techniques of both sides will advance and both will be widely copied and nobody will make any money.

    My bulls here are courtesy, and if I made any money from this blog, I'd be one sorry matador. Some time around 2007, all IP owners will realise they cannot win this war, and all swappers will get religious about DRM. A papal bull will be issued and a property love-in will ensue. Nobody will fight over the rights for the book, musical, philosophical or TV. By then we will have worked out the killer rights paradigm - convenience.

    Hopefully we will be invited back for the love-in. Merry Xmas, Happy New Year, Season's Greetings, and may your packets move at Kelvin speed. I wish you a happy Year of the Bull.

    Some other predictions:

    Posted by iang at 04:14 PM | Comments (5) | TrackBack

    December 17, 2005

    Sighting of near-extinct beast - the profitable crypto attacker

    Regular readers know that I frequently stress that many threats are unvalidated in that they derive from a textbook or a security salesman's hyperactive imagination. So it behoves to collect data on what are validated threats. In what might be a first and is certainly an event of rarity, we now have a report that indicates two cryptosystems that were breached in an attack of value.

    The first looks like a classical insider attack against a digsig system by tricks that bypassed the checking of the signatures by switching their need off.

    It is the second one that is of more interest as it looks like a direct attack on the encryption system, rather than a bypass attack.

    E-Hijacking new threat to trucking

    by Sean Kilcarr, senior editor - Nov 3, 2005 4:02 PM

    WASHINGTON D.C. The growing use of telematics for both gathering truck performance data and for sending and receiving shipping documents also exposes trucking to a new form of crime called "e-hijacking."

    At a special trucking safety and security seminar hosted by law firm Patton Boggs LLP here in the nation's capital, Stephen Spoonamore, CEO of data security consulting firm Cybrinth, gave examples of recent e-hijacking events to illustrate why data security in trucking needs tightening.

    He pointed to the supposed loss of 3.9-million banking records stored on computer backup tapes that were being shipped by UPS from New York-based Citigroup to an Experian credit bureau in Texas. "These tapes were not lost - they were stolen," Spoonamore said. "Not only were they stolen, the theft occurred by altering the electronic manifest in transit so it would be delivered right to the thieves." He added that UPS, Citigroup, and Experian spent four days blaming each other for losing the shipment before realizing it had actually been stolen.

    Spoonamore, a veteran of the intelligence community, said in his analysis of this e-hijacking, upwards of 15 to 20 people needed to be involved to hack five different computer systems simultaneously to breach the electronic safeguards on the electronic manifest. The manifest was reset from "secure" to "standard" while in transit, so it could be delivered without the required three signatures, he said. Afterward the manifest was put back to "secure" and three signatures were uploaded into the system to appear as if proper procedures had been followed.
    "What's important to remember here is that there is no such thing as 'security' in the data world: all data systems can and will be breached," Spoonamore said. "What you can have, however, is data custody so you know at all times who has it, if they are supposed to have it, and what they are doing with it. Custody is what begets data security."

    Another case involved a fleet of 350 trucks shipping hazardous materials using telematics to download and track vehicle operating data in real-time - monitoring engine speed, hard braking events, etc.

    Spoonamore said the data streams coming from those vehicles only used a basic level of encryption - codes broken by what he called an "enterprising" local law firm that proceeded to download four months of operating data on each truck - especially the actual road speed of each truck over that period, down to the decimal point. The law firm then sued the trucking company for speeding violations, using the carrier's own telematics data against it.

    "[Telematics] can tell you at 2 a.m. precisely where your truck is - but do you know where your data is at that time? That's why you can't totally trust your computer anymore," Spoonamore cautioned.

    Note the difference between the two: the hackers in the first had to expose themselves to significant costs to attack the system; this is in accordance with the goal of the security, being to raise the costs of the attack. In the second, once cracked, the costs of the attack were fairly minimal and there was little exposure. So much so that the attacker successfully entered court and displayed all!

    Other bloggers have picked it up (EC pointed to Bruce Schneier). Chris Walsh quite correctly points out it is uncorroborated, and the notion of an insider attack involving 15-20 people has to be treated with care if not outright suspicion. Still, something happened, and this is one to watch in our developing threat scenario.

    Maybe we can now start a count of how many times the crypto is attacked!

    Addendum:I incorrectly attributed the comments above to Adam, it was Chris who posted over on Emergent Chaos.

    Posted by iang at 09:48 AM | Comments (2) | TrackBack

    November 27, 2005

    Who v. Who - more on the dilemma of the classical attacker

    In the military they say no plan survives the first shot, and call this aptly "the fog of war." The best laid plans of the security industry and various parliaments (US Congress, the European Union, etc) are being challenged in war as in music. Now comes news that one DRM supplier is threatening to reverse-engineer the DRM of another supplier.

    A company that specializes in rights-management technology for online stores has declared its plans to reverse-engineer the FairPlay encoding system Apple uses on iTunes Music Store purchases. The move by Cupertino-based Navio Systems would essentially break Apple’s Digital Rights Management (DRM) system in order to allow other online music retailers to sell downloads that are both DRM-encoded and iPod-compatible by early 2006.

    “Typically, we embrace and want to work with the providers of the DRM,” said Ray Schaaf, Navio’s chief operating officer. “With respect to FairPlay, right now Apple doesn’t license that, so we take the view that as RealNetworks allows users to buy FairPlay songs on Rhapsody, we would take the same approach.”

    In 2004, after unsuccessfully courting Apple to license FairPlay, RealNetworks introduced its Harmony technology, which allowed users to buy music from online sources other than the iTunes Music Store and transfer it to their iPod. RealNetworks’ move was then denounced by Apple as adopting “the tactics and ethics of a hacker to break into the iPod.” In December of 2004, Apple shot back by releasing an iPod software update that disabled support for RealNetworks-purchased songs.

    I forgot to add: This trend is by no mean isolated, as pointed to by Adam. Here's an account of AOL inserting capabilities into our computers. I noticed this myself, and had to clean out these bots while making a mental note to never trust AOL with any important data or contacts.

    Big mistake. That was my list, not AOL's. They've violated my personal space. By doing this they've demonstrated that my data — my list of contacts — can be tampered with at their whim. I have to wonder what comes next? Can my lists be sold, or mined for more data? Will they find out if my buddies purchase something online and then market that thing to me, on the assumption that I share mutual tastes? Just what is AOL doing with my data?

    Posted by iang at 10:00 AM | Comments (1) | TrackBack

    November 19, 2005

    Security is failing - more evidence from Sony

    In the fall-out from the Sony root-kit affair, here's an interesting view:

    Sony Rootkits: A Sign Of Security Industry Failure?

    Nov. 18, 2005 By Gregg Keizer TechWeb News

    One analyst wonders why it took so long to catch onto Sony's use of rootkits on CDs and whether customers may have a false sense of security.

    Sony's controversial copy-protection scheme had been in use for seven months before its cloaking rootkit was discovered, leading one analyst to question the effectiveness of the security industry.

    "[For] at least for seven months, Sony BMG Music CD buyers have been installing rootkits on their PCs. Why then did no security software vendor detect a problem and alert customers?" asked Joe Wilcox, an analyst with JupiterResearch.

    "Where the failure is, that's the question mark. Is it an indictment of how consumers view security software, that they have a sense of false protection, even when they don't update their anti-virus and anti-spyware software?

    "Or is it in how data is collected by security companies and how they're analyzing to catch trends?"

    Ouch! I wondered before who was attacking who, but this is a good point that goes further. Why didn't anti-virus programs detect the attack from Sony? We rely on the anti-virus sellers in the Microsoft field to protect from the weakness of the underlying OS.

    It shouldn't be a surprise to discover that there is some form of selective detection going on in the Microsoft security world - the rest of the article identifies that their source of information is problem reports, honeynets, and a vague but interesting comment:

    "Frankly, we were busy looking for where the [spyware] money was going," said Curry. "We weren't looking at legitimate industries."

    This is probably as it should be. Microsoft creates the vulnerabilities and the rest of the industry follows along cleaning up. It isn't possible to be more than reactive in this business, as to be proactive will lead to making mistakes - at cost to the company selling the security software. So companies will routinely promise to clean up 100% of the viruses on their list of viruses that they clean up 100% of.

    (Note that this still leaves the cost of missed attacks like the Sony rootkit, but that is borne by the user, a problem for another day.)

    The next interesting question is whether Sony, or the inevitable imitators that come along, are going to negotiate a pass with the anti-virus sellers. That is, pay blood money to anti-virus scanners for their rootkit. In the spam world, these are called "pink sheets" for some obscure reason. Will an industry in acceptable, paid for attacks on Microsoft's OS spring up? Or has it already sprung up and we just don't know it?

    If so, I'd have to change the title of this rant to "Security is getting more economic..."


    Posted by iang at 08:58 AM | Comments (1) | TrackBack

    November 13, 2005

    anti-forensics - why do vapourware security tools sell so well?

    Hagai Bar-El points to a paper on the market for anti-forensic tools - ones that wipe your tracks after you've done your naughty deed.

    I have just enjoyed reading "Evaluating Commercial Counter-Forensic Tools" by Matthew Geiger from Carnegie Mellon University. The paper presents failures in commercially-available applications that offer covering the user's tracks. These applications perform removal of (presumably) all footprints left by browsing and file management activities, and so forth. To make a long story short: seven out of seven such applications failed, to this or that level, in fulfilling their claims. ...

    The next thing I was wondering about is how come these products sell so well, given that they do not provide what they state they do, in a way that is sometimes so evident.

    I think a partial answer to why these things sell so well might be found in the debate about security as viewed as a market in insufficient information. It has been suggested that security is a market for lemons (one where the customer does not know the good from the bad) but I prefer to refer to security as a market for silver bullets (one where neither the customer nor the supplier know good from bad).

    Either way, in such insufficient markets, the way sales arise is often quite counter intiutive. In a draft paper (html and PS), I make the claim that sales in the market for security have nothing to do with security, but are driven by other factors.

    So, once we appreciate that disconnect in the market, it's quite easy to prediuct that vapourware sells better than real product, because the real product has higher costs which means less marketing. All other things being equal of course.

    Another partial answer is that the bad guys that do need to evade the FBI (and competitors) will know the score. They also know something that shows them
    to be generally astute: they generally mistrust privacy-oriented technology as being fraudulent in claims because it can't be easily checked up on. So sales of products will tend to go to people who believe claims - being those who actually have no strong reason to rely on the claims.

    Posted by iang at 10:21 AM | Comments (0) | TrackBack

    October 26, 2005

    Breaking Payment Systems and other bog standard essentials

    Many people have sent me pointers to How ATM fraud nearly brought down British banking. It's well worth reading as a governance story, it's as good a one as I've ever seen! In this case, a fairly bog standard insider operation in a major brit bank (not revealed but I guess everyone knows which one) raided some 2000 user accounts and probably more. They did all this through the bank's supposedly fool proof transaction system, and the bank aided and abetted by refusing to believe there was an issue! Further, given the courts willingness to protect the banks' secrecy, one can say that the courts also aided and abetted the crooks.

    This is the story of how the UK banking system could have collapsed in the early 1990s, but for the forbearance of a junior barrister who also happened to be an expert in computer law - and who discovered that at that time the computing department of one of the banks issuing ATM cards had "gone rogue", cracking PINs and taking money from customers' accounts with abandon.

    This is bog standard. Once a system grows to a certain point, insider fraud is almost a given, and it is to this that the wiser FCer turns. As I say, this is a must-read, especially if you are new to FC. Here's news for local currency pundits on how easy it is to forge basic paper tokens.

    In a world of home laser printers and multimedia PCs, counterfeiting has become increasingly easy. With materials available at any office supply store, those with a cursory knowledge of photo-editing software can duplicate the business-card-size rewards cards once punched at Cold Stone Creamery or the stamps once given out at Subway sandwich sho........

    Steven Bellovin reports that Skype have responded to criticisms over their "secret cryptoprotocol."

    Skype has released an external security evaluation of its product; you can find it at (Skype was also clueful enough to publish the PGP signature of the report, an excellent touch -- see The author of the report, Tom Berson, has been in this business for many years; I have a great deal of respect for him.
    --Steven M. Bellovin,

    Predictibly, people have pored over the report and criticised that, but most have missed the point that unless you happen to have an NSA-built phone on your desk, it's still more secure than anything else you have available. More usefully, Cubicle reports that there is an update to Skype that repairs a few bugs. As he includes some analysis of how to exploit and create some worms... it might be worth it to plan on updating:

    The Blackhat in me salivates at the prospect. It’s beautiful security judo, leveraging tools designed to protect confidentiality (crypto) and Availability (peer-to-peer) to better hide my nefarious doings. Combine it with a skype API-based payload and you’ve got a Skype worm that can leverage the implicit trust relationship of contact lists to propagate further, all potentially wrapped inside Skype’s own crypto.

    Too bad the first that most of Skype’s 60 million-and-growing users will ever hear of it will be after someone who does pay attention to these sorts of things decides they want to see if it’s possible to create a 60-million node botnet or retire after making The One Big Score with SkypeOut and toll fraud.

    Hey Skype, Ignoring Risk is Accepting Risk–NOT Avoiding it. Put this on your main page while upgrading is still prevention rather than incident response.

    A little hyperventilated, but consider yourself in need of a Skype upgrade.

    Posted by iang at 03:08 PM | Comments (1) | TrackBack

    September 20, 2005

    Phishing in Pogo's Swamp

    This week's phishing roundup starts with (thanks Lynn) sighting of a HTTPS phish. The attacker used a self-signed cert, and as we know browsers commonly fall to self-signed MITMs because of the popup madness ...

    A new, advanced form a phishing dubbed "secured phishing" because it relies on self-signed digital certificates, can easily fool all but the most cautious consumers, a security firm warned Thursday.

    Browser manufacturers were warned of the problem, were told how to fix it, and even given fine demos. Opera reports that it has made its browser ad-free. Welcome, but I continue to be confused about Opera's security - they claim:

    Already regarded as the world's fastest, most secure browser, Opera speeds up your Web browsing with these innovative features: ...
  • Protect against identity theft and phishing with integrated security features
  • yet looking at the screen shots on the page it seemed very much like last time I looked - underwhelming. Opera practically haven't updated their security beyond the default Netscape model of 1995, so to say it's the world's most secure browser is just marketing hype; it seems more to me that Opera is fighting with other browser manufacturers for the award of "browser least responsive to user security needs."

    Meanwhile, evidence is beginning to accrue that the US (at least, the non-techie part) is starting to take the issue seriously, and americans do not like what they find...

    Adam reports on 'the story of a mother whose child was stillborn, and her inability to get the marketing to stop, from "A Lost Baby, and the Pain of Endless Reminders in the Mail," in the New York Times.'

    My first reaction was shock, then anger. Why did the baby formula company have her due date? I had shared our baby's due date with only two businesses: my health insurance company and a Web site for expectant and new parents. When I registered to enter the Web site, I specifically requested that it not share my information with third parties.

    And also on how mandatory ID cards will make for yet another database full of SSNs as yet another aid to identity theft. Good stuff. There are now a steady stream of reports of surveys that suggest that Americans will leave their banks if they get hit by identity theft. Glenbrook points at EDS slams banking security - Financial Services

    Gartner suggests that this is part of a $50bn problem. When they numbers get that big it makes for a lot of difficulty rationalising them ("oh, it's less than Katrina, so that's ok?") but a careful reading doesn't seem to challenge the overall level of phishing at about a $1bn problem. It might have stabilised at this point.

    Litan said that banks in Britain were far better at sharing information and working with each other to minimise exposure to this kind of fraud. The incentive to sign up new customers is great in Europe but in the US it's even more pronounced because banks send out 1,937 pieces of marketing information for every new sign-up. "The goal is getting new customers and banks are not that hungry about eating into fraud," she said.

    Here's an article that reminds us that there are two problems, not just one (the Microsoft PC is woefully infected with viruses and keyloggers and other malware, as well as your browser's inability to tell you who you are talking to...)
    "Tremendous growth of cybercrime, report says." I'd remind them not to forget that online banks aren't that secure themselves... but it seems that banks also have other problems to deal with (Perfect Storm).

    And to wrap up, (Adam again reports) chat of the underlying systemic issue - if you trade data like it was property, then you might not want to include your identity in the catalogue.

    ''As an aside [writes Chapell], some might argue that there's little distinction between "evil doer" and "data broker". I prefer to view the latter as the poster children for another unregulated industry that is screaming for the Government to step in. ... Of course, the trouble with choking off data flow is that it tends to be contrary to the concept of a free society. And since none of us seem to want to live under an EU privacy regime, then what's a privacy conscious American to do?''

    First, [writes Adam]I think that Chapell is spot on here: The gossip-mongers would love to trade higher costs in the form of regulation for limits on their liability and high barriers to entry.

    Second, the industry relies heavily on government subsidies, in the form of social security numbers, and data collected under threat of legal penalties. (Like the property registers in the article Chapell quotes, or DMV records, or voting lists.) In a free society, I can choose to be known by whatever name I like. That is a right long established in the common law. We can impose regulations on the product of government action without making ourselves less free.

    We have met the enemy, and he is us. For those readers who aren't American, Pogo's comment is a famous comic line from the 60s and inspires today's roundup.

    Posted by iang at 11:42 AM | Comments (0) | TrackBack

    September 14, 2005

    RSA keys - crunchable at 1024?

    New factoring hardware designs suggest that 1024 bit numbers can be factored for $1 million. That's significant - that brings ordinary keys into the reach of ordinary agencies.

    If so, that means most intelligence agencies can probably already crunch most common key sizes. It still means that the capability is likely limited to intelligence agencies, which is some comfort for many of us, but not of comfort if you happen to live in a country where civil liberties are not well respected and keys and data are considered to be "on loan" to citizens - you be the judge on that call.

    Either way, with SHA1 also suffering badly at the hands of the Shandong marauders, it puts DSA into critical territory - not expected to survive even given emergency surgery and definately no longer Pareto-complete. For RSA keys, jump them up to 2048 or 4096 if you can afford the CPU.

    Here is the source of info, posted by Steve Bellovin.

    Open to the Public

    DATE: TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005
    TIME: 4:00 p.m. - 5:30 p.m.
    PLACE: 32-G575, Stata Center, 32 Vassar Street
    TITLE: Special-Purpose Hardware for Integer Factoring
    SPEAKER: Eran Tromer, Weizmann Institute

    Factoring of large integers is of considerable interest in cryptography and algorithmic number theory. In the quest for factorization of larger integers, the present bottleneck lies in the sieving and matrix steps of the Number Field Sieve algorithm. In a series of works, several special-purpose hardware architectures for these steps were proposed and evaluated.

    The use of custom hardware, as opposed to the traditional RAM model, offers major benefits (beyond plain reduction of overheads): the possibility of vast fine-grained parallelism, and the chance to identify and exploit technological tradeoffs at the algorithmic level.

    Taken together, these works have reduced the cost of factoring by many orders of magnitude, making it feasible, for example, to factor 1024-bit integers within one year at the cost of about US$1M (as opposed to the trillions of US$ forecasted previously). This talk will survey these results, emphasizing the underlying general ideas.

    Joint works with Adi Shamir, Arjen Lenstra, Willi Geiselmann, Rainer Steinwandt, Hubert K?pfer, Jim Tomlinson, Wil Kortsmit, Bruce Dodson, James Hughes and Paul Leyland.

    Some other notes:

    Posted by iang at 01:54 PM | Comments (1) | TrackBack

    September 11, 2005

    Spooks' corner: listening to typing, Spycatcher, and talking to Tolkachev

    A team of UCB researchers have coupled the sound of typing to various artificial intelligence learning techniques and recovered the text that was being typed. This recalls to mind Peter Wright's work. Poking around the net, I found that Shamir and Tromer started from here:

    Preceding modern computers, one may recall MI5's "ENGULF" technique (recounted in Peter Wright's book Spycatcher), whereby a phone tap was used to eavesdrop on the operation of an Egyptian embassy's Hagelin cipher machine, thereby recovering its secret key.

    I haven't _Spycatcher_ to hand, but from memory the bug was set up by fiddling the phone in the same room to act as a microphone, and the different sounds of the typewriter keys hitting being pressed on the cipher machine were what allowed the secret key to be recovered. Here's some more of Wright's basic techniques:

    One of Peter Wright's successes was in listening to (i.e. bugging) the actions of a mechanical cipher machine, in order to break their encryption. This operation was code-named ENGULF, and enabled MI5 to read the cipher of the Egyptian embassy in London at the time of the Suez crisis. Another cipher-reading operation, code-named STOCKADE, read the French embassy cipher by using the electro-magnetic echoes of the input teleprinter which appeared on the output of the cipher machine. Unfortunately, Wright says this operation "was a graphic illustration of the limitations of intelligence" - Britain was blocked by the French from joining the Common Market and no amount of bugging could change that outcome.

    Particularly interesting is MI5's invention code-named RAFTER, which is used to detect the frequency a radio receiver is tuned to, by tracing emissions from the receiver's local oscillator circuit. RAFTER was used against the Soviet embassy and consulate in London to detect whether they were listening in to A4-watcher radios. Wright also used this technique to try to track down Soviet "illegals" (covert agents) in London who received their instructions by radio from the USSR.

    Unlike Wright's techniques from the 60s, the UCB team and their forerunners have the ability to couple up their information to vastly more powerful processing (Ed Felton comments, the paper and pointer from Adam). They manage to show how not only can the technique extract pretty accurate text, it can do so after listening to only 10-15 minutes of typing without prior clues.

    That's a pretty impressive achievement! Does this mean that next time a virus invades your PC, you also need to worry about whether it captures your microphone and starts listening to your password typing? No, it's still not that likely, as if the audio card can be grabbed your windows PC is probably "owned" already and the keyboard will be read directly. Mind you, the secure Mac that you use to do your online banking next to it might be in trouble :-)

    While we are on the subject, Adam also points at (Bruce who points at) the CIA's Tolkachev case, the story of an agent who passed details on Russian avionics until caught in 1985 (and executed a year later for high treason).

    The tradecraft information in there is pretty interesting. Oddly, for all their technical capability the thing that worked best was old-fashioned systems. At least the way the story reads, microfilm cameras, personal crypto-communicators and efforts to forge library passes all failed to make the grade and simpler systems were used:

    In November 1981, Tolkachev was passed a commercially purchased shortwave radio and two one-time pads, with accompanying instructions, as part of an "Interim-One-Way Link" (IOWL) base-to-agent alternate communication system. He was also passed a demodulator unit, which was to be connected to the short wave radio when a message was to be received.

    Tolkachev was directed to tune into a certain short wave frequency at specific times and days with his demodulator unit connected to his radio to capture the message being sent. Each broadcast lasted 10 minutes, which included the transmission of any live message as well as dummy messages. The agent could later break out the message by scrolling it out on the screen of the demodulator unit. The first three digits of the message would indicate whether a live message was included for him, in which case he would scroll out the message, contained in five-digit groups, and decode the message using his one-time pad. Using this system, Tolkachev could receive over 400 five-digit groups in any one message.

    Tolkachev tried to use this IOWL system, but he later informed his case officer that he was unable to securely monitor these broadcasts at the times indicated (evening hours) because he had no privacy in his apartment. He also said that he could not adhere to a different evening broadcast schedule by waiting until his wife and son went to bed, because he always went to bed before they did.

    As a result, the broadcasts were changed to the morning hours of certain workdays, during which Tolkachev would come home from work using a suitable pretext. This system also ran afoul of bad luck and Soviet security. Tolkachev's institute initiated new security procedures that made it virtually impossible for him to leave the office during work hours without written permission. In December 1982, Tolkachev returned his IOWL equipment, broadcast schedule, instructions, and one-time pad to his case officer. The CIA was never able to use this system to set up an unscheduled meeting with him.

    Sounds like a familiar story! The most important of Kherchkoffs' 6 laws is that last one, which says that a crypto-system must be usable. The article also describes another paired device that could exchange encrypted messages over distances of a few hundred metres, with similar results (albeit with some successful message deliveries).

    Posted by iang at 10:41 AM | Comments (4) | TrackBack

    August 29, 2005

    New Threats on the Airwaves

    From the "why won't wireless show me an MITM" department, Risks advises of these new threats to consider to your secure phone app:

    "Andre Kramer" ... Thu, 18 Aug 2005 11:31:28 +0100

    The Cambridge Evening News reported yesterday ("Phone Pirates in seek and steal mission" 17th August 2005) that several laptop computers have been stolen from car boots (automobile trunks for US readers) in Cambridge (UK). The article claimed that "Bluetooth" was used to detect the laptops presence. While the thefts appear related, the claimed modus operanti seems unlikely as short range wireless would be inactive unless the laptops were powered on (to be fair, the article also mentioned "other electronics"). The risk: thinking your devices are safe in the car boot when they don't have wireless.

    Makes sense. Closing the top of a laptop may not have closed off Bluetooth. Or, it might be easy to construct something that otherwise sniffs laptops in power saving mode. Lead-lined laptop bags, anyone?

    And, taking the shine off the cell/mobile phone as the ultimate in secure platforms, consider just how much a peeping tom your telco is:

    Cellphone carriers can listen in through your phone?

    Posted Aug 5, 2005, 10:20 AM ET by Ryan Block

    We’re always a little wary of that very blurry line between protection of the general public and infringements on basic civil liberties, but it would appear that according to the Financial Times by way of the Guardian, at least one UK cellphone carrier not only has the power (and mandate) to remotely install software over the air to users’ handsets that would allow for the kind of monitoring we thought only perverts and paranoiacs had access to: picking up audio from the phone’s mic when the device isn’t on a call. While don’t think the backlash on this one has really gotten underway yet, and though we do hate to rock a cliché, we can’t help but be reminded of that classic Benjamin Franklin quote, “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” What’s worse, a cellphone carrier and The Man are gonna take it from us without our permission on the sly?

    Now, the big issue here is whether a telco (or any other party) can download a program to sniff out your keys. For this reason, the favoured platform is a PDA, with one and only one program on it, and no comms 'cept those we said. Anything else is a compromise, but that's ok, for those markets that can deal with the risks.

    These can be considered to be an addendum to last week's wireless threats, but alas, still no MITMs recorded.

    Posted by iang at 06:51 PM | Comments (0) | TrackBack

    August 20, 2005

    Notes on today's market for threats

    A good article on Malware for security people to brush up their understanding. On honey clients Balrog writes (copied verbatim):

    In my earlier post about Microsoft’s HoneyMonkey project I mentioned that the HoneyNet Project will probably latch on and develop something along the same lines.

    In the meantime, I was notified of Kathy Wang's Honeyclient project and the client-side honeypots diploma project at the Laboratory for Dependable Distributed Systems at Rheinisch-Westfälische Technische Hochschule in Aachen.

    From PaymentNews:

    TowerGroup has announced new research examining the impact that phishing attacks may be having on fraud perpetrated at ATMs and debit POS locations that concludes that losses from fraud due to phishing runs about $81 million annually in the US.

    That report is confused, it is looking at card skimming and seems to be conflating that with phishing. This may explain the lower-than-others estimate of $81m, or it may be explained by the fact that they only looked at identifiable banks' losses, not consumer losses and other costs. So I feel this number is a low outlyer, rather that really representative of phishing.

    (Addendum: Having read the Tower link, I can now see that they are more just looking at the crossover from phishing to ATM Fraud,)

    There is a lot of buzz on how wireless networks are being used "routinely" to attack people. So far it's all the same: the attacks are generally of access, rarely listening and no known cases of MITMs _even though they are trivial_! Here's a typical case pointed out by Jeroen from El Reg where the attack is misrepresented as a bank hack over wireless:

    The data security chief at the Helsinki branch of financial services firm GE Money has been arrested on suspicion of conspiracy to steal €20,000 from the firm's online bank account. The 26 year-old allegedly copied passwords and e- banking software onto a laptop used by accomplices to siphon off money from an unnamed bank.

    "Investigators told local paper Helsingin Sanomat that the suspects wrongly believed that the use of an insecure wireless network in commission of the crime would mask their tracks. This failed when police identified the MAC address of the machine used to pull off the theft from a router and linked it to a GE Money laptop. Police say that stolen funds have been recovered. Four men have been arrested over the alleged theft with charges expected to follow within the next two months. ®

    Now, we have to read that fairly carefully to figure out what happened, and the information is potentially unreliable, but here goes. To me, it looks like the perpetrator stole the passwords from the inside and then used a wireless connected laptop (in a cafe?) to empty the account. So this is an inside job! The use of the wireless was nothing more than a forlorn hope to cover tracks and is totally incidental to the nature of the crime.

    (Also, it doesn't say much for the security at GE Money ... "Maybe they should have employed a CISP" ... or whatever those flyswatter certifications are called.)

    Addendum See here for some new wireless threats.

    Posted by iang at 07:54 AM | Comments (0) | TrackBack

    August 03, 2005

    The Phishing Borg - now absorbing IM, spam, viruses, lawyers, courts and you

    Dramatic increase in threats to IM (instant messaging or chat) seen as the IMLogic Threat Center reports a 28 times increase over the last year.

    Right on cue. Meanwhile, new tool to download for your browser shows that independent researchers at Stanford know where to put the protection: Spoofguard detects and warns against phishing, and PwdHash augments the password calculation to make each transmitted password site-dependent.

    Good stuff guys! We need to induct you into the anti-fraud coffee room before you get swallowed up by the anti-borg of secret committees in smoke-filled rooms.

    And in Korea is looking to legalise class-action suits in cases where small losses make it uneconomic for victims to punish negligent providers.

    Much as I wonder if class action suits aren't a net loss to society and shouldn't be treated within the threat model rather than the security model, they do seem to be the only non-technical defence that suppliers will listen to. Such suits and others by regulators are filed against data providers (and losers), banks and Microsoft on various causes. Nobody has yet pinned one directly on phishing, but I give it a better than evens chance that it will be tried on the banks, and then on the software suppliers.

    Although it is hard to decipher, a new report from IBM reports that spam is down from 83% of all email to 67% in June. That's the "good news." The bad news is that it's almost certainly because phishing and viruses have skyrocketed even this year, with IBM reporting that phishing has now reached around 20% and viruses around 4% of all email. The article is ridiculously muddled in its use of numbers, but I make that around a 91% garbage rate in email.

    This to my mind confirms predictions made here that phishing is still the #1 threat to email (by value!), browsing and Internet commerce; viruses are now economically being driven by phishing; and email is dying under the one-two punch of spam and phishing.

    Is phishing and related fraud becoming the #1 threat to the net, or is it already there?

    Posted by iang at 06:56 PM | Comments (3) | TrackBack

    July 06, 2005

    George's story - watching my Ameritrade account get phished out in 3 minutes

    On the morning of May 5 2005, I decided to work from home [writes George Rodriguez in a great expose of how phishing is spreading through American retail finance].

    As I'm checking emails I start receiving email notifications from my on-line broker Ameritrade. The email notifications kept coming one after the other, you just sold out of Duke, you just sold out of Home Depot, you just sold out of Ford, I watched on my screen as the flurry of emails kept coming across my screen, pretty much my entire portfolio of Stocks was being sold out right before my eyes. I took notice of the time when I received the first email confirmation, it was 9:31AM and as you know the equity market opens up at 9:30AM. My heart was racing, I was stunned and I said to myself this can be happening to me, I'm a business and technology savvy as I've worked for major investment banks and brokers as a consultant in the areas of technology trading for equity and fixed income markets.

    I looked at my watch and it was now 9:34AM, it seemed like hours have gone by. I picked up the phone and called Ameritrade and spoke to a client-rep and walked him through the entire activities to my account. As I'm the phone with the client rep, I continue to get more email notifications selling out more stocks in my portfolio. I also noticed an email that was sent to me by Ameritrade, you requested and have changed your primary email address to some hotmail address I did not recognize, the interesting piece of information on the email was the time it was sent, 4:45AM. I quickly related this information to the client rep and asked him what bank information he had on file. He went on to say, you requested to have your bank account changed from Wachovia bank to Bank of America in Dallas Texas. I said well let's get on the phone with Bank of America and see who's behind the account. Well Ameritrade said we can't do that. I said wait a minute, someone is committing bank fraud, internet fraud as we speak and you can't represent me your client? No sir the client rep responded, you need to call your local authorities, you mean the Sheriff as I live out in Union County. I responded fine, well please give me the account number and routing number for Bank of America I will call them myself, oh and by the way cancel all these fraudulent trades and freeze the account, I do not want any funds to move. Luckily in the equity markets it takes three days for the trades to settle before the cash is moved out, so much for straight through processing and trying to settle and move cash on the same day, a goal the industry is trying to move towards.

    My first call was to Bank of America and it took a while to get though to their fraud department and then trying to explain that it was not the Bank of America brokerage arm but my on-line broker Ameritrade where the fraudulent trades were placed. I gave the BoA fraud department the BoA account number now on file with my Ameritrade broker and they confirmed it was their account but no available information will be provided as it was not my account. Due to the Privacy Act they need it to protect their customers, who's getting protected here I said the thieves or the innocent victims. I quickly hung up the phone and called the Union County Sheriff and within 20 minutes a patrol car was at my driveway, a bit weird for white collar crime but nevertheless a police report was in order. I greeted the officer, we sat in my office and I gave him copies of all the emails, Ameritrade and bank information for him to follow up with all parties. He said, love to help you but after I finish typing this up I will turn it over to the detective and someone will be in touch with you. I did receive a police report number right away from him. As soon as the police officer left I filed a complaint with the Federal Trade Commission and an electronic identity theft report with the FBI. I got a call back from the detective on Monday May 9, and we discussed the details of the fraudulent activities.

    I can't imaging what would have happened if I was away on vacation and had no access to email for several days, over $50,000 would have left my Ameritrade brokerage account and moved out to the fraudulent Bank of America account which I'm sure would have been cleaned out right away. I'm sure I can't be the only one who has had this problem as these on-line brokers have millions of accounts. I'm not sure how my userid and password were stolen, perhaps it is an inside job, my account is a passive account as I only logged every six to eight weeks to check the account, I don't day trade anymore since the crash. But another scenario can be I was hacked on my home computer as I have timewarner road runner and a wireless network. I run Norton Anti-Virus on my machines but unfortunately I don't have a secured firewall running, again I'm not sure how secure these products can safe proof your computer. I'm now waiting for the local authorities, the FBI, Ameritrade and Bank of America to provide me with information on how and who is behind this attack.

    George Rodriguez
    Waterstone Capital Advisors
    Email: george.rodriguez at

    Posted by iang at 03:38 PM | Comments (24) | TrackBack

    June 22, 2005

    Google payment system confirmed - let the trimming of tall poppies begin

    Google confirms they are doing a payment system. It may be like Paypal's but I wouldn't bet on it. Google claims it will be unlike. Either way a new sport is about to erupt in the payments systems world - sniping at Google's payments system.

    Let's just be clear about this - it already has a name, it's called chopping down the tall poppies. This is a game of envy and spite. It comes because a successful player uses its money and muscle to take on a new field in which others have failed, when all the smart people knew how to get in there but couldn't muster that money and muscle (in this case, I'm referring to cognitive muscle as well as user base muscle).

    It's going to happen so get used to it, guys. I'll go first: I'll bet you didn't think of this:

    I was opening up my almost brand new Dell 600m laptop, to replace a broken PCMCIA slot riser on the motherboard. As soon as I got the keyboard off, I noticed a small cable running from the keyboard connection underneath a piece of metal protecting the motherboard.

    I figured "No Big Deal", and continued with the dissasembly. But when I got the metal panels off, I saw a small white heatshink-wrapped package. Being ever-curious, I sliced the heatshrink open. I found a little circuit board inside.

    Being an EE by trade, this piqued my curiosity considerably. On one side of the board, one Atmel AT45D041A four megabit Flash memory chip.

    On the other side, one Microchip Technology PIC16F876 Programmable Interrupt Controller, along with a little Fairchild Semiconductor CD4066BCM quad bilateral switch.

    Looking further, I saw that the other end of the cable was connected to the integrated ethernet board.

    What could this mean? I called Dell tech support about it, and they said, and I quote, "The intregrated service tag identifier is there for assisting customers in the event of lost or misplaced personal information." He then hung up.

    A little more research, and I found that that board spliced in between the keyboard and the ethernet chip is little more than a Keyghost hardware keylogger.

    The reasons Dell would put this in thier laptops can only be left up to your imagination. It would be very impractical to hand-anylze the logs, and very CPU-intensive to do so on a computer for every person that purchased a dell laptop. Why are these keyloggers here? I recently almost found out.

    I called the police, as having a keylogger unknown to me in my laptop is a serious offense. They told me to call the Department of Homeland Security. At this point, I am in disbelief. Why would the DHS have a keylogger in my laptop? It was surreal.

    So I called them, and they told me to submit a Freedom of Information Act request. This is what I got back:

    Google are entering into the payments system world at a dangerous time. This could be a unique time in the history of payments systems, simply because all those theoretical threat models that we have all trained with, sweated over and loved for a decade or more, now, are coming true. There's one you'll have to deal with, and you won't have the luxury of saying "oh, that's not our problem" this time.

    This change has occurred in these pages mostly under the cover of a runctous attack on the idle ostriches of the browser world. Phishing is just the headline, but the real story is that there is now an industrial scale threat to payment systems. Some very few engineers know how to deal with these threats on a real basis - primarily those grounded in European banking experience - but for the most part a lot of the payments systems are learning the hard way right now.

    For google, the lessons will be different. There will be no breathing space, no easy ramp up to the critical mass. It is I predict highly likely that from day one, attention will bear down on them from the phishing attackers. I suspect google will weather the security storm, but that's only a guess. The problem here is that there is a difference between facing statistical or safety threats and the aggressive crook. Security goods are different because they have an unruly third party in the transaction.

    It will also shoot all the profitability figures to outhouse. Because the attacks will take up a larger support component per transaction than expected then there will be only a loss-leader rationale for the payments system for many a year. I would still do it, but I'm a strategic kinda guy, still if google are in this for anything but the long term, save yourselves the trouble and exit stage left now. Or cull your team of short term thinkers.

    (There is a perfect face-saving way out, but it'll cost the price of a Dell *equivalent* laptop ;-) )

    (Expect Dell laptops to drop like a stone if this pans out...)

    (Expect all hell to break loose if this is true...)

    (Are we living in interesting times again?)

    (But even if not true, it's the perfect description of a "today" threat model!)

    (Looks like we have confirmation ... see comments below!)

    Posted by iang at 09:21 AM | Comments (9) | TrackBack

    June 02, 2005

    A shortcut for bootstrapping trust

    From the light-hearted threats department, Mark points to an article on how to bypass trusting defences.

    Scientists develop revolutionary 'trust spray'


    A REVOLUTIONARY nasal spray could have the power to make a person more trusting, scientists have found.

    Experiments show that after a few squirts of a spray containing the hormone oxytocin, humans were significantly more trusting. It has even been suggested that the spray could be used as a therapy for trust-diminishing conditions, such as autism or some social phobias.

    The research, carried out by a team of American and Swiss scientists and published in today’s issue of Nature, showed that after using the spray, volunteers became more willing to risk losing money to a stranger.

    One of the scientists who worked on the project, Dr Michael Kosfeld, of the University of Zurich, said those who had sniffed oxytocin gave away their money much more easily. He also said animal studies had proved that oxytocin takes away the unwillingness to approach strangers. "It helps animals approach one another - which is a parallel with trust in our game," he said. "In companion with psychotherapy it could have a positive effect."

    Oxytocin has traditionally been seen as a "love hormone", and is released during orgasm. It has also been proved to be released when cuddling or touching takes place, and women release it when in labour and during breastfeeding.

    The idea that it could be released when people express feelings of trust was first raised in 2003, but this research is the first attempt to show that increasing the amount of the hormone present in the body could directly influence the extent that one person trusts another.

    Antonio Damasio, a neurologist at the University of Iowa, who reviewed the experiments for Nature, believes the findings could be significant scientifically. He said:

    "Some may worry about the prospect that political operators will generously spray the crowd with oxytocin at rallies of their candidates.

    "The scenario may be rather too close to reality for comfort, but those with such fears should note that current marketing techniques - for political and other products - may well exert their effects through the natural release of molecules such as oxytocin in response to well-crafted stimuli."

    However, the idea that it could be used to help autism was met with scepticism by the National Autistic Society. A spokeswoman said: "The outcome of any approach will depend on the needs of the individual, which vary greatly, and the appropriate application of the intervention."

    Addendum Zooko recommends Neuromarketing: Peeking Inside the Black Box

    Posted by iang at 09:09 AM | Comments (2) | TrackBack

    May 31, 2005

    Industrial Espionage using Trojan horses

    One of the things that bedevils financial cryptography is not knowing just what crimes are for real and what crimes are fantasy. Amir points to a developing scandal in Israel over a threat that has been predicted for yonks but rarely if ever seen. In a fairly massive sweep, the Israeli police have picked up dozens of CEOs and PIs involved in what they claim is an organised industrial espionage ring.

    It comes down to one Trojan horse writer who targetted the wrong couple - the parents of his ex-wife! When the parents found pages of their book on the Internet, they called the police, who found the Trojan. This led them to the author, their ex son-in-law, and from there to three private investigation firms that had contracted his services. And of course, to *their* customers...

    It's got intrigue, public personalities, jilted husbands and good old scary FUD words like Trojan horse. As Amir suggests, the film rights are probably worth a bit!

    Court remands top Israeli execs in industrial espionage affair

    By Roni Singer, Haaretz Correspondent and Haaretz Service

    The Tel Aviv Magistrate's Court Monday remanded several people from some of Israel's leading commercial companies and private investigators suspected of commissioning and carrying out industrial espionage against their competitors, which was carried out by planting Trojan horse software in their competitors' computers.

    Uzi Mor, CEO of Mayer and his deputies Avner Kez and Or Schachar, Moriah Katriel, financial vice president of Yes as well as Yoram Cohen, CEO of Hamafil were placed under an eight-day house arrest.

    The court also extended by four days the remand of two private investigators suspected of carrying out the espionage.

    Earlier Monday, police searched the Tel Aviv offices of Haaretz sister publication TheMarker to check for any signs of Trojan horse software infiltration on their computers.

    Also on Monday, the Tel Aviv fraud squad discovered Trojan horse software in computers belonging to AMC, a company that produces transmitters for planes and unmanned aerial vehicles. The inspection found that only financial material was extracted from the computers, although the company specializes in security.

    Other companies suspected of espionage include the satellite television company Yes, which is suspected of spying on cable television company HOT; cell-phone companies Pelephone and Cellcom, suspected of spying on their mutual rival Partner; and Mayer, which imports Volvos and Hondas to Israel and is suspected of spying on Champion Motors, importer of Audis and Volkswagens. Spy programs were also located in the computers of major companies such as Strauss-Elite, Shekem Electric and the business daily Globes.

    The case took a twist, when Bezeq - parent company of two of the companies suspected of the espionage - revealed that it too was apparently among the victims. Police now suspect that Cellcom cellular networks commissioned the spying against Bezeq.

    This suspicion was strengthened when internal documents belonging to Bezeq were found in the drawers of senior executives at Cellcom. The name of the CEO of Cellcom, "Peterburg" was written on some of the documents. However, the police did not have decisive evidence Monday that the documents were obtained through Trojan horse software, and hence did not summon CEO Itzhak Peterburg for questioning under caution. Instead, Peterburg was only asked to give a testimony.

    When, in the testimony he gave Sunday, Peterburg was asked why his name appeared on the classified documents of a competing company, he answered that he does not know.

    A statement from the police said, "It's hard to believe that top executives at these companies don't know what is happening. Even if a security department manager requested the material of the competitor, it reached the CEO, and therefore it's clear to us that the CEOs can absolutely guess how the it was obtained."

    Police said they intended to ask for the extension of the remand of several private investigators. But all of the executives in the involved companies will released to their homes under restricting conditions, police said.

    Police are currently investigating several other companies that may have been involved in the affair, which was under a court gag order until Sunday.

    The Trojan horse software program allows the person who plants it to track all activity conducted via the "victim's" computer and even to seize control of the computer. Police suspect that this program was employed by three private investigation agencies to conduct industrial espionage against their clients' commercial rivals. The software apparently enabled the PIs to obtain vast quantities of secret information from the targeted computers.

    The investigation began last November, when author Amnon Jacont and his wife, Varda Raziel-Jacont, complained to the Tel Aviv police that someone had hacked into their computer and stolen information from it. They reached this conclusion after discovering that personal documents, as well as parts of a book Jacont was writing, which had thus far never left his personal computer, had been posted on the Internet. Police examined their computer and concluded that it had been infected with a Trojan horse.

    Police investigators eventually determined that the program had been written by Michael Haephrati, 41, a former in-law of Varda Raziel-Jacont. Haephrati, an Israeli citizen, currently lives in Germany and England and has no previous police record.

    Investigators then found that Haephrati had sold his program to three private investigation agencies: Modi'in Ezrahi, Zvika Krochmal and Pilosof-Balali. All three agencies are licensed by the Israel Justice Ministry and enjoy excellent reputations.

    "The program was essentially customized for each and every one of the 'victims' that the PI agencies wanted to attack," said Chief Inspector Nir Nativ, one of the officers who investigated the case. "Haephrati adapted the software to penetrate a specific company, at the request of the PI agency's client."

    For each customized program, the agencies paid Haephrati about NIS 16,000. Haephrati took care of planting the virus in the target computer, then gave the PIs a username and password that enabled them to access the program, and thereby the victim's computer.

    According to Chief Superintendent Arye Edelman, head of the Tel Aviv fraud squad, which ran the investigation, Haephrati used two methods to plant his malicious software (or malware) in the target computers. One was to send it via e-mail. The other was to send a disk to the target company that purported to contain a business proposal from a well-known company that would arouse no suspicions. Then, when an employee loaded the disk to view the proposal, the Trojan horse would infect his computer.

    Police eventually obtained court orders to access several FTP servers based in Israel and the United States, and then discovered tens of thousands of documents stored there that belonged to major Israeli companies, including many files labeled "internal" and "secret." For the past two weeks, police have been examining these documents to determine which companies have been victimized.

    Nativ explained that even anti-virus programs cannot detect Haephrati's malware, because each is unique. Moreover, the Trojan horses were generally unwittingly introduced by company employees who inserted the infected disks, rather than "attacking" from outside, making detection even more difficult.

    Police believe that industrial espionage using Haephrati's programs has been going on for at least a year and a half. But because none of the victims knew about the malware, no one ever filed a complaint with the police. Only last week did police inform the victims about the software implanted in their computers.

    Police said that they are not yet able to quantify the economic damage suffered by the victims, but it appears to have been considerable -thanks both to the program's capabilities and to the sheer number of companies involved.

    Last week, police finally decided to end their undercover investigation. They therefore had Haephrati and his wife, Ruti, arrested in London, with the help of Interpol and the London police. Last Thursday, Haephrati was brought to a London court for a remand hearing, and Israel has requested his extradition as soon as possible.

    Two days before his arrest, police raided the three private investigation agencies suspected of using the Trojan horse program, confiscated their computers and arrested nine PIs. From Modi'in Ezrahi, they arrested CEO Yitzhak Rath plus investigators Eyal Abramowitz, Haim Zisman and Assaf Zlotovsky; from Krochmal they arrested CEO Zvika Krochmal plus investigators Ofer Fried and Alex Weinstein; and from Pilosof-Balali they arrested the joint CEOs, Eliezer Pilosof and Avraham Balali. Police also arrested the 17-year-old son of one suspect after investigators caught him trying to erase information from his arrested father's computer.

    Later that week, police also arrested Shai Raz, director of Pelephone's security department and Ofer Reichman, director of Cellcom's security department.

    At a remand hearing for the PIs last Wednesday, police told the Tel Aviv Magistrate's Court that the investigators are suspected of penetrating a computer for the purpose of committing a crime, making and propagating a computer virus, violating the Protection of Privacy Law, conspiring to commit a crime, wiretapping and fraud. Police also suspect the three agencies of cooperating with each other to perpetrate their industrial espionage.

    Rath, like many of the others, claimed at the hearing that he had no idea he was committing a crime. "When the investigators came, I opened the safe for them and helped with the papers. We didn't know we were breaking the law."

    But that did not persuade Judge Mordechai Peled, who remanded them for nine days. Peled said the evidence indicated that they not only engaged in widespread industrial espionage, but made great efforts to conceal their illegal activities.

    At a separate remand hearing for three of the corporate executives, Mor, Cohen and Katriel, last Thursday, the suspects admitted to commissioning the investigations, but claimed that they had no idea the material they were being given had been obtained illegally. All stressed that their contracts with the PI agencies explicitly obligated the agencies not to violate the law.

    Police argued in response that upon being given their rivals' most closely guarded internal documents, they could hardly have failed to realize that the documents were obtained illegally.

    Judge Peled accepted the police's argument on this score and remanded the three executives for five days.

    On Friday, two more executives, Raz and Reichman, were remanded, along with two more PIs, Roni Barhum of Modi'in Ezrahi and Yitzhak Dekel of Krochmal.

    That same day, however, police encountered their first hitch: A corporate executive whom they had planned to arrest that very morning left the country. Police blame his sudden departure on a report of Haephrati's arrest that appeared in that morning's daily Yedioth Ahronoth, and was later picked up by the Globes Web site. They have therefore begun investigating both newspapers on suspicion of violating the gag order on the affair.

    The next step, police sources said, is to meet with executives of the victim companies to determine whether any have recently suffered damage from rivals that could be attributed to industrial espionage. That will give them leads to other corporate lawbreakers, the sources explained.

    Posted by iang at 10:18 AM | Comments (2) | TrackBack

    May 25, 2005

    The Crypto Wars are On/Off/On/Off...

    The Brits have let out a cheer and declared the Crypto Wars over. And "we won" they say in a press release from the Foundation for Information Policy Research, according to a post on politech:

    The Crypto Wars Are Over!

    The "crypto wars" are finally over - and we've won!

    On 25th May 2005, Part I of the Electronic Communications Act 2000 will be torn out of the statute book and shredded, finally removing the risk of the UK Government taking powers to seize encryption keys."

    I don't think that's an accurate assessment. In fact I think it's dead wrong. Read on for today's news....

    Over in the US there are worrying signs of more regulations coming to re-criminalise mathematics. Already, there are moves that foreign students will have to be "licensed to operate" any sensitive equipment. ISPs can now be served with spy&gag orders, sans court approval, and nobody's ever debunked the conflicts of interest that now bedevill the certificate authorities in positions of root power.

    Today's news, from CACert, is that mere possession of PGP is to be taken as intent to commit a crime. "What has to be a huge blow for anyone with PGP or virtually any other encryption program on their computer, (in fact most computers these day come with cryptographic programs pre-installed). A man found guilty on child pornography related charges, was also found to have PGP software on his system and a court ruled that this was admissible as intent to commit and/or hide crimes in his case. This has huge ramifications if you are found guilty of a crime and then they find any cryptography software installed on your computer."

    I hope that's wrong, Nope, it's true. And it was the Appeals Court that said it!

    The general message is clear: if you think the war's over, that's because you're fighting the last war. Turn around and meet your new enemy.

    PS: Then comes this new twist from Jim:

    Now hackers can hold your files hostage...

    By Ted Bridis

    Washington - Computer users already anxious about viruses and identity
    theft have a new reason to worry: hackers have found a way to lock up the
    electronic documents on your computer and then demand $200 (about R1 200)
    over the Internet to get them back.

    Security researchers at the San Diego-based Websense uncovered the unusual
    extortion plot when a corporate customer they would not identify fell
    victim to the infection, which encrypted files that included documents,
    photographs and spreadsheets.

    A ransom note left behind included an e-mail address, and the attacker
    using the address later demanded $200 for the digital keys to unlock the

    "This is equivalent to someone coming into your home, putting your
    valuables in a safe and not telling you the combination," said Oliver
    Friedrichs, a security manager for Symantec Corporation.


    Here's the FIPR pres release, at least most of the copy I received.


    Press release - Foundation for Information Policy research

    Release time: 00.01, 25th May 2005

    The Crypto Wars Are Over!

    The "crypto wars" are finally over - and we've won!

    On 25th May 2005, Part I of the Electronic Communications Act 2000
    will be torn out of the statute book and shredded, finally removing
    the risk of the UK Government taking powers to seize encryption keys.

    The crypto wars started in the 1970s when the US government started
    treating cryptographic algorithms and software as munitions and
    interfering with university research in cryptography. In the early
    1990s, the Clinton administration tried to get industry to adopt the
    Clipper chip - an encryption chip for which the government had a
    back-door key. When this failed, they tried to introduce key escrow -
    a policy that all encryption systems should leave a spare key with a
    `trusted third party' that would hand the key over to the FBI on
    demand. They tried to crack down on encryption products that did not
    contain key escrow. When software developer Phil Zimmermann developed
    PGP, a free mass-market encryption product for emails and files, the
    US government even started to prosecute him, because someone had
    exported his software from the USA without government permission.

    In its dying days, John Major's Conservative Government proposed
    draconian controls in the UK too. Any provider of encryption services
    would have to be licensed and encryption keys would have to be placed
    in escrow just in case the Government wanted to read your email. New
    Labour opposed crypto controls in opposition, which got them a lot of
    support from the IT and civil liberties communities. They changed
    their minds, though, after they came to power in May 1997 and the US
    government lobbied them.

    However, encryption was rapidly becoming an important technology for
    commercial use of the Internet - and the new industry was deeply
    opposed to any bureaucracy which prevented them from innovating and
    imposed unnecessary costs. So was the banking industry, which worried
    about threats to payment systems from corrupt officials. In 1998, the
    Foundation for Information Policy Research was established by
    cryptographers, lawyers, academics and civil liberty groups, with
    industry support, and helped campaign for digital freedoms.

    In the autumn of 1999, Tony Blair finally conceded that controls would
    be counterproductive. But the intelligence agencies remained nervous
    about his decision, and in the May 2000 Electronic Communications Act
    the Home Office left in a vestigial power to create a registration
    regime for encryption services. That power was subject to a five year
    "sunset clause", whose clock finally runs out on 25th May 2005.

    Ross Anderson, chair of the Foundation of Information Policy Research
    (FIPR) and a key campaigner against government control of encryption
    commented, "We told government at the time that there was no real
    conflict between privacy and security. On the encryption issue, time
    has proved us right. The same applies to many other issues too - so
    long as lawmakers take the trouble to understand a technology before
    they regulate it."

    Phil Zimmermann, a FIPR Advisory Council member and the man whose role
    in developing PGP was crucial to winning the crypto wars in the USA
    commented, "It's nice to see the last remnant of the crypto wars
    in Great Britain finally laid to rest, and I feel good about our win.
    Now we must focus on the other erosions of privacy in the post-9/11

    Notes to Editors:

    1. The Foundation for Information Policy Research
    is an independent body that studies the
    interaction between information technology and society. Its goal is to
    identify technical developments with significant social impact,
    commission and undertaken research into public policy alternatives, and
    promote public understanding and dialogue between technologists and
    policy-makers in the UK and Europe.

    2. The late Professor Roger Needham, who was a founder and trustee of
    FIPR, as well as being Pro-Vice-Chancellor of Cambridge University, a
    lifelong Labour party member and, for the last five years of his life,
    Managing Director of Microsoft Research Europe, once said: `Our enemy
    is not the government of the day - our enemy is ignorance. If
    ignorance and government happen to be co-located, then we'd better do
    something about it.'

    3. The Electronic Communications Act 2000 received Royal Assent on
    the 25th May 2000. Part I provides for the Secretary of State to create
    a Register of Cryptography Support Services. s16(4) reads: "If no order
    for bringing Part I of this Act into force has been made under
    subsection (2) by the end of the period of five years beginning with the
    day on which this Act is passed, that Part shall, by virtue of this
    subsection, be repealed at the end of that period."

    4. The crypto wars ended in the USA when Al Gore, the most outspoken
    advocate of key escrow, was found by the US Supreme Court to have lost
    the presidential election of 2000.

    5. The last battle in the crypto wars to be fought on UK soil was
    in the House of Lords over the Export Control Act 2002. In this bill,
    Tony Blair's government took powers to license the export of intangibles
    such as software, where previously the law had only enabled them to
    criminalise the unlicensed export of physical goods such as guns. This
    caused resistance from the IT industry, and also raised the prospect
    that scientific communications would become subject to licensing. FIPR
    organised a coalition of Conservative, Liberal and crossbench peers to
    insert a research exemption (section 8) into the Act, and an Open
    General Export License was created for developers of crypto software.

    6. Phil Zimmermann is arriving in London on the 25th May to take par

    Posted by iang at 01:37 PM | Comments (2) | TrackBack

    May 22, 2005

    ShadowCrew - more advanced than you think

    An article in BusinessWeek documents the rise and fall of ShadowCrew, a community of crackers and traders. The story mirrors much of the net world and if you took away the bias and the element of crime, you could be forgiven for mistaking them for any of dozens of sophisticated online communities Here are some choice quotes.

    Indeed, today's cybercrooks are becoming ever more tightly organized. Like the Mafia, hacker groups have virtual godfathers to map strategy, capos to issue orders, and soldiers to do the dirty work. Their omertà, or vow of silence, is made easier by the anonymity of the Web. And like legit businesses, they're going global. The ShadowCrew allegedly had 4,000 members operating worldwide -- including Americans, Brazilians, Britons, Russians, and Spaniards. "Organized crime has realized what it can do on the street, it can do in cyberspace," says Peter G. Allor, a former Green Beret who heads the intelligence team at Internet Security Systems Inc. (ISSX ) in Atlanta.

    This place was organised as a market - buying and selling. The owners' innovation was to bring buyers together with sellers in a trading market and make their crime more efficient.

    Because most of the gang members held day jobs, the crew came alive on Sunday nights. From 10 p.m. to 2 a.m. hundreds would meet online, trading credit-card information, passports, and even equipment to make fake identity documents. Platinum credit cards cost more than gold ones. Discounts were offered for package deals. How big was the business? One day in May, 2004, a crew member known as "Scarface" sold 115,695 stolen credit-card numbers in one trade. Overall, the gang made more than $4.3 million in credit-card purchases during its two-year run. The actual tally could be more than twice as large, the feds say. It was like an eBay for the underworld.

    Much of the information in the article is unclear in factual terms but it is very good for giving one the scope of the problem. Here's a case of a stupid "money launderer" being caught:

    This was a big break, since the cops could use the doorway to monitor all the members' communications. Among the communiqués: Omar Dhanani, aka Voleur (French for "thief"), bragged he could set up a special payment system for cybercrime transactions, police say. For a 10% commission, he would exchange cash for "eGold," an electronic currency backed by gold bullion. The Secret Service watched as he laundered money from at least a dozen deals for ShadowCrew members.

    A professional money launderer would know that e-gold and other online currencies are pretty much completely traceable, and not the money laundering nirvana that competitors would have you believe.

    In sum, a great story of one such gang. We need this information widely disseminated so as to assess the threats to our own operations, and the Secret Service and the FBI of the US are to be thanked for their openness. Still, this is only one such gang, and there are hundreds others out there. The scope of the problem is ... huge.

    Posted by iang at 03:47 PM | Comments (17) | TrackBack

    The Suits Own You - FBI hacking wireless LANs

    The FBI in the US presented how to own your wireless LAN (By way of Tom's hardware and Dan). This is welcome. We need full open disclosure and full open research into cracking if we are to get an edge over the bad guys. Does this mean the laws about cracking someone's encryption scheme are now null and void? Apparently so:

    "About half a dozen different software tools were then used by the FBI team, and they are listed-along with their download links-at the end of the article. Thankfully, the Auditor's Security Collection, which we reviewed last year, is a live CD that has all of these tools already installed. Even the FBI likes this distribution."

    To get the real facts about the attack, and see the fun pictures of (were those guys really running a WLan at the conference??), read the full article.

    "If a hacker is lucky enough to find an extremely busy wireless network, passive sniffing should provide enough good packets to allow the WEP key to be recovered. In most cases, however, an active attack or series of attacks are needed to jump start the process and produce more packets. Note that active attacks generate wireless traffic that can itself be detected and possibly alert the target of the attack."

    It takes about 5-10 minutes to get the key. I especially liked tip #5 for protecting your LAN - put a $5 lamp timer on the power and switch it off when not using it. Very practical, very easy to explain to those non-technical people in the world who also have security problems.

    Elsewhere in threats news there are signs that phishing is stabilising at its current level. And rumours abound that Netscape is about to release a "blacklist feature" for anti-phishing in its browser update. Details are sparse.

    "Security is a big issue in Netscape 8, and the way they have chosen to implement this is with the new Site Controls feature, which consists of a continuously updated list of trusted websites. This gives you a visual rating for each site you visit, for a quick idea of a sites trustworthiness."

    Which makes you wonder what other browsers think about security...

    Posted by iang at 07:45 AM | Comments (0) | TrackBack