Category: Security

Security is immunity from the will of others.

Instant message only passwords

Most email providers now provide instant message (IM) functionality as well. GMail has GTalk, Microsoft’s Hotmail has MSN Messenger, and so forth.

GMail accounts, in particular, are likely to contain large amounts of sensitive information. As such, it is worrisome to turn over one’s email address and password to something like a mobile phone app, so as to be able to use GTalk on the move.

I was reminded of this recently when I tried to login to Facebook Chat via Nimbuzz, an IM app for Nokia’s Symbian OS. When I tried to set up my Facebook account, Facebook warned me of how Nimbuzz would be able to access a huge heap of information about me and all of my friends. I don’t know anything about the company that makes this software: how good their security practices are, whose legal jurisdiction they fall under, how many voyeuristic employees have access to their login credential database, etc.

To reduce the level of risk associated with IM clients, I suggest that companies like Google allow users to set two passwords: one that allows access to their whole account, and another that only allows you to log into it for purposes of instant messaging. That way, if the makers of an IM client turn out to be evil or incompetent, the scope of the damage is constrained.

Remember

Perhaps we honour the war dead better by declining to participate in nationalistic and militaristic state-sanctioned displays. Wars always involve at least some moral ambiguity; even if the cause for going to war was unambiguously just, innocents end up being victims during virtually all wars. Perhaps if we had really learned from the massive and numerous tragedies of the 20th century, we will feel more included to a solemn recognition of all those who have suffered from war, rather than a patriotic salute to those who participated in wars (willingly or not, justly or unjustly) while they happened to be wearing our flag (or the British ones we fought under before).

Governments have an interest in spreading the general belief that someone who takes up arms for their country, regardless of the cause, is making an honourable sacrifice and worthy of respect. Those reflexes help to keep a state alive across the centuries, by maintaining an ability to rally to their own defence when necessary. Countless people who carried that belief were sent out of the many trenches of the 20th century, straight at the barrels of the machine guns of those conflicts. Much of that was senseless, or served dubious ends. At best, war is a tragic undertaking, necessary when someone wants to impose the intolerable upon us. When collectively contemplating war, perhaps it would serve human ends most if we collectively accepted that war is almost the worst among all things, and should only be undertaken to eliminate a still-greater evil.

Blackberry PIN security

One popular feature of Research In Motion’s BlackBerry communication devices is PIN messaging – a communication protocol involving fewer steps and servers than email.

Interestingly, the Communication Security Establishment (Canada’s codebreakers) has guidance online about the security of BlackBerries in general and PIN messages specifically. They draw particular attention to the very limited protection generated by the encryption system used for PIN messages:

PIN-to-PIN is not suitable for exchanging sensitive messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic “key” that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the “BlackBerry Solution Security Technical Overview” document published by RIM specifically advises users to “consider PIN messages as scrambled, not encrypted”.

The document identifies other vulnerabilities, such as the potential bypassing of spam filtering and the risk that a BlackBerry that has been passed along to a new user will receive a sensitive PIN not intended for them.

The document goes on to say: “Due to the aforementioned security issues, GC departments should refrain from using PIN-to-PIN messaging and the disabling of his functionality”.

While that is probably good advice, I doubt many departments will be sacrificing this popular feature. That is probably welcome news for anyone who is intercepting these messages. As mentioned before, British Embassies and High Commissions have been conducting signals intelligence interception against friendly countries since the second world war. No doubt, other embassies in Ottawa are actively monitoring traffic between BlackBerries.

The same may well be true for more sophisticated private companies, hoping to get some inside information on upcoming policies and regulations.

Intelligence claims

There have been a few passages from Richard Aldrich’s GCHQ: The Uncensored Story Of Britain’s Most Secret Intelligence Agency that have struck me as especially worthy of discussion, so far.

Spying as a stabilizer

Discussing the 1960s, Aldrich argues that improved intelligence from signals intelligence (SIGINT) and satellite sources “made the international system more stable” and “contributed to a collective calming of nerves”:

Indeed, during the 1960s the penetration of the NATO registries by Eastern Bloc spies was so complete that the Warsaw Pact had no choice but to conclude that the intentions of Western countries were genuinely defensive and benign.

Previously, we discussed some of the major problems with spies. In this book, Aldrich brings up a partial counterpoint. Countries tend to consider secretly intercepted communications to be a highly credible source of information. If a country tells you it is planning to do Thing X for Reason Y, there are all sorts of reasons why they could be deceiving you. If you secretly overhear the same plan within their internal discussions, you have more reason to think that it will go forward and that the reasons behind it are genuine.

Revolutionaries and symbolic violence

Discussing the actions of the Turkish People’s Liberation Army (TPLA) and Turkish People’s Liberation Front (TPLF) during the 1970s, Aldrich says:

Both consisted of middle-class intellectuals who regarded themselves as a revolutionary vanguard. Like many revolutionary leaders, they suffered from a ‘Che Guevara complex’, believing that symbolic acts of violence could trigger a wider social revolution. Che Guevara had come to grief in 1967 during a futile attempt to stir the revolutionary consciousness of Bolivia, and was captured and shot by a police team, advised by the CIA. Turkey’s would-be revolutionaries would soon suffer a similar fate.

The TPLA and TPLF figure into Aldrich’s story because of their targeting of intelligence facilities: initially accidentally, and later intentionally.

How far ahead are the spooks?

The codebreaking success of the Allies against the Germans and Japanese during the second world war was kept secret until the 1970s. Most of the documents about codebreaking being declassified now extend up to the 1970s. Because of such secrecy, it is impossible to know what technologies and capabilities organizations like America’s NSA, Britain’s CGHQ, and Canada’s CSE have today.

Describing the early 1970s, Aldrich explains how the microwave relays used by the telephone system beam signals into space accidentally, because of the curvature of the Earth. Forty years ago, the United States was already using satellites to intercept that spillover. Furthermore, they were already using computers to scan for keywords in phone, fax, and telex messages.

As early as 1969, the British and Americans had a system in place somewhat akin to what Google Alerts do today: tell it what keywords you are interested in, and it can pull related content out from the torrent of daily traffic. You can’t help but wonder what they are able to do now: whether the increased volume of communication has overwhelmed their capability to do such filtering effectively, or whether advances in secret techniques and technologies mean that they have even more potent methods for intercepting and processing the world’s commercial, diplomatic, and interpersonal communication.

Penetrating the secrecy

Aldrich also describes the investigative journalism of people like Duncan Campbell and James Bamford – people who used open sources to reveal the true function of GCHQ for the first time. Aldrich claims that their actions “confirmed a fundamental truth: that there are no secrets, only lazy researchers”.

Some recent journalistic undertakings – such as the excellent ‘Top Secret America’ – do lend credence to that view.

Free Sophos for Mac

Despite what some people seem to think, Macs are vulnerable to malware. Apple even built limited antivirus capabilities into Snow Leopard.

At the moment, Sophos Antivirus is giving away their Apple version. It could be useful for avoiding the (relatively few) bits of malicious Mac software. Also, for avoiding passing along infected attachments to friends.

California’s Proposition 19

Tomorrow, the people of California will vote on Proposition 19: a measure that would make marijuana legal to grow, own, sell, and use in small quantities. The two major arguments being used are economic – since the measure would let counties and municipal governments levy taxes on the stuff – and security-focused – since marijuana is currently one of the sources of financial support for Mexico’s brutal drug gangs.

I have argued before that the best approach to drugs is to legalize, regulate, and provide treatment for addicts. Hopefully, California can set a progressive precedent for the rest of the United States (unlike other examples).

Spying between friends

Richard Alrich’s GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency describes a number of instances of longstanding allies conducting espionage against one another, including signals intelligence (SIGINT). Aldrich describes how the ‘Echelon’ system run by British and U.S. intelligence was used to “read the traffic of their minor allies, including France and West Germany”. This system is now estimated to process five billion intercepts per day, probably filtering them for suspicious words and phrases. Aldrich talks about how, after the second world war, Britain’s codebreakers were “doing extensive work on Britain’s European allies, regarding them as either insecure or untrustworthy, or both”.

Of course, more awkward allies have been a higher priority for codebreaking and other forms of covert activity. During the interwar period, Russian ciphers were the the “core business” of Britain’s codebreakers, and apparently work on them didn’t stop despite their subsequent alliance. The Soviets were also spying on the allies, though with more of an emphasis on human intelligence (HUMINT). For example, John Cairncross worked at GCHQ’s predecessor – Bletchley Park – and warned the KGB of the impending German armoured offensive at Kursk, one of the decisive battles of the war. He also saw some of Britain’s early thinking on atomic weapons while working at the Cabinet Office, while his fellow Russian spy Klaus Fuchs was virtually able to provide the blueprints of the devices built at Los Alamos. The Soviet Union achieved other notable HUMINT successes throughout the Cold War, such as the John Walker espionage within the navy. Surely, there are other examples that are still secret.

Allied SIGINT against Soviet targets continued after 1945, as GCHQ and others started to intercept messages between Moscow and the capitals of new client states.

The most subtle reference to inter-allied spying comes from a passage on the Diplomatic Wireless Service, developed in 1944 and 1945. Aldrich describes how the DWS was primarily a system of military SIGINT collection stations, but that it also “doubled as a secret monitoring service working from within British Embassies and High Commissions”. High Commissions are only located in Commonwealth countries, on whom Britain is presumably still spying. They seem to be returning the favour, as demonstrated by another anecdote from the book, in which Prime Minister Tony Blair discovered his hotel room in India to be laced with listening devices that would have had to be drilled out of the walls to disable.

The right way to do electronic voting

On Monday, Ottawa held its municipal elections. The physical process of voting achieved the major benefit of electronic voting, while retaining the security associated with paper ballots. This is the right way to handle things.

Each voter was given a piece of paper with lists of candidates for the three positions under contest. The voter selected candidates and filled in small circles beside their names with a pen – a process that should be familiar to anyone who attended high school in recent decades. The paper was then put into a sleeve to cover up the selections before being drawn through a scanner and into a storage box.

Because the scanners allowed quick tabulation of results, the outcome of the election could be known quickly. Because all the paper ballots were retained, there was little danger of an error or manipulation of the voting machines leading to an incorrect result.

I don’t know whether any auditing was done, but it would be a good idea. A certain portion of all the scanners and ballot boxes could be selected at random, with the ballots hand-counted and the tally compared with the electronic one. If significant disparities appeared, a manual recount of the whole election could then be conducted.

The only limitation I can see in the system, compared with all-electronic voting approaches, is that it cannot easily be tailored to help people with disabilities, such as very poor vision. That being said, it seems pretty straightforward for a volunteer to assist people in such situations.

The ‘Firesheep’ attack against Facebook

Facebook uses browser cookies to identify who you are. These are transmitted unencrypted across wireless networks. As such, it is easy for someone to listen in, copy the cookies, and then use them to impersonate you. Firesheep is a Firefox plugin that automates this process.

Sharing a wireless connection with a bunch of flatmates? Any of them can easily access all your Facebook information or impersonate you. Same goes for people in coffee shops, libraries, on vehicles with WiFi, and so on.

Bruce Schneier brought the attack to my attention and also suggests a good countermeasure: forcing Facebook to use encrypted HTTPS connections using other plugins.

Of course, HTTPS is vulnerable to man-in-the-middle attacks, but that is probably beyond the scope of what some random Facebook hacker would attempt. That being said, what I said before about Facebook and privacy holds true – you are best off only putting things on the site that you are happy for everybody in the world to see. That applies as much to private messages between users and ‘private’ photo albums as it does to status updates broadcase to one and all.

Signals intelligence and historiography

In intelligence, the protection of sources and methods is vitally important to continued success. There are few pieces of evidence more convincing than an target’s own encrypted communication, but making it plain that it has been intercepted and decoded is likely to drive the target to tighten security and change up their systems. As such, there is always a balance to be struck between providing authoratative information in the present and retaining the capacity to do so in the future. For example, when Neville Chamberlain read out decrypted Russian telegrams in Parliament in 1927, it led to them switching up their cipher systems and making broader use of one time pads.

All this has consequences for the writing and understanding of history. Roughly, historiography refers to the history and methodology of history. Of particular importance is the history of the lessons drawn from historical events. For instance, the lessons drawn from the two world wars. Very frequently, politicians, historians, and members of the general public draw conclusions without the benefit of access to classified materials, such as intercepted and decrypted military and diplomatic communication.

An example is the Dieppe raid of 1942. In Richard Aldrich’s GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency, the author describes how poor cipher security on the part of the British meant that the Germans had five days warning before the supposed surprise attack. I don’t know when that information became publicly available, but it is a fair bet that it was not until well after many of those involved in the raid had made their private judgments about why it failed.

Arguably, all this is an important reason for continuing to study historical events that are fairly long-past. It might seem questionable what utility there is in studying the Russo-Japanese War in 2010, but one good answer might be how the decreased political sensitivity means that formerly closely-guarded documents are now accessible to scholars. We will probably be waiting many decades before some of the most important documents relating to contemporary international events become open to scrutiny.