Blown To Bits

Archive for the ‘Secrecy and encryption’ Category

A Test of Koan 6

Monday, December 22nd, 2008 by Harry Lewis

“Nothing Goes Away,” we say in Blown to Bits. What about the emails of George Bush and Dick Cheney? As the Washington Post reported yesterday,

Federal law requires outgoing White House officials to provide the Archives copies of their records, a cache estimated at more than 300 million messages and 25,000 boxes of documents depicting some of the most sensitive policymaking of the past eight years.

Some of those messages were sent using accounts of the Republican National Committee, it turns out. They are subject to the law, but the RNC seems to be having trouble finding them. And the Vice-President claims that the only records he has to turn over are those related to tasks Bush specifically assigned him, not advice he offered voluntarily, for example, or messages related to legislation. That claim is going to be decided in court, but of course a lot can happen to disks and tapes while the legal issue is being hashed out.

It is awfully hard to get rid of all copies of those emails, from all back-ups. Even if they are “deleted,” a good computer forensics effort might be able to recover them in part. A classic case of the digital explosion — where we can’t live without electronic communications, and then don’t want to leave any footprints. This will be a test of both laws and wills.

McCain-Palin Campaign Blackberries

Wednesday, December 17th, 2008 by Harry Lewis

Opinions differ about whether digital technologies transformed the Obama campaign into something inclusive and empowering that had never been seen before, or whether it was really an old-style, top-down campaign that made masterful use of the new technologies to get its message out and to coordinate the troops, while making them feel included.

Either way, no one seems to be disputing that the McCain-Palin campaign was much less clued in on how to use the technologies. And the evidence continues to accumulate after the campaign is over. The campaign auctioned its Blackberry phones without wiping the memory clean — so those who bought them bought phone numbers of donors, lobbyists, and journalists too. Apparently they were not amused when the purchaser called them up.

As we explain in Chapter 3 of Blown to Bits, it’s not hard to reset a phone by pressing a few buttons — though even following the vendor’s instructions may not really wipe the memory clean enough to keep the information out of the hands of a determined snoop.

Pentagon Bans Flash Drives

Tuesday, November 25th, 2008 by Harry Lewis

A few weeks ago we noted a case in England where data giving access to the records of 25 million Britons was found on a flash drive that some clown dropped in the parking lot of a pub.

Now the AP is reporting that the Pentagon is banning all flash drives, and is collecting the drives that are in the hands of Pentagon workers, with no assurance they will ever be returned. The goal is apparently not to prevent data from leaking out, but to prevent viruses from being imported on infected drives that people plug into the USB port of their desktop machines.

“Mistakes Happen”

Monday, November 3rd, 2008 by Harry Lewis

So reassures the mother of Daniel Harrington, who apparently lost a memory stick in the parking lot of a pub in England. Harrington works for an IT firm that supplies services to the British government. The flash drive evidently contained not personal records, but source code and passwords that might enable someone to access those personal records. As a result, the “Government Gateway” system has been shut down.

The device was found a couple of weeks ago, and yesterday was turned over to the Daily Mail, which is having a lot of fun with the story. A sample of the reactions:

Shami Chakrabarti, director of Liberty, said the civil rights group had conducted an audit which showed that the Government had lost 30million pieces of data in the past year.

‘That’s one data bungle for every two people in the country,’ she said. ‘Still they plough on with their Big Brother ambitions; ID cards and the scary central communications database: disasters waiting to happen at our expense.’

Lib Dem MP Norman Baker said the Government were asking for data from taxpayers that they could not protect.

‘The Government cannot be trusted with all this information but they collect more and more,’ he said.

I’ll bet these data breaches are no more common in the UK than in the US, but they certainly have had a bad run of them lately, and you can see why the MP is worried about the government’s plans.

More on Voting

Monday, October 27th, 2008 by Harry Lewis

As we discussed recently, electronic voting is an extremely tough problem, because it requires voters to have confidence that their votes are being recorded correctly, and to be unable to prove to anyone else how they voted. The two conditions can be achieved with the aid of cryptography — in theory. But it’s also essential that the system be simple to use and works in such a way that the general public will have confidence that there are no scams embedded in the software somehow.

There is a nice article in Salon on a couple of fairly realistic voter-verifiable election systems, including one by Ben Adida, who worked with Hal at MIT and is associated with Harvard’s Center for Research on Computation and Society. There’s progress and reason for hope, but it’s also possible that a bad experience in the upcoming election with some completely unrelated kind of electronic voting machines could increase resistance for any kind of continued deployment of better-designed systems.

Internet Voting

Thursday, October 23rd, 2008 by Harry Lewis

The US Armed Forces are using the Internet for voting this year. I’m quite skeptical about machine voting in general. But by comparison with vote-at-home, both electronic voting and Internet voting are far superior ideas. The country seems to have forgotten that votes can be bought, if you can demonstrate to someone that you actually voted a particular way, by having them watch you or by walking away with a receipt showing how your vote was registered. You can also be pressured (OK, kids, let’s all sit down at the kitchen table and fill out our ballots family-style).

The obvious problems seem to have been covered here (for example, the vote travels from the foreign location to the US via a VPN connection, which should be secure). It’s not comforting that the system has had so little scrutiny (see Kerckhoffs’s principle in Blown to Bits — we’d feel much better if a bunch of our best hackers had been let loose on the system and it couldn’t be cracked). But given that soldiers are so disenfranchised generally, I regard this as a positive invention. Of course, I hope they’re not voting in the configuration shown in the picture, where they can easily look at their buddies’ screens!

Sarah Palin’s Email

Thursday, September 18th, 2008 by Harry Lewis

As has been widely reported online, someone managed to access personal email accounts of Alaska Governor Sarah Palin. ¬†Wired Magazine’s blog has a clear summary of the contents. That account and a number of other reports suggest that the governor was using her private account to conduct government business in order to avoid public-records laws.

What was retrieved (by no means all the email that was in the account) you can¬†download yourself from the Wikileaks site. Go ahead — you’ll feel a little naughty, and it will make you think. How many copies of those emails do you now suppose are out there? Those bits are not going away, ever.

Wikileaks anonymously posts documents that have been “classified, confidential, censored or otherwise withheld from the public,” and are “of political, diplomatic, ethical or historical significance” (in the view of whatever anonymous soul runs the site). Of course, the documents may have been illegally obtained; that is the first thing the McCain campaign shouted. (How about a comment on government business happening on Yahoo! mail, and whether that’s the way the open, transparent new Washington government we’ve been promised will be run?)

We have a long history in this country of illegally obtaining documents that reveal illegal or unethical behavior. Thinking back on the publication of the Pentagon Papers in 1971, I am moved to ponder how much simpler it would be today. The question of prior restraint would have been moot before it could even have been raised, had someone scanned them in and posted them to Wikileaks.

How did the account get compromised? No one is saying, but I noted some of the problems with password security a few days ago. There are some speculations; perhaps someone tricked the service into revealing her password (most unlikely, as passwords are ordinarily encrypted at the server). Or resetting it (more possible — remember that Paris Hilton’s T-Mobile account was compromised because the name of her dog was the answer to the I-forgot-my-password-give-me-a-new-one security question). But still improbable for a Yahoo! mail account. She might have been the victim of a phishing attack (but if she is so credulous that she fell for one of those “this is your account manager speaking, please type your password here so we can verify it” scams, heaven help us if she winds up negotiating with Putin).

I would tend to look for a simpler strategy if I were trying to break in. Try a password like “Todd.” A lot of people still use them, even though most services demand that passwords be more complicated than that.

P.S. This example makes it clear what it means to say that the president needs to understand information technology. He doesn’t need keyboarding dexterity or familiarity with Excel macros. He needs to be able to understand this blog!

Senator Biden on Encryption

Monday, August 25th, 2008 by Harry Lewis

On page 190 of Blown to Bits, we tell the story of how government control of encryption became largely a moot issue. In 1991, Joe Biden, as chair of the Judiciary Committee, introduced two bills, the Comprehensive Counter-Terrorism Act and the Violent Crime Control Act. Both included language stating that the government should have the right to get the keys to all your encrypted communications:

It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law.

It was this language, as we explain, that cause Phil Zimmermann’s PGP encryption software to appear on several publicly accessible servers. The encryption genie has yet to be put back into the bottle.

Obama is generally presumed to be more sensitive to civil liberties than McCain. Not sure it really matters, but Biden has been among the staunchest friends of the FBI’s investigatory powers. It’s anything but clear that the two of them would agree on, say, the most important characteristics of Supreme Court nominees.

Declan McCullagh has a thorough analysis of Biden’s technology record here.

Another British Data “Oops!”

Saturday, August 23rd, 2008 by Harry Lewis

Personal data on all 84,000 prisoners serving time in England and Wales has gone missing. New York Times story here.

On a memory stick. A flash drive. A thumb drive. Those little things that you can put on a keychain to carry your documents when you don’t want to lug your computer.

The government is embarrassed, because this sort of thing has happened before in the U.K. We discuss at some length the case of some disks that went missing and still haven’t been accounted for, disks containing data on virtually every child in the country. That rocked Tony Blair’s government, and this breach may be rocking Gordon Brown’s.

The details are interesting. The government knows about encryption. When it engaged the services of a private consultant, it delivered the data to the consultant in encrypted form. The consultant apparently decrypted it to work on it, and put it on a flash drive.¬†Don’t know what happened next; maybe someone took the stick with him and it fell out of his pocket.

According to the New York Times, “officials said that appeared to be a breach of government rules.”

This reminds me of what General Turgidson tells the president in Dr. Strangelove. “That’s right, sir, you are the only person authorized to do so. And although I, uh, hate to judge before all the facts are in, it’s beginning to look like, uh, General Ripper exceeded his authority.”

This case (and the others listed in the NYT story) illustrates how hard it is to control bits when they are handed around. Strict protocols are especially hard to enforce across organizational boundaries.

The TJX – Barnes&Noble – etc. Data Breach

Wednesday, August 6th, 2008 by Harry Lewis

Every major news source is carrying the story of the indictment of 11 persons for a massive data theft, in which more than 45 million credit card records were stolen — perhaps many more. We explain on page 176 of Blown to Bits that part of the problem was that in 2005 TJC was still using WEP encryption for its wireless communications, even though WEP had been known to be insecure for three years by that time, and a substitute was widely available.

Today’s accounts indicate that the alleged crimes go much beyond that business of the 45 million credit card records. It is a bit hard to discern what actually happened, however. The Wall Street Journal describes the defendants as having “hacked into a wireless computer system at an unidentified BJ’s Wholesale Club store.” “Hacked” is one of those portmanteau words which journalists use to describe almost anything. In its original sense it isn’t even derogatory — it just meant a clever, contrarian piece of programming. “Hacked into” suggests something quite aggressive and destructive, but it seems that what really happened may be nothing more than someone driving around listening for wireless routers and finding one that hadn’t upgraded its encryption software — and then using the by then well known methods for decrypting WEP. (I am not defending it — it’s a crime, and should be — but the language would then be a bit like saying that someone had “broken into” a house by opening the door and walking in. Bad thing to do, but not the way it sounds.

But this was far from the end of the story. The defendants in this action are alleged to have “gained access to the computer system used at a Marshall’s department store” and then, “With access to the server, the defendants installed ‘sniffer programs’ that captured data.” At that point they could, and allegedly did, pretty much help themselves to whatever the company had in the way of customer financial data.

It’s the “gained access” that interests me. It could be a software error, but my gut tells me: inside job. The easiest way to “gain access” to a computer system is to have someone give you a password, or give you physical access to the machine. It’s not the only way, but if I were bent on “gaining access” to a computer, I’d try the easy way first — perhaps bribing someone using the money I’d already made with those credit card numbers.

Finally, all this data wound up on international servers, as part of a shadowy underground bits economy. This fascinating report by Symantec details the operation of these sites from which credit card numbers and and other sensitive data can be bought in bulk. The table on page 32 reports that US credit card numbers cost $1-$6, UK credit card numbers twice as much (apparently the return on the investment is better). Email addresses, by the way, go for $5 per 20,000. Lots of other good information about the ways that computers can be compromised, and where the attacks seem to be coming from.