Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged RSA

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Exclusive: Secret contract tied NSA and security industry pioneer | Reuters - 0 views

www.reuters.com/...rity-rsa-idUSBRE9BJ1C220131220

surveillance state NSA RSA NSA-backdoors software-backdoors

shared by Paul Merrell on 21 Dec 13 - No Cached
  • (Reuters) - As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned. Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
  • The earlier disclosures of RSA's entanglement with the NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990s effort by the NSA to require a special chip to enable spying on a wide range of computer and communications products.
  • The RSA deal shows one way the NSA carried out what Snowden's documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. NSA documents released in recent months called for using "commercial relationships" to advance that goal, but did not name any security companies as collaborators.
  • ...2 more annotations...
  • The NSA came under attack this week in a landmark report from a White House panel appointed to review U.S. surveillance policy. The panel noted that "encryption is an essential basis for trust on the Internet," and called for a halt to any NSA efforts to undermine it.
  • From RSA's earliest days, the U.S. intelligence establishment worried it would not be able to crack well-engineered public key cryptography. Martin Hellman, a former Stanford researcher who led the team that first invented the technique, said NSA experts tried to talk him and others into believing that the keys did not have to be as large as they planned.
  • Paul Merrell on 21 Dec 13
     
    Reuters gives the NSA's history of introducing backdoors in encryption standards a deep look, focusing on RSA's acceptance of a $10 million NSA bribe post-9/11 to implement the NSA-created Dual Elliptic Curve standard for generating "random" numbers, which had what Bruce Schneier described as a "back door." A tip of the hat to Miro for alerting me to this article.
Paul Merrell

Exclusive: NSA infiltrated RSA security more deeply than thought - study | Reuters - 0 views

www.reuters.com/...-nsa-rsa-idUSBREA2U0TY20140331

surveillance state NSA NSA-backdoors RSA

shared by Paul Merrell on 01 Apr 14 - No Cached
  • ecurity industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers. Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or "back door" - that allowed the NSA to crack the encryption.A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability.The professors found that the tool, known as the "Extended Random" extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters.While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection.
Paul Merrell

10 Things Americans Underestimate About Our Massive Surveillance State | Alternet - 0 views

www.alternet.org/...surveillance-nsa

security state NSA digital surveillance

shared by Paul Merrell on 12 Jun 13 - No Cached
  • Americans may be upset about the latest revelations in the government’s ability to spy on citizens via their online lives, but no one should be surprised. We've underestimated and overlooked many key aspects of the government’s ability to track our lives for years. The bottom line, which resonates most strongly among civil liberties advocates on the left and conservative libertarians on the right, is not just the loss of privacy but also the growing power of the state to target and oppress people who it judges to be critics and enemies. That list doesn’t just include foreign terrorists of the al-Qaeda mold, or even the Chinese government that has  stolen the most advanced U.S. weapon plans; it also includes domestic whistleblowers, protesters and journalists—all of whom have been  targeted by the Obama administration Justice Department.   Let’s go through 10 points about these latest revelations of domestic spying to better understand what Americans have underestimated and overlooked about electronic eavesdropping.
Gary Edwards

RSA Animate - Crises of Capitalism - YouTube - 0 views

www.youtube.com/watch

financial-collapse cartoon-whiteboard crony-corporatism crony-banksterism Banksters

shared by Gary Edwards on 31 Jan 12 - No Cached
  • Gary Edwards on 31 Jan 12
     
    Excellent white board illustrated discussion on capitalism and the financial crisis.   I have a question though?  How do you discuss capitalism without also discussing borrowing, interest rates and dividends?  Seriously.  No mention of interest rates?  No mention of the relationship between GOLD, commodities and fiat money?   Yes, the Banksters collapsed the world economy with the willing consent of corrupt crony politicians.   The corruption and practice of crony corporatism is NOT Capitalism!  It's fascism.   Nor are the bailouts of the Banksters and big unions capitalism!  In capitalism there is no such thing as a government bailout or two big too fail.  Capitalism would have put the Banksters into the dirt without blinking. There is an interesting transection where the cartoonist suggest that global corporatism demanded capital from creative financiers.  And that caused the the problem.  Seems the Banksters got too too creative. I disagree with this perspective, and am left wondering how the connection between global commerce and creative "casino" financial instruments are natural consequences of each other?  It's a commonly held belief that global explosion was due to the a Reagan - Thatcher conservative revolution where one of the key corporate organizing principles was that of the "franchise" backed by IPO style public stock offerings.  Clowns like Warren Buffett gobbled up tons of Coca Cola and McDonalds stock, waiting for global trade barriers to fall in the wake of Reagan - Thatcher liberty.  When the Soviet Union collapsed, the "walls" truly did come down.  And USA corporations were uniquely positioned and structured to roll out globally. That doesn't have anything to do with the kind of creative casino gambling that brought the world to it's knees.  What do exotic financial derivatives have to do with funding corporations?  Yes, they were used to hedge financial positions as sovereign governments were maddeningly borrowing and s
Paul Merrell

In Keeping Grip on Data Pipeline, Obama Does Little to Reassure Industry - NYTimes.com - 0 views

www.nytimes.com/...ttle-to-reassure-industry.html

surveillance state NSA Obama Obama-speech sound-of-silence

shared by Paul Merrell on 18 Jan 14 - No Cached
  • Google, which briefly considered moving all of its computer servers out of the United States last year after learning how they had been penetrated by the National Security Agency, was looking for a public assurance from President Obama that the government would no longer secretly suck data from the company’s corner of the Internet cloud.Microsoft was listening to see if Mr. Obama would adopt a recommendation from his advisers that the government stop routinely stockpiling flaws in its Windows operating system, then using them to penetrate some foreign computer systems and, in rare cases, launch cyberattacks.
  • Intel and computer security companies were eager to hear Mr. Obama embrace a commitment that the United States would never knowingly move to weaken encryption systems. They got none of that.
  • Perhaps the most striking element of Mr. Obama’s speech on Friday was what it omitted: While he bolstered some protections for citizens who fear the N.S.A. is downloading their every dial, tweet and text message, he did nothing, at least yet, to loosen the agency’s grip on the world’s digital pipelines. White House officials said that Mr. Obama was committed to studying the complaints by American industry that the revelations were costing them billions of dollars in business overseas, by giving everyone from the Germans to the Brazilians to the Chinese an excuse to avoid American hardware and cloud services. “The most interesting part of this speech was not how the president weighed individual privacy against the N.S.A.,” said Fred H. Cate, the director of the Center of Applied Cybersecurity Research at Indiana University, “but that he said little about what to do about the agency’s practice of vacuuming up everything it can get its hands on.”
  • ...4 more annotations...
  • In fact, behind the speech lies a struggle Mr. Obama nodded at but never addressed head on. It pits corporations that view themselves as the core of America’s soft power around the world — the country’s economic driver and the guardians of its innovative edge — against an intelligence community 100,000 strong that regards its ability to peer into any corner of the digital world, and manipulate it if necessary, as crucial to the country’s security.In public, the coalition was polite if unenthusiastic about the president’s speech. His proposals, the companies said in a statement, “represent positive progress on key issues,” even while “crucial details remain to be addressed on these issues, and additional steps are needed on other important issues.” But in the online chat rooms that users and employees of those services inhabit each day, the president’s words were mocked. “If they really cared about the security of US infrastructure, they’d divulge the vulnerabilities they found or bought from the black market that exploit the security of these systems, so those systems can be fixed, and no one else can exploit them with these exploits,” wrote a user called “higherpurpose” on Hacker News.
  • In an interview, a senior administration official acknowledged that the administration had weighed what the president could say in public about the delicate problems of encryption, or the N.S.A.’s use of “zero day” flaws in software, the name for security holes that have never been seen before. It is a subject the intelligence agencies have refused to discuss in public, and Mr. Obama determined that it was both too secret, and too fluid, to discuss in the speech, officials said.In response to questions, the White House said the president had asked his special assistant for cybersecurity, Michael Daniel, and the president’s office of science and technology policy to study a recent advisory panel’s recommendation that the government get out of the business of corrupting the encryption systems created by American companies.
  • It will not be an easy task. One of the recent disclosures, first reported by Reuters, indicated that the N.S.A. paid millions of dollars to RSA, a major encryption firm, to incorporate a deliberately weakened algorithm into some of its products, giving the government a “back door” to read whatever it wanted. But when the advisory panel concluded that the United States should not “in any way subvert, weaken or make vulnerable generally available commercial software,” the intelligence agencies protested.“Some in the intelligence community saw that as a call for the N.S.A. to get out of cryptography, which is the reason they were created,” the senior official said. He added: “We’ve said that we are very much supportive of U.S. industry and making sure that U.S. industry remains competitive, and able to produce really good products. And N.S.A. has been out there saying they have no interest in breaking encryption that guards global commerce.”
  • But as Mr. Obama himself acknowledged, the United States has a credibility problem that will take years to address. The discovery that it had monitored the cellphone of Chancellor Angela Merkel of Germany, or that it has now found a way to tap into computers around the world that are completely disconnected from the Internet — using covert radio waves — only fuels the argument that American products cannot be trusted.That argument, heard these days from Berlin to Mexico City, may only be an excuse for protectionism. But it is an excuse that often works.
Paul Merrell

"We cannot trust" Intel and Via's chip-based crypto, FreeBSD developers say | Ars Technica - 0 views

arstechnica.com/...-crypto-freebsd-developers-say

surveillance state NSA-targets-backdoors hardware-backdoors BSD NSA-reform

shared by Paul Merrell on 12 Dec 13 - No Cached
  • Developers of the FreeBSD operating system will no longer allow users to trust processors manufactured by Intel and Via Technologies as the sole source of random numbers needed to generate cryptographic keys that can't easily be cracked by government spies and other adversaries. The change, which will be effective in the upcoming FreeBSD version 10.0, comes three months after secret documents leaked by former National Security Agency (NSA) subcontractor Edward Snowden said the US spy agency was able to decode vast swaths of the Internet's encrypted traffic. Among other ways, The New York Times, Pro Publica, and The Guardian reported in September, the NSA and its British counterpart defeat encryption technologies by working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products. The revelations are having a direct effect on the way FreeBSD will use hardware-based random number generators to seed the data used to ensure cryptographic systems can't be easily broken by adversaries. Specifically, "RDRAND" and "Padlock"—RNGs provided by Intel and Via respectively—will no longer be the sources FreeBSD uses to directly feed random numbers into the /dev/random engine used to generate random data in Unix-based operating systems. Instead, it will be possible to use the pseudo random output of RDRAND and Padlock to seed /dev/random only after it has passed through a separate RNG algorithm known as "Yarrow." Yarrow, in turn, will add further entropy to the data to ensure intentional backdoors, or unpatched weaknesses, in the hardware generators can't be used by adversaries to predict their output.
  • "For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random," FreeBSD developers said. "It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more." In separate meeting minutes, developers specifically invoked Snowden's name when discussing the change. "Edward Snowdon [sic] -- v. high probability of backdoors in some (HW) RNGs," the notes read, referring to hardware RNGs. Then, alluding to the Dual EC_DRBG RNG forged by the National Institute of Standards and Technology and said to contain an NSA-engineered backdoor, the notes read: "Including elliptic curve generator included in NIST. rdrand in ivbridge not implemented by Intel... Cannot trust HW RNGs to provide good entropy directly. (rdrand implemented in microcode. Intel will add opcode to go directly to HW.) This means partial revert of some work on rdrand and padlock."
  • Paul Merrell on 12 Dec 13
     
    Hopefully, all Linux distros jump on this bandwagon.
Paul Merrell

Security Experts Oppose Government Access to Encrypted Communication - The New York Times - 0 views

www.nytimes.com/...o-encrypted-communication.html

encryption government-backdoors expert-report

shared by Paul Merrell on 08 Jul 15 - No Cached
  • An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.A new paper from the group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden’s revelations — with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds — encryption has emerged as a major issue in the debate over privacy rights.
  • That has put Silicon Valley at the center of a tug of war. Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers.
  • Yet law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government agency could use it alone.The encryption debate has left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their jobs.
  • ...2 more annotations...
  • The new paper is the first in-depth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the “R” in the widely used RSA public cryptography algorithm. In the report, the group said any effort to give the government “exceptional access” to encrypted communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power grid at risk. Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm — most recently at the United States Office of Personnel Management, the State Department and the White House — the security specialists said authorities could not be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, China and other governments in foreign markets would be spurred to do the same.
  • “Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” the report said. “The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable.”
  • Paul Merrell on 08 Jul 15
     
    Our system of government does not expect that every criminal will be apprehended and convicted. There are numerous values our society believes are more important. Some examples: [i] a presumption of innocence unless guilt is established beyond any reasonable doubt; [ii] the requirement that government officials convince a neutral magistrate that they have probable cause to believe that a search or seizure will produce evidence of a crime; [iii] many communications cannot be compelled to be disclosed and used in evidence, such as attorney-client communications, spousal communications, and priest-penitent communications; and [iv] etc. Moral of my story: the government needs a much stronger reason to justify interception of communications than saying, "some crooks will escape prosecution if we can't do that." We have a right to whisper to each other, concealing our communicatons from all others. Why does the right to whisper privately disappear if our whisperings are done electronically? The Supreme Court took its first step on a very slippery slope when it permitted wiretapping in Olmstead v. United States, 277 U.S. 438, 48 S. Ct. 564, 72 L. Ed. 944 (1928). https://goo.gl/LaZGHt It's been a long slide ever since. It's past time to revisit Olmstead and recognize that American citizens have the absolute right to communicate privately. "The President … recognizes that U.S. citizens and institutions should have a reasonable expectation of privacy from foreign or domestic intercept when using the public telephone system." - Brent Scowcroft, U.S. National Security Advisor, National Security Decision Memorandum 338 (1 September 1976) (Nixon administration), http://www.fas.org/irp/offdocs/nsdm-ford/nsdm-338.pdf   
Paul Merrell

Is NSA Surveillance Mastermind Keith Alexander Selling US Secrets to Wall Street? | VIC... - 0 views

www.vice.com/...-us-secrets-to-wall-street-630

surveillance state NSA Alexander revolving-door

shared by Paul Merrell on 02 Jul 14 - No Cached
  • Perhaps you already assume that there's some kind of twisted marriage between Wall Street megabanks and the US global surveillance regime. Why wouldn't there be? But not even a total cynic could have anticipated spymaster Keith Alexander cashing in this hard, this fast. As Bloomberg recently reported, the former National Security Agency chief, who resigned in March at the age of 62, quickly offered his cyber-security expertise at the eye-popping price of $1 million per month to an assortment of shady business lobbies. And now at least one member of Congress is probing this most delightfully dystopian of arrangements, raising the possibility that Alexander will be shamed out of the practice, if nothing else. “Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods,” Florida Democratic Rep. Alan Grayson wrote one of the business groups, the Security Industries and Financial Markets Association (SIFMA), which holds it down for Wall Street in Washington. “Without the classified information that he acquired in his former position, he literally would have nothing to offer to you.”
  • In an interview Monday, Grayson was even more strident in his criticism. "Frankly, what the general is doing is beginning to resemble an extortion racket," he told me. "This is a man who basically lied for a living, and he continues to do that." To be clear, what's uniquely outrageous about Alexander, who has apparently lowered his asking price to $600,000, is not that he is a former US official dangling his alleged expertise and the allure of privileged access to government officials before Wall Street. Former Secretary of State Hillary Clinton, who served under Barack Obama and is the odds-on favorite to succeed him, does this all the time, usually at a rate of about $250,000 a pop. (Indeed, one might argue that the very fact she has managed to do so while enjoying a stellar national reputation is what signaled to Alexander he might as well dive headlong through the revolving door.) But the former NSA head presumably knows things about sophisticated intelligence-gathering practices that very, very few people on Earth have been privy to—information that could be useful in the private sector, which has a tendency to collude with the military in ways that made former President and World War II General Dwight Eisenhower very sad.
  • "What could he possibly have that's worth $1 million a month other than classified information?" wonders Melanie Sloan, founder of Citizens for Responsibility and Ethics in Washington (CREW), a good government group. "That's more than former presidents make." Indeed, even former President Bill Clinton, whose corruption since leaving office is by now the stuff of legend, doesn't have the gall to ask for that much per gig. There's a sort of "fuck it!" attitude to what Alexander is doing, seemingly kicking sand in the face of everyone angry at his surveillance regime by getting paid to reflect on the experience of assembling it. More ominously, there's the prospect that Alexander, whether deliberately or otherwise, may have left behind vulnerabilities while running the NSA so as to put himself in prime position to effectively hold the banks hostage now. Certainly, there have been reports suggesting the agency was aware of some vulnerabilities it either could or did not address.   "What is especially troubling is he might actually be worth it," says former North Carolina Democratic Congressman Brad Miller, who worked extensively on financial regulation and Wall Street reform in Congress. "He's obviously not a computer geek. Some of the things that might have seemed paranoid a few years ago now seem more than plausible given what we've already learned the NSA has been doing."
  • ...1 more annotation...
  • In an email, former New York Times reporter and Goldman Sachs regulatory guru Stephen Labaton—who is currently president of communications and influence powerhouse RLM Finsbury and apparently fielding the General's media inquiries—dismissed Grayson's critique and Miller's concerns. "The letter is ludicrous," he wrote me, before adding about Miller, "The congressman’s kidding, right? Will he [Alexander] next be tied to the Kennedy assassination?" But as Marcy Wheeler points out, given that the former NSA boss has spent the last year hyping the incredible risk of catastrophic cyber-attack, as well as the alleged damage done by Edward Snowden (an assessment his successor does not seem to share), it's fair to ask if his consultancy is essentially a scam. That the victims are, for now, Wall Street bankers—some of the least sympathetic human beings around—is a sweet bit of irony. But it doesn't change the bigger picture: In this age of total surveillance and unchecked financial power, the frontiers of corruption never seem to stop expanding.
1 - 8 of 8
Showing 20 items per page