acm-header
Sign In

Communications of the ACM

ACM News

Spy Agencies Exploit It Vulnerabilities


View as: Print Mobile App Share:
One presentation claims the XKeyscore program covers 'nearly everything a typical user does on the Internet.'

One of the tools the U.S. National Security Agency uses to access data on Internet users is XKeyscore, a search and analysis tool that runs on a cluster of Linux machines distributed around the world.

Credit: The Guardian

United Kingdom secretary of state for defence Philip Hammond recently told members of the Conservative Party, which currently governs the country as part of a coalition, that it needs to be ready for cyberwar. "Simply building cyber defences is not enough. As in other domains, we also have to deter. So I can announce today that Britain will build a dedicated capability to counter-attack in cyber-space and, if necessary, to strike in cyberspace."

Yet documents disclosed by whistleblower Edward Snowden over the summer and published by a variety of news organizations around the world have indicated that the U.K.'s Government Communications Headquarters (GCHQ) surveillance group, as well as the National Security Agency (NSA) in the United States, have already laid the ground for cyberattacks, using hacking techniques to eavesdrop on Internet users and possibly even weakening the security of communications hardware and software in advance to make that eavesdropping easier.

The documents collected by Snowden have helped show that both GCHQ and the NSA operate a number of databases that are built from data collected from specific sources, such as telephony metadata or data pulled from fiber switches selected for their pivotal positions within the Internet backbone network. The NSA claims that only the data sent or received by individuals overseas are targeted, but has admitted that data from U.S. residents can be captured and processed by the deep packet-inspection techniques the agency employs for what it calls Upstream.

The NSA claimed it relied primarily on requests to website operators to provide data under the PRISM system that works in conjunction with Upstream. NSA operatives can access the data through access tools such as XKeyscore, a search and analysis tool that runs on a cluster of Linux machines distributed around the world.

In Powerpoint slides shown by the Brazilian TV program Fantastico that dealt with alleged interceptions of communications by partly state-owned oil company Petrobras, GCHQ was shown to have gone even further in terms of data collection, with its FLYING PIG project. This not only records data passing to and from a switch, but actively intercepts sessions in order to perform man-in-the-middle (MitM) attacks in order to defeat the cryptographic algorithms they might use.

The FLYING PIG architecture slide shows that traffic passing through a monitored internet router for targeted addresses is diverted to GCHQ machines where the attack is performed before passing it on to a "legitimate Google server." The traffic is targeted by operatives logging into the router and adding a static route that diverts packets to a GCHQ server.

The server then presents what appears to be a valid SSL certificate for Google's own servers, but which allows the session to be encrypted with a key that GCHQ holds. To fully spoof the connection, the GCHQ server sets up a session with Google itself, re-encrypting data on the way thru.

The techniques that GCHQ and NSA appear to be using have worried security and cryptography experts, who believe that their tactics have undermined not only confidence in products that purport to offer secure communications, but also have led to the weakening of hardware and software products themselves.

In documents used to help secure funding for its BULLRUN decryption-technology program, the NSA claimed to have successfully decoded communications using a variety of techniques. The NSA said it has targeted "specific encrypted network communication technologies" with "some capabilities against the encryption in TLS/SSL, HTTPS, SSH, VPNs, VoIP, Webmail, and other communication technologies." The document also mentioned hardware targets, such as the "encryption chips used in VPN and Web encryption devices."

Snowden, in a public Q&A hosted by The Guardian, said, "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it."

Matthew Green, assistant research professor at Johns Hopkins University, said, "We can be fairly confident that the NSA already takes advantage of extant vulnerabilities. They have a huge team of 'infrastructure analysts' and software vulnerability analysts. They also purchase 'zero-day' vulnerabilities from outside vendors like VUPEN."

Documents provided by Snowden indicate the NSA uses the XKeyscore system to access a list or database of exploitable machines compiled by its cyber-warfare intelligence-gathering unit, Tailored Access Operations (TAO). A training slide on page 24 of the National Security Agency's 2008 presentation on XKeyscore, released by Snowden via The Guardian, indicates that searches on that system can display "all the exploitable machines in country X." Some exploits may exist because they have been inserted at the request of the NSA and other agencies.

Green adds, "What's interesting about the recent disclosures is that they really do indicate that the NSA and GCHQ are adding new backdoors as well. The most likely concrete example of this is the Dual_EC_DRBG random number generator, which is now widely believed to have an NSA trapdoor. This generator was added to RSA Security's products in the early 2000s and may have given NSA access to communications encrypted by RSA and RSA's customers."

In late September, RSA Security warned users against employing Dual_EC_DRBG — which had up to this point made it the default — in their cryptography library.

Altering the behavior of a random number generator — used to help create cryptographic keys — is one way in which the security of a given implementation can be weakened in a non-obvious way.

"There are three ways to find backdoors in random number generators," said Green. "One is to look at the design of the algorithm. The second way is to look at the code; this is an immediate challenge, as most commercial products don't provide code to review. Finding backdoors in binaries is extraordinarily difficult. The hardest place to find backdoors is by looking from the outside."

Security specialist Bruce Schneier said, "It is trivial to make an random number generator so bad that it trivially breaks encryption, yet so subtly bad that it could not be detected from output."

Other forms of trapdoor should be easier to find without access to source code, or circuit layouts in the case of hardware. Researchers Chris Woods of Quo Vadis Labs and Sergei Skorobogatov of the University of Cambridge have identified a number of weaknesses and backdoors in secure hardware devices, including the cryptographic units of programmable-logic devices made by Microsemi, using side-channel analysis in which small variations in temperature or electrical noise as the device operates are used to determine internal behavior. They found it was possible to bypass security features through a port used to test each part before leaving the fab.

"If there is a backdoor or trojan inserted, then it is always possible to locate such implementations given sufficient time using side-channel analysis. If such a thing has been inserted, then it would make sense to go to great lengths to hide these as best as is possible, or at least make it hard to detect," said Woods. He added that an alternative is to not try too hard to disguise the backdoor, so that if the opening is publicly unmasked, it can be passed off as "a bug, test point, or other such thing that they can deny."

The result among security researchers, Schneier said, is a feeling of betrayal.

Green added, "We believe that it has undermined the faith the general public has in any secure system, knowing that nothing is as secure as it has claimed to be. This has been known by engineers and researchers for a long time, that nothing is never as quite as it seems when it comes to security products."

Chris Edwards is a Surrey, U.K.-based writer who reports on electronics, IT and synthetic biology.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account