Tag: Crypto-Anarchism

Starting Off Somewhere

I received a comment from Sonia on my post detailing Bruce Schneier’s tips for protecting yourself from the National Security Agency (NSA):

This kind of endeavor only works is everybody does it, otherwise is useless. Also inviting laymen to “learn” reveals how much you underestimate the fact that being a programmer gives you all the mental models you need.

Those people who “learn” will only end up compromising their own security under the impression that they are doing something secure.

Although I addressed these concerns in a reply I wanted to write a post because I feel what I’m about to say is relevant to anybody interested in computer security.

In another comment Sonia mentioned she (I’m assuming Sonia is female based on name, this being the Internet I could be incorrect) is a Ph.D. That being the case, I can see where her views on this subject come from. Oftentimes those of us who have been involved in the computer field for some time fall victim to two issues. First, we develop a form of elitist attitude that causes us to think of ourselves as somehow superior to non-techie people. Second, we forget about the early days when we knew little about computers. I’ve fallen victim to these issues before and I believe Sonia has fallen victim to them in her comment.

She does make a very important point. When you first dive into computer security you’re going to make mistakes. This is a problem all people face when learning something new. Just because you know how to utilize OpenPGP to encrypt your e-mail doesn’t mean you fully grasp underlying concepts such as private key security, the inability to know whether or not a closed system is secure, the value of a proper security audit, or the potential issue of generating keypairs on a system that lacks a true cryptographically secure pseudorandom number generator. All of these things, and more, play a part in OpenPGP and computer security.

You know what? That’s OK. You don’t need to know everything right away. Everybody has to start from the beginning. I didn’t become a computer programmer or system administrator overnight. I wasn’t blessed with the innate knowledge required to operate and manage an OpenBSD system. At one point I had no idea what Postfix was, let alone how to run and maintain a Postfix server. The difference between C and C++ were unknown to me back in the day. All of this knowledge came with due time. I’ve invested years into learning what I now know about computers and will likely invest a lifetime into learning more. When I started to program I made countless amateur mistakes. That didn’t discourage me because I learned from those mistakes. I’m happy to report that I’m still learning from my mistakes today.

Learning how to use the tools necessary to keep yourself safe online isn’t going to happen overnight. You’re going to make mistakes. Those mistakes will compromise your security. But you will learn from those mistakes and you will become more secure because of it.

Computer security isn’t an all-or-nothing thing. Even if you don’t practice proper private key security or generate an easily determinable keypair because your system lacks a secure pseudorandom number generator you’re more secure by using OpenPGP or Off-the-Record Messaging than not. Every encrypted communication requires potential spies to throw time and resources at decrypting it just to find out what’s in it. Simply put, every encrypted communication helps defend everybody’s privacy. As the number of encrypted communications increase potential spies must either prioritize the computing resources available to them or invest other resources into more computing resources.

Julian Assange is Tracking Spyware Contractors

Another weapon we have against the state’s surveillance apparatus is Julian Assange. Mr. Assange, through his Wikileaks project, has provided a platform whistle blowers can use to leak information and remain anonymous. Wikileaks has now announced another project called the Wikileaks Counterintelligence Unit, which will attempt to actively surveil surveillance contractors:

The inaugural release zeroes in on 19 different contractors as they travel visit countries like Bahrain, Kazakhstan, Spain, and Brazil. The location data displays only a time stamp and a country for each entry, but occasionally displays the message, “phone is currently not logged into the network,” indicating the data likely comes from some kind of cell-tracking service. The contractors in question work for Western companies like Gamma International, designer of the infamous FinFisher spyware tool — and as with previous Wikileaks releases marked as “Spy Files,” readers will also find marketing brochures for surveillance products to intercept and monitor web traffic.

I think this is a great idea and needs to be expanded. It would be great if we could eventually do to the surveillance apparatus what it has done to us. Imagine a world where anybody working to spy on us, whether they be private contractors or public National Security Agency (NSA) employees, was being spied on 24/7. Perhaps losing all sense of privacy would be enough to discourage people from working for these bastards.

Protect Yourself from the NSA

As I said, those of us who dwell on the Internet aren’t going to take the NSA and GCHQ’s attack lightly. We have more firepower than they realize and have unleashed one of our best weapons, Bruce Schneier. Mr. Schneier has been working with Mr. Greenwald for the last two weeks and has written a short list of things, based on the information provided by Mr. Snowden, you can do to keep yourself secure online:

1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.

2) Encrypt your communications. Use TLS. Use IPsec. Again, while it’s true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you’re much better protected than if you communicate in the clear.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it’s pretty good.

4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.

5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it’s harder for the NSA to backdoor TLS than BitLocker, because any vendor’s TLS has to be compatible with every other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it’s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

Mr. Schneier does rightly point out that many Internet users aren’t currently capable of doing all of these things. To those of you who don’t know how to use the above mentioned tools, learn. Information on all of the tools Mr. Scheneier mentioned is freely available online. If you’re still having trouble I’m more than happy to help. Shoot me an e-mail at blog [at] christopherburg [dot] com and I’ll give you as much assistance as I can. Together we can push back against the state’s surveillance apparatus and return the Internet to its original form, a network where those wanting to remain anonymous can do so.

Some Suckers Invited Me to Participate in a Privacy Panel

Through, what I can only assume is, a complete lapse in judgement, I have been invited to participate in a panel discussion on privacy and surveillance later tonight (sorry for the late notice, the Facebook event was only posted last night). For those of you who don’t have access to Facebook the event will occur today, September 4th, at 19:00. The discussion will be held at 4200 Cedar Avenue in Minneapolis, Minnesota.

Although the details I have been given are slim, I do know that the panel discussion will center around the current state of privacy and surveillance. In other words, it should be entertaining. I do promise to bring a notable level of weirdness along with a fair amount of serious business (if you’ve ever heard me speak you know what to expect). Hopefully I’ll see some of you there.

The Vietnamese Government Doesn’t Understand How the Internet Works

I’m a fan of saying that statism is synonymous with halting progress. Statists always attempt to curtail advancements by forcing them into preconceived notions. A classic example of this mentality can be found in stories involving Japanese Samurai. Many works note that the Samurai believed firearms to be dishonorable weapons. Such a mentality made sense to an individual who spent decades learning the art of swordsmanship. All of the time spent mastering the sword became irrelevant when some peasant with little training could strike from many yards away. Instead of realizing that technology had advanced to a point where the importance of the sword was diminished, a master swordsman would be apt to argue that firearms aren’t honorable. Why change yourself when you can force everybody else to change to suit your desires?

Today we’re seeing this with the emergence of the Internet. Statists are trying to confine the Internet to their preconceived notions. They don’t believe anybody with a blog can be a journalist because journalists have traditionally been individuals who work for centralized state-recognized news organization. They don’t want to acknowledge that crypto-currencies are real currencies because it goes against their belief that money must be centrally issued paper notes. This is what leads governments around the world to implement stupid laws like this:

A controversial law banning Vietnamese online users from discussing current affairs has come into effect.

The decree, known as Decree 72, says blogs and social websites should not be used to share news articles, but only personal information.

The law also requires foreign internet companies to keep their local servers inside Vietnam.

A government could only issue such a decree if it lacked an understanding of how the Internet works. Enforcing laws requires that you can identify offenders. The beauty of the Internet is that one can maintain anonymity if they desire. How can the Vietnamese government enforce laws regulating blogs if those blogs are created on a computer that is connected to a random wireless network under a pseudonym and hosted on a location hidden service? Statists can pass whatever laws they want but reality isn’t going to reform itself to make enforcement of those laws possible.

Rules are Meant to be Broken

Possibly the least productive conversation that has arisen since the great Snowden leak is what rules Congress should implement to protect the privacy of online users. Asking the state to pass rules to curtail its own misdeeds is like asking a wolf to guard your sheep from danger. As an advocate of self-defense I, along with my peers, often point out how ineffective government rules are at protecting people. Restraining orders, for example, are nothing more than pieces of paper that are unable to actually protect you from an aggressor who doesn’t care about disobeying a judge’s command. Laws against murder, assault, and rape have not stopped murders, assaults, or rapes. To make my point even more clear, rules have already been established to protect the privacy of online users but the National Security Agency (NSA) broken them thousands of times per year:

The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.

Rules are meant to be broken as they old saying goes. No amount of Congressional oversight will protect us from Big Brother. Hell, Congress is Big Brother. Let’s put the conversation about what laws to pass to rest. It’s no more productive than an argument between two children who are trying to determine if Batman is better than Superman (granted, since that argument involves Batman it’s already more productive than any conversation about what laws to pass). What we need to discuss is how to protect ourselves from prying eyes at all times. Even if the NSA stopped spying on us we’re still being watched by numerous corporate entities, such as Google and Facebook, that have a keen interest in tracking our every move online.

We should be having conversations about cryptography, anonymity, and decentralization. Those things, unlike the passage of laws, actually hold the potential to protect us from Big Brother.

Interview with the Dread Pirate Roberts

After what must have been a great deal of effort, Andy Greenberg managed to get an interview with the Dread Pirate Roberts, the mystery person behind Silk Road. The Dread Pirate Roberts is one of those individuals I look up to. By operating the Silk Road, a truly free market for many things that are prohibited by the state, he or she has done far more to advance liberty than the throngs of people who sink their time into politics. He or she has actually created a mechanism that allows individuals to live freer today. Although the entire interview is of interest I think the most telling part is the following paragraph:

All my communications with Roberts are routed exclusively through the messaging system and forums of the website he owns and manages, the Silk Road. Accessing the site requires running the anonymity software Tor, which encrypts Web traffic and triple-bounces it among thousands of computers around the world. Like a long, blindfolded ride in the back of some guerrilla leader’s van, Tor is designed to prevent me–and anyone else–from tracking the location of Silk Road’s servers or the Dread Pirate Roberts himself. “The highest levels of government are hunting me,” says Roberts. “I can’t take any chances.”

I doubt this is an understatement since anybody who unveils the Dread Pirate Robert’s identify and manages to arrest him will become legendary in the Drug Enforcement Agency (DEA), Federal Bureau of Investigations (FBI), and other law enforcement agencies. For the crime of operating an online market place that allows individuals to sell what they want he or she is being hunted like a dog.

Still, with all of its power and might, the state has been unable to locate the Dread Pirate Roberts or Silk Road. The state’s inability to find and strike against either is a testament to the power of location hidden services.

Bitmessage

Since I just spent a post bitching about the ineffectiveness of e-mail I think it’s time to discuss alternatives. In my pursuit to find methods of secure communications I’ve stumbled across an interesting piece of software called Bitmessage. Bitmessage caught my attention because it attempts to fulfill several goals I have when looking for an e-mail replacement. First, it’s decentralized. There are no central servers running the Bitmessage network. Instead the Bitmessage network is similar to Bitcoin in that messages are broadcast (in an encrypted form) throughout the entire network.

The second feature that interests me is Bitmessage’s pseudo-anonymity.Bitmessage, like Bitcoin, is based off of public-key cryptography. Users create a keypair and the public key is hashed, which gives you an identifier that others can use to communicate with you. All message sent to you are encrypted with your public key so only you, the holder of the private key, can decrypt and read them.

That leads me to the third feature of Bitmessage that interests me, an attempt to use strong cryptography. All messages in the Bitmessage network are encrypted using public-key cryptography. That makes snooping on communiques extremely difficult. One of the weaknesses I’ve noted in most potential e-mail replacements is a tendency to send communiques in plain text. Most instant messenger servers, for example, send all message in plain text so anybody can easily listen in.

Bitmessage isn’t perfect by a long shot. The software is obviously in an alpha stage. I could only find a pre-built Windows client on Bitmessage’s website and an unofficial pre-built OS X client after some digging. Installing Bitmessage is probably more work than most people want to go through. Another problem with Bitmessage is that no independent security audit has been performed on the network or the client (although a request for such an audit is on the front page of Bitmessage’s wiki). Without a security audit there is no way to know how secure Bitmessage really is. But these are problems that plague every new piece of software. One should approach Bitmessage as a proof of concept that promises to deliver great things in the future.

If you’re interested in testing Bitmessage with me my address is BM-2D95ncE8da721wVxQzcA3QEhjrg2MGFjka.

The Liberator Pistol

On Thursday some of us Defcon attendees went to Sunset Park for the Toxic BBQ (the food wasn’t toxic but the 100 degree weather was pretty brutal to this Minnesotan). During the BBQ I met Dallas, a speaker at Defcon who invited us to attend his Skytalk at 0900 the next morning. His talk was about this little guy (pardon the shitty photography, I’m not a photographer and the lighting in the hallway wasn’t ideal):

If you don’t recognize it it’s the 3D printed Liberator Pistol. While I’ve read and written about the Liberator many times on this blog, this was the first time I was able to look at and touch one. It’s a rather crude weapon, which I expected since it’s a prototype, but a novel idea. If you look at the picture you’ll see the main pistol, which was printed in black polylactide (PLA), and the internal parts, which were printed in green PLA. The green parts were printed smaller than the design requires so assembling the parts wouldn’t allow one to have an operating weapon (this was done because security at the Rio was apparently uncomfortable with the idea of bringing in a working pistol).

The two presenters, Dallas and Sean Wayne, did a marvelous job of presenting the weapon. They covered the legal matters involved with manufacturing a Liberator (namely you must include at least 3.7 oz. of ferrous metal in the design and you cannot transfer it), the capabilities of the pistol, their adventure with getting the pistol through airport security (as checked baggage, which is what you must always do to legally fly with a firearm), and why the Liberator, at least as it currently stands, is impractical.

The Liberator isn’t the most capable weapon. Considering the entire weapon, with the exception of the firing pin and the legally mandated chunk of metal, is made of plastic the weapon has some notable weaknesses. During the presentation we were told that 10 firing is the generally accepted maximum a Liberator can handle. Since the pistol brought by the presenters was printed on a MakerBot with PLA, instead of something like acrylonitrile butadiene styrene (ABS), it wasn’t safe to fire (PLA is brittle and the pistol at the presentation would have exploded if one tried to fire it). Furthermore, the pistol has an issue with leaking gas from the trigger cutout, which is likely to burn the person shooting it. Once again, being a prototype, none of these issues surprised me.

I found their experience trying to travel with the pistol interesting. Because they didn’t want to chance being locked in a cage the pistol was transported just like any other firearm, by declaring and checking it. What was interesting was that the employees at the airline were rather baffled by the plastic pistol (in my experience airline employees are often baffled by any firearm) and ended up calling over a Transportation Security Administration (TSA) agent. Unlike the entirely clueless airline employee, the TSA agent recognized it as a pistol and allow the declaration and checking to commence as usual. This may be one of the few times an agent of the TSA performed a competent job. It’s also nice to know that flying with a Liberator is treated no differently than flying with any other firearm.

The Liberator is a cool concept but, as it currently stands, is impractical. Reloading it is a ponderous task because you must remove the barrel, and the gun can’t survive many firings. As a member of the audience pointed out, one would have better luck going to the hardware store, buying a few dollars worth of metal parts, and slapping together a zip gun that would almost certainly be more reliable than the Liberator.

Of all the presentations I attended this was one of the most interesting (in part because I’m a gun nut but also because I love the concept of 3D printers). I’ve wanted to look at and touch a Liberator since it was first unveiled by Cody Wilson. Now that I have seen one I can say that my initial impressions were correct. It’s a really cool idea that will only get better in time. According to Sean and Dallas, the Defcad community is has already released a fourth major version of the Liberator design. With such rapid improvements it’s likely that we’ll see a reliable single-shot 3D printed pistol in no time. Once that’s been accomplished it’ll be time to move on to a semi-automatic 3D printed pistol.

Considerations Regarding Encryption: Cost to Benefit Analysis

Since I began advocating crypto-anarchy I’ve met a surprising amount of resistance from an unexpected group. Many of my fellows in the liberty movement have taken a defeatist approach to technology. Now that they know that the National Security Agency (NSA) is scooping up every data packet it can get its grubby hands on, an almost Luddite-esque sect has developed in the liberty movement. They believe that the Internet, and all forms of electronic communications, should be avoided because they feel that no force on Earth can stand up to the power of the federal government (an ironic attitude from a movement that advocates standing up to the federal government). These people have become critical of advocating cryptographic and anonymizing tools to protect against unwanted spying.

One of the criticisms they often raise is that the NSA can simply decrypt whatever data it captures. This belief partially stems from the belief that the state is omnipotent and partially from misunderstanding the purpose of encryption. In this post I plan to briefly address the latter (I believe I’ve sufficiently addressed the former in my extensive posting history).

Encryption isn’t a magic bullet that will prevent unauthorized individuals from reading your data for all eternity. It is a tool that stands to greatly delay an unauthorized individual from reading your data. Anything that has been encrypted can be decrypted. If that wasn’t he case then encryption would be useless as it would prevent unauthorized and authorized individuals from reading the data. There are numerous ways to decrypt encrypted data.

The first, and most obvious, method is getting a copy of the decryption key. In order to allow authorized individuals to read encrypted data there has to be a way to legitimately decrypt it. This is done by giving authorized individuals decryption keys. Decryption keys can take many forms including a pre-shared key that is known to both you and other authorized individuals and asymmetric keypairs, one of which is secret and (ideally) known only to you and another which is public.

The second method is brute force. A brute force attack, in regards to cryptography, involves trying every possible decryption key. While this method will eventually decrypt encrypted data, it’s very time consuming if proper cryptographic algorithms and practices are used. Depending on the amount of computational power available, decrypting the data via brute force may take years, decades, or (possibly) centuries. In other words, brute force attacks are expensive.

The third method is to exploit the encryption algorithm itself. This method is cheaper than brute force but it depends on finding an exploitable vulnerability in the algorithm used to encrypt the data. Depending on the algorithm used, this method can decrypt encrypted data very quickly or it can be impossible (at least for the time being).

Humans always perform a cost to benefit analysis before taking an action. The state is no different. While the NSA, theoretically, has a tremendous amount of computing power available to it, using that computing power isn’t free. Computing power requires time and electricity. So long as you have computers dedicated to decrypting one set of data you can’t dedicate them to decrypting other sets of data. It’s unlikely that the NSA is using brute force to decrypt every encrypted set of data it has intercepted. Instead, it is likely using brute force only after it has decided to target an individual.

Algorithm exploits are another concern. Many people believe that the NSA has exploits that allow it to decrypt data encrypted by every known algorithm. Those people often believe that the NSA also has backdoor access to every electronic device (which would make the former mostly irrelevant). Such knowledge still requires a cost to benefit analysis. While the cost in time an electricity is very low the cost in revealing that it has an exploit is very high. Let’s say you encrypted your hard drive with AES-256 and the NSA had an exploit that allowed it to decrypt the drive. Now that it has that information it can use it to target you but, in so doing, it would have to reveal how it obtained that information. In other words, it would have to explain to a court that it has an exploit that allows it to decrypt AES-256 (many people may point out that they don’t have to give you a trail if they whisk you off to Guantanamo Bay, to which I would point out that they wouldn’t need evidence of wrongdoing either). After that information was revealed everybody wanting to hide information from the NSA would encrypt their information with a different, hopefully more secure, algorithm. Unless the NSA knows what algorithm its intended targets decided to use and had an exploit for that algorithm it would have effectively tossed away its most effective tool to get one person. The same risk applies to revealing information about backdoors installed in systems. That’s a tremendous cost.

That leaves us with the method of obtaining the decryption key. This is, most likely, the cheapest option for the NSA to use if it wants to target a specific individual. Even if an individual is unwilling to voluntarily provide their decryption key the NSA can always resort to rubber-hose cryptanalysis. Rubber-hose cryptanalysis relies on the use of coercion to get a decryption key from a target. An example of this method being was a woman in Colorado who was held in contempt of court for refusing to decrypt her hard drive. By holding her in contempt until she decrypted her hard drive the state gave her an ultimatum: either rot in prison indefinitely or face the chance of rotting in prison if incriminating evidence is found on the decrypted hard drive. Another way to use rubber-hose cryptanalysis is physical force. If you torture somebody long enough they will almost certainly surrender a decryption key. I will point out that an agency willing to torture an individual to retrieve a decryption key is unlikely to concern itself with retrieving evidence in the first place so the point would be moot.

Looking at the costs associated with the above mentioned decryption methods we can develop a rudimentary cost to benefit analysis. In most cases, for the state, the cheapest option is to simply get the decryption key from the user. Holding somebody in concept of court for refusing to surrender their decryption key has a positive (for the state) side effect: the person is detained until they provide the decryption key. Such a case is win-win for the NSA because keeping you in a cage also takes you out of the picture. Brute force would likely be resorted to if the NSA was interested enough in decrypting the data that it would be willing to take the time and front the electrical cost of throwing a good amount of computing power at the task. In other words, it is unlikely to brute force every encrypted piece of data. Instead, it would likely use brute force only after it has decided to specifically target an individual. The only time the NSA would resort to an algorithm exploit (if it has one), in my opinion, is if the data is needed immediately and the consequences of any delay would be very high.

There are no magic bullets in security. Encrypting your data won’t prevent unauthorized individuals from reading it for all time. But encrypting your data raises the cost of reading it, which will likely deter fishing expeditions (decrypting all data and selecting people to target based on the decrypted information). By encrypting your data you will likely remain under the radar unless the NSA has some other reason to target you. If that is the case it won’t matter if you use modern technology or not. Once you’re a target the NSA can use old fashioned surveillance methods such as bugging your dwelling or dedicating an individual to follow you around. There is no sense in handicapping yourself in order to avoid Big Brother. Big Brother can watch you whether your use a cell phone or only communication with individuals in person. If you use the best tools available you can enjoy almost the same level of security using modern communication technology as you enjoy when having face-to-face discussions.