Hacked: Hacking Finance

31st Chaos Communication Congress Offers Confirmation, Shocks

Introduction

Neal Rauhauser

Neal Rauhauser


LATEST POSTS

Is Telegram Really In Trouble? 16th January, 2015

Five Eyes Governments Going Blind 16th January, 2015

Events

31st Chaos Communication Congress Offers Confirmation, Shocks

Posted on .

Speaking today in Hamburg at the 31st Chaos Communication Congress, documentary maker Laura Poitras and Tor team member Jacob Applebaum (ioerror) confirmed some things we’ve feared, reassured the world on a couple of things that were shaky, and provided one somewhat shocking revelation.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //


Der Spiegel has over forty internal documents from the Snowden leak that detail how the NSA approaches the following problems:

  • Attacks against Crypto
  • Attacks on SSL/TLS
  • Attacks on VPN
  • Deanonymizing
  • Cryptanalytics

Also read: Tor Network May Face Disabling Attack

Chaos Communication Congress Revelations

chaosThe documents summarize various keyword programs such as LONGHAUL, an end to end encryption key recovery system, and GALLANTWAVE, a subsystem of LONGHAUL that live decrypts traffic. SSL/TLS is attacked with a tool called SCARLETFEVER and results end up in a ‘flying pig database”.

As VPN protocols, PPTP has long been considered a weak link and per the talk it seems that IPsec must also be placed in this category. If you’re an IPsec user, you probably need to dig deeper into this; it’s a complex protocol, and it may just be one specific area that has weak mathematics, likely the key exchange process.

There were many bright spots. Tor is considered ‘a nightmare’, particularly when coupled with the TAILS Linux distribution. Off The Recorder (OTR) chat encryption is an equally intractable problem. The big shock for the more technical listeners was the revelation that ssh, the secure shell, a ubiquitous remote administration tool, has some flaw. This is curious, as the most prevalent implementation, OpenSSH, was developed by the OpenBSD team, and they are notoriously focused about security matters.

During the talk, ACLU’s Christopher Soghoian had sharp words for the NSA regarding the alleged flaws in AES, the Advanced Encryption Standard, and praise for OTR chat and PGP email encryption, which remain safe.

Christopher Soghoian On AES Flaws

Christopher Soghoian On AES Flaws

Soghoian: OTR & PGP Are Safe

Soghoian: OTR & PGP Are Safe

The other clear message, backed by leaked official documents, that Tor is still seen as a ‘nightmare’ for the NSA, touched off another round of the Torgate feud. Pando editor Paul Carr @paulcarr spent most of the talk pointing out parallels between Tor and troubled global ride share company Uber.

Pando Editor Paul Carr Exhibits Butthurt

Pando Editor Paul Carr Exhibits Butthurt

We have covered the Pando/Tor conflict and related issues several times previously, see Debunking (Mostly) Torgate, and Tor Network May Face Disabling Attack. The fact that this is continuing coupled with the nature of Carr’s complaints against the Tor team would seem to point to the involvement of some of the Internet Hate Machine’s more unpleasant denizens, which may have heeded this call by @YourAnonNews for the person destruction of Carr and two other Pando employees.

@YourAnonNews Menaces Pando Writers

@YourAnonNews Menaces Pando Writers

Today’s presentation should put a stop to some of the back and forth between Pando/Tor, and put the privacy community back to where their focus needs to be – the NSA’s surveillance dragnet and the danger it poses to our civil liberties. Today’s talk revealed an equal mix of bright spots and areas that need work, but overall the message to the online privacy community seems to be “You can do this, but you have to focus.”

Images from Twitter and Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

DON'T MISS OUT

Comments
  • user

    AUTHOR Renioctib

    Posted on 1:10 am December 30, 2014.

    Lost Property Dept “Can you identify your top secret lost paperwork?

    NSA “Oh yes, page 28 is titled ‘Turn that Frown Upside Down! From “No” to “YES!” and then there’s the ‘Happy Dance!!’ on page 26, with my stick figure as a way of explaining how to do it.”

    Dear relatives, Open SSH: Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

    NSA has nothing on OpenSSH currently. The Chaos Communication Congress needs to chill out on that point, as there was no flaw specified. And until the teams @ openssh make a statement themselves, or information comes from someone who has specifics, it’s all just media goo and some lost paperwork.

  • View Comments (1) ...
    Navigation
    Elon Musk's Tesla Motors gave its customers a belated Christmas gift…