December 2013 - cypherpunks - lists.cpunks.org

NSA: The Game
by Peter Gutmann 02 Dec '13

02 Dec '13

For those of you familiar with the game Werewolf (also known as Mafia), here's an updated version, NSA. Peter. -- Snip -- NSA === Peter Gutmann, 11 November 2013. Adapted from a Werewolf writeup found on Zarfhome. http://www.cs.auckland.ac.nz/~pgut001/pubs/nsa_werewolf.txt NSA is a simple game for a largeish group of people, ten or more is best. It requires no equipment apart from some playing cards, or even just bits of paper. You can play it by simply sitting in a circle, but sitting around a table works better (there's room for drinks and snacks). Setting Up Make up a set of cards, one for each player, with a role on each one: Two NSA agents (Werewolves in the original) One Edward Snowden (Seer in the original) One EFF member (Healer in the original) All the rest are Internet users (Villagers in the original) The cards can be anything from fancy custom ones with the NSA logo and other graphics representing the players' roles, through to a convenient pack of Dora the Explorer cards with N, S, and E scrawled on a few of them. In addition to the players there's a moderator who runs things. The moderator shuffles the cards and hands them out, face down. Each player should look at their card without revealing it to anyone else. If there are more than about 15 players then the number of NSA agents, Snowdens, and EFF members can be increased. Two players are secretly NSA agents. They are trying to apply extraordinary rendition to all of the Internet users. Everyone else is an innocent Internet user, but one of the Internet users, Snowden, secretly has inside access to classified information and can detect the presence of NSA agents. In addition another Internet user is an EFF member and can protect one player per turn from the NSA's extraordinary rendition. The Game: Night and Day The game begins with each player introducing themselves. The standard formula for this is "Hi, my name is <insert name here> and I'm an innocent Internet user". This can be embellished as required with additional comments. Once everyone has been introduced, the game proceeds in alternating night and day phases, beginning with night. At night, the moderator tells all of the players "Night has fallen, close your eyes". The moderator then says "NSA, open your eyes". The two NSA agents do so, and look around to recognize each other. The moderator should also note who the NSA agents are. The moderator says "NSA agents, pick someone to render". The two NSA agents silently agree on one Internet user to subject to extraordinary rendition. It's important that they remain silent while doing this, pointing at the victim works best. When the NSA have agreed on a victim and the moderator understands who they picked, the moderator says "NSA agents, close your eyes". The moderator says "Snowden, open your eyes. Snowden, pick someone to check". Snowden opens his eyes and points at another player (as for the NSA agents, this has to be silent). The moderator signs thumbs-up (or some similar yes- gesture) if Snowden pointed at an NSA agent, and shakes their head (or some similar no-gesture) if the Snowden pointed at an innocent Internet user. The moderator then says "Snowden, close your eyes". Finally, the moderator says "EFF member, open your eyes. EFF member, pick someone to protect". The EFF member opens his/her eyes and, as with the others, points at another player. The moderator then says "EFF member, close your eyes". In the initial rounds its best if the EFF member protects themselves. If and when Snowden identifies himself, the EFF member should protect Snowden in order to prevent him from being subject to extraordinary rendition by the NSA. The moderator says "Everybody open your eyes. It's daytime, and <insert victim name> has been subject to extraordinary rendition". The named person is immediately out of the game, and typically leaves the table or circle so that only active players remain. He or she can't say anything involving the game beyond this point, but would typically sit at the periphery and watch the game continue. Now it's daytime. All of the remaining players decide who to lynch as a suspected NSA agent. Anyone can say anything they want. NSA agents can claim to be Edward Snowden and "unmask" NSA agents who are actually innocent Internet users. Players can privately whisper things to other players (for example claiming to be Snowden, or the EFF member), or secretly pass notes. Any excuse to lynch someone is valid, for example because they have a beard, because they're Australian, or because they took the last potato chip. The real Edward Snowden should remain silent until they've identified at least one NSA agent, since they'll be an immediate target for extraordinary rendition if they reveal themselves too early. Similarly, the EFF member shouldn't reveal their identity unless absolutely necessary, since they need to protect Snowden without being themselves rendered by the NSA. Once a majority of players vote for a particular player to die (the player can be allowed to defend themselves, for example by claiming that "we, too, are Internet users", leading to further votes), the moderator says "<insert-name> has been lynched as a suspected NSA agent and is now dead". The player leaves the game in the same way as those subject to extraordinary rendition. If the players take too long to decide, the moderator can hint that night is about to fall, and if they still dither, night will fall without anyone being lynched. At this point the cycle repeats. Everyone closes their eyes, the NSA agent(s) select another person to subject to extraordinary rendition, Snowden (if alive) learns another player's identity, and the EFF member (if alive) protects another player. The sun rises, one player is rendered (unless protected by the EFF member), and the remaining players discuss another lynching. Repeat until one side wins. Winning The Internet users win if they kill all of the NSA agents. The NSA agents win if they render enough Internet users that the numbers of Internet users and NSA agents are even. In other words they win if the NSA agents constitute a large enough voting bloc that they can't be lynched any more. At that point the NSA can unmask and openly subject the remaining Internet users to extraordinary rendition. Notes When everyone closes their eyes at night, it's best for people to make some sort of noise, typically tapping the table. This will cover up any accidental sounds that are made by the NSA agents, Snowden, the EFF member, or the moderator. Once a player is lynched or rendered, there are two options on what to do with their cards, show or no-show. The show option is easiest, particularly for the initial games. With this option the player reveals their card, so that the other players know what sort of person has been eliminated. The no-show option is harder but a lot more fun. With this option the player doesn't reveal their card, so that the other players have no idea who's still left in the game.

3 2

Re: NSA: The Game
by Pokokohua 02 Dec '13

02 Dec '13

Would it work swapping renditions for drone strikes as an option? > For those of you familiar with the game Werewolf (also known as Mafia), > here's an updated version, NSA. > Peter.

2 1

DEF CON cell network attacks
by coderman 02 Dec '13

02 Dec '13

On Sat, Nov 30, 2013 at 10:18 AM, Dan Staples <danstaples(a)disman.tl> wrote: > I would be interested to see the details of the exploits you > witnessed/were subject to (especially since I was at DC20). of course; the complete details will be slow to arrive, not least because detailed description requires a demonstration in a reproduction test setup, rather than reporting of actual traffic. :/ that said, useful aspects i'll certainly provide on whim or request. the defining characteristics of the two types of attacks: DC19 with DRT: - "high power on-site", less descriminant attacks. target by and limited to location. - MitM for system, application, and protocol level attacks. Evilgrade, MasterKey vulns, etc. mostly known and a few 0day escalated attacks. - favorite attack: "Google Voice Search" always-on eavesdropper payload; Speex voice from all audible participants. DC20 with Alexander's toys: - "in the towers", highly targeted to specific devices, active over wide metro area. - baseband exploit vector for device key retrieval, memory and storage forensics, exfiltration. - PDoS attacks (bricked secondary devices used as fall back once identified by call graph; ~20 hours) - favorite attack: baseband pwn in airplane mode, with ex-filtration over custom channel. DC21: no appearance (observed). speculation ongoing... > How exactly > did you determine how the exploits occurred, and who was responsible for > them? reversing attacker capabilities, toolkits, TTPs, humanpower/hours, a much longer tangent. but this assertion is based on correlation of the observed power, capacity, and protocols in specific bands implemented by the attacker with the capabilities of the DRT system. multiple locations, terabytes of captured spectrum, patience and tuning... as for who was operating it - unknown beyond the usual suspects, which is a small set due to the restricted distribution of both the hardware platform and the exploit kit atop it :) --- i'll send more details once available. the details and distribution to be part of a separate FOIPA effort for US citizen security enthusiasts that might be of interest to those following this thread. best regards,

1 0