On Thu, Sep 5, 2013 at 10:47 AM, coderman <coderman@gmail.com> wrote:
... 2. secret partnerships with service providers to obtain server SSL/TLS secret keys.
there is a line item in the BULLRUN docs that indicates this server key recovery effort extends into involuntary efforts, e.g. covert exfiltration of server keys or CA keys or any other key of interest: http://s3.documentcloud.org/documents/784047/bullrun-guide-final.pdf also, the statement: ``` "capabilities against a technology" does not necessarily equate to decryption ``` makes you go hmmmm... tricks in the CES bag, as listed from the doc: - NSA/CSS Commercial Solutions Center (NCSC) leaning on partners for access. - Second party partners directly accessed. - Tailored Access Operations (TAO, aka, "black bag jobs") to create access. - NSA/CSS develops implants to enable a capability against an adversary using encrypted network communication. and some relevant points of interest from the guardian article: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-secur... """ A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable"... -[ED: newly exploitable in real-time, even back in time for new keys applicable to stored sessions] The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs. -[ED: now this budget area i'd love to see on a line item basis...] "For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," stated a 2010 GCHQ document. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable." -[ED: note how if they can't DPI it at the origin, they consider it discarded. however, as mentioned, this just means it is placed into long term storage for later analysis.] The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government. Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries". "These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact." -[ED: a compromised RDRAND becomes a fancy linear generator and only NSA (and Intel) would know your random bits are totally predictable.] Among the specific accomplishments for 2013, the NSA expects the program to obtain access to "data flowing through a hub for a major communications provider" and to a "major internet peer-to-peer voice and text communications system". -[ED: who's seen elevated activity in the "Secret" telco rooms? anyone? bueller?] """