----- Forwarded message from Brian Gladman <brg@gladman.plus.com> ----- Date: Sun, 08 Sep 2013 00:32:50 +0100 From: Brian Gladman <brg@gladman.plus.com> To: Gregory Perry <Gregory.Perry@govirtual.tv> Cc: Cryptography Mailing List <cryptography@metzdowd.com> Subject: Re: [Cryptography] Bruce Schneier has gotten seriously spooked User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 On 07/09/2013 20:58, Gregory Perry wrote:
On 09/07/2013 02:46 PM, Brian Gladman wrote:
Because NSA and GCHQ are much more interested in attacking communictions in transit rather than attacking endpoints.
Endpoint attacks cost more to undertake, only give access to a limited amount of data and involve much greater risks that their attack will either be discovered or their means of attack will leave evidence of what they have done and how they have done it. The internal bueaucratic costs of gaining approval for (adverarial) endpoint attacks also makes it a more costly process than the use of network based interception.
There is significant use of open source encryption software in end to end encryption solutions, in file archivers, in wifi and network routers, and in protecing the communications used to manage and control such components when at remote locations. The open source software is provided in source code form and is compiled from source in a huge number of applications and this means that the ability to covertly substitute broken source code could provide access to a huge amount of traffic without the risks involved in endpoint attacks.
I would submit that the exact inverse is the real target - endpoint devices. There is simply too much volume of Internet traffic to realistically analyze and process, even with the next big datacenter in Utah and multi gigabit wire rate capable deep content inspection blades. It's the endpoint devices that the FBI is after for targeted intrusions (for both domestic and foreign targets), and the NSA used to have a very legitimate charter with a culture dedicated to protecting U.S. communications at all costs.
I don't have experience of how the FBI operates so my comments were directed specifcally at NSA/GCHQ interests. I am doubtful that very large organisations change their direction of travel very quickly so I see the huge investments being made in data centres, in the tapping of key commmunications cables and core network routers and 'above our heads', as evidence that this approach still works well for NSA and GCHQ. And I certainly don't think that volume is a problem yet since they have been able to invest heavily to develop the techniques that they use to see through lightweight protection and to pull out 'needles from haystacks'. Of course, you might well be right about the future direction they will have to travel because increasing volume in combination with better end to end protection must be a nightmare scenario for them. But I don't see this move happening all that soon because a surprisingly large amount of the data in which they have an interest crosses our networks with very little protection. And it seems even that which is protected has been kept open to their eyes by one means or another. Brian _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5