----- Forwarded message from Gregory Perry ----- Date: Sat, 7 Sep 2013 19:58:50 +0000 From: Gregory Perry To: Brian Gladman Cc: Cryptography Mailing List Subject: Re: [Cryptography] Bruce Schneier has gotten seriously spooked On 09/07/2013 02:46 PM, Brian Gladman wrote:

Because NSA and GCHQ are much more interested in attacking communictions in transit rather than attacking endpoints.

Endpoint attacks cost more to undertake, only give access to a limited amount of data and involve much greater risks that their attack will either be discovered or their means of attack will leave evidence of what they have done and how they have done it. The internal bueaucratic costs of gaining approval for (adverarial) endpoint attacks also makes it a more costly process than the use of network based interception.

There is significant use of open source encryption software in end to end encryption solutions, in file archivers, in wifi and network routers, and in protecing the communications used to manage and control such components when at remote locations. The open source software is provided in source code form and is compiled from source in a huge number of applications and this means that the ability to covertly substitute broken source code could provide access to a huge amount of traffic without the risks involved in endpoint attacks.

I would submit that the exact inverse is the real target - endpoint devices. There is simply too much volume of Internet traffic to realistically analyze and process, even with the next big datacenter in Utah and multi gigabit wire rate capable deep content inspection blades. It's the endpoint devices that the FBI is after for targeted intrusions (for both domestic and foreign targets), and the NSA used to have a very legitimate charter with a culture dedicated to protecting U.S. communications at all costs. For decades the FBI were literally the spies that couldn't shoot straight, as was evidenced by CALEA (lets put backdoors into every phone switch), and Comverse Infosys (then lets outsource all of our wiretap operations). But even with all of those idiotic mistakes, the FBI got their amended FISA 2008 and the Patriot Acts passed which in effect repealed the Posse Comitatus Act and gave the FBI their political power play to gain control over all of the NSA's signals intelligence capabilities, for domestic spying and wiretapping here on U.S. soil without any judicial oversight whatsoever. I would even wager that Herr Bob Mueller himself arranged this Snowden debacle with the Crown of England and his Chinese and Russian counterparts, to guarantee Snowden safe asylum once he absconded with the NSA crown jewels. A simple reading of the international media chatter shows that the NSA (and the USA by proxy) are the bad guys now, with nary a mention of the FBI being involved at any level of this with their own domestic spying operation that is many orders of magnitude more powerful than anything the NSA and/or DoD had ever even dreamed of accomplishing with foreign signals intelligence gathering. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5