From encryption to darknets: As governments snoop, activists fight back

[Eugen Leitl]

http://arstechnica.com/business/the-networked-society/2012/02/from-encryption-to-darknets-as-governments-snoop-activists-fight-back.ars

>From encryption to darknets: As governments snoop, activists fight back

By Cyrus Farivar | Published February 15, 2012 2:22 PM

"Open hardware" for a mesh network node

As the Arab Spring hits its first anniversary, tech activists around the
globe are continuing their efforts to enable secure communicationsbespecially
in areas of the world that are in conflict or transition. After all, it's
become an open secret that governments ranging from Assad's Syria to local
American law enforcement to the newly created government of South Sudan are
actively trying to find out what is being said and transmitted over their
airwaves and networks.

In response to the pressure, a huge range of projects, apps and strategies
have been designed to protect mobile communications (voice, text, and data)
as well as more traditional Wi-Fi networks and even individual computers.

These projects are being developed all over the world by some small, local
organizations, as well as larger, more ambitious projects that are receiving
funding from the likes of the New America Foundation. The organization is a
key part of the US Department of State's $70 million being spent on "Internet
freedom" projects, including a so-called "Internet-in-a-suitcase" deployment.

As US Secretary of State Hillary Clinton made clear in a speech last year,
"The United States will continue to promote an Internet where peoplebs rights
are protected and that it is open to innovation, interoperable all over the
world, secure enough to hold peoplebs trust, and reliable enough to support
their work."

But technology both gives and takes away. Just as tools to help activists
become cheaper and easier to use, so too do the surveillance countermeasures
often deployed by government agencies with deeper pockets.  The "security" of
disposable phones

Out of the six billion mobile phones in the world, less than 30 percent are
smartphones. That means the overwhelming majority of phones in use today are
fairly limited in their capabilities; generally speaking, they don't have
extensive storage capacity and are not very sophisticated in terms of their
Internet capability. Of course, the main reason why people use them is that
they're cheapbthe classic Nokia 1600 still sells for under $20 on eBay. The
company's newer version, which include a small flashlight, and even a
dual-SIM option, costs just $50.

Nokia 1600

Nokia 1600

Wikimedia Commons

Security experts agree that trying to protect communications on a
non-smartphone is basically a lost cause. But there may be a small silver
lining, according to Nathan Freitas, an adjunct professor at New York
University and the head of the Guardian Project.

"There's a different kind of security there," he said. "[Cheaper phones] tend
to be disposable. You can change SIM cards and change phones. In that range,
there's maybe greater social security because you're not worried about a
really expensive device and you can have 10 of them. So I think there's
perhaps more anonymity in a $20 phone."

Activists have become sensitized to the fact that their phones can easily be
tracked, and many advise taking out the SIM card and battery when headed to a
potentially sensitive location. In countries where phones and SIM cards can
be bought for little cash and with no identification, it may actually be
easier to fool authorities by using featurephonesbswapping the physical
locations of cheap phones and also varying the SIMs.

For phones that may be slightly more sophisticated, such as the Nokia 6300,
which has the ability to run Java applications, apps like OTR4j provide for
the Off-the-Record (OTR) protocol.

"The problem has always been usability," Freitas added. "The complexity of
security when scaled down to a small screen and a nine-digit input pad
doesn't really work."

Of course, securing communications, whether over mobile networks, WiFi, or
even a single computer, ultimately comes down to one phrase: strong
cryptography.

Implementing such crypto for phone communications used to be expensive. Just
think of President Barack Obama's phone, a BlackBerry that features a tightly
controlled whitelist of people who are allowed to interact with him. Other
commercial products that offer end-to-end encryption range from British-made
Cellcrypt software (over $4,000 for a five-year license) to the Cryptophone,
produced and sold by a small team from the famed Berlin hacker collective the
Chaos Computer Club.

But most activists aren't able to afford such a high level of protection, and
many security experts and researchers are skeptical of phones that don't
release their source code and thus cannot be fully vetted and audited.

However, as the need for more secure mobile communications has gone up, the
price of smartphones has come down. While iPhones and BlackBerrys go for
hundreds of dollars, Android smartphones are rapidly approaching the $100
mark. In fact, a used Google Nexus One is going for less than $100 on eBay
these days.

"The era of the super-cheap dumbphone is ending in most places, except
perhaps in Congo and Sudan," Freitas added. "The era of needing the
super-secret $5,000 ninja phone is also ending because we can replicate all
those features on a $100 phone." Smartphones get crypto, Tor

On Android phones, two projects in particular are worth keeping an eye on for
those interested in securing voice, text, and data communications.  Orbot in
action Orbot in action

One key piece of open-source software is Orbot, a year-old project that
emerged from the Guardian Project. Orbot basically brings Tor to mobile
browsing, anonymizing online use and routing around a network that may be
blocked or filtered.

So far, Freitas says, there have been about 300,000 downloads via the Android
Marketbbut he adds that as an organization concerned with privacy and
anonymity, the Guardian Project doesn't keep very close tabs on who is using
it.

"I can tell you I get about 10 e-mails a week from Iran," he added.

The second is the suite of programs available from famed security researcher
Moxie Marlinspike and his security startup Whisper Systems, which was
acquired by Twitter in November 2011.

Two programs, RedPhone and TextSecure, respectively aim to provide strong
cryptography for voice callsbby turning them into end-to-end encrypted VOIP
callsband text messages. RedPhone uses the well-established ZRTP protocol
developed originally by Phil Zimmermann of PGP fame, while TextSecure uses a
variant of the Off-the-Record (OTR) protocol. (Both had been temporarily
pulled in the wake of the Twitter acquisition, but they have since been
re-released with open-source licenses.)

When installed, both applications are designed to automatically switch from a
traditional voice call or text message to using the strong encryption when
possible. If the person on the other end of the call or text also has the
same apps installed, a small secure icon will appear on the screen, making it
simple for even non-geeks to understand that the security is active.

"Really, our focus was to make something as frictionless and invisible as
possible," Marlinspike said.  Countermeasures

Security experts are quick to note that no security tactic is ever 100
percent bulletproof. The idea, of course, is to mitigate risk and reduce the
chances of something terrible happening. In the mobile world, there are two
main possible attack vectors: a "virtual" breach, where someone has access to
intercepted text messages, voice, and data traffic, and a "physical" breach,
where someone has access to a mobile phone's hardware. The tools above only
address the virtual breach; but what about a physical breach?

"Using a program like RedPhone or TextSecure is great, but it's like putting
bulletproof glass on a cardboard box," said Chris Soghoian, a Washington,
DC-based computer security researcher.

"The bigger issue for researchers and activists is that the state of security
on mobile is so bad. Google made a deal with the devil, allowing carriers to
control the update process."

As a result, he explained, most Android users have out-of-date versions of
the operating system, with known security holes. Worse still, until late last
year, no Android phone offered full-disk encryption.

"If the police seize your phone, it's probably going to be easy for them to
exploit a flaw to steal your data," Soghoian said.

There are a few mobile phone forensics tools available to law enforcement,
most notably the CelleBrite Universal Forensic Extraction Device, a hardware
tool which can easily snag data from just about any smartphone, including
Android devices.

In 2009, German security researcher Karsten Nohl showed that the GSM
industry's standard encryption protocol, known as A5/1, was able to be
cracked. Nohl's group showed how to do the same thing on the cheap a year
later. Earlier this year, another team from Bochum, in western Germany,
outlined its technique for breaking through a related encryption system found
on many satellite phone calls.

"Spooks are listening into calls, just like they always have," said Eric King
of London's Privacy International, in an e-mail. "With A5/1 being brokenbyou
can decrypt and listen into 60 calls at once with a box smaller than a
laptop."

Another possible attack vector is through the use of an IMSI catcher. An
International Mobile Subscriber Identity number is a 15-digit unique number
that sits on every SIM card. IMSI catchers effectively fool a phone and SIM
into thinking that the IMSI catcher is a mobile phone tower. Such devices can
be used as a simple way to just see what phone numbers are being used in a
given area, or even to intercept the audio off of voice calls.

Portable IMSI catchers are made by Swiss and British companies, among others,
but in 2010, security researcher Chris Paget announced that he had built his
own IMSI catcher for only $1,500. (Strong crypto comes to the rescue again,
though; as Marlinspike pointed out, "You canbt IMSI catch a RedPhone call.")

But mobile security remains spy-versus-spy to some degree, each measure
matched by a countermeasure. In December 2011, Karsten Nohl released "Catcher
Catcher"ba piece of software that monitors network traffic and looks at the
likelihood an IMSI catcher is in use.