[tor-talk] [Cryptography] Blogpost: CITAS, a new FBI security program proposal

Travis Biehn tbiehn at gmail.com
Wed Nov 26 08:54:46 PST 2014


LE, Gov and private industry have always been bedfellows - they will
continue to enjoy preferential treatment and advanced threat intelligence
whilst sacrificing 'secrecy' both of internal operations and client
information for the privilege.

The gov can get IP addresses for sybil attacks, they don't need to smuggle
honeypots into internal networks to accomplish this.

The problem is that the 'day one' offering is very light, just a honeypot -
after the target is socialized 'day two' 'enhanced feeds' can be marketed
by LE & Gov by turning on the two-way flow of information. Casual erosion
of trust / privacy boundaries.

Which, of course, only further cements the old adages espoused on these
lists.

-Travis

On Tue, Nov 25, 2014 at 10:58 PM, grarpamp <grarpamp at gmail.com> wrote:

> >>>
> http://www.metzdowd.com/pipermail/cryptography/2014-November/023693.html
> >>> http://dillingers.com/blog/2014/11/24/citas-threat-assessment-system/
> >> let alone biased LE
> >> Heads up to Tor people, and cpunks to carve it up further.
> > This isn't the usual LE proposal
>
> Following on some related and technical comments...
>
> While my analogy and definition of security may not have been best
> suited, nor is this reply, the point remains that there is nothing
> special here for you as a corp. Anything you say that LE can provide
> for *you* with honeypots can also be sourced internally or from the
> open market and your subsequent call to LE to mop up upon discovery
> of badness therein.
>
> What is unique here is that LE will be classifying things learned
> from the HP's as gov't secrets. That's a hard problem. As opposed
> to telling you all of what you need to know to secure your own net
> under internal policies and vendor contracts that you would otherwise
> remain in control of.
>
> Further, technically, parking an HP on your net only tells you about
> what happens regarding via that HP, nothing else. And since you
> must distrust this other party HP [1], then all you've got is a
> cracked HP outside your trust zone, no different than any other box
> on the internet. It's limited vantage point and bogus security
> metrics argument.
>
> Sure, the US gov't might be able, on the whole from this, to correlate
> and expose more nation-state/international crime sources against
> the US and embarrass some foreign diplomats. That's always a good
> and fun thing [2]. And the services of LE are indeed valuable.
>
> However do not make the mistake of thinking that *you yourself*
> will benefit *directly* from this program, that's not what it's
> designed for or capable of. In fact, you will be left out as dog
> food in case of 'national security priorities/secrets' arise.
>
> The responsibility for securing your net still rests with you and
> you alone as always. The better way to be more secure is to ignore
> these silly sales schemes and look same effort at your own processes,
> weaknesses, code, OS/hardware, compartmentalization, etc. Maybe
> <=1% of that ends up being the use of HP's. Improve those own things
> overall and you'll be far better off.
>
> > This arrangement also strikes me as problematic in that it would also
> > allow the FBI to set up a huge pool of Tor, Gnutella, Bittorrent, etc,
> > nodes truly indistinguishable to users from genuine nodes run by people
> > who support anonymity, uncensored journalism, whistleblowers, and free
> > speech.
>
> Last, what if one day *you* _need_ to use a freedom network and
> they've sybil'd up their nodes *against you*? Be careful what you
> ask for and invite into your home in the name of security, you might
> just get it... applied against you in time of need.
>
> > economic output if it didn't cost so damn much to keep MS boxes
> > secure
>
> Well then the solution there is clear... get rid of the MS boxes,
> and those who sold and administer them. Like HP's, nothing special
> about MS either.
>
> Time limited I maybe not reply further.
>
> [1] For reasons of both sanity and legal insufficiency of any
> indemnity offered.
>
> [2] Note that some megacorps follow their own allegience... claiming
> the flag of whichever market suits them best at the moment.
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5971 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20141126/3ddf7db7/attachment-0001.txt>


More information about the cypherpunks mailing list