Who keeps cutting Internet cables in California?


The FBI reports that fiber-optic lines that provide Internet, cable, and phone service in Northern California have been snipped 11 times so far this year.

The latest cut happened Tuesday, on three major Internet cables serving the Sacramento area, causing cable and Internet service disruptions as far north as Seattle. Microsoft said the damage slowed its Azure cloud computing service in the Western United States. And in one Sacramento-area community, a cable provider had to step in to restore 911 service to local residents whose phones had been knocked out.

Read the rest

Schneier: NSA's offense leaves Americans undefended

Writing in the Atlantic, Bruce Schneier explains the NSA's insane program of creating, discovering and hoarding vulnerabilities in computer systems in order to weaponize them. These vulnerabilities allow the NSA to attack its enemies (everyone), but let other states, hackers, and crooks attack Americans. The NSA claims it is "securing" cyberspace, but its dominant tactic requires that everyone be made less secure so that the NSA can attack them if they feel the need. Read the rest

NSA sabotaged exported US-made routers with backdoors

The NSA systematically sabotaged US-made network routers as they were exported, equipping them with secret backdoors, according to Edward Snowden leaks newly released by Glenn Greenward in the Guardian. The devices were tampered with prior to leaving the USA and resealed with factory seals. Ironically, this is exactly what grandstanding US politicians have been accusing the Chinese government and Huawei of doing for years. Takes one to know one? Or just honi soit qui mal y pense? Read the rest

What NSA sabotage does to security

Princeton computer science profession Ed Felten has an excellent explanation of what it means to security to have the NSA actively sabotaging cryptographic standards and tools. As he points out, the least secure situation is to believe that you are secure when you are not -- a car without breaks can be driven slowly and cautiously, if you know the brakes are shot. But if you don't know the brakes are out, you're likely to discover the fact the hard way. Read the rest

Firsthand account of NSA sabotage of Internet security standards

On the Cryptography mailing list, John Gilmore (co-founder of pioneering ISP The Little Garden and the Electronic Frontier Foundation; early Sun employee; cypherpunk; significant contributor to GNU/Linux and its crypto suite; and all-round Internet superhero) describes his interactions with the NSA and several obvious NSA stooges on the IPSEC standardization working groups at the Internet Engineering Task Force. It's an anatomy of how the NSA worked to undermine and sabotage important security standards. For example, "NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!)." Read the rest

90 percent of Tor keys can be broken by NSA: what does it mean?

Errata Security CEO Rob Graham has published a blog-post speculating that ninety percent of the traffic on the Tor anonymized network can be broken by the NSA. That's because the majority of Tor users are still on the an old version of the software, 2.3, which uses 1024 RSA/DH keys -- and at keylengths of 1024 RSA/DH crypto can be broken in a matter of hours using custom chips fabbed at an estimated cost of $1B. It seems likely that the NSA has spent the necessary sum and sourced these chips (likely from IBM).

This isn't the same as being able to decrypt all of Tor in realtime, but it does suggest that the NSA could selectively decrypt its stored archives of Tor traffic.

However, the new version of Tor, 2.4, uses elliptical curve Diffie-Hellman ciphers, which are probably beyond the NSA's reach.

Graham faults the Tor Project for the poor uptake of its new version, though as an Ars Technica commenter points out, popular GNU/Linux distributions like Debian and its derivative Ubuntu are also to blame, since they only distribute the older, weaker version. In either event, this is a wake-up call that will likely spur both the Tor Project and the major distros to push the update.

Yesterday's revelations about the NSA's ability to decrypt 'secure' communications were taken by many to mean that the NSA had made fundamental mathematical or computing breakthroughs that allowed it to decrypt securely enciphered messages. But it's pretty clear that's not what's going on. Read the rest