Deriving cryptographic keys by listening to CPUs' "coil whine"

In RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [PDF], a paper by Daniel Genkin and Eran Tromer of Tel Aviv University and Adi Shamir, the authors show that a sensitive microphone (such as the one in a compromised mobile phone) can be used to infer a secret cryptographic key being used by a nearby computer. The computer's processor emits different quiet sounds ("coil whine...caused by voltage regulation circuits") as it performs cryptographic operations, and these sounds, properly analyzed, can reveal the key.

It's a pretty stunning attack, the sort of thing that sounds like science fiction. But the researchers are unimpeachable (Shamir is the "S" in RSA), and their paper is very clear. Read the rest

GNU Privacy Guard crowdfunding for new infrastructure

GNU Privacy Guard (GPG) is the free/open version of Pretty Good Privacy (PGP), the gold standard in secure email and other kinds of eavesdropping-proof, authenticated, private storage and communication. The GPG project relies on donations and voluntary subscriptions to keep up-to-date and support new platforms. They're running a crowdfunding campaign that's shooting for €24,000, which they'll spend on rolling out an all-new site (with Tor access!), as well as GPG 2.1, tutorials, subscription management, material for people throwing Cryptoparties (security-training events) and many other laudable goals. I rely on GPG every day, so I've put in €100. I hope you'll give, too. Read the rest

Mandatory bug-bounties from major vendors

Brian Krebs proposes that software vendors should be forced to pay a bounty on all newly discovered vulnerabilities in their products at rates that exceed those paid by spy agencies and criminal gangs. He says that the bill for this would be substantially less than one percent of gross revenues, and that it would represent a massive overall savings when you factor in the cost to all the businesses and individuals who are harmed by security vulnerabilities. He doesn't explain what to do with popular, free/open software though. Read the rest

EFF's best books of 2013

The Electronic Frontier Foundation has produced a reading list for the best books on technology, law and freedom in 2013. It includes several books I reviewed here, such as Black Code, The Internet Police, Coding Freedom and Rewire, as well as a few that I'm desperate to get to, such as Schneier's Carry On, Lapsley's Exploding the Phone and Greenberg's This Machine Kills Secrets. Read the rest

NSA's bulk phone data collection ruled unconstitutional, 'almost Orwellian,' by federal judge

Judge Richard Leon (dcd.uscourts.gov)

In the nation's capital today, a federal judge has ruled that the National Security Agency's program of bulk phone record collection violates the reasonable expectation of privacy guaranteed to Americans by the Constitution. The judge ordered the federal government to stop gathering call data on two plaintiffs, and to destroy all previously-collected records of their call histories.

The ruling by Judge Richard Leon (PDF Link), a US district judge in the District of Columbia, is stayed pending a likely appeal--which may take months. In his 68-page memorandum, Leon wrote that the NSA's vast collection of Americans' phone metadata constitutes an unreasonable search or seizure under the Fourth Amendment.

"Father of the Constitution" James Madison would be “aghast” at the NSA's actions if he were alive today, wrote Leon.

Read the rest

Bruce Schneier and Eben Moglen discuss a post-Snowden Internet

Joly sez, "After Glenn Greenwald first received his stash of secret documents from Edward Snowden, one of the first people he consulted was security expert, cryptographer, and writer Bruce Schneier, who helped him review and digest the documents. A few weeks back we saw Bruce give a briefing on Capitol Hill in Washington DC, where he advised lawmakers to rein in the NSA, and the Internet community to pro-actively design countermeasures. On December 12 2013, as a follow up to his Snowden and the Future talk series Eben Moglen hosted A conversation with Bruce Schneier at Columbia Law School. They talked about what we can learn from the Snowden documents, the NSA's efforts to weaken global cryptography, and how we can keep free software tools from being subverted."

Download video

Download audio

Help transcribe on Amara Read the rest

Ugotarrested: Man charged with operating revenge porn site Ugotposted.com

California State Attorney General Kamala D. Harris today announced the arrest of a man said to have owned and operated a so-called revenge porn website. According to the arrest warrant (PDF), the site operated by Kevin Christopher Bollaert published over 10,000 sexually explicit photos. The young women who appeared in these images, some of whom were minors at the time they were taken, were charged up to $350 each to be removed from the site.

California Department of Justice agents arrested Bollaert, 27, in San Diego where he lived. He is in San Diego County jail on $50,000 bail, and has been charged with 31 felony counts of conspiracy, identity theft and extortion. If he is convicted, penalties may include jail time and fines.

The arrest warrant is well worth a read. It includes the stories of a number of young women who ended up physically exposed and personally identified on the internet against their will. In some cases, private photos made their way online after their accounts were hacked or phones snatched. The women speak about how that violation damaged their lives and destroyed their sense of privacy.

During an in-person interview with two special agents, Bollaert bemoaned the burden of all those emails he was receiving from young women and teens, asking for images to be removed -- a service he charged hundreds of bucks for.

"At the beginning this was like fun and entertaining," he said to the agents, "But now it's ruining my life." At the end of the meeting, the agents served him with search warrants. Read the rest

Bruce Schneier and Eben Moglen, Dec 12, Columbia U/NYC

James writes, "Following on Eben Moglen's mind-warping series of talks about life after Snowden, the Software Freedom Law Center has invited Bruce Schneier to join Eben for a conversation informed by Bruce's own analysis of the leaked documents. Bruce is one of the smartest thinkers around when it comes to understanding how security and surveillance operate in the real world. And he is unsurpassed at presenting complicated security concepts even to people who lack his expertise. Between Moglen's sophisticated thoughts and Bruce's grounded approach, we're sure to learn a lot about where we stand and what we can do next!" Read the rest

Cyanogenmod adds encrypted SMS from WhisperSystems

The latest (unstable) build of Cyanogenmod (a free/open version of Android) incorporates a secure, encrypted SMS program called TextSecure, which was created by Open WhisperSystems. Open WhisperSystems's chief engineer is the respected cryptographer and privacy advocate Moxie Marlinspike, and the source for the Cyanogenmod integration is open and available for inspection and scrutiny. The new encrypted SMS is designed to be integrated with whatever SMS app you use on your phone, and allows for extremely private, interception- and surveillance-resistant messaging over the normally insecure SMS. It requires that both parties be using TextSecure, of course -- if you send a TextSecure message to someone without secure messaging, the message will fall back to unencrypted text. Read the rest

Worst passwords

(click to embiggen)

Mark Burnett, whose work has been featured here before, has used lists of leaked passwords to compile a master list of the 10,000 worst passwords (with accompanying wordcloud, see above); an astonishing 91 percent of all passwords used appear in the top 1000. Here's the top 100, with their relative frequency: Read the rest

Botnet of 20,000 point-of-sale machines

Details are emerging about Stardust, a piece of malicious software that targets point-of-sale credit-card processing machines. Stardust has reportedly compromised over 20,000 PoS machines and turned them into a easy-to-control botnet. The malware's masters can monitor the botnet in realtime and issue fine-grained commands to its components, harvesting a titanic volume of payment card details. Read the rest

Tracking 96,000 stolen Bitcoin in realtime

Sheep Marketplace -- a Bitcoin-based market that grew sharply after Silk Road shuttered -- was the target of a 96,000 Bitcoin (~£60m) hack last weekend. It turns out that laundering that much Bitcoin is very tricky, and the denizens of r/sheepmarketplace on Reddit have been taking countermeasures against the thieves (or thief) to track and de-anonymize the Bitcoin as it moves through various "tumblers" -- services that obfuscate the origin and destination of Bitcoin fractions. It's an exciting chase across the darknet, full of math, intrigue, and crime. Read the rest

Terrifying weapons made with objects from airport shops

Last March, Evan Booth presented a blockbuster talk at Kuala Lumpur's Hack the Box conference, explaining how to improvise lethal weapons from items in airport gift shops and duty-free stores. He's kept up the work since then on a website called Terminal Cornucopia, and he's presented 10 of his scariest weapons for a Wired story. And though the functional, breech-loading shotgun made from Red Bull cans, Axe body spray, and batteries (above) is impressive, it's only for beginners. There's also fragmentary grenades made from coffee tumblers, and a dart gun that uses braided condoms for its elastic. Read the rest

2600's 30th anniversary tees

Emmanuel from 2600 Magazine sez, "2600 is turning 30 and, to help celebrate, has put out two new t-shirts simultaneously. The first focuses on what has changed over three decades in publishing, with images of a floppy disk, a CD, and a flash drive on the front and 30 headlines - one from each of the hacker magazine's 30 years - displayed on the back. The second shirt focuses squarely on the NSA, with an iconic picture of their headquarters on the front that got 2600 staffers detained immediately after they took it. The red stamp over the top of the picture represents what could be the popular view on what NSA should really stand for: No Such Authority. On the back is part of a leaked NSA document concerning PRISM, along with a call to arms (or, in this case, stronger crypto). Finally, to help celebrate the 30th anniversary, the 2600.XXX domain is now in operation." Read the rest

Apps come bundled with secret Bitcoin mining programs, paper over the practice with EULAs

Researchers at Malwarebytes have discovered that some programs covertly install Bitcoin-mining software on users' computers, papering over the practice by including sneaky language in their license agreements allowing for "computer calculations, security."

The malicious programs include YourFreeProxy from Mutual Public, AKA We Build Toolbars, LLC, AKA WBT. YourFreeProxy comes with a program called Monitor.exe, which repeatedly phones home to WBT, eventually silently downloading and installing a Bitcoin mining program called "jhProtominer." Read the rest

Linux.Darlloz worm attacks embedded systems

A Symantec researcher has discovered a worm that runs on embedded Linux systems, like those found in set-top boxes and routers. It's common for owners of these devices to forget about them, letting them run in the background for so long as they don't misbehave -- and as a result, they are often out of date. The worm, called Linux.Darlloz, attacks out-of-date Linux installations running on Intel hardware (a small minority in the embedded systems world), but it would not be hard to modify it to attack embedded linuces on other chips.

In addition to being out-of-date, many of these systems have "forever day" bugs that will never be patched by their vendors, making them especially hard to secure. The anonymously authored "Internet Census 2012: Port scanning /0 using insecure embedded devices" showed that a dedicated attacker could compromise well over a million devices without much work, recruiting them to run unprecedented denial of service attacks (I wonder if anyone's thought of using this method for mining Bitcoins?).

As the researcher Ang Cui has demonstrated, embedded systems attacks are especially pernicious because it's difficult to boot them from known-good sources. Once an attacker compromises your router, printer, or set-top box, she can reprogram it to give the appearance of accepting updates without actually installing them, meaning that the system can never be provably restored to your control.

The details of the Linux.Darlloz show a much more primitive and unambitious attack, but it hints at a pretty frightening future for the compromised Internet-of-Things (I wrote a short story about this, called "The Brave Little Toaster"). Read the rest

NSA hacked 50,000 global networks

(Click to embiggen)

A new Snowden leak sheds more light on Tailored Access Operations, a catalog of standard attacks against routers and other Internet infrastructure.

The new leak details the deployment of malware against 50,000 computer networks worldwide, in cooperation with GCHQ, the British spy agency. The program dates back to 1998, and the infected networks are referred to internally as "sleeper cells" that can be switched on or off at will. Read the rest

More posts