The Simple Trick that Will Keep You Secure from Government Spies

上周,the German governmentarrested某人并指控他为美国做间谍。Buried in one of the stories was a little bit of tradecraft.The US gave him an encryption program embedded in a -- presumably common -- weather app.当你select the weather for New York,it automatically opens a crypto program.I assume this is a custom modification for the agent,and probably other agents as well.No idea how well this program was hidden.修改后的天气应用程序和原来的一样大吗?Would it pass an integrity checker?

相关:我自己有一个未记录的加密功能Password Safe程序。从命令行,类型:pwsafe-e文件名

Posted on July 7,2014 at 1:51 PM• 35 Comments

评论

sep332July 7,2014年下午2:27

Well they found the app and he got arrested,所以很明显它不会让你远离任何东西。

ChrisJuly 7,2014 2:28 PM

点击这里,看看布鲁斯为他的博客使用点击诱饵标题的十大原因!

AnuraJuly 7,2014 2:29 PM

Just FYI,我想你的意思是“美国给了他”而不是“美国耍他”在第三句话中(请注意,我假设你能理解这是第三句话,I just am never happy with period placement if a sentence ends with a quote).

@马特

I think it's a cry for help.Bruce: If you are under duress,blink twice!

Keep an eye on his picture,如果它不眨眼,我们就认为他没事了。

JustusJuly 7,2014 2:34 PM

Well,they intercepted an unprotected e-mail to the russian embassy with a couple of files attached.这家伙被捕只是因为他们认为他是俄罗斯间谍。

我真的很惊讶这个还没有被丢弃。Normally the german government is so far up the Obama administrations backside it's not even funny anymore.尽管看到安吉拉·默克尔畏缩和那些保守派人士无礼地大哭,因为他们对最近的越狱没有什么好说的,但这确实给了我一种非常个人的成就感。

AlexJuly 7,2014 3:01 PM

The encryption feature is documented for Password Safe - it's in the help text.

Dr.I.Needtob AtheJuly 7,2014 3:18 PM

也,the encryption feature doesn't work with the -key switch.如果您使用这种格式,它会认为您为-key输入的文本是文件名。Instead,the format that works ispwsafe -e filename.你进去之后,the program prompts you for a password.

Clive RobinsonJuly 7,2014 3:50 PM

Hmm "Easter Eggs"as tradecraft,hardly original.Any one else remember getting a flight sim for free in an Office product?

作为一个有通信射频和模拟经验的硬件工程师,人们往往会忘记我也会做数字,包括控制器。

Likewise they forget even though I say it often around hear and other places that "test harnesses come as standard"and "test harnesses are 'official' back doors"it takes little thought to realise they are also "Easter Eggs"by another name.

One way to right software is by having subroutiens some of which are general purpose some of which are unipurpose and appart from those with no purpose the rest have some dual etc purpose.However it's sometimes difficult to see the dual purpose,大多数高级程序员认为“单一入口点”most "old school"assembler programers use "multi entry point"节省ROM空间。There are a few high level programmers that know you can still have multiple entry points if --and only if-- you know how to do it.Further they also know that subs can be addressed via pointers etc which is handy for writing self modifing or protected code that is difficult to reverse engineer.

因此,诀窍是制作一个具有双重用途的SUB的应用程序,它看起来像是“复制证明”。protected but not malware.

The second trick is to make all those subs do something benign and expected within the app,such as decode protected code during run time.The fact that you can make some encryption code reversable without change --eg stream ciphers-- means it is not obvious that the "decode code"can also be "encrypt"code when called as part of the Easter Egg function.

如果你在学习如何编码的时候没有尝试过做这种事情,then you were probably not blesed with a suitably inquisitive mind (or were doing something normal like having a social life ;-)

Hugh JassJuly 7,2014年下午6:17

@Clive Robinson

嗯“复活节彩蛋”as tradecraft,hardly original.Any one else remember getting a flight sim for free in an Office product?"

Excel 95?

Chris AbbottJuly 7,2014 8:38 PM

@Bruce,@克莱夫

我无法想象这会通过一个简单的完整性测试,like comparing a SHA-512 hash of the original program with the one they found on him,short of an unlikely as hell collision.Unless,(conspiracy theory) the NSA discovered (or built in) a way to do that and they shared that with the German government and forgot about it,so they used Whirlpool or Keccak to compare the hashes.那不是一个大问题吗?

Mitch GuthmanJuly 7,2014年9:43下午

抛开监视德国的好处(德国似乎很傲慢,idiotic and unjustifiable) and bearing in mind how little we know about it,the use of the encryption program seems very odd.They are running a spy in an extremely open liberal democracy,meaning that the CIA would presumably have very easy access.Since he was apparently a BND man,the CIA quite possibly would have had access to him on a social or professional basis which would have made servicing him simple as meeting him for lunch.

Basically,they left him with a communications device that might necessary in Moscow but which seems inappropriate (and needlessly incriminating) for a Germany based asset.The CIA would seem to have organized their relationship with this guy so that he if he ever came under any level of suspicion,他的鹅煮熟了。为什么他的产品需要加密?为什么他不能给别人一个U盘,或者把它放在某个地方拿呢?If there's a reason then his stuff needs to be encrypted,why couldn't the CIA give him a girlfriend or somebody to be the go between that picks up what he's got to sell and carries it to the American embassy to be encrypted?

Everything about this seems unimaginably sloppy.如果这些人甚至不能在德国经营资产,在冷战期间,他们似乎一直在与人力资源作斗争,这并不奇怪,在我看来,目前他们并没有特别地用荣耀来掩饰自己。The USA should put the DEA in charges of running spies.他们知道自己在做什么,并且有公开的成功记录。

德普July 7,2014年10:43下午

The guy confessed everything to his German state interrogators,that's how they found the weather app easter egg.Thegrugq was looking for a clandestine way to launch his Darkmatter tcplay app to open encrypted containers,我们应该抓取天气应用程序。

哈索July 8,2014 1:24 AM

Pruce,这是你告诉我们不要再信任你的方式吗?你保证金丝雀不会再被更新了?just wondering

AnonJuly 8,2014 1:32 AM

这是什么让人讨厌的,emotionally manipulating click-bait titles?我不想把这些放在我的阅读器里。对于每个不使用的人,there's值得一提的.

vwmJuly 8,2014年5:12 AM

等待,you have to enter the key twice for pwsafe decryption?这是否意味着它与使用Windows XP连接WiFi一样安全?

vwmJuly 8,2014 5:37 AM

I figure it's quite easy to build an inconspicuous dual-use whether app: Just make it capable of querying the whether service via TLS/SSL and you have a valid explanation to link in crypto libraries,以防有人再看一眼。

JoelJuly 8,2014 9:37 AM

这篇文章的标题公然是谎言。

If the level of your posts go this way you can count me as one reader less.

戴夫·沃克July 8,2014年上午9:51

As Chris Abbott says,我无法想象应用程序与未修改的天气应用程序相比通过完整性检查,除非拼图宫里的人比我想象的更有天赋,在按摩内容时,点击任意散列。Even then,simple program size will probably be a giveaway that "something more interesting is going on".

The thing that surprises me,is that the means of getting to the crypto app is quite so straightforward.授予,a balance has to be achieved between obscuring the crypto program from a casual examiner and not making an authorised user jump through too many hoops to get to it,but this seems skewed too far in the direction of not worrying about the casual examiner - especially if the authorised user ends up leaving NYC in their standard weather lookup list (whether by accident or design).有更好的方法,I'd say.

SBJuly 8,2014 11:37 AM

@Mitch Guthman:

"The USA should put the DEA in charges of running spies.They know what they're doing and have a publicly established track record of success."

IIRC有一本汤姆·克兰西的小说(“行政命令”)。中央情报局决定雇佣警察作为秘密服务人员。

伊戈尔July 8,2014 11:41 AM

所以纽约的天气已经过去了(会把我和中情局联系起来)。I'll use weather in Moscow then.

人民党July 8,2014 1:42 PM

Smarter way of doing this: use one of the existing weak little native apps that does little more than render HTML5 from a webpage.Own the web host and modify the backend code.Identify a way to access the easter egg functionality (look at NY weather,then Berlin,then NY again,然后是斯图加特,then finally NY one more time) at which point the server-side changes behavior to accept an upload,或者发送客户端的活动脚本来实现代码中的加密,这些代码在剩余的时间里甚至不在设备上…

Mike the goat (horn equipped)July 8,2014 6:05 PM

I am actually really concerned something is going on with Bruce and he is trying to send a canary out.The whole nature of these buzzfeedesque article titles just seems to be crying out for attention and he isn't normally one to do that.

Nick PJuly 8,2014 8:50 PM

@ Mike the Goat

re Bruce's Canary

*如果我按照这些思路思考,我会下载密码安全,并查看未记录功能的代码。这是他反复提到的事情。颠覆?A guaranteed clean,little known tool?谁知道信息会是什么。If Bruce is using a canary,the effect of it is like someone sending a message with stego without telling the other party.It can only benefit those knowing what to look for and even then only so much.

观察事物的更安全的方式是五眼国家的秘密行动可能会迫使任何人。The more authority they have,like in their own countries,the better for them.他们也有特工和黑客袭击外国目标。所以,one should consider a person or product untrustworthy against them unless they are outside their jurisdiction with excellent security throughout their whole operation and their offering reviewed for subversion.

根据这个理论,布鲁斯不能被信任,因为他的资产和家庭会受到很大的打击。It's not reasonable to expect him to make that sacrifice for no certain gain,although he might.His high profile and focus on writing rather than products shields him a bit.The real protection is that BULLRUN-type programs target actual products/services rather than people who write essays and do news interviews.看来,anyway.所以,他的产品/服务不经审查是不可信的,yet his writing can as he seems to take personal risk to write what's for the greater good.

My best security advice for Schneier's Blog (and similar forums) is to archive his blog into pieces,然后提供直接下载,或者让他的最大粉丝把他们变成BitTorrent群。The copies will spread across the world.That preserves his main legacy of his thoughts,很多讨论,以及一些我们设计的解决方案。事实上,这里有很多学术界和工业界还不了解的深奥知识。The content of the blog is the threat to the NSA: preserve it and they loose that battle.Might loose others down the line.

注意:永恒服务现在很方便。最接近的是自由网,但它的同行审查太少,无法确定其安全性。

托思July 9,2014年7:30 AM

这个博客应该有一个“在Torrent上镜像我”按钮,允许您触发Torrent客户端,并开始为Schneier的博客(包括评论)创建一个碎片化的存档。

AnonymousBlokeJuly 9,2014 1:41 PM

@Mitch Guthman

这是一个非常完善的分析。

What if the CIA does not typically use this application,but gave it to the BND agent as a test?If they saw the BND performing analysis looking for that application,它会告诉他们他不是一个真正的特工。Which would remain a possibility even though he has been disclosed and arrested.

The DEA operates generally against entirely different classes of targets.

它们的优先级也非常不同。

你可以注意到DEA操作,但你通常不会注意到中情局的行动。

可以说“中情局不会做出如此愚蠢的举动”,if they have a known record of incompetence.If they are known as never making stupid moves,then you can be sure of exactly why they gave that agent that application.

If it is murky - maybe they are incompetent,maybe they are competent - then all options would be open.

Mike the goat7月10日,2014年6:45 AM

Nick: I'm not convinced;我只是觉得奇怪,他决定开始随机发布这些夸张的文章标题,想知道交易是什么,and my mind immediately resorts to the most interesting yet paranoid answer which would involve Bruce staging a one man counterattack on his captors - very Harrison Fordesque.If it ever gets made into a movie,I have but one request,and that is a droll one liner about the birthday paradox just before he takes the last rogue government agent out.

伙计,我得多出去一下。:-)

D.7月10日,2014 8:46 AM

@Mitch Guthman

From one of the German news sources I read it seems he got caught as a result of trying to sell the same documents he sold to the US to the Russians which makes placing the blame for how he was discovered considerably harder.也许他认为自己和他的管理者一样聪明,但显然不是。Perhaps he was sold out by one side or the other to expose him.

TruePath7月10日,2014 3:02 PM

Why does his information need to be encrypted?Because the information itself would be obviously more incriminating (and easier to find) than the existence of some unknown data and lots of executable code on his computer/device some of which (under high scrutiny) turn out not to be binary identical to the commercial version (under even higher scrutiny) and can be hand decompiled by expert programmers to reveal it's a hidden encryption program not some novel malware he got infected with.此外,即使他被抓住了,他的真实活动规模可能会被掩盖,或被用作减少他坐牢时间的谈判点。

Point is that if you find this guy going to meet with a suspected foreign agent you could quickly pat him down and browse files on any USB stick and see if any look restricted or are encrypted data produced by a non-internal public encryption program.You might even regularly do this to your own agents,especially those with any outside contact with other agencies as a precaution.

另一方面,查看他电子设备上的每一个二进制文件的成本是巨大的。The cover for any easter-egged spy program is likely substantial (hashes registered with platform provider and even posted as an update publicly for a very brief period) and the only way to discover it isn't just a rare version of the normal commercial release is to attribute all data on the device to programs and look for unexplained data and/or employee many expert programmers to decode any binary sequence not previously so verified internally.

这项费用太高了,你不能花掉它,除非你已经基本上确定这个人可能是外国间谍。即便如此,he can deny the charge up and down and insist the code is really the result of foreign penetration of his device and provided as a false flag to cover the real attack code and offer an easier mole explanation.In germany (and other EU democracies) that might produce enough doubt in any jury to get him acquitted or at the very least make it more desirable to simply trade him back home for some nugget of info than imprison him (and we want to avoid discouraging people from becoming our agents).

Nick P7月10日,2014年下午3:40

@ Mike the Goat

You use the Internet,probably proprietary hardware/software,and often live/work in Five Eyes countries.你真的有多偏执?:P

I'm sold on your movie idea,though.The birthday paradox shooting scene would make a nice climax.The non-technical viewers would also learn something in the Googling they do later.

circuit_breaker7月10日,2014 11:43 PM

I'm amused at the fact that Schneier's attempt at light-hearted titles are really upsetting a lot of people.放松点,伙计们,go outside for a while maybe.而且他们不是金丝雀……嘿。

Nick PJuly 11,2014年12:01 AM

@断路器

是啊,that's been amusing me too.我基本上忽略了它,但不得不选择迈克,因为什么是伙伴?;)

此外,布鲁斯到目前为止所做的一切,他们要么(a)不太惹他,要么(b)采取金丝雀不会影响的方法。It's a consequence of the tough,他做出的道德选择。Hopefully,he'll be safe.

塞纳·卡沃特7月13日,2014年下午1:38

Most kinds of software could have encryption naturally integrated in file save menu.For example,gimp可以选择使用高或中安全密钥长度以加密形式保存图像。A text editor like gedit,msword or kate could have only high security option for encryption.像clive或者youtube-dl这样的视频编码器或者视频下载器可以有更高的安全性和针对CPU的算法。GPU and ASIC.

If the encryption option is wanted to be bit like easter egg but not quite,then it could be listed among the file formats (jpeg,gif,png,encrypted...).If "encrypted"is selected,然后再次要求文件格式在加密之前知道编码。

Even games can encrypt their save game files or network packets in multiplayer from client to server or in-game chat between players end-to-end via the game server.游戏的巨大数据文件可以在安装过程中加密。有理由以加密形式存储尽可能多的文件,即使是附加到文件上的对称密钥,because if the file is deleted and the key gets written over,还有一些不可识别的数据可以用来提供借口等。这可以看作是一个更轻的选项,以全磁盘加密或额外的安全加密分区。

Few encryption algorithms in a program like gimp are better to be from statically linked library functions,not some .lib or .dll,因为这样攻击者就必须攻击更多的软件。

Leave a comment

Allowed HTML:

Sidebar photo of Bruce Schneier by Joe MacInnis.