Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
n0whereN0whereN0WHERE:25819
HistoryJan 10, 2015 - 6:07 p.m.

Sabotage The System: Encryption as Surveillance State Monkey Wrench

2015-01-1018:07:37
n0where.net
12
JSON

Sabotage The System

Since Snowden’s 2013 disclosures confirmed long-standing assumptions that the NSA and other Western spy agencies have secretly constructed a massive global surveillance infrastructure – at a cost of well in excess of $50 billion – much focus has been brought to bear on techniques, technologies and tactics capable of protecting individual citizens against this snoopware monstrosity, And, as a direct result of Snowden’s heroic whistle-blowing, we now have a generally good sense of what does – and does not – work when it comes to protecting data-in-transit from those spy regimes. Or, more formally, we know which tools are more and less successful in increasing the cost and difficulty of a successful surveillance attack: given the TAO and their near-bottomless arsenal of 0days, we don’t look for perfect security, but rather tools robust against the widest range of automated attack vector.

Sabotage The System Sabotage The System Sabotage The System Sabotage The System Sabotage The System Sabotage The System Sabotage The System Sabotage The System Sabotage The System Sabotage The System Sabotage The System Sabotage The System Sabotage The System

That’s all well and good. Understanding which tools really ‘work’ and which are simply ineffective – or back-doored ( or both ) – is necessary. However, we can also see clearly that this necessary work is not in itself sufficient to accomplish the goal of undermining the astonishingly apocalyptic capabilities that such global surveillance infrastructures represent. For, in the wrong hands ( or even in the ‘right’ hands seeking the wrong ends), the power of such systems that can spy secretly on any non-encrypted electronic communication anywhere in the world – and, worse yet, dig back into enormous archived troves of intercepted/stolen data to run historical queries against any desired “selectors” – is so great that eventually systematic abuse is all but inevitable. Human beings have not shown themselves to be very good, in historic terms, at making wise use of supremely powerful weapons designed specifically to be used against other human beings . And as we all know, spy systems are designed to be used against targets: human beings who, for whatever reason, are defined as “enemies” of a given government. The hacker community knows all too well how easy it is to find ourselves labelled as ” enemies” of this or that state entity – whether such label is justified or not. Fair warning, indeed.

_ WE HAVE A LUXURY _

_ OF PRIVACY, _

_ BUT THE VAST _

_ MAJORITY OF _

_ OTHER PLAYERS _

_ WILL LOSE _

What’s required, in the words of Evgeny Morozov, is an approach to these illegal, secret spy regimes that promises to “sabotage the system” at the most fundamental level: something that will make the systems themselves inoperable, ineffective, inefficient, or some combination of all three. Without doing so – without sabotaging the system – the system will inevitably, in due course, come to be used for evil ends, by evil people… and as William Binnly and others have pointed out with forceful, well-founded warning, once put in place such systems are nothing short of “turnkey totalitarian states”. There is no undo button: by the time they’re locked-in and fully functional, any resistance, any attempt at defiance, will prove too little, too late… and easily squashed by the all-seeing eye of Sauron.

It is not enough to protect ourselves, individually, from this surveillance nightmare. Indeed, many readers of this article will already have the expertise, knowledge and capability for self-protection to a higher degree of success. Nevertheless, even if as individuals we can ( and I most certainly hope, do) protect ourselves, we must do more. We must also protect ourselves, collectively, as a society and a species. We must sabotage the system. But how ?

The Surveillance Monkey Wrench

To begin, we can easily see how individual activist can use encryption and obfuscation technologies to protect data-in-transit. Such tools are inexpensive, well-established and in many cases have been shown via Snowden’s whistle-blowing to be effective against automated NSA attack vectors. That’s great: Alice can talk to Bob, and Snooping Uncle Sam can’t see what they’re saying. As Snowden has said, the math works. He’s correct. We all, by now, surely know and understand this.

Building up from there, is it enough for individual citizens – due to their technical capabilities and knowledge – to protect ourselves, on at a time ? Metaphorically, is microeconomic theory enough to explain the great forces of global markets ? In a word: no, it’s not. Those of us with that capability are similar to winners or the “privacy lottery” – we have the luxury of privacy, but the vast majority of other players will lose. The collective result is that the global surveillance regimes sink deeper and deeper roots into our planet’s collective future. The lucky winners do OK; the world overall goes down a bad path.

To understand why that’s so, it’s useful to think on the problem from slightly different angle…

The Econometric of Spy Regimes

It is said that, at the apogee of the Stasi’s reign of terror within the former East Germany, fully one in six citizens was acting as a Stasi informant on their friends, neighbours and colleagues. This was in a time before cheap, fast computing technology – which required all those snitch reports to be filled manually, by hand. The paper burden was concomitantly enormous, and the efficiency of the systen ground to halt. It’s literally impossible, in practice, for that big a chink of a country’s population to be effectively snitching on the rest: the swamp of paperwork becomes to much, and the result is a version of Kafka’s impenetrable, dysfunctional, amoral bureaucracy made real.

Unfortunately, we we add in fast, cheap computing power, things change dramatically.

Yes, It’s true that NSA ( and other spy cartels ) spend billions like it’s water through their fingers. With those billions, they get enormous bang for their ( well our ) bucks: they’re able to free-query datasets comprised of many trillions of data points. Fast, accurate and above all cheap on a per-query basis. Any analyst with a workstation – even outside consultant working from an underground bunker in Hawaii – can hit DB again, and again, and again with no technical constraint holding him back. Worse, the cost per query is infinitesimally small. Those data are accessible, cheap and eternal. They never go away.

Make it Cost

This enormous drop in the cost of accessing and organizing data is what drives the frightening power of the modern surveillance regimes…. but it is also their weak spot. Just as Achilles had his heal – the one place on his body vulnerable to damage- so it is that the cost of metrics of spying are the most easily accessible point of attack for the activists who work to ensure that these spy monstrosities don’t blanket our planet with future of monochrome, standardized unchanging totalitarian horror.

_ BREAK THE EFFICIENCY _

_ OF AUTOMATION, _

_ AND WE BREAK _

_ THE COST LEVERAGE _

_ OF THESE SPY _

_ MACHINES _

In practical term, the reason these costs are so low – and going lower every day – for spy regimes is automation ! Data are collected automatically, collated automatically and added to existing DBs automatically. Once a new “input program” is initiated – by stealing data illegally from companies, illegally tapping fiber optic channels, or illegally coercing companies into handling over data “voluntarily” – the process is automated. Without automation, it’s utterly infeasible to add hundreds of billions of data points per day and, of course, impossible to query across them. Automation is the key.

That is precisely, exactly, where Achilles is uniquely vulnerable.

Break the efficiency of automation, and we break the cost leverage of these spy machines. To do this – to break the machine – we need only to increase the cost of automation. This, as we see below, is trivially easy to accomplish… not only for individual activists, but for cast swaths of human population on the planet today. Automation thrives on certain assumptions, and certain regularities of structure within underlying data sets. Remove those regularities, complicate the data model, inject stochasticity and uncertainty into the pool of underlying information…. and automation breaks down entirely. Cause and effect.

Decoupled Selectors

Jacob Appelbaum has forcefully – and wisely – argued that we don’t need to make data-in-transit crypto “perfect” or “unbreakable” in order to have a devastatingly effective impact on illegal surveillance regimes. Even if encryption only makes the administration of those spy regimes more expensive, we will have success. The cost of running such systems don;t rise linearly with increases in cost driven by data complexity – they accrete exponentially ( perhaps even non-polynomially ) as per-datum cost rise. Any systems architect is familiar with such a dynamic: systems complexity is rarely a linear metric.

When one studies the Snowden documents thus far available, in detail, the importance of “selectors” becomes clear. Selectors, in spy-speak are variables used to mould queries ( congruent with SQL nomenclature, in a sense ). One selector that comes up over and over as a crucial cross-domain bridge – a join key, as it were – is physical IP address. Physical IP address can ( and does ) tie together webmail, IM chats, video streams, cloud-based storage access, website visits… one’s physical IP can often be the skeleton-key fingerprint identifying a unique individual. Of course, there’s all sorts of corner-states where such is not the case, but for an awfully large percentage of folks using the interwebs, their IP address is their unique identifier as they go about their online lives ( in this, we speak of short-term durations, pace DHCP et al).

So we must break that selector. Fortunately, we know exactly how to do that.

There’s an endless list of tools that serve to decouple one’s physical access IP address from one’s on-line activities. Beginning with the most feebly secure “free” proxies and adware-based “VPN services”, and continuing all the way up through Tor’s robust architecture and cryptostorm’s token-based model, those tools are widely available and generally dirt cheap if not outright free to use. For automated spy systems, the use of these tools introduces a frustratingly opaque layer of uncertainty in cross-domain selector searches: IP addresses are decoupled from individual activities in the way that’s variable and unpredictable over time. The spies data warehouses fill up with oceans of data… but one of the crucial connectors amongst all those tidbits of intel is lost. IP address becomes a broken key.

Encrypt All The Data !

Taken a step further, cryptographically-secured methods of decoupling IP addresses from online activity add vastly more leverage to our efforts to make global spy systems cost prohibitive to administer. This is trivially easy to see, in fact: imagine all those encrypted packets, flowing into Bluffdale’s rows and rows of SAN’d hard disks… each packet a bitter little pill for data administrators. Perhaps vulnerable to eventual brute-fore decryption ( or quantum based attacks, someday ) but in the meantime those packets cost money to store and yield zero benefit for spies ( assuming competent header data obfuscation and/or encryption, to mask protocol details and so on ). Sure, the cost-per-packet for storage is infinitesimally small…. but add up a few hundreds of trillions of ’em and things get interesting.

Better yet, the cost of encrypting those packets is so small as to be essentially zero. A bit more electricity burned on the client-side machines, perhaps… and a bit more wear and tear on the logic gates of CPUs and swap memory. For each of us, those costs wont ever add up to a cup of coffee or a packet of ramen over an entire lifetime of crypto-caution… but for the spy cartels, an ever-expanding bolus of indigestible encrypted packets is a bad ( read: costly ) thing indeed.

Yes, of course, the TAO can attack individual packets, or packet streams, or targeted individuals. But TAO doesn’t scale, and never will. If even 0.01 percent of global human population were to be TAO’d – subjected to manual, TAO-level attack – the TAO itself would need to include hundreds of thousands of warm bodies. That’s impossible, as TAO relies on unique skills, not to mention a total contempt for “the rule of law” – neither of which can be boosted up to entire cities worth of human beings doing the work. The entire model breaks down at scale.

Ned Ludd’s Lessons

One need not have any particular attraction to the philosophical underpinnings of Ned Ludd’s campaigns against the automation of cotton milling in Industrial Revolution-era England in order to benefit from a study of its tactical underpinnings. The core lesson of the Luddites ( in tactical terms ) is something different, perhaps even universally applicable: if we want to effectively attack a complex technological system, we seek a way to do so which requires minimal complexity and cost, in order to wreak maximum long-term damage. In other words, the monkey wrench.

Throwing a monkey wrench into a complex, delicate, interconnected system of gears and levers working at high RPMs causes spectacular, massive, permanent damage to the mechanism. The damage expands, building on itself: a gear breaks, and the broken pieces in turn smash other gears. An axle shears, its shattered components tearing out control mechanisms in their death throes. All from one small, cheap, anonymous monkey wrench.

Encryption is the systematic monkey wrench for modern surveillance machines. Not just any encryption, but widespread data-in-transit encryption coupled with IP-decoupling technologies and techniques. Together, these two joined approaches to network data security are deadly for highly-automated, top-heavy, billion dollar global spy architectures. They serve to break the key conditions for such spy systems to work, making the systems vastly more expensive and unwieldy to manage and scale. They make such systems brittle, unworkable white elephants… too costly to run continuously, too ponderous to upgrade in the face of agile, crypto-based sabotage.

For the Win

It is easy enough to become despondent in the face of spy cartels demonstrating sneering, hypocritical contempt for civilian laws – and for democracy itself. How can a ragged band of data activists ever hope to face off against surveillance machines built with tens of billions of dollars, sheltered in military secrecy, spanning the entire globe? Isn’t it hopeless from the start? And should we just keep writing letters to our congressdrones, begging them to “regulate” these un-regulatable spy cancers with laws they’ll then contemptuously use ( yet again) as mere toilet paper.

No, it’s not hopeless. In fact, beating the power-mad spy-voyeurs is both easy and free of any need to break the law along the way. By viewing these systems as fundamentally economic ( hat tip to Appelbaum again , we can see right away where they’re most vulnerable. Change their cost dynamic – make automation difficult/expensive – and they become useless relics of bygone era. Sure they’ll keep eating tens of billions of dollars per year – they’ll keep growing and chowing through data – but the output they provide will become increasingly brittle, imprecise, uncertain and useless. They can keep throwing queries at the DBs, but if we feed the DBs garbage, then we all know what comes out.

Despite the obvious, inescapable logic of such an analysis – I’m hardly the first to propose it, nor I hope the last-one rarely, if ever, sees these perspectives discussed outside of specialized, anti-surveillance technology circles. Why is that? Because, in a word, this analysis works. It provides a tangible , actionable, risk-free path towards our goal: viz, to “sabotage the system”. As such, this approach brings fear to the hearts of military spy cartel kingpins and their enablers worldwide. Those of us who promote, publicize and enable the deployment of solutions based on such approaches face harassment, persecution and extralegal attacks for doing so. That, too, rather elegantly demonstrates just how effective these approaches are. Indeed, when our enemies ignore us , we’re not perceived as threat. But, when our enemies react to our efforts widely, violently, and with panicked overreach… when this happens, we know we’re doing something right. We know that we’re bringing to them the dear of their own defeat. Just so.

Spread the word. Spread the technology. Spread awareness of how it works. Put your grandfather up on a secure network service of your choice. Setup your aunt’s router with good, open-source OS and torify its connection. Stick some solid SOCKS proxy addly in your buddy’s browser settings. Spread the love, compa ! The more we encrypt ( and IP decouple ) comms traffic online, the more we throw a nice, chunky, proud monkey wrench into the sick dreams of spymasters worldwide. Sabotage the system… so we can have a future that’s free, open, diverse and above all else, healthy for our planet

by D.B. LeConte-Spink through our friends @ 2600 for educational purposes ( and call to action )

JSON