Encryption backdoors, the NSA and Juniper
New reporting on some older events that’s relevant in the current encryption debate and the need for backdoors. Sometimes simple commercial pressure can get your government encryption backdoor into commercial security products.
The NSA developed an encryption standard called ‘Dual Elliptic Curve Deterministic Random Bit Generator’ (Dual EC CRBG), got NIST to include it in a standard (NIST SP-800-90A) and then leaned on US network vendors like Juniper, RSA and Cisco to implement it in their products.
The Dual EC DRBG algorithm contained a backdoor that, if you knew the ‘Q value’ used to create the encryption keys would allow you to recreate them, and therefore decrypt that data. The NSA specified a preferred value for Q.
The US Department of Defense (NSA’s parent) mandated the algorithms inclusion for future orders. RSA was paid $10 million to include it as the default algorithm on some of their products.
Lots of people pointed out that Dual EC DRBG had a potential backdoor in it at the time though, as Mathew Green paraphrases, “well, that could be horribly exploitable but nobody would do that.” Evidence of it actually being a backdoor came with the 2013 Snowden leaks.
Bloomberg’s new reporting ties a 2012 and 2014 breaches of Juniper to the Chinese group known as APT5. Having identified the Q value weakness, they compromised Juniper’s source code and changed the value so that they could decrypt traffic.
In 2015 Juniper released an early Christmas pressie announcing they had found “unauthorised code” in their products and urging updates “with the highest priority.”
The NSA thought they could implement a backdoor algorithm for their benefit and it was compromised and rekeyed by the Chinese for their own benefit. A “lessons learned” report was produced, though the NSA “now asserts that it cannot locate this document.”
Matthew Green’s thread is worth a read, and his pet theory (based on the timelines) that this was the cause of the OPM breach sounds plausible.
So as the debate continues, let’s remember that encryption backdoors aren’t new, we have tried them before, and they backfired. Let’s also remember that they don’t have to be mandated in legislation for them to appear in the wild.
~1/2 of under 24’s say security tools are “a hindrance” and 31% admit to bypassing them to get on with their work, according to HP Wolf Security zdnet.com
Other newsy bits
Proton Mail got served
Proton Mail, based in Switzerland, offers encrypted email and majors on Swiss privacy laws and that encryption to protect the contents of your inbox. The company said they don’t retain logs and would only respond to court orders from the Cantonal Court of Geneva or the Swiss Federal Supreme Court.
So that’s what authorities did: compelling them to collect and release metadata on the IP address of a user to aid a law enforcement investigation into a climate change activist. Outrage followed this week as lots of people
lost their shit realised they’d made incorrect assumptions. Perhaps foreshadowing this day, Proton Mail advises using Tor if you wish to mask your IP address from the service.
Rob Graham has a good thread that I think sums up why it shouldn’t really be a fuss.
The interesting bit for me is that because of their privacy stance, Proton Mail didn’t who the user was and so had no reason to object to a legally binding request through a channel used for serious crime investigations.
Wireless charging side-channel attack
This is cool research - fingerprinting websites and compare that to wireless charging power draw - though the ‘considerable security threat’ will, as ever, really depend on your threat model. If someone wants to monitor your web browsing at a public charging point they’ll probably just look over your shoulder. (H/T Lloyd)
Outlook doesn’t validate Punycode domains properly
Using characters from, for example, Cyrillic alphabets to generate lookalike domain names isn’t a new idea and browsers now typically show them in the format “xn–…” and with the character codes included to make it obvious to users.
“From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as “xn–pple-43d.com”, which is equivalent to “аpple.com”. It may not be obvious at first glance, but “аpple.com” uses the Cyrillic “а” (U+0430) rather than the ASCII “a” (U+0061). This is known as a homograph attack.”_ — Xudong Zheng
However, it appears Outlook is blind to this sort of tomfoolery processing these as their Latin counterparts. This means you can trick the email client into displaying the contact card for a user, making the spoofed email seem authentic.
Microsoft has said they won’t fix the issue… though mysteriously you cannot reproduce it in the latest versions of Outlook.
Attacks, incidents & breaches
- McDonald’s sent the usernames and passwords for all users of their ‘Monopoly’ game to all winners bleepingcomputer.com
- Details of 87,000 logins for Fortigate SSL VPN’s have been leaked online, obtained by exploiting a vulnerability in 2019 zdnet.com
- Indonesian intel agency compromised in suspected Chinese attack therecord.media
- The ‘perfect’ ransomware victim is based in the US, has $100M+ revenue, and isn’t education, healthcare, government or non-profit, according to Kela zdnet.com
- REvil’s website is back online zdnet.com
- ‘Targeted attacks’ using this new vulnerability in MSHTML using specially crafted ActiveX components in Office documents krebsonsecurity.com, microsoft.com
- CISA warns of vulnerability in Zoho single sign-on component therecord.media
- Does Apple need to improve its bug bounty programme to execute its privacy and trust strategy and prevent vulnerabilities from being sold on the ‘grey market’? washingtonpost.com
- OpenSSL 3 has landed theregister.com
- Money launderer for North Korean government sentenced to 11 years cyberscoop.com
Mergers, acquisitions and investments
- Thoma Bravo has taken a stake in threat intel provider Intel 471 techcrunch.com
- Secure code outfit Snyk closes $530M round pointing to an $8.5B valuation techcrunch.com
Lessons in security vs human behaviour
Users will try to work around your controls if they infringe on their (perceived) ability to do their job (see Interesting Stats above). In this case, it’s sitting a mouse on top of a watch face to prevent Teams from going ‘away’ (H/T Nick) @hanbandit