On 17/02/2015 00:58 am, Jerry Leichter wrote:
On Feb 16, 2015, at 3:39 PM, John Young <j...@pipeline.com
<mailto:j...@pipeline.com>> wrote:
Kaspersky Q and A for Equation Group multiple malware program, in use early
as 1996. NSA implicated.
https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
<https://t.co/bByx6d25YF>
Dan Goodin: How “omnipotent” hackers tied to NSA hid for 14 yearsand
were found at last
http://ars.to/1EdOXWo <http://t.co/0n1D05GOFN>
Two articles that are well worth reading.
Back in the 1980's, I knew a bunch of the security guys at DEC. While
this was a much less threatening time, even the DEC internal network of
that period saw attacks here and there. What the security guys said was
that they had all kinds of attacks that they would find, analyze, and
lock out. But there was this residual collection of "ghosts": They'd
see hints that something kind of attack had taken place, but they
couldn't find any detailed trace of how, where, or by whom. The guys
doing it could get in and out and at most leave a bit of an odd,
unexplainable event behind. They assumed it was government attackers,
but could never prove anything.
It should be no surprise that this kind of thing has been going on for
years. The first papers on attacks on and defenses of computer systems
from a military point of view go back to the 1970's. (The Air Force
took the early lead - or perhaps they just let more out.) For a while,
some of this work was in the open; the famous Rainbow Series of reports
was one result. But then it all went dark - a fact that's now obvious
in retrospect, though I don't recall anyone commenting on it at the
time. (One wonders if this was the result of the NSA taking over fully.)
With unlimited funding and years of practice, these guys are way ahead
of the rest of us.
Back in late 2000s, there was a surge in interest in APTs and the
industrial-military contractors went on a shopping spree looking for
cyber-warriors. At the time I discounted it as yet another hype thing,
but it seems that it happened, and we're now in a cyber-arms race.
Here's an interesting comparison. Most academic cryptographers believe
that the NSA has lost its lead: While for years they were the only ones
doing cryptography, and were decades ahead of anyone on the outside, but
now we have so many good people on the outside that we've caught up to,
and perhaps even surpassed, the NSA. I've always found this reasoning a
bit too pat. But getting actual evidence has been impossible.
I'd rather say it this way: we have circumstantial evidence that we are
at about the same level for all practical purposes and intents. As far
as we are concerned.
There's a bit of a difference. I'd say they are still way ahead in
cryptanalysis, but not in ways that seriously damage AES, KECCAK, etc.
In contrast, I'd say we are somewhat ahead in protocol work. That is,
the push for eg CAESAR, QUIC, sponge construction, is coming from open
community not from them. In the 1990s we infamously blundered by
copying their threat model; now no longer, we have enough of our own
knowledge and deep institutional experience to be able to say that's
garbage, our customers are different. And our needs are pushing the
envelope out in ways they can't possibly keep up with.
Although, I could be wrong here - Equation team reports from Kaskersky
didn't say much about the protocols they were using to exfiltrate, just
that they had a fetish for Ron's ciphers.
So now we have some evidence from a closely related domain. It's not as
if the world isn't full of people attacking software and hardware, for
academic fame, for money, just for the hell of it. And yet here we have
evidence that the secret community is *way* out ahead. Sure, there are
papers speculating about how to take over disk drive firmware. But
these guys *actually do it*, at scale.
Should we be so confident that our claims about cryptography are on any
firmer ground?
In sum, I'd say they are ahead in the pure math, but you'd be hard
pressed to find an area where it mattered.
E.g., as Peter & Adi and I are infamously on record for saying [0], the
crypto isn't what is being attacked here. It's the software engineering
and the crappy security systems.
iang
[0] http://financialcryptography.com/mt/archives/001460.html
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
