Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:Meh. (Score 1) 75 75

Thats easy to do with a Tailored Access Operations unit like hardware upgrade to all exported systems to a nation or front company over many years and upgrades.
All computers arrives ready for collection as installed by default. For admin staff or the more secure communications room. Just waiting for an alternative network day, weeks, months later after local install and site testing.

Comment Re:If you have physical access... (Score 1) 75 75

An embassy site or massive gov building might open to visitors, cleaning contractors, new staff, insiders with faith or cult like foreign loyalties, people offering products for demo or sale, tours, public requests within that magic air gap distance thats not miles on a classic mil base but down to floors or 100's of feet.
The classic secure communications room might be very secure to trusted staff only but the wider network might be very leaky over 10's-100 of feet beyond physical security.
Physical access vs site access has always been the magic that so few designers understood. The network outside the building was 100% safe. At the next room distance plain text recovery was still an option.

Comment Re:Old news is so exciting (Score 2) 75 75

The TEMPEST origins are within the CIA going back to the very early 1950's.
The UK stumbled on TEMPEST like results thanks to a leaky embassy cypher machine in 1952 that offered up plain text.
France was the main target going into the 1950's until corrective hardware was added in the early 1960's.
The US and UK also had success with the new methods in Berlin and Vienna against Soviet communications networks.
In theory every advanced cryptographic expert should have been fully aware of the issues into the 1960's-70's on any advanced device on the open market.
The main issue seems to be the use of average PC enclosures in very secure sites. The staff are trusted, the site is kept away from random outsiders, distance and physical security been the focus. The more historical view would be to build a much better enclosure, encrypt and have better site security.
Learn from France and its total loss of communications security in the 1950's...

Comment Re:Cyber Security reason alone is enough to ban (Score 1) 279 279

Yes, who has the go, no go code, the free fire grid, zone code that gets searched for all movement?
On an plain text, unencrypted database with a plain text letter of commendation for that project?
Could control code walk out, not just plain text, unencrypted lists and letters of commendations.. on network facing databases?

Comment Re:It's a little late folks.... (Score 1) 279 279

Re ""thing that identifies enemies and attacks them""
The fun part about that is every other army will be looking up the digital version of Operation Skye https://en.wikipedia.org/wiki/... to bait expensive AI drones into expending its mission load all over wastelands or other optically interesting areas.

Comment Re:Convince the Pentagon (Score 1) 279 279

Lets hope the AI drones CRM 114 https://en.wikipedia.org/wiki/... holds and the
"... enemy cannot plant false transmissions and fake orders, once the attack orders have been passed and acknowledged, the CRM 114 is to be switched into the receiver circuit. The three code letters of the period are to be set on the alphabet dials of the CRM 114, which will then block any transmissions other than those preceded by the set letters from being fed into the receiver."

Comment Re:Drones (Score 1) 279 279

Re ""American Exceptionalism" basically means we allow ourselves to commit war crimes with impunity."
The AI option will just add another layer of legal protection to the contractors and US government.
The "computer did it" seems to work wonders with new staff and staff retention.

Re "One of the things that has consistently mystified me about Americans' complacency with drone warfare is the underlying assumption that our current monopoly on drones is going to last forever."
The US still has the bandwidth to each drone to get the huge flow of image data back in real time and the international networks to encrypt commands.
Re "For all intents and purposes, we're already using killbots, and the really important point here is that airborne killbots can be used (for now) with impunity across borders."
A page from UK history during the https://en.wikipedia.org/wiki/... and hopes AI drones will allow for the total grid like control over vast areas of the world? Worked well for the UK in the early 1900-30's back with total signals intelligence.....
The problem is the signal flow up and down so an AI will slow that command link tampering issue by not allowing any confusing new commands in while been totally aware of its mission, location and all local movement.
What is been sold on is another U2, D-21 https://en.wikipedia.org/wiki/... to try and out fly, out smart all other nations for decades.
The problem is how much "smarts" can the US afford to lose in a real crash or super computer projected blind SAM event?
The US mil has always been very hesitant to load up any device with too much technology, better to use a crew or sat control allowing the drone hold 1980's optics any nation can buy and a sat link back to push up all the collected data and a simple weapons system.
The loss of a commanded drone with its design, sat dish, optics and engine is no real loss. The recovery of the AI drone with its total encryption package is a loss that could be difficult to recover from.
Over time 'random' AI flight patterns could become super computer friendly and then its just the need for a big, fast SAM thats never been turned on in the past.
Its a race over decades, who can control a drone to get it to land anywhere or predict an AI flight path in time?
How much randomness can be designed into every unique AI drone for every mission approach, mission and then return?
Nations will use any networks other passive radar like system to look up and track.
What can a AI drone be fooled into expending all its limited payload on? Low cost, fancy emissions and optical fooling artwork in vast empty open areas lure in vast numbers of very complex AI drones?

Submission + - Cold War, NSA, GCHQ and Encryption->

Taco Cowboy writes: In the 1980s, the historian James Bamford was researching his book The Puzzle Palace about the US National Security Agency (NSA) and came across references to the "Boris project" in papers written by William F Friedman, the founding father of code-breaking in America. The "Boris project' details a secret agreement between Boris Hagelin, the founder of Crypto AG, a Switzerland company which sold Enigma-like machines to nations and spy agencies around the world, and NSA

Upon learning of Mr. Bamford's discovery the NSA promptly had the papers locked up in a vault

In 1995, journalist Scott Shane, then at the Baltimore Sun, found indications of contacts between the company and the NSA in the 1970s, but the company said claims of a deal were "pure invention"

The new revelations of a deal do not come from a whistleblower or leaked reports, but are buried within 52,000 pages of documents declassified by the NSA itself this April and investigated by the BBC

The relationship was based on a deep personal friendship between Hagelin and Friedman, forged during the War. The central document is a once top-secret 22-page report of a 1955 visit by Friedman to Zug in Switzerland, where Crypto AG was based

Some elements of the memo have been redacted — or blacked out — by the NSA. But within the released material, are two versions of the same memo, as well as a draft

Each of the versions has different parts redacted. By placing them side by side and cross referencing with other documents, it is possible to learn many — but not all — details. The different versions of the report make clear Friedman — described as special assistant to the director of NSA — went with a proposal agreed not just by US, but also British intelligence

http://ichef.bbci.co.uk/news/4...

Friedman offered Hagelin time to think his proposal over, but Hagelin accepted on the spot

The relationship, initially referred to as a "gentleman's agreement", included Hagelin keeping the NSA and GCHQ informed about the technical specifications of different machines and which countries were buying which ones. The provision of technical details "is a revelation of the first order," says Paul Reuvers, an engineer who runs the Crypto Museum website

"That's extremely valuable. It is something you would not normally do because the integrity and secrecy of your own customer is mandatory in this business"

The key to breaking mechanical encryption machines — such as Enigma or those produced by Hagelin — is to understand in detail how they work and how they are used. This knowledge can allow smart code breakers to look for weaknesses and use a combination of maths and computing to work through permutations to find a solution. In one document, Hagelin hints to Friedman he is going to be able "to supply certain customers" with a specific machine which, Friedman notes, is of course "easier to solve than the new models"

Previous reports of the deal suggested it may have involved some kind of backdoor in the machines, which would provide the NSA with the keys. But there is no evidence for this in the documents (although some parts remain redacted)

Rather, it seems the detailed knowledge of the machines and their operations may have allowed code-breakers to cut the time needed to decrypt messages from the impossible to the possible

The relationship also involved not selling machines such as the CX-52, a more advanced version of the C-52 — to certain countries. "The reason that CX-52 is so terrifying is because it can be customised," says Prof Richard Aldrich, of the University of Warwick. "So it's a bit like defeating Enigma and then moving to the next country and then you've got to defeat Enigma again and again and again"

Some countries — including Egypt and India — were not told of the more advanced models and so bought those easier for the US and UK to break

In some cases, customers appear to have been deceived. One memo indicates Crypto AG was providing different customers with encryption machines of different strengths at the behest of Nato and that "the different brochures are distinguishable only by 'secret marks' printed thereon"

Historian Stephen Budiansky says: "There was a certain degree of deception going on of the customers who were buying [machines] and thinking they were getting something the same as what Hagelin was selling everywhere when in fact it was a watered-down version"

Among the customers of Hagelin listed are Egypt, Iraq, Saudi Arabia, Syria, Pakistan, India, Jordan and others in the developing world

In the summer of 1958, army officers apparently sympathetic to Egyptian President Gamal Abdel Nasser overthrew the regime in Iraq. Historian David Easter, of King's College, London, says intelligence from decrypted Egyptian communications was vital in Britain being able to rapidly deploy troops to neighbouring Jordan to forestall a potential follow-up coup against a British ally

The 1955 deal also appears to have involved the NSA itself writing "brochures", instruction manuals for the CX-52, to ensure "proper use". One interpretation is these were written so certain countries could use the machines securely — but in others, they were set up so the number of possible permutations was small enough for the NSA to crack

In a statement, a GCHQ spokesman said the agency "does not comment on its operational activities and neither confirms nor denies the accuracy of the specific inferences that have been drawn from the document you are discussing"

The NSA also declined to comment on the specific conclusions

Link to Original Source

Comment Re:Fishing operation: 2015 edition (Score 2) 157 157

The good news its more in the press and people are talking of constitutional protections. People can see the US legal digital Berlin Wall in use.
US based brands now have the interesting legal complexity of user data flowing to the US gov in the US.
Options?
Become more of a multinational and move US based big data to Ireland or other parts of the EU?
The NSA and GCHQ needed network access but the brands had to keep the freedom front up. If the press keeps on reporting on US big brands court issues interesting people will just use social media less. The UK was always aware of how any population might become highly sensitised to surveillance and did its best to find ways just to watch.

Comment Re:SHOCKING! (Score 2) 64 64

Re "Haven't we been reading about this for a few years now?"
Considering the decades of early cell phone like devices, pagers, consumer desktop computers, smart phones, personal digital assistant/handheld PC, tablets?
Thats a lot of easy, court free access over many, many years :)
One pubic example found in the press would have been constant pressure on the US from the UK over Ireland/US connections in the 1970-90's over emerging computer and advanced phone use.
Very old ideas that got tested on every US network connection or computer system of interest decades ago.

Comment Re:Malware types (Score 1) 64 64

Re "many times of malware"
Thats the key to the magic of one time bespoke malware that a user/group of interest is fooled into allowing. What can an AV cloud with behavioural analysis do? Would a smart admin see it time time? The ip the data flows out to is unique, the software was user 'installed' and does not match any understood pattern or emerging threat.
If a city, state, county or federal investigation only uses the expensive software one time, its magical vs all domestic and international AV products, cloud and behavioural analysis or internal OS logging.
The trick fails when nation states fails read the instructions about the crafted malware been a one time deal.

Comment Re:Does it really matter any more? (Score 1) 132 132

It depends AC. If the user opens 10 or 200? tabs in one window for some reason?
Optical bandwidth, 64 bit OS, i7, real gpu, 32 gigs of ram can cover for a browser with slow code issues?
The browser has to be fast to serve ads, keep banking secure, keep the MS branding fresh in the users mind and be web standard compliant.
The days of only working with a MS web site creation application are over but the same MS branding issues will always be the same.
Fast is easy. Ad blocking, security, branding is the ongoing issue for M$. How much will any new computer cost with Windows 10 Pro?
Will ad blocking work? Will ads display at the desktop level if a brand pays enough vs the browser?

Comment Law enforcement malware (Score 2) 64 64

With the NSA and other nations providing total network access its hard to then undo the vast parallel construction effort with local malware on one computer to build a multi year case.
The problem for the use of digital and voice product in court is the mentioned "reasonable ex post notice to a computer’s owner" in an open court.
Soon the entire US judicial system and the press would be aware of methods, law enforcement friendly US developed operating systems and antivirus issues, malware providers and their experts in open court testimony.
Everyone of interest would quickly understand privacy and anonymity cannot be found on any US network or device designed or sold that connects to a US network.

Over the years many efforts have been made to support law enforcements own understanding that some networks and phones are 'safe'.
Even local, state and low level federal officials then understand and help propagate the no trapdoor, back door cover stories they saw in a local tech demo
The cover story that some brands, generations or easy to buy products are totally secure is often positioned as random talking points in the national media and on computer related sites.

The UK had many issues with advance phone tracking methods leaking from the court system in the 1970-80's as computer, phone and cell phone technology was been made public.
The US wanted to ensure the same would never happen with its cell phone tracking so it uses IMSI-catchers and light aircraft with dirtbox like units well outside the US court system. Every wifi, cell device and other signals over vast areas per year.

Onion router like networks face the same constant mapping and software/network OS layer issues.
Collect it all is the new cheap, easy way to map entire local communities every year. The real magic is keeping methods away from courts, the press, citizen journalism with walk in FOIA requests at a city or state level or other legal teams.
The hardware paper trail still exists in some city and regional bureaucracies just waiting for a correctly worded in person FOIA request.
The UK was much smarter as it centralized its expert help to law enforcement well beyond the courts, press.

Comment Re:I'm okay w/ watermarks, but not secrecy (Score 1) 100 100

The US and UK became very interested in the photocopier aspect when the UK found a photocopier without a counter or security in an area with its security document vaults. An individual had been using it to make all the copies wanted of secure documents and walking out with the clean copies.
The US and UK then upgraded and further restricted photocopier access policy with counters, educated security staff and by installing cameras in the photocopier units to record what was been copied and by what person.
Very old ideas that had to be rushed out to solve unexpected wider problems.
The tracking of digital files worked in the same way. Baited access to plain text databases to see how staff would respond and what they searched or did not attempt to search.

Comment Re:Hot (Score 1) 54 54

AC a bit of reading shows Australia has some super computer ambitions and spending.
Quantum computer work has been great for funding.
"Quantum storage breakthrough key to 'unbreakable' encryption A new quantum hard drive jointly developed by researchers in Australia and New Zealand could lead the way to an 'unbreakable' worldwide data encryption network."(January 12, 2015)
http://www.zdnet.com/article/q...
"Powerful quantum computers move a step closer to reality A research team from Australia has pushed quantum computers closer to fruition, but a former NSA director warns that the technology could break encryption" (October 2014)

A programming language is low level when its programs require attention to the irrelevant.

Working...