Last week I explained why government-imposed backdoors cause more problems than they solve, and government-imposed weaknesses from the 1990s are still causing SSL/TLS security problems. Let’s see some of the other ways backdoors have spectacularly failed.
The problem of insider abuse goes back to an era when letters and telegrams were the dominant forms of communication. During the wave of anarchist bombings of the early 1900s, J. Edgar Hoover rose to power within the Justice Department. Mail was opened, telegrams were copied, and telephone lines were tapped. Hoover was appointed director of the Bureau of Investigation, later to become the FBI, in 1924. He quickly became entrenched, exceeding the FBI’s jurisdiction and building dossiers for political leverage. Harry Truman said, that Hoover had transformed the FBI into a private secret police force, and ”we want no Gestapo or secret police. The FBI is tending in that direction. They are dabbling in sex-life scandals and plain blackmail. J. Edgar Hoover would give his right eye to take over, and all congressmen and senators are afraid of him.”
What goes wrong on today’s Internet?
Telecom Italia suffered an insider attack in 1996–2006. Over six thousand people were targets of unauthorized wiretaps operated by authorized employees gone rogue. Dossiers were collected on politicians, judges, bankers, business executives, and others. The dossiers were sold through a private investigation agency in Florence, and used for blackmail and extortion. It is believed that no large business or political deal during this period was truly private. See this La Repubblica article, this Der Spiegel article, and the testimony by Susan Landau to the Judiciary Committee of the U.S. House of Representatives.
In the mid-2000s, Vodaphone Greece purchased Ericsson telephone switches designed to allow lawful interception. A switch software update automatically enabled the wiretapping capability without adding a user interface to audit its use. Intruders monitored and recorded the telephone activity of over one hundred senior officials of the Greek government for a period of ten months in 2004–2005, including the Prime Minister and the heads of the Ministry of National Defense and the Ministry of Justice.
An ”update” for BlackBerry-using customers of Etisalat in the United Arab Emirates actually installed spyware developed by American firm SS8. It caused a sudden epidemic of crashes, poor reception, and reduced battery life, and some handsets completely stopped working. If this spyware was intended to help catch terrorists, it did an awfully sloppy job.
Tom Cross discovered in 2010 that a Cisco IP network architecture designed for law-enforcement interception could be exploited. His presentation ”Exploiting Lawful Intercept to Wiretap the Internet” describes several vulnerabilities.
In 2012, all U.S. Department of Defense phone switches were reported to be vulnerable due to the wiretapping capabilities required by the CALEA or Communications Assistance for Law Enforcement Act regulations.
In 2012, the Indian hacker group ”The Lords of Dharmaraja” posted documents they downloaded from an Indian military network showing that India’s military intelligence and Central Bureau of Investigation had been collecting telecommunications traffic at least since April 2011. In exchange for access to the Indian market, manufacturers including RIM, Nokia and Apple agreed to provide backdoor access to their devices. The Indian government then used those backdoors to intercept internal e-mails of the U.S.-China Economic and Security Review Commission; a U.S. body mandated with reporting to Congress on the trade relationship between the U.S. and China. The hackers posted those internal e-mails to Pastebin.
The Hindustan Times reported in May 2013 that the Gujarat police obtained detailed phone records of up to 93,000 mobile phones without the state police chief knowing anything about the operation.
The U.S. Government required Google to collect data on a large number of users. Chinese hackers stole the resulting database. It listed those people who the U.S. government had under surveillance as they were suspected of being Chinese agents. This was a big win for China, as it told them which of their agents were and were not suspected. Unnamed, ”current and former government officials” told the Washington Post about it. Microsoft then said that Chinese hackers had targeted Microsoft servers around the same time, looking for similar information about Government-required data collection by Microsoft.
As for the Dual_EC_DRBG and multiple Juniper backdoors, where do you start…
I described the backdoor in the Dual_EC_DRBG cryptographic algorithm earlier. That’s just a part of it.
In December, 2015, Juniper Networks announced that some versions of their ScreenOS firmware had two major security problems. There was a backdoor for remote administrative access, and the flawed Dual_EC_DRBG cryptographic algorithm was used.
The remote access backdoor used a hard-coded password embedded in the ScreenOS firmware. Connect via either Telnet or SSH, provide any user name, give ”
<<< %s(un='%s') = %u”
as the password, and you have administrative access to the device.
The flawed cryptographic algorithm in Juniper’s words ”may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic”.
The cryptographic backdoor is speculated to have been further modified and used by attackers hostile to the NSA’s mission, based on analysis and discussion by Ralf-Philipp Weinmann, Steve Checkoway, Willem Pinckaers, H.D. Moore, and Matthew Green. Wired observed, ”Even if the NSA did not plant the backdoor in the company’s source code, the spy agency may in fact be indirectly responsible for it by having created weaknesses the attackers exploited.”
There’s much more to this story, see my page for more details.
Microsoft markets their Live@Edu system to schools, advertising that its lack of encryption is a ”security” feature. The school administrators can monitor communication between teachers for an advantage in salary negotiations, and of course Microsoft has frightening suggestions about the likelihood of mass shootings if students’ messages aren’t monitored. At many of the school that moved to this or a similar all-cleartext e-mail system, almost all faculty and students quickly moved all their communication to Gmail or similar and left the school’s system unused.
We discuss how strong end-to-end encryption works in the System and Network Security Introduction course. These stories show why it’s important!