Schneier on Security

Clive Robinson • April 15, 2019 6:57 PM

@ Sancho_P,

With regards,James Stavridis who is a Bloomberg Opinion columnist, but apparently a retired admiral.

He appears to be highly UN-informed about a whole slew of publically known things.

First off it was the UK not the US that syarted spying on sub-sea cables, many of which came up in the UK in the south tip of Cornwall in places like Bude Bay not far from Goonhilly satellite ground station.

In the 1980’s it became transparently obvious that the UK Government was tapping every cable they had any interest in and all satellite and microwave links.

Further as anyone who cares to look will find out, the US Government had a cosy relationship with all international Telex companies operating in the US. And all “cable flimsies” that were in effect the “carbon copies” were not just made available by the companies in many cases they were carried to the awaiting analysts by staff working for the cable companies.

It was exactly the same “Don’t ask Don’t tell” arangment that was discovered in AT&T premises.

Thus how the admiral can pretend the US is not up to the eyeballs in illegal wire tapping and has been since before the second world war kind of mystifies me.

Thus I can only assume,

More FAKE NEWS from Bloomberg.

Clive Robinson • April 16, 2019 11:05 AM

@ VinnyG,

Seems sort of obvious that any entity that has the capability to lay and maintain cable would of necessity have the ability to disrupt it or intercept traffic.

Up to a point. The “lay and maintain” asspect has historically been anything other than “covert”.

In essence you aquire a ship with largish engines capable of fixing a position reasonably acurately then “dragging anchor” untill you snag the cable, then pull it upto the surface to work on. So far soe easy 😉 in very calm weather which is why they try their best not to need doing it.

The use of submarines was started by the British during WWII and very early on in the cold war as part of their SigInt efforts, and they developed very leading edge equipment to do it.

Basically during the war the British navy had very good relations with the Russian navy etc and obtained information about the location of cables in shallow waters etc fairl easily, along with SigInt monitoring on various supply vessels. Supposadly unknow to the British Admiralty a submarine with divers was sent out to find and examin the subsea cables for the ability to be exploited. The US were eventually informed of this under the BURSA arangnents for inteligence sharing, and as with the land based tunnels the US decided that they should likewise take on the challenge. They sent out two submarines in 1945 on a dry run to estimate the feasability of getting in, locating the cables and getting out again as part of a more wide ranging ElInt operation with regards Soviet missile tests. In 1949 they sent in the USS Cochino and USS Tusk. They had been fitted out by all thr latest submarine developments then known for diesel electric boats (from German U-Boat designs). However the top of the line ElInt equipment was designed and built in Britain and their SigInt Techs fited it in the Portsmouth Naval base in Southern England just noeth of the Isle of Wight, all to maintain “absolut secrecy”.

Unfortunatly the name “Cochino” had been selected, supposadly as denoting a speedy species of trigger fish, which would be inline with the submarines intent. But as some here will know in Spanish it means “The Pig”, which should have forewarned people… It’s main mission to intercept Soviet radio transmissions from missile tests involved having holes drilled not just in the tail fin but in the preasure hull as well, for the antennas along with others inovations such as a new design of snorkel. That main mission was not a success although the equipment worked well, there was not the sort of traffic they were looking for during it’s limited span first and as it turned out only run into the Barents Sea.

On the return leg they ran into a sorm and the crews misgivings about the holes in the tail fin and preasure hull were realised and a battery fire which is one of the most dangerous things on such diesel electric subs happened as a result of leaks in the snorkel. The result was explosions on board quite serve burns to some of the crew and the loss of the USS Cochino, a civilian Elint specialist and six members of the USS Tusk’s crew who went to rescue the Cochino crew. It is unclear if they actually tried to run up and find the subsea cables or not, due to the way the British still keep these things classified, and in this reapect where Britain Commands the US obays…

The point is that working on cables requires fair weather for ships, but even thirty or more feet down where bad weather generaly does not reach, there are many complications with submarines of that period. Thus knowing how to overtly find and maintain cables might well be known quite widely, however the extra knowledge of now to do it covertly under water at 180ft down etc is “hard won by” thus mostly classified.

But as I noted, the ability to drop an anchor in the right place and dredge up the cable is over a century old. Obtaining a sea going tug with precise positioning equipment is not difficult. Thus even terrorists could cut or put out of action subsea cables. In the Middle East for instance around Oman the loss of cables by vessels dropping and dragging anchor is not exactly unknown…

Originally this is what was thought the Chinese did when they made the point to the US some decades ago by cutting a couple of subsea cables. However later examination of satellite images showed no sign of surface vessles in the area. In effect this was the first public warning that China had developed the capability to cut the cables in the South China Seas at any time which would in effect cut most nations around the South China Seas primary communications. This includs Japan, Taiwan and South Korea in particular which until recently the US had vowed to defend to the hilt (but now noticeably especially to those nations, does not. Hence the illegal Chinese artificial island building continues along with the destruction and murder of orher nations fishing vessels and their crews).

If you look back on this blog you will find I’ve been waving a small flag on the subject for quite some time.

One consequence I suspect few have thought about is their domestic IoT devices, many of which will not work unless “They phone home to the Mothership” in China. This phone home has little or nothing to do with the Chinese State Agencies, it’s actually a for profit idea so that the IoT users can be “Snaged, bagged, and their data sold to the highest bidder”.

The fact that I fully suspect both the NSA and other Western SigInt agencies do monitor this traffic does not mean I in any way discount the fact that the Chinese State SigInt agencies do the same.

You only have to go back to the debacle with CarrierIQ to realise that all SigInt entities would see such a freebie floating by as a gift from the gods, with the benift of “full deniability”, i.e. something they would not pass over simply because it actually equated directly with “economic espionage”.

Clive Robinson • April 18, 2019 12:18 AM

@ ,

What’s more interesting, was the development by the USN of the capability for divers to work on the seabed under pressure for extended periods.

I think I’ve mentioned before I was involved several decades ago with a similar capability development by the UK. Supposadly it was to get productivity in the North Sea oil industry up.

It became clear by the way they did not want some problems investigated, was because lowering a diving bell from a submarine does not have the same issues as doing it from a surface vessel.

Part of the testing was to put a deep saturation unit on Lowestoft docks and keep personnel in there for several months…

It is the farcical nature of an accident that happened which generally ammuses people.

Put simply, it’s fairly easy to get supplies like food and fluid into such a deep saturation system. What is not so easy is getting the waste out again, especially that from the toilet…

What was done was install a “vacuum toilet” similar to those on planes, which connected by an interlocked multiple valve system to a storage tank, that was kept at preasure but not as high as that in the deep saturation accomadation.

Obviously the stuff piles up fairly quickly so a commercial organisation that dealt with cesspits and the like were contracted to empty the container on a regular basis.

As you can appreciate there was a well defined proceadure to empty it safely. But as in many other things it appears to be part of the human condition that there are people who want to cut corners etc to make their life easier/quicker.

So there are a group of us standing on the docks next to the DSV we are installing some interesting equipment on. Due to one of those very many issues that come up in such projects we had been told to go and wait ashore whilst certain procedures were carried out. We were bored and the tea/coffee was cold turgid and less palatable than silage[1] so when the “cess tanker” turned up we were all idly watching it, whilst discussing matters of great importance, such as how long the manager at a well known football (soccer) team would survive…

So the “cess man” reverses up junps down from his cab and connects a hose between his tanker and the high preasure container. But… He did something wrong so that when he pulled the leaver, his hose detached from his tanker and flew around like an enraged snake with the man holding on for dear life. Whilst several hundred gallons of the most noxious and vile raw sewerage erupted out rather like one of those “Coke and Mentos” fountains on major steroids.

We stood their with some of us with mouths unwisely agape, not believing what we were seeing. Almost as quickly as it started it was over. The man was somewhere in the middle of a “cess pool” feabily moving and calling out for help with an obviously broken arm. He had tried to get to his feet but each time his footing lost and over he went again. Luckily for us the wind was blowing from us towards him and then onto the rest of the docks.

To cut a long story short both an ambulance and several fire engines turned up. The fire brigade had been told it was a major chemical spill… The ambulance men stood back whilst the fire brigade hosed the docks down with a great deal of presure and a greenish orange cloud drifted inland… Eventually the firebrigade hosed the man down at a lot less preasure but by this time I don’t think he was cognizant of what was happening. The look on his face suggested he had found himself in his own very personal hell and he was duely carted off by the ambulance.

Up untill that point hardly a word had been spoken. Then the voice of the sparks said with forced joviality “Now there’s something you don’t see every day”… Which was true enough.

Getting back to the actual mechanics of subsurface cable tapping, you are right I would be interested in seeing the kit involved, and yes my fingers would itch to have at it with a screw driver 😉

But my curiosity aside there is a much more serious issue as you note,

We’re back in Utah data centre territory. You just need to think through the implications of what is publicly known, and the capability of current technology.

I’m known for saying “What the laws of physics alow”, but I remember back prior to Ed Snowden going walkabout, our host @Bruce asked for peoples thoughts on what Utah could store. I get the feeling he was actually quite shocked as to what telecoms engineers thought and the implication that every key press and spoken word across the US communications networks was being idly hoovered up with loads of space to spare.

With regards,

The danger is what could a criminal enterprise or rogue state do?

Personally I think aside from physical attacks, actually not a lot. We joke about “sipping from a fire hose” but GCHQ Bude has tens of millions in technology in it, and that’s just in effect a switching center for the other tens of millions spent on the twenty or so “sub sea cable risers” that come up along the Cornish coast along with the satellite down channels just up the road. I doubt any criminal enterprise would be able to filter the data, let alone process it to get meaningful information out. Likewise those “second and third world” less than democratic countries, I don’t actually think the Five-Eye SigInt agencies are actually having much success with processing the data either… We were once told “Be careful what you wish for” as you might get rather more than you bargained for.

[1] For those that are not familiar with farming practice, silage is in effect “pickled hay” which is fed to cattle and other live stock over winter when for whatever reason they cannot be pastured. Silage is in effect an anerobic rotting process called ensilage, that not only retains the high nutritional value of “grass crops”, but unlike hay also retains most of the water content as well. Basically the process is to harvest and compact your “green” product into large bails where much of the air is pushed out, then wrap in black plastic to make an airtight seel. If you have ever been near a bail when it is opened it’s not a smell you are going to easily forget…

Clive Robinson • April 20, 2019 7:39 PM

@ POPWeasel,

That IS what is needed.

You’ve left out the words ‘some of” after “IS”.

There are other areas than encryption and traffic analysis you need to mitigate.

Firstly is “system transparancy” it’s a symptom of “efficiency-v-security”. Put simply the more efficient you make a system the more transparent it becomes. In effect you “open up the bandwidth” to things like covert side channels. As an example from Mat Blaze, network protocols can end up sending individual keypresses as network packets. Due to the way users work their keypress timing in words is random around a mean keypress rate. Thus the randomness is alowed redundancy which is where you can easily hide a spread spectrum coded side channel. Thus a key logger inside a keyboard can get it’s low bandwidth signal through the user PC or server.

Secondly is “active fault injection” many networks are asynchronous at the packet level and avove. Which means that one system can jam another system. One or both systems then wait for what appears to be a semi random time before re-transmitting. The problem is such timings can be very easy to determin thus you can selectively jam a systems datagrams. Eventually the jaming causes “errors and exceptions” back in the OS / Application code. These errors can propagate backwards through systems including the likes of data diodes. In effect systems are also transparent in the reverse direction, effectively backwards up the TX path all the way back to the data sorce.

Thus you have bidirectional communications paths back to before encryption is used…

Yes there are known mitigations but all they effectively do is reduce the bandwidth whilst leaving space for lower bit rate side channels.

There are other things to consider as well which “the laws of physics” more than alow.