Schneier on Security

Clive Robinson • July 3, 2020 4:12 PM

@ ALL,

This is being portrayed as the take down of clever criminals who are the “Mr and Mrs Big” of crime.

Actually they are not.

In tealiry they are low life street criminal thugs, who have managed by violence, murder and worse to move them selves up the street crime tree one or two levels beyond the normal low life thugs so they are not the lowrst of the low hanging fruit.

The reason the authorities are calling them the “Mr and Mrs Big” is purely for political reasons. These crime agencies for various reasons are costing big and delivering little in the eyes of politicians…

The reality is most if not all of these criminals are known to the police mostly through direct contact when they were just low level street thugs with an especialy nasty set of habits not just drugs, prostitution and murder but other crimes involving torture, disfigurment and kidnaping as well.

They are also not at all bright either, their OpSec is appaling due to lazyness, biging it up, and over confidence, which is why they are in such trouble. They thought themselves invincible but in reality they acted very stupidly including send pictures of themselves, their crimes the proceads of their crimes and much else related not just to their crimes but their families, associates, mistresses etc.

Remember that they could and should have learned from the mistakes of South American drug barons who actually had marginaly better OpSec, but still made what with hindsight I suspect even they now know were stupid mistakes.

Any reader of this blog for even a short time should know I think very little or nothing of “secure apps” and for good reason. That is the app is a very small part of the overal security and smart phones no matter how you slice or dice them are never ever going to be secure when manufactured for consumers.

The reason is the plaintext human interface is on the same device as what is effectively an open communications interface. Why bother attacking the crypto? Especially when you can do one of very many end run attacks around the applications security end point to the HCI via other apps, the OS and the I/O drivers etc.

If you want the sort of security the criminals thought they were getting from Encrochat they were never going to get it. Because consumer level smart devices lack “strong segregation” that is it’s always possible to reach from the very insecure communications end point on device past the application security end point on the very same device.

To do what these criminals wanted would require to strongly segregated units, the first that has the communications end point on it, the second with the crypto and security end point on it as well as the Human Computer Interface (HCI). The second device also has one end of the “choke point” “gap crossing channel” on it. This crossing channel needs to be “strongly mandated” and “heavily instrumented” such that only desired secured communications can cross it.

Theres a few other requirments as well but that’s the essential point to get across.

So any criminal who thinks they can by a secure system using consumer grade mobile phones is either deluding themselves or being sold a pile of bovine originated fertilizer by other criminals on the make.

Lets assume the figures given are approximately accurate. So that’s 60,000 users each paying €3000 a year or 180 million euroes income which is arguably 200 million USD… Which makes it a nice little scam if you keep the other costs low.

If I was one of those Encrochat people I would currently be looking for somewhere to hide for ever because the sort of thugs involved like those from Morocco tend to get a bit inventive in the way they get retribution, and they have not just long memories but also that Middle East proclivity of cutting up relatives etc untill they think they have had sufficient vengence. Often as we know they can also pass such things down the generations as almost endless fudes…

But it looks like there are no end of chancers out there on the make… Because according to some reports within hours of Encrochat shutting down other services with the same sort of insecure design on consumer grade phones were advertising there services…

This whole episode as far as we know so far was entirely predictable to anyone reading this blog for more than a few months…

P.S. I’ve also mentioned fairly often how to avoid these pit falls and just how dificult it is to maintain the OpSec not just at your end of the comms chan but the other as well. Especially when we know there is no honour amoungst such criminals and they will rat you out more easily than they will find some one to stick your bits in a pig trough etc.

Clive Robinson • July 4, 2020 3:16 AM

@ Ismar,

I would even argue that is why the authorities still allow for the E2E encryption software to be available as widely as it is now.

When it comes to the ones that can think beyond five minutes in the future I would agree with you.

However much is run by “dictate” these days by people who are not the sort to think in the right sort of way. They believe in what was once called “divine right of kings” and thus fail to realise that neither they nor those they work for are either omnipotent or omnipresent.

We saw this not so long ago with an Australian minister of state basicaly claiming that the laws of man thought up for his and others convenience somehow had power over the laws of mathmatics and the laws of nature they describe. Foolish and pettifogging behaviour that brings disrepute on not just their venal nature but on the Office of State and by extension on the State and it’s citizens as well.

There is an old saying about poachers and game keepers, likewise of using a thief to catch a thief. In essence they both mean the same you have to think in the right kind of way and no the ways of your quarry to catch them. We have similar old saws such as “To walk a mile in another man’s shoes” they all come back to knowing the quarry or if you prefer your adversary.

The military philosopher Sun Tzu is sometimes credited with “To know your enemy you must become your enemy” which is a paraphrase of,

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

But this knowledge is actually many many thousands of years older, we see it in cave paintings where the “spirit” or “essence” of prey and the hunt comes through without words.

People who understand this know that their quarry can always be found by their spoor and the tracks they leave, thus the quarry can be stalked[1][2]. The skill is then in knowing how to read the landscape and current environment better than the quarry such that you can get well within range of it and go for the kill quickly cleanly and without danger to ones self.

Knowing this is why I do not use clearly abnormal or vanity security applications and the like, because they leave visable “tracks” for others to follow. And the inevitable OpSec mistakes you or those you communicate with will make, are the “spoor” by which you become known and thus potentially the trophy on somebodies wall, or found burned to death in a forest outside Celle in Germany[2].

[1] https://en.m.wikipedia.org/wiki/Tracking_(hunting)

[2] Clifford Stoll clearly understood this with his book Cuckoo’s Egg, Stalking the wily hacker and subsequent talks,

http://cyberforensicator.com/2017/03/11/cliff-stoll-still-stalking-the-wily-hacker/

Clive Robinson • July 4, 2020 4:20 AM

@ Jesse Thompson,

Alright, so how about you buy two smartphones.

Err no.

If you think about it the second phone is still a very insecure consumer grade device and has goodness knows how many communications end points in it that can be “got at”…

With regards,

can communicate to one another via something like an animated QR code.

As I mentioned years ago over on the Cambridge University’s lightbluetouchpaper.org web site, using phone cameras is not a good idea. Because whilst the human eye is not generaly good at colour or intensity cameras are. Thus what you perceive as a black and white QR code of maybe a thousand bits, actuall has a hugh side channel in the intensity that could give four or more times the number of bits you do not see…

I’ve mentioned this issue in the past on this blog and more importantly the importance of putting the human or atleast inteligent instrumentation into the choke point gap crossing channel.

A host to host USB-C link might allow faster bandwidth, but you’d have to be that much more careful that malware on the comms unit can do shady things with voltages to try to infiltrate the secure unit.

It was exactly this issue I had to impress on @Nick P and a couple of others when talking about banking and similar authentication tokens.

But there is another issue, which is “mutability”. Idealy the second device or token should be “unmutable” that is it should have no Flash ROM or battery backed up RAM etc on which malware can be put. This flies in the face of the way we build consumer grade devices these days.

Then there are security seals, cables and connectors to all consider as well.

Designing a secure second device is very far from simple, it’s why I usually talk of using paper and pencil ciphers such as the One Time Pad and a match and ashtray for secure deletion. It’s not only conceptualy easier to understand it’s also a lot lot easier to come up with a secure system. Oh and a lot easier to get OpSec and usage right.

Which brings us to the weakest link in the chain, which you correctly identify with,

I think the real difference in an approach like this one is “it involves elbow grease from the user” and thus fails to maximize convenience.

As the old joke has it “Systems usually work as expected without users, that’s when it all goes wrong” or the more pithy “The problem with ‘fool proof’ systems is you can never find a fool when you need one”.

But your final point,

But that said, it’s not the consumer grade hardware that is necessarily the bottleneck here.

The hardware consumer grade or otherwise is ment to be an “enabler” to make complex tasks become usable to ordinary individuals. The reason such devices go wrong and people get hurt is “assumptions” every system has them because they are what makes the specifications thus they are built in from day one.

Security engineers and secure systems designers have to grasp this point firmly,

Like a Quality Control process a Security Process has to be in place and functioning correctly from “Day Zero”. That is before someone even dreams up an idea that might eventually make it to the specification stage.

Because if the process is not in place then product will fail due to it’s inbuilt assumptions that can not be “patched” etc.

Clive Robinson • July 4, 2020 4:32 PM

@ Tatütata,

This story is rather fishy.

That’s the second issue with it.

The first is the near total lack of details about what actually happened.

Some stories give the impression the French found the servers and did something to them… But what is unstated.

Other stories give the impression it was the phones that had some form of malware loaded on them by the Dutch.

As for the UK, well it’s mainly a lot of political puffery, designed to make vast “mountains of mole hills” by implying the “secret sauce” that was the key to the success was British.

As for ownership of the company it’s been indicated it was set up and run by a couple of Scotish Criminals. If it was I suspect that they have very much disappeared of the face of the earth befor others force them to depart the earth…

What is far easier, is to see through the smoke screen of “Mr and Mrs Big” as I’ve indicated they are street thugs not criminal masterminds from the reported behaviour and what has been confiscated in terms of cash and drugs.

I guess the next “thrilling installment” will be the court cases. I suspect that there will be pushback from the defence lawyers over the legality of the methods used. Which in turn will liberate other details of the technical methods used.

So sit back relax get the cat on your lap and a large bowl of popcorn there may be some good entertainment in this story yet to come.

Clive Robinson • July 5, 2020 1:40 AM

@ Tatütata,

And if incriminating messages are used as evidence before courts, how could one be sure that their contents hadn’t been “enhanced” in some way to improve the odds of a conviction?

It would not be the first time that the digital evidence was “modified”…

Look up “Operation Ore” in the UK as Wikipedia puts it,

“Operation Ore was a British police operation that commenced in 1999 following information received from US law enforcement, which was intended to prosecute thousands of users of a website reportedly featuring child pornography. It was the United Kingdom’s biggest ever computer crime investigation, leading to 7,250 suspects identified, 4,283 homes searched, 3,744 arrests, 1,848 charged, 1,451 convictions, 493 cautioned and 140 children removed from suspected dangerous situations and an estimated 33 suicides. Operation Ore identified and prosecuted some sex offenders, but the validity of the police procedures was later questioned, as errors in the investigations resulted in many false arrests.”

It revolved around a case of an American web site “Landslide” that did not supply porn but acted as a gateway to pay to view porn sites in the Far East etc. The evidence used agaist people was the information in Landslide’s database which was sometimes confirmed by credit card charges, that the US Post Office amongst other US agencies supplied to law enforcment world wide.

Michael Mead of the United States Postal Service contradicted his US testimony under oath in UK courts regarding several details relating to the investigation.

Apparently the “front page” of the Landslide website, as supplied to the UK police was falsified in various ways. Thus the finger pointing started…

The UK investigation was run by Jim Gamble, a man of questionable past in Northern Ireland. He made lots of statments to the press in fact he was hardly out of the media during that time. He then went on to an even more questionable future at CEOP. Several allegations were made against him, about resource usage and misleading statments so he again moved on (MicroSoft amongst others got the benifit of his questionable tallents)1.

Under Jim Gamble the police even despite being notified very early on that credit card fraud was involved[1] failed to investigate this aspect, so keen were they on show trials and publicity. This was alsi despite a clear warning from the FBI which was why there were only a hundred US prosecutions despite there being tens of thousands of US details in Landslide’s database.

Under Jim Gamble the whole UK investigation was a compleate mess and the more people dug into it the more questionable or outright tampered with evidence was found.

Of significant note the investigation used an “IT expert” who was anything but it turns out, who had apparently falsified various details of his past and he was arrested for possession of child pornography. What this person had or had not done was never made clear[3]. The reason the police used the wrong law to search under and thus what ever evidence there was never got presented into court thus the public domain. It appears officially all of the failings of the case were laid at his door… Thus all the other police officers involved must therefore have been “shining angels, paragons of virtue, unfairly vilified” etc etc which was most certainly not the truth. In otherwords the man became “a useful idiot”. Some believe that this was done deliberately that he was a “scape goat” for police officers who had significantly “bloted their copy books” and should have been thrown out of the police force. Whilst I have know idea if he was used that way, I do know that some police officers should have been thrown out from the top of the investigation downwards.

Any way read the “Controversies” section of the Wikipedia site,

https://en.m.wikipedia.org/wiki/Operation_Ore

But remember that the Wikipedia editing rules have excluded much of what went on, and it appears some in officialdom have used the EU “right to be forgotton”. Oh one thing they Wikipedia article has got wrong is about the releasing of the list of names the US supplied to the UK Met Police, they were not secret, you could obtain them under a “Freedom of Information” request[4].

Although not published it was very clear that the Landslide database contained the names of quite a few people “connected to the establishment” that were never investigated… This gave rise to someone reverse engineering of what became known as the “VIP list”. Various people claim that it can be shown that the VIP list has been used by amongst others Jim Gamble to obtain influance. Amongst which was the strange movment of a number of “Sky News” journalists to out of the way places, in effect “shutting them up”.

[1] Somebody I knew at the time got pulled into it, and the evidence against them was a credit card transaction made when they could prove they were thousands of miles away. This led to a private investigation showing that credit card details had been stolen. Later suspected of being via a UK ePos terminals used in a supermarket petrol station[2].

[2] The same Supermarket later found that their ePos terminals had been tampered with in the “supply chain” and that a cellular device installed in them was “dialing home” with hundreds of thousands of Credit and other purchase card details. The only way the security sealed tampered units could be told appart from those that had not been modified in the supply chain was by a slight difference in weight.

[3] At the time it was claimed he had failed to properly erase hard drives he owned that had been used to copy suspects hard drives and this was the cause of the failed search warrant.

[4] One person who despite what happened to him decided to fight back, Simon Bunce went public to clear his name. And if you read what he did you will see that he was able to get the information to clear his name and show up what was going on,

http://m.digitaljournal.com/article/252684

He mentions the FOI but more importantly he says how it changed his life and from what I gather still does.

Clive Robinson • July 5, 2020 4:13 AM

@ SpaceLifeForm,

I guess they were stupid enough to believe that it must be super-duper secure because it costs so much.

Let me see there was that fable about an Emperor and his cloths…

I guess some things never change 😉

One bit I would like to know more about is the alledged “Dual operating system” it’s not clear if infact the OS’s switched or if one ran inside a virtual machine or not.

Whilst I’ve written OS’s for microcontrolers that do talk to cellular modems (ie mobile phone RF but no screen, mic/speaker screen or keyboard) I’ve not written one with an all singing all dancing “smart” interface.

Thus I’ve suspicions this second OS was either not a new OS or even an OS at all. That is it could have been a stripped down version of Android or one of the Chinese very cheap phone OS’s or more likely it was an environment within an existing Android OS. The later means that the system builders would not need to build device drivers and the like.

Also some articles alude to the fact the “secure” stuff actually went through the companies servers in France. That is it sounds like the phone actually used the Internet connectivity not the ordinary phone service / SMS etc.

I’ve thought about doing a secure voice app that way, because the GSM codecs effectively stop you using encryption across the GSM audio / Voice channel[1][2].

Whilst it’s not trivial a competent java coder using standard libraries could build a prototype voice encryption system in a couple of days. What would realy take the time is ensuring data dropouts were not an issue and of course all the complex and fraut KeyMan stuff that users just expect to work (see the “Why Johnny can’t encrypt” PGP papers).

[1] You may remember “jack pair” they were trying to do encryption of audio and use a phones audio channel. As I said back at the time, whilst they could get it to work across a traditional POTS audio channel, I thought that they would not have any success with mobile phones due to the use CELP codecs pioneered / invented by the NSA[2][3].

[2] GSM uses Code-excited linear prediction (CELP) codecs weighted fir a male germanic voice. CELP is a linear predictive speech coding algorithm originated by Manfred Schroeder in the mid 1980’s from work into secure speach systems going back into WWII which gave us the “Hot Lines” we heard about in the press during the cold war. The important thing to note is “linear prediction” that is most audio signals are not random but fairly predictable and in a linear way. Thus overly simply you can do “curve fitting estimation” of the audio signal and not need to send this as data. In effect the codec actually has quite a low bandwidth. If you think about the encryption process for a moment, what you do is take an audio signal put it through an A-D converter encrypt the digital output and put the result into a D-A converter and put the resulting audio output onto the phone audio channel. The problem is that the encrypted audio is not predictable or linear at all it’s random and looks like high bandwidth noise… Whilst you might with care get this down a POTS audio channel of high bandwidth, you have no chance with a CELP audio channel of effective low bandwidth[3]. You simply can not squeaze a quart into a pint pot.

[3] For some time now that “hinky” part of my brain has wondered if the NSA let the CELP encoders loose on the world because they knew it would make strong voice encryption not possible… It is the sort of “mess with the standards” finesse that would appeal to them. After all there are things people can do about implementation weaknesses like those in AES, and likewise but to a lesser extent there are things you can do about protocol weaknesses… But base level standards weaknesses means a tear up the design and start again approach and you get the “backwards compatability” issue by the truck load and the new mess that can give rise to fairly easy “man in the middle” “fallback attacks”.

Clive Robinson • July 5, 2020 4:39 PM

@ ALL,

It looks like some of my suspicions have been confirmed “years ago”…

From a post on lobste.rs,

https://medium.com/@fordnic/i-ve-got-some-attention-writing-about-weak-cryptography-used-in-the-wild-ca81c6e4c027

This was from back in 2016, I don’t know if it was ment to be funny at the time as it was posted on April 1st, but…

Clive Robinson • July 6, 2020 5:14 AM

@ Winter,

That is where you have minions for.

Yup, at least you get why I say these “Mr and Mrs Big” as the police call them are in reality only one or two levels at bets above the lowest of hanging fruit in the criminal world of street thugs.

I think it should be comming clearer to people that the police are themselve trying to “big it up” for some political or financial reason…

Clive Robinson • July 6, 2020 5:42 AM

@ Tatütata,

But seriously, a lowly SIP/VoIP server?

Apparently so, “Who’d ave thunk?” 😉

Just take others probably open source work and make a few changes.

How do they expect to remain accessible from all networks, especially mobile ones, when many providers still routinely block VoIP access through port blocking or deep packet inspection.

If you reread the articles and have a “thousand mile stare” between the lines, you will see it looks like they rented mobile space from a Dutch Telco, and in effect created their own private mobile network, presumably with roaming. Thus they would alow VoIP etc across their mobile network as part of their connectivity contract but probably only to their own server IP addresses…

I notice that their Certifying Authority is in Panama.

Ahh the ideal place as it has few if any extradition treaties alows barer share companies and the like, and a good place to end a canoeing holiday provided your partner does not flap their gums.

In the UK we have a number of Limited Liability Partnerships, supposadly to protect accountants and lawyers assets from negligence claims… Well from what I’ve been told if you have one and use it as part of a “financial tunnel” as it’s a Partnership not a Share company it is exempt from most of the UK Companies House rulesabout filings, thus a simple “no for profit” or “Not actively trading” decleration each year surfices. Further apparently quite a number have “partners” that are Pabamanian legal entities…

As @SpaceLifeForm points out with,

AIQ, SCL Canada, Cambridge Analytica. Panama Papers.

That this operation grandiose as it’s being portrayed is very probably a smaller part of a larger operation. The aim of which is not to stop “dangerous” criminals at all –that’s the excuse for the public–, but “grab assets” for the agencies and the Treasury…

Clive Robinson • July 10, 2020 1:39 AM

@ citr0n,

but it sounds like you know how to make the ultimate cryptonetwork/-phones, that’s big money

Sadly there is no “ultimate” just “as good as we currently know how” because of the “Unknown Unknows” issue[1] or as others call them “Black Swans”[2].

And whilst their may be “big money” now, there was not a decade or so ago, but always preasure from those Government Agencies for legitimate businesses.

Having been involved in “secure systems design” before which in many ways is a follow on from “Intrinsically Safe” and medical electronics design I’m aware of just how much there is in “sunk costs” for a legitimate design.

As others have noted the EncroChat phone more or less advertised it’s self at the criminal community.

The thing is it sounds like it was a very poor copy of the Silent Circle Blackphone 2 (some of the source of which used to be in a popular Open Source code repository). Back a decade ago when Silent Circle hit the news, it was making what appeared were the right moves and about $650 got you one off of Amazon… But since the CEO changed, it’s gone in a different direction, which appears to be firmly under the thumb of the US Government and all that implies in the current political climate[3].

[1] Although Donald Rumsfeld was credited with an expression along these lines he was not the first. My usage is sufficiently different as well and it talks about instances and classes of attack vectors. So you can have four possabilities “unknown unknowns”, “unknown knowns”, “known unknowns” and “unknown unknowns”. Many incorrectly think that the transition states do not realy exist, but with a little thought you can see they do. Take “unknown known” that is a known class but without a yet known instance[2]. Consider “Rowhammer” it was known for years by some design engineers that such attacks were possible, but nobody had come up with an example of how to do it mainly because elegant attacks were assumed and there were apparently adequate margins in designs. Then somebody “brute forced” it with a battering ram type approach and the attack worked, the design margins were thus shown to be inadequate. But also there can be a new instance of an attack found by chance, this usually happens with random input. Untill someone follows the attack through it’s process you do not know how it functions, thus what class it falls into, and you might find that the class was not known. I’ve discovered a few of these myself over the years with issues to do with the “logon process” in VMS, a couple of Unix varients and Microsoft NT varients. I still do not know about the VMS as nobody would allow me to “follow it through” and as it was nearly fourty years ago back when system manufacturers did not tell you anything, infact they tended to attack those who found faults with their systems… Unix systems you sometimes had the source to thus could trace it back but even when not Unix systems people tended to want to fix not fight.

[2] History shows us that in early medieval Europe when the Holy Roman Empire was building, there was debate as to if all swans were white. That is they recognized that there were other aquatic birds such as ducks and geese that came in different colours but swans were different in that only white ones were then known. As trade routes opened up with Indo-China and what we now call the Far East, stories of strange animals came with the trade. Some of them were fanciful, and some turned out to be true as is the case of “Black Swans”. Which is why Nicolas Taileb called “unknown, knowns” “Black Swans”. Although he did make the mistake of also calling it the “Impact of the Highly Improbable” which he might now regret as “unknown knowns” are actually rather more common in enginering and science, after all they are in effect proto-hypotheses.

[3] https://en.m.wikipedia.org/wiki/Silent_Circle_(software)

Clive Robinson • July 10, 2020 4:44 AM

@ SpaceLifeForm,

<><>

I’m always very cautious about Bellingcat stories, as it appears others are from the first comment.

Which correctly points out that those who get out of prison early during a war have been turned to the authorities advantage. We saw this a lot in WWII with safe breakers and other highly technically skilled criminals teaching would be NOC’s to do what was required to get at paper records etc.

The FBI has dobe similar with cyber-criminals but has apparentky “screwed the pooch” to often for their offers to be trusted any longer.

But the question arises as to what use the person is?

From the article it indicates he probably has no technical skills and is just a “grab-artist” with a sufficient “glib ability” to be a con-artist as well.

But one sentence if true might be the key,

“Andrey Kunavin was more than a stand-alone criminal, but one integrated with higher-level Russia-based organized crime groups.”

In Russia the “higher-level” includes the Oligarchs some of whom are very close to Putin.

I guess we will have to wait and see if Bellingcat have got this bit right or not.