A 2006 document from the Snowden archives outlines successful NSA operations against “a number of “high potential” virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems.”
It’s hard to believe that many of the Snowden documents are now more than a decade old.
Spek • September 17, 2018 8:52 AM
@Steve
An enormous amount of information came outf rom the Snowden docs that were not publicly known nor remotely dreamt of in peoples worst nightmares.
JonKnowsNothing • September 17, 2018 8:56 AM
@Steve
You might find them “uninteresting” because the people who do the things described are still doing the things described. People that spy, lie and deceive are still doing the spying, lying and deceiving.
Same with the torture folks. They are still there doing their torture routines and even with a few apologies it doesn’t really slow them down.
Apologies are just “bits of paper” after all.
Perhaps the most “uninteresting” aspect is that historically spying, lying, deceiving, and torture has an endless tail into present. All the “basic reasons” such as “national security” or “border controls” has never worked long term. It’s all a “uninteresting” dead-end activity with zero chance of success in the long run.
At best you can say the folks with the “uninteresting” jobs are doing the best they can with what little intelligence they possess.
TimH • September 17, 2018 9:16 AM
The apologies, as JKN points out, are meaningless. EHCR’s report that that GCHQ “acted illegally” with “mass-scale domestic surveillance of every Briton’s electronic communications” will change nothing at GCHQ, except internal security against leaks. No minister goes to jail for authorising the activity, and no illegally slurped data is destroyed. In 2008 the ECHR ruled UK’s DNA database of innocent people breaches human rights, and must be deleted, but it still hasn’t.
Alejandro • September 17, 2018 9:28 AM
NSA, FBI, Five Eyes never complain about VPNs causing them to go dark or blind. The only logical conclusion is they have a wide open pipe to all VPN traffic.
CallMeLateForSupper • September 17, 2018 9:30 AM
“It’s hard to believe that many of the Snowden documents are now more than a decade old.”
Or that Snowden is still stuck in Putin-a-Lago Last Resort.
Gerard van Vooren • September 17, 2018 9:43 AM
@ JonKnowsNothing,
“Perhaps the most “uninteresting” aspect is that historically spying, lying, deceiving, and torture has an endless tail into present.”
The real problem the fact that the US was and is still today a very nasty superpower with the last 3 potusses being at the level of destructing anything they can get away with, which is a lot when you are having allies.
Tatütata • September 17, 2018 9:57 AM
NSA, FBI, Five Eyes never complain about VPNs causing them to go dark or blind. The only logical conclusion is they have a wide open pipe to all VPN traffic.
I occasionally use a commercial VPN, but never for anything really sensitive.
I tried a couple over the last years. Most of the offers are rather shady, I was rarely able to find out just where exactly the company is domiciled. (VAT? Fuggedaboudit!) Conversely, some made suspicious demands, like asking for a scan of my actual credit card. (No way!)
What would prevent a TLA or ETLA to set up their own Air-America-like honeypot VPN businesses?
The one I currently use has its HQ in Britain, land of the snooper’s charter.
Even if the crypto is sound, a VPN can attract the attention of the TLAs of three different countries: the end user’s, the VPN operator’s, and that of the target IP address…
me • September 17, 2018 10:30 AM
Thanks to Snowden for exposing this illegal & immoral activity.
To who still thinks that he is a traitor: maybe yes, maybe no; it doesn’t matter! he is just a person.
What matters is that NSA & Government is illegally mass spying the whole planet and it’s own citizen, all the citizens, every, single, moment of their private lives.
Clive Robinson • September 17, 2018 11:02 AM
@ Bruce, All,
It’s hard to believe that many of the Snowden documents are now more than a decade old.
Yes, but it has an implication, that people realy should take on board,
So you could assume that in ten years their capabilities have also doubled every six months to a year. Which means a tgousand (1000) to a million (1,000,000) times the capability over all.
But, as for VPN’s they have not realy been a great success security wise for a whole variety of reasons. Those that you “rent” can not be trusted for obvious reasons some of which others have mentioned already. But as we know the SigInt entities not just in the West but Far East have specialised in making them attack targets. Whilst also attacking the standards behind the VPN crypto.
Which often means their only use is getting around geographic content restrictions and keeping out the not so bright script kiddies…
Snarki, child of Loki • September 17, 2018 11:04 AM
“To who still thinks that [Snowden] is a traitor: maybe yes, maybe no; it doesn’t matter!”
It’s 2018. We have bigger traitors to fry.
Sallie • September 17, 2018 11:57 AM
@TimH
In 2008 the ECHR ruled UK’s DNA database of innocent people breaches human
rights, and must be deleted, but it still hasn’t.
It’s not true.
The law was changed in 2012 following the ECHR verdict so that only people convicted of an offence will have their fingerprint records and DNA profiles retained indefinitely:
TimH • September 17, 2018 12:09 PM
@Sallie – My claim was that the illegal historical database exists. Your statement doesn’t negate that, just covers ongoing collection.
From Wikipedia: “In response to this the Home Office announced in May 2009 a consultation on how they would comply with the ruling. The Home Office proposed to continue retaining indefinitely the DNA profiles of anyone convicted of any recordable offence, but to remove other profiles from the database after a period of time – generally 6 or 12 years, depending on the seriousness of the offence.”
So if Home Office does what it says, entries deeemd illegal by ECHR will exist until 2009 + 12 = 2021.
Gareth • September 17, 2018 12:28 PM
It is my understanding that biometric data previously collected from people who had been not convicted were destroyed in 2012. From the website quoted above:
“All DNA profiles and fingerprint records which were held on the NDNAD and IDENT1, along with all samples, which did not meet the requirements of the new retention schedule have now been destroyed.”
Jack • September 17, 2018 1:08 PM
@Gareth : They would never just LIE, right?
TimH • September 17, 2018 1:45 PM
“All DNA profiles and fingerprint records which were held on the NDNAD and IDENT1, along with all samples, which did not meet the requirements of the new retention schedule have now been destroyed.”
However the parallel records in the DBs of the 5-eyes partners remain intact…
Not lying, Gareth, just implying an untrue state of affairs by omitting information.
echo • September 17, 2018 2:16 PM
@TimH
Yes, and all the breaches and ommission of the whole picture and paying lip service to the rules where European Convention rights are an issue is a breach of the law in itself. I suspect a lot of UK state abuse isn’t “just because” but also driven by doing things on the cheap.
Steve • September 17, 2018 2:39 PM
The FBI does go after VPNs. A few have survived their questions mainly because they do not retain any records.
The FBI has failed at this at least 2 times to my knowledge.
That means to me that the VPNs with properly configured setups, using 256-bit encryption, and not retaining logs ARE providing the type of VPN service desired.
Don’t be lazy with your OPSec when signing up for VPN service.
George • September 17, 2018 2:42 PM
@TimH:
I find your comment very interesting! I certainly don’t trust the UK government blindly, but is there any information about overseas copies of suspects’ biometric data collected originally by the British police?
TimH • September 17, 2018 3:28 PM
@George – It works in a way such that you’d never find out. Once a suspect is identified by use of a disallowed method (some form of suspicionless and warrantless search), then it’s usually straightforward to find other evidence that supports a warrant. Parallel construction is the name.
echo • September 17, 2018 4:34 PM
Reading through the linked article highlights how systems can be insecure because of poorly chosen communication defaults and also insecure endpoints. Looking beyond a single system and considering the broader picture of multiple systems interacting it’s a big headache!
The motivation for breaking VPNs seems reasonable from a Five Eyes point of view. The politics is very difficult though.
I recall the NSA claiming that Snowden didn’t get the corwn jewels and I suppose GCHQ will be pleased being as GCHQ had habits which made even the NSAs eyes widen. The thing is as long established organisations who have a public reputation of being ahead and in some cases invented much of the field this is to be expected.
Steve • September 17, 2018 5:13 PM
The gist of my comment still stands: How much have we heard in the media about the Rat Humping (h/t Charlie Pierce) of our election in 2016?
Reality Winner’s leak, to my mind, at least, is far more important than Snowden’s, which was old news when it was even news at all.
Timh • September 17, 2018 6:25 PM
@Steve – The value of the Snowden data is that it is hard evidence, not just news. It became the solid foundation of lawsuits.
Hmm • September 17, 2018 6:32 PM
@Steve
Snowden provided classified evidence. Anyone can speculate, extrapolate or make things up.
“Snowden’s, which was old news when it was even news at all.”
Is a BS claim from an uninformed position, sorry to say. Read about this.
I don’t know why you’re anti-Snowden but it obviously isn’t based on the content of his releases, really.
Hmm • September 17, 2018 6:35 PM
@Tim
Beat me to it.
Yep once you see the thousands of classified powerpoints documenting every code name in depth with flow charts and pseudocode, that’s pretty damn compelling compared to word of mouth BS from “infowars” or their adherents, say.
Although I was watching Stockwell and Binney and those guys back in the late 90’s!
So as the saying goes, Snowden was just another snowman head on the shoulder of giant snowmen…
Something like that. But the proof he provided was absolutely unprecedented, barring no other release.
Steve would probably find it interesting to go back and refresh himself with literature of the period.
I think his memory has been blended over time, it’s hard to keep complex timelines straight,
in his defense. Still.. he ought to attempt it…
Humdee • September 17, 2018 7:12 PM
@steve writes, “the FBI does go after VPNs. A few have survived their questions mainly because they do not retain any records.”
VPNs play a word game and it goes like this:
Do we log? No.
Will we implement a lawful pen register order? Yes.
These VPNs don’t keep records….until the FBI asks them, then they keep records. The problem for the end user is that they don’t know when the FBI asks, so the no logging claim is true but useless.
Hmm • September 17, 2018 7:35 PM
@Humdee
International “no-record” VPN’s may not give in to the FBI, a couple cases where that happened. But if the FBI is looking at you, a VPN won’t help much. You matriculate into an interesting target and they authorize a CIPAV or something special. They’re not going to give up on a target because they have a solid VPN, lol.
Steve • September 18, 2018 10:10 AM
I’ve wondered why the FBI and the other alphabet soup government agencies don’t raise a ruckus about VPN. They certainly do about Apple phones. So are VPNs really insecure? I mean why use a VPN other than pretending you’re from another country if it is insecure? And why aren’t they raising cain about people who use encryption like AES to secure files? I can always send someone an encrypted file (using PeaZip or VeraCrypt)containing whatever secret instructions I want and according to the literature it should be secure. Aren’t the crims not able to figure that out and employ this tactic? I’m not technical so I have to rely on others to develop solutions that I can use to protect my privacy and the tracking of my browsing habits. So I have no way to directly validate if something is truly protected or not.
Clive Robinson • September 18, 2018 10:53 AM
@ Snarki, child of Loki,
It’s 2018. We have bigger traitors to fry.
Yup we call them the “guard labour” and their “paymasters”
Even though the elected Politicos and those who vote for them believe they are in charge, it’s become abundantly clear they are not.
They are actually under the thumbs of unelected “money men” and the seniors in the security services, who use the same or similar tactics as J.Edgar Hover did to stay in power of the FBI that he then used to get more “dirt” to ensure that every politician had “strings attached” that he could then pull, in effect making them his puppets.
It was clear that Mr Comey considered himself to be in a similar position under Obama, then under Trump. However Trump atleast called his bluff, which has scared quite a few we generally do not see.
Beltway politics is an Aegean Stables of a problem as the Mueller investigation is showing, everyone you care to look at in the beltway is corrupt in some way you just have to find it.
Oh and it turns out when Mr Mueller was in Mr Comey’s position he was corrupt as well…
Which realy brings up the trust question when talking about “Quis custodiet ipsos custodes?”
That is can you find an honest man free from all corruptions taints who will remain free from all corruption to guard the guard labour and their paymasters?
Something tells me not.
Clive Robinson • September 18, 2018 11:40 AM
@ Steve,
I’m not technical so I have to rely on others to develop solutions that I can use to protect my privacy and the tracking of my browsing habits. So I have no way to directly validate if something is truly protected or not.
There are two things of interest to any attacker which the Government entities most certainly are,
1, Message Content.
2, Traffic flows.
From a users perspective they have little or no control over anything other than message content. And then only if they move the security end point beyond the attackers reach.
Tor likes to kid people that it provides anonymity, but it’s simply not true as various attacks against it have shown. Over and above what I and others like me have been saying for years.
We do actually know how to give not just message security but immunity to flow of traffic analysis. From that we can categorically state “Tor can not give immunity to traffic analysis”.
The interest in iPhones over VPN’s is relatively simple to explaine. The authorities want control over not just the communications end point but the security end point for ordinary citizens. Because that is way way easier than breaking encryption or even doing traffic analysis.
As was shown with Tor if they gain control of one end point they can infect any other end point that connects to it if the end point alows it’s self to be infected. With all the zero day attack vectors we see it’s a racing certainty that all communications end points can be infected, and made to ET “phone home” to the “Mothership” with identifing information.
Thus VPNs are a low priority in comparison to control of the communications end point. As once one end point is “owned” it can “stepping stone” it’s way through an entire communications network identifing each and every participant.
But worse if you use the same hardware for the communications and security end points you are “dead in the water” but just don’t realise it yet. They can do an “end run attack” around the security end point and get dirrectly to the plaintext user interface.
Apple are one of the few vendors that make any real effort to protect the communications end point as well as any storage directly on it. Which the psychos in the FBI and DoJ take as a personal attack on their illicit behaviour and thus will try to make an example of Apple to warn off other organisations. It’s safe to say that the FBI did not give a dam about the contents of a dead persons phone. What they wanted to do was establish a legal president, they thought it would be a push over. Unfortunatly it was not and when it became clear that they were not just going to loose but have a president contrary to their desires set, the bailed and pulled a rip cord they had lined up just in case. Unfortunatly I suspect for career reasons the magistrate let them get away with it and settle for the original status quo.
Clive Robinson • September 18, 2018 12:32 PM
@ Hmm, All,
But the proof [Ed Snowden] provided was absolutely unprecedented, barring no other release.
Yes and it was also a game changer in that proved beyond a doubt that the US Gov and it’s IC were lying about what they were doing and that Oversight was compleatly ineffective.
It also made clear a point I’ve been making for years which is,
That is it does not matter how improbable it sounds “check if the laws of physics alow it” if they do then assume it can be done with the right resources, then look at those resource requirments and see what is going on their technically.
If you go back on this blog you will find pre Ed Snowden that even our host @Bruce was sceptical about the NSA facility in Utah.
He even had a post that asked what readers thought.
You can see there that not only did the laws of physics alow “collect it all” that the technology was also commonly available to do it. Also that most readers knew it but had not “joined the dots” untill asked to do so. Even after the dots were joined many out of patriotism or some other set of blinkers did not want to believe it. But as time and the Ed Snowdrn trove showed, the technical analysis was correct, the NSA was hovvering up everything to make an “Information time machine”.
Since then for many the blinkers have been lifted, they are more easily persuaded by valid technical arguments that they are also prepared to do for themselves.
In effect a tipping point got crossed, one the US IC entities realy wished it had not. Because by it they were much diminished, people now take more steps to protect their information the much increased use of https shows that.
The point is though that we need to keep pushing further past that tipping point, we need to actually recognise when even the best of “security apps” are realy snake oil because of “end run attacks” that most manufactures just build in because they do not get “push back” to improve end point security etc.
We have even since found good reason to see why the likes of Google at best pay lip service to security. That is we and their employees have started to see into the hollowness of the corporate “Don’t be evil” in that it now has the rider of “unless the money is good” which is what the current China debacle is all about.
Still to get the “crowbar in the crack” treatment is Peter Thiel and Palantir,
https://www.bloomberg.com/features/2018-palantir-peter-thiel/
https://theoutline.com/post/3978/peter-thiel-knows-you-ran-that-red-light
Whodathunk • September 18, 2018 1:40 PM
“crowbar in the crack” – Seems unorthodox.
Clive Robinson • September 18, 2018 3:19 PM
@ Whodathunk,
“crowbar in the crack” – Seems unorthodox.
No it’s the method de jure amongst proffesionals box humpers. You push the tip of the crowbar right under the lip, work it around a bit then give it a whack to drive it in then pull on the bar such that the lever effect comes into play, then a couple of good tugs and grunts later the lip has lifted and the top comes of, such that you can see what mess awaits you.
It’s way easier than using a claw hammer or pliers, you realy don’t get the leverage with those and nails get twisted or torn out which usually causes things to slip and thus cause the whole effort to be a compleate pain.
fatman • September 25, 2018 11:21 PM
Clive Robinson
Tor likes to kid people that it provides anonymity, but it’s simply not true as various attacks against it have shown.
You’ve consistently been misrepresenting Tor’s threat model on this blog for years. The software has a big fat warning specifically saying that it cannot protect against a GPA. Not to mention, the mitigations you claim would work (such as adding jitter or null traffic) were researched extensively, and it was found out that rather trivial classifiers can still defeat them. In particular, it turns out that jitter would need to cause a delay with a median of 6 HOURS to provide sufficient anonymity. As a result, all that can be reliably done is protect from netflow record logging (which is now being done), and to avoid WF attacks (which is being looked at).
The REAL problem with Tor is that it, alone, cannot provide you with anonymity. A Firefox 0day is not going to be particularly expensive (IIRC, the one given to the FBI by druid that was eventually nicknamed “torsploit” was only $70 or so, despite being an older vuln), and a compromised Firefox will obviously bypass Tor.
There have been mathematical analyses on tagging attacks, for example, showing that the false positive rate shoots WAY up for any non-trivial set of suspects even with very sophisticated classifiers, making traffic analysis, even for a GPA, quite difficult to do at scale for a large number of people (though still possible in theory). I find it odd that you keep claiming that Tor pretends to provide anonymity when it admits itself that it does not and cannot protect from a GPA, and when research has shown that your “trivial mitigations” are completely useless.
Just for your future information, since you seem to talk a lot about Tor but only seem to know about the more basic of attacks (I haven’t seen you mention WF, tagging or crypto tagging, netflow analysis, etc.), here is what Tor currently does for mitigating traffic analysis attacks (to some extent):
There are also some future improvements being added:
WTF-PAD is being considered to mitigate WF attacks (even if they are already limited in capability).
Full-circuit authentication is being considered to mitigate crypto tagging attacks.
The concept of split flows is being researched.
fatman • September 25, 2018 11:30 PM
@Clive Robinson (seems I missed the @ on my first post)
You may want to read up on https://lists.torproject.org/pipermail/tor-dev/2012-March/003347.html, which explains how crypto tagging attacks can be done by a sufficiently omnipresent adversary, at least to start. Then look through Free Haven for the research papers that actually research the concepts you have proposed and have shown the problems to be either intractable, or impractical to mitigate.
Since you certainly seem to know a lot about OPSEC and the ins and outs of the IC, I am a bit surprised that your understanding of Tor seems to be so limited. I’m not sure if it’s because you stopped paying attention to new research after 2007 or so, or what, but your current understanding of Tor is outdated.
Now, I am not entirely disagreeing with you. Tor is not perfect, especially against an AS-level adversary that has access to a large number of ASes and IXPs, and going around Tor by attacking the browser is often quite easy (however, as the ASToria paper showed, not all government adversaries are in that position). However, focusing on the traffic analysis aspect when your understanding seems to be limited entirely to correlation and basic watermarking attacks confuses me.
There are certainly problems with Tor, but all the problems you point out are very basic problems that have been known forever and are explicitly warned about, and you speak of them as if no one but you has been warning against them for the past decade. Meanwhile you point out mitigations as if they are so obvious, when in reality the mitigations were tested and found to be insufficient.
I really suggest you bring your knowledge of Tor up to date.
na na • September 28, 2018 6:27 PM
Humdee • September 17, 2018 7:12 PM
@steve writes, “the FBI does go after VPNs. A few have survived their questions mainly because they do not retain any records.”
VPNs play a word game and it goes like this:
Do we log? No.
Will we implement a lawful pen register order? Yes.
These VPNs don’t keep records….until the FBI asks them, then they keep records. The problem for the end user is that they don’t know when the FBI asks, so the no logging claim is true but useless.
Have you heard about a warrant canary?
fatman • October 16, 2018 10:30 PM
@na na
The issue is not that VPNs will be forced to keep logs, but that the ISPs they use most certainly DO keep logs. Even if a VPN is 100% honest and even if it is never forced to enable any sort of logging behavior, both the ingress and egress will go through the same logging ISP which can trivially correlate traffic.
Robert Braunschweig • May 30, 2019 4:19 PM
Hi Schneier,
I’m seriously confused about VPNs, TOR and the NSA. Some websites say that the NSA can’t crack VPNs, YES they can, ditto TOR. Plus, TOR gets you added to the “Persons of Interest” list and so on.
Does anyone know the truth?
Let’s assume that I’m a “Person of Interest”, for the sake of argument OK? Maybe I use TOR, maybe I blogged 911 was an inside job, etc. So now the NSA monitors every bit of data going through my ISP, which is a cable modem FWIW. The router is an Asus AC-3200 which connects with OpenVPN to my VPN, which is ExpressVPN. It uses RSA 2048 bit encryption and SHA256 key sizes. BUT the NSA would have been there while I created my account and would have recorded any keys, passwords, etc. Then I connect to the router with a laptop which is booted from a TAILS usb, which has TOR pre-installed as part of TAILS.
Dnsleaktests show no leaks at all.
So, can the NSA listen in to everything I’m doing or not? Please, let’s set the record straight.
Thanks, Rob
Clive Robinson • May 30, 2019 5:38 PM
@ Robert Braunschweig,
<
blockquote>So, can the NSA listen in to everything I’m doing or not?
That’s the wrong question to ask realy.
The likes of the NSA go after plaintext wherever they can, but they also go after “traffic analysis” as it’s almost real time. For obvious reasons they try and avoid attacking the actuall crypto because on most occasions that is not the weak point in the security chain as practically implemented.
Like most of the longer established SigInt agencies they also want to keep off of end systems where possible, prefering to go one router upstream of you such that they can see your traffic, but you can not see them.
From that vantage point they can do a number of things to your traffic over and above just passively watching. They can “tag your traffic” and they can “modulate your traffic”. Modulating the traffic by shifting the time patter on which it is sent, more or less stays with your traffic stream no matter how many VPN systems and nodes you use. The reason for this is “Efficiency-v-Security” the more efficient a system is generally the more transparent it is to packets being modulated in time. Yes there are ways to stop it but I’m not aware of any standard VPN systems dealing with this problem.
So the SigInt agency can follow your packets from when they leave your gateway untill they reach the destination gateway. All through the magic of modulating the packets, this works not just at the time but even years down the time line due to the nature of “collect it all” and nanosecond or better timing information.
Now having outlined the basic way they can find your traffic they also know further details such as the number of packets sent from which they can work out the size of the file/traffic you sent.
Now lets assume you sent it anonymously to this site, the NSA would know when and the approximate size. They don’t need to break the encryption to get your plain text…
Whilst you might not post to a public site, the chances are your plaintext will be around with a usefull time stamp as well as size.
It’s why “meta-data” is of such concern, because as things stand you currently can neither obfuscate or encrypt network meta-data.
It can be done with small changes to the way the network works and likewise the protocols.
If you come up with a protocol that alows “in message random stuffing” then some of the corelation between size from number of packets and plaintext breaks down. Likewise using “store and forward” nodes breaks the packet modulation and various other tricks like a “Fleet Broadcast System” that sends packets to multiple destinations likewise breaks other correlations.
I’ve described various asspects of this in the past decade or so and why they need to be done as a matter of urgency… But here we are and it’s still not happening the way it could so easily have done, thus every ones privacy is still vulnerable…
Robert B. • May 31, 2019 4:41 PM
@ Clive Robinson,
WOW. Your answer totally blows me away. I get what you’re talking about, too. They simply stamp each paket and wait for that paket to show up somewhere else. However, for the NSA to do that, they need to go upstream from the router, which is my laptop. I believe that anyone can inject malware to Windows but TAILS? Isn’t that considered better?
What about sending emails? The pakets don’t show up on a website somewhere but get sent to a specific email address through protonmail or other other secure email service like HMA or Tutanota, etc.
You’ve totally got my attention and thank you for your answers.
Robert
Dr.S • May 19, 2020 9:59 AM
It is more effective to own a bunch of VPN’s instead of spending resources to decrypt the communication.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Steve • September 17, 2018 8:41 AM
I’ve always been amazed at how really uninteresting most of Snowden’s “revelations” have been. Has there ever been something that we didn’t already know about or that wasn’t already ancient and probably superceded by the time it came out?
It’s also curious that Snowden gets all the press but Reality Winner’s revelations of Russian rat-effing of our election in 2016. . . not so much.