?

Log in

No account? Create an account

Previous Entry | Next Entry

You Foolish Animals!

OK, small political rant again.

Twitter: the power to overthrow tyrants. No. The power to allow tyrants to track you and allow you enough rope to hang yourself.

It's been said that there are two ways to break any cryptosystem. One is a rubber hose in a dark room. The other is controlling the system itself. This is about the second one.

All pumped up by Green Spring in Iran, ASSK (yes, that charming, beautiful nobel laureate) is keen to start twittering, social networking, and otherwise using the internet. She's been given an internet connection.

This is going to lead to the entrapment, torture, and execution of a variety of otherwise blameless individuals. Why?

Well, the Internet is not made of tubes, connecting people together like a switchboard. If anything, it's a big copying machine. A signal goes from your ethernet port to your router, is copied to memory, and is replicated on the outboard route, which signals to the telephone line, which reaches another router which copies it to memory, moves it to the next outgoing port, and so on.

Along the way, copies can be altered.

THIS IS IMPORTANT. Copies can be altered. Especially when you control the hardware. In Burma, the Junta controls the hardware.

But that's cool. Blackberry, Skype, HTTPS, these are secure, because the copies don't mean anything. They're all encrypted, right? So tampering would spoil the transmission. You'd know, wouldn't you?

WRONG. The encryption involves an exchange of keys with which to perform this encryption. If the handshake where these keys are exchanged at the beginning of the conversation is subverted by the hardware that is carrying the messages back and forth, and in fact makes a false key to talk to party A and a separate one to talk to party B and decrypts whatever comes in from A using the false key they gave A, reads it, and re-encrypts it before sending it on to party B with the false key they gave to party B, they can read anything in between.

Anyone who really believes that they are bypassing a firewall out of Burma using SSL is a fool. And could well be providing the Junta with all the information they need to prosecute you. This is in a country where owning a FAX MACHINE is a crime. Where being detained can mean things like being put in a box with your own shit and forced to eat cockroaches or starve. No. Really. Is that a risk you want to take? How about when it's your spouse, or your child that gets to suffer?

But Blackberry, blackberry will save us! They use pre-arranged encryption keys that aren't exchanged and so aren't open to man-in-the-middle attacks.

Blackberries made where? Where do the chips come from? A smartphone is as smart as a ten-year-old computer at the VERY LEAST, and we were well into the multi-million-instructions-per-second in 2001. There could be all sorts of malware at work and you'd never know it. The chips themselves could be subverted. You don't know what's in that thing. Firmware can be subverted after manufacture, for crissakes! Even by a deliberately-targeted virus delivered by email.

But even more easily subverted—and more cheaply—is to subvert security personnel in Skype, in Blackberry. Nowadays, at least two countries: Saudi Arabia and Indonesia have access to BB traffic, and who knows whom else. Do you mean to tell me they aren't selling it, trading it for other intelligence? Bullshit. And Skype—What exactly happened when service went down for two days? Can you tell me that the system is always, yes, always secure and encrypted? Remember: shit and cockroaches. Your choice.

The revolution will not be tweeted. But the counter-revolution will be brought to you by twitter. Trust me on that one.

Rant over. For now.

Comments

( 4 comments — Leave a comment )
wendigomountain
Jan. 25th, 2011 08:15 pm (UTC)
Revolutions work best at the lowest levels of technology, I think. The next true revolution won't come over the internet, as you have said, but via things like manual typewriters and secret tunnels.

At least that's what I've heard. You can't be too careful what you say online these days...
barry_king
Jan. 25th, 2011 08:24 pm (UTC)
Oh, I doubt that very much. The world is too big and small for old technology to have an equivalent effect.

No, I think communications technology is essential to mass movements today, but people have to understand the limits of security once they move beyond something where nobody cares about you (like LJ security is fine for nearly everyone sitting on their butts pontificating in the industrial nations) to something like taking on a ruthless dictatorship that holds all the cards.

The young bright idiots that are telling people like ASSK that they can play by North American rules should be taken out and horsewhipped. When things worse than losing your life are on the line, you don't play around. And not understanding the technology you're using is playing around in the worst possible way.
nipernaadiagain
Feb. 2nd, 2011 08:22 am (UTC)
Nice rant.

Estonians have experienced the silencing side of the cyber attacks (during the Tallinn Bronze Soldier events of 2007), but you have made me consider more seriously the next layer that can be built on it.

barry_king
Feb. 2nd, 2011 02:25 pm (UTC)
Well, I'm getting to be an old fart and tend to look at things in terms of worst-case scenarios. Still, you can never know too much about your tools.
( 4 comments — Leave a comment )