Robert Graham
Author Archives: Robert Graham
- Home → Author's archive:
Robert Graham
That Spiegel NSA story is activist nonsense
Yet again activists demonstrate they are less honest than the NSA. Today, Der Spiegel has released more documents about the NSA. They largely confirm that the NSA is actually doing, in real-world situations, what we'ved suspected they can do. The text of the article describing these documents, however, wildly distorts what the documents show. A specific example is a discussion of something call "TUNDRA".It is difficult to figure out why TUNDRA is even mentioned in the story. It's cited to support some conclusion, but I'm not sure what that conclusion is. It appears the authors wanted to discuss the "conflict of interest" problem the NSA has, but had nothing new to support this, so just inserted something at random. They are exploiting the fact the average reader can't understand what's going on. In this post, I'm going to describe the context around this.
TUNDRA was a undergraduate student project, as the original document makes clear, not some super-secret government program into cryptography. The purpose of the program is to fund students and find recruits, not to create major new advances in cryptography.
It's given a code-name "TUNDRA" and the paragraph in the document is labeled "TOP SECRET". The Continue reading
Dear Leader’s Lesson in Confirmation Bias
Brian Krebs has a blogpost citing those who claim evidence of North Korea involvement in the massive Sony hack. He uses as an example the similarities between the Sony defacement and a South Korean defacement that was attributed to the North Koreans. He shows these two images side-by-side so that you can see that they are obvious similar.
However, they don't look similar at all. This is generally what all website defacements look like. Specifically, the common components among defacements in are:
- black background
- green, red, and white foreground
- "Hacked by" message
- WARNING banner
- Phrack-style headers (like ::: on either side of header)
- Powerful picture in center, often a skull
- Message that strokes the ego, often "we are legion" style
In the bottom of this post, I include a gallery of other defacement pictures, so that you can see that this is normal hacker underground culture.
There are certainly some similarities, such as the "we have all your data" message. But that's easily explained by the fact that the South Korean hack was widely popularized in the media, so it's easy to see how they would take this as inspiration. Or, it's just simply that if the goal of your Continue reading
Ask a nerd
One should probably consult a lawyer on legal questions. Likewise, lawyers should probably consult nerds on technical questions. I point this out because of this crappy Lawfare post. It's on the right side of the debate (FBI's evidence pointing to North Korea is bad), but it's still crap.For example, it says: "One hears a lot in cybersecurity circles that the government has “solved” the attribution problem". That's not true, you hear the opposite among cybersecurity experts. I suspect he gets this wrong because he's not talking about technical experts, but government circles. What government types in Washington D.C. say about cybersecurity is wholly divorced from reality -- you really ought to consult technical people.
He then says: "it is at least possible that some other nation is spoofing a North Korean attack". This is moronic, accepting most of the FBI's premise that a nation state sponsored the attack, and that we are only looking for which nation state this might be. In reality, the Sony hack is well within the capabilities of teenagers. The evidence is solid that Sony had essentially no internal security -- it required no special sophistication by the hacker. Anybody Continue reading
Sony hack was the work of SPECTRE
The problem with hacking is that people try to understand it through analogies with things they understand. They try to fit new information into old stories/tropes they are familiar with. This doesn't work -- hacking needs to be understood in its own terms.But since you persist in doing it this way, let me use the trope of SPECTRE to explain the Sony hack. This is the evil criminal/terrosist organization in the James Bond films that is independent of all governments. Let's imagine that it's SPECTRE who is responsible for the Sony hack, and how that fits within the available evidence.
This trope adequately explains the FBI "evidence" pointing to North Korea. SPECTRE has done work for North Korea, selling them weapons, laundering their money, and conducting hacking for them. While North Korea is one of their many customers, they aren't controlled by North Korea.
The FBI evidence also points to Iran, with the Sony malware similar to that used in the massive Saudi Aramco hack. That would make sense, since an evil organization like SPECTRE does business with all the evil countries. Conversely, the Iranian connection doesn't make sense if the Sony hack were purely the work of the Continue reading
The FBI’s North Korea evidence is nonsense
The FBI has posted a press release describing why they think it's North Korea. While there may be more things we don't know, on its face it's complete nonsense. It sounds like they've decided on a conclusion and are trying to make the evidence fit. They don't use straight forward language, but confusing weasel words, like saying "North Korea actors" instead of simply "North Korea". They don't give details.The reason it's nonsense is that the hacker underground shares code. They share everything: tools, techniques, exploits, owned-systems, botnets, and infrastructure. Different groups even share members. It is implausible that North Korea would develop it's own malware from scratch.
Here's the thing with computer evidence: you don't need to keep it secret. It wouldn't harm Sony and wouldn't harm the investigation. It would help anti-virus and security vendors develop signatures to stop it. It would crowd source analysis, to see who it really points to. We don't need to take the FBI's word for it, we should be able to see the evidence ourselves. In other words, instead of saying "IP addresses associated with North Korea", then can tell us what those IP addresses are, like "203.131.222.102".
But Continue reading
I just bought a ticket for The Interview
Free speech is only partly a government issue ("1st Amendment"). Throughout the world, speech is chilled more by thugs than by police. It could be youth gangs beating up journalists like in Russia, or Islamists killing cartoonists and movie makers. Even in America, we increasingly have a culture that seeks to silence debate, rather than countering bad speech with more speech.
There is action we can take, and it's this: when some are threatened, they should not stand alone. They can't kill, beat up, or dox all of us when we are many. We should draw pictures of Mohamed. We should criticize the despotic rule of Putin. We should buy tickets to The Interview and brag about it online.
What they miss about Uber/Lyft pay
In this story, writer Timothy B. Lee (@binarybits) becomes a Lyft driver for a week. He focuses on the political questions, such as the controversially low pay. He makes the same mistakes that everyone else makes.Lyft (and Uber) pay can be low for the same reason McDonalds is open at midnight. In absolute terms, McDonalds loses money staying open late. But, when you take into account all the sunk costs for operating during the day, they would lose even more money by not remaining open late. In other words, staying open late is marginally better.
The same is true of Lyft/Uber drivers. I take Uber/UberX on a regular basis and always interview the drivers. Without exception, it's a side business.
This one time, my UberX driver was a college student. He spent his time between pickups studying. When calculating wait-time plus drive-time, he may have been earning minimum wage. However, when calculating just drive-time, he was earning a great wage for a student -- better than other jobs open to students.
Without exception, all the Uber black-car drivers have their own business. They have fixed contracts with companies to drive employees/clients. Or, they have more personal relationships with Continue reading
Notes on the CIA light-torture report
I'm reading through the Senate report on the CIA's light-torture program, and I came across this giggly bit:#10: The CIA coordinated the release of classified information to the media, including inaccurate information concerning the effectiveness of the CIA's enhanced interrogation techniques. The CIA's Office of Public Affairs and senior CIA officials coordinated to share classified information on the CIA's Detention and Interrogation Program to select members of the media to counter public criticism, shape public opinionOf course they did, but then so did the Senate committee itself. They've been selectively leaking bits of the report for over a year. Their description of the "CIA hacking" scandal was completely inaccurate.
Moreover, this Executive Summary wasn't simply published, but given to select people in the media beforehand in order to shape the message.
There's no doubt that the CIA's brutal treatment of prisoners is evil, a stain on the nation's honor, and something that should be prosecuted. But Senator Feinstein and her colleagues are as guilty of this as anybody else. This report is political garbage designed to shield Feinstein from the blame she shares.
All malware defeats 90% of defenses
When the FBI speaks, you can tell they don't know anything about hacking. An example of this quote by Joseph Demarest, the assistant director of the FBI’s cyberdivision:"The malware that was used would have slipped, probably would have gotten past 90% of the net defenses that are out there today in private industry, and I would challenge to even say government”
He's trying to show how sophisticated, organized, and unprecedented the hackers were.
This is nonsense. All malware defeats 90% of defenses. Hackers need do nothing terribly sophisticated in order to do what they did to Sony.
Take, for example, a pentest we did of a Fortune 500 financial firm. We had some USB drives made with the logo of the corporation we were pen-testing. We grabbed a flash game off the Internet, changed the graphics so that they were punching the logo of their main competitor, and put text in the Final Score screen suggesting "email this to your friends and see what they get". We then added some malware components to it. We then dropped the USB drives in the parking lot.
This gave us everything in the company as people passed the game around. The CEO and Continue reading
FYI: Snowden made things worse
Snowden appeared at a #CatoSpyCon, and cited evidence of how things have improved since his disclosures (dislaimer: as Libertarian, I'm a fan of both CATO and Snowden). He cited some pretty compelling graphs, such as a sharp increase of SSL encryption. However, at the moment, I'm pretty sure he's made things worse.The thing is, governments didn't know such surveillance was possible. Now that Snowden showed what the NSA was doing, governments around the world are following that blueprint, dramatically increasing their Internet surveillance. Not only do they now know how to do it, they are given good justifications. If the United States (the moral leader in "freedoms") says it's okay, then it must be okay for more repressive governments (like France). There is also the sense of competition, that if the NSA knows what's going on across the Internet, then they need to know, too.
This is a problem within the United Sates, too. The NSA collected everyone's phone records over the last 7 years. Before Snowden, that database was accessed rarely, and really for only terrorism purposes. However, now that everyone else in government knows the database exists, they are showing up at the NSA with warrants to Continue reading
EFF: We’ve always been at war with EastAsia
As a populist organization, the EFF is frequently Orwellian. That's demonstrated in their recent post about the "Declaration of Independence of Cyberspace", where they say:
"The Declaration resounds eerily today. We live in an era where net neutrality is threatened by corporations that want to remove competition and force customers to pay more to have equal access to some sites."
This is self-contradictory. The Declaration says, unequivocally, that governments should not regulate cyberspace ("You have no sovereignty where we gather"), and should not make it into a public utility. The current EFF position is exactly the opposite, that government needs to regulate cyberspace as a public utility.
It is like that bit in 1984 where Orwell's government changes allegiances, going from being an ally with Eastasia to becoming their enemy, and then claim that they had always been at war with Eastasia. They made the change in mid-rally. Orwell describes how the mob quickly switched their beliefs, agreeing that they'd always been at war with Eastasia.
When I read 1984, I thought this was a bit over the top, that the mob would not behave so illogically. But we see the EFF mob today acts exactly that way Continue reading
The Pando Tor conspiracy troll
Tor, also known as The Onion Router, bounces your traffic through several random Internet servers, thus hiding the source. It means you can surf a website without them knowing who you are. Your IP address may appear to be coming from Germany when in fact you live in San Francisco. When used correctly, it prevents eavesdropping by law enforcement, the NSA, and so on. It's used by people wanting to hide their actions from prying eyes, from political dissidents, to CIA operatives, to child pornographers.Recently, Pando (and Internet infotainment site) released a story accusing Tor of being some sort of government conspiracy.
This is nonsense, of course. Pando's tell-all exposé of the conspiracy contains nothing that isn't already widely known. We in the community have long joked about this. We often pretend there is a conspiracy in order to annoy uptight Tor activists like Jacob Appelbaum, but we know there isn't any truth to it. This really annoys me -- how can I troll about Tor's government connections when Pando claims there's actually truth to the conspiracy?
The military and government throws research money around with reckless abandon. That no more means they created Tor than it means they created the Continue reading
That wraps it up for end-to-end
.PNG)
This was a radical design at the time. Big corporations and big government still believed in the opposite model, with all the intelligence in big "mainframe" computers at the core of the network. Users would just interact with "dumb terminals" on the ends.
The reason the Internet was radical was the way it gave power to the users. Take video phones, for example. AT&T had been promising this since the 1960s, as the short segment in "2001 A Space Odyssey" showed. However, getting that feature to work meant replacing all the equipment inside the telephone network. Telephone switches would need to know the difference between a normal phone call and a video call. Moreover, there could be only one standard, world wide, so that calling Japan or Europe would work with their video telephone systems. Users were powerless to develop video calling on their own -- they would have to wait for the big telcom monopolies to develop it, however long it took.
That changed with Continue reading
Don’t mistake masturbation for insight [NOT SAFE FOR WORK]
Stroking prejudices isn't insight. I mention this because people keep sending me this Oatmeal cartoon that does nothing but furiously stroke its supporters until they ejaculate all over the screen.
The comic claims NetNeutrality is a bipartisan issue. By bipartisan it means that Democrats and the Green Party overwhelming support it. The comic is certainly not referring to Republicans, who overwhelming oppose NetNeutrality, as any googling of "republican net neutrality" would demonstrate. I suspect the problem here is that Oatmeal readers are in a filter-bubble (a technical term for "sitting in a circle jerking each other off") and therefore don't seriously believe Republicans exist.
The comic seriously says this: support for NetNeutrality is bipartisan, but opposition is partisan. I suspect they like words like "shit smear" because they are so accustomed to having their heads up their own asses.
The Oatmeal claims NetNeutrality won't mean the feds can dictate how much your ISP charges. I suspect that's because the comic's fingering of his own ass distracts him from reading. Obama's proposal today is to reclassify the Internet as a common-carrier under section II of the Telecommunication's Act. Luckily, we have something called the "Internet" were we can Continue reading
The Oatmeal claims NetNeutrality won't mean the feds can dictate how much your ISP charges. I suspect that's because the comic's fingering of his own ass distracts him from reading. Obama's proposal today is to reclassify the Internet as a common-carrier under section II of the Telecommunication's Act. Luckily, we have something called the "Internet" were we can Continue reading
This Vox NetNeutrality article is wrong
There is no reasoned debate over NetNeutrality because the press is so biased. An example is this article by Timothy B. Lee at Vox "explaining" NetNeutrality. It doesn't explain, it advocates.1. Fast Lanes
Fast-lanes have been an integral part of the Internet since the beginning. Whenever somebody was unhappy with their speeds, they paid money to fix the problem. Most importantly, Facebook pays for fast-lanes, contrary to the example provided.
One prominent example of fast-lanes is "channels" in the local ISP network to avoid congestion. This allows them to provide VoIP and streaming video over their own private TCP/IP network that won't be impacted by the congestion that everything else experiences. That's why during prime-time (7pm to 10pm), your NetFlix streams are low-def (to reduce bandwidth), while your cable TV video-on-demand are hi-def.
Historically, these channels were all "MPEG-TS", transport streams based on the MPEG video standard. Even your Internet packets would be contained inside the MPEG streams on channels.
Today, the situation is usually reversed. New fiber-optic services have TCP/IP network everywhere, putting MPEG streams on top of TCP/IP. They just separate the channels into their private TCP/IP network that doesn't suffer congestion (for voice and video-on-demand), and Continue reading
Voters are jerks
Out and about today, jerks are proudly displaying a "I Voted!" sticker. My twitter feed is likewise full of people proudly declaring they voted. They only serve to perpetuate the problem.Most voted for incumbents, while spending the rest of the year bitching about how bad the incumbents are.
Most base their voting on vapid political rhetoric, rather than understanding the issues. Their political analysis comes from late night comedians rather than serious sources. Those like Vox or the Economist do a good job with analysis, but of course, few read them because that would require thinking. It's much easier watching Jon Stewart or Stephen Colbert and laugh about how stupid other people are.
Though, understanding the issues is really just a smokescreen. What people really vote for is to take money from other groups and give it to themselves. They mask it in issues like national defense or the environment, but it's really just a money grab.
People proudly vote in this election, where few contests are competitive. These same people ignored the primaries, where their votes could have made a difference.
People waste their vote on major parties. Frankly, we live in a one Party state with Continue reading
Adding protocols to masscan
The unique feature of Masscan is that it has it’s own TCP/IP stack, bypassing the kernel’s stack. This has interesting benefits, such as being able to maintain a TCP connection with all 30 million HTTPS servers on the Internet simultaneously. However, it means that (at the moment) it’s difficult to write your own protocols. At some point I’m going to add LUA scripting to the system and this technical detail won’t matter, but in the meanwhile, if you want to write your own protocols, you’ll have to know the tricks.Scalability
The issue Masscan solves is scalability, such as maintaining 30 million concurrent TCP connections. In a standard Linux environment, the system requires about 40 kilobytes per TCP connection, meaning a system would need 1.2 terabytes of RAM to hold all the connections. This is beyond what you can get for standard servers.
Masscan reduces this. At the moment, it uses only 442 bytes per TCP connection – including the memory for difficult protocols like SSL. That’s less than 16-gigabytes of RAM for 30 million concurrent connections.
This is a little excessive, because connections are quick. Even a fast scan of the Internet takes long enough that at any Continue reading
Appropriate Halloween costumes
There has been some debate over Halloween costumes, whether ISIS terrorist garb or hazmat suites are appropriate. Of course they are. Culture responds to current events; everything is fair game.An example of this are Afghan "war rugs", as pictured below. The one on the left is in response to the old Soviet invasion, and the one on the right is in response to the post-9/11 invasion by the U.S. Rug weavers incorporated things from their environment into the rugs. In particular, the design of the rug on the right comes from leaflets we carpet bombed the country with before invading them.
.JPG)
Indeed, the entire "Halloween" theme is about death. It's just that it got incorporated in our culture long before the Internet enabled wimpy nitpickers from debating what was, or wasn't, appropriate. I'm not sure if the holiday would've survived in the modern politically correct climate.
No evidence feds hacked Attkisson
Former CBS journalist Sharyl Attkisson is coming out with a book claiming the government hacked her computer in order to suppress reporting on Benghazi. None of her "evidence" is credible. Instead, it's bizarre technobabble. Maybe her book is better, but those with advance copies quoting excerpts make it sound like the worst "ninjas are after me" conspiracy theory.Your electronics are not possessed by demons
Technology doesn't work by magic. Each symptom has a specific cause.
Attkisson says "My television is misbehaving. It spontaneously jitters, mutes, and freeze-frames". This is not a symptom of hackers. Instead, it's a common consumer complaint caused by the fact that cables leading to homes (and inside the home) are often bad. My TV behaves like this on certain channels.
She says "I call home from my mobile phone and it rings on my end, but not at the house", implying that her phone call is being redirected elsewhere. This is a common problem with VoIP technologies. Old analog phones echoed back the ring signal, so the other side had to actually ring for you to hear it. New VoIP technologies can't do that. The ringing is therefore simulated and has nothing to do with whether it's ringing Continue reading
The deal with the FTDI driver scandal
The FTDI driver scandal is in the news, so I thought I'd write up some background, and show what a big deal this is.Devices are connected to your computer using a serial port. Such devices include keyboards, mice, flash drives, printers, your iPhone, and so on. The original serial port standard called RS232 was created in 1962. It got faster over the years (75-bps to 115-kbps), but ultimately, the technology became obsolete.
What FTDI sells is a chip that converts between the old RS232 and the new USB. It allows old devices to be connected to modern computers. Even new devices come with RS232 instead of USB simply because it's simple and reliable.
The FTDI chip is a simple Continue reading