FacebookTwitterGoogle+RedditEmail

The FBI Can Bypass Encryption

Encryption has gained the attention of actors on both sides of the mass surveillance debate. For example in a speech at the Brookings Institution FBI Director James Comey complained that strong encryption was causing U.S. security services to “go dark.” Comey described encrypted data as follows:

“It’s the equivalent of a closet that can’t be opened, a safe deposit box that can’t be opened, a safe that can’t ever be cracked.”

Got that? Comey essentially says that encryption is a sure bet. Likewise during an interview with James Bamford whistleblower Ed Snowden confidently announced that:

“We have the means and we have the technology to end mass surveillance without any legislative action at all, without any policy changes… By basically adopting changes like making encryption a universal standard—where all communications are encrypted by default—we can end mass surveillance not just in the United States but around the world.”

If you glanced over the above excerpts and took them at face value you’d probably come away thinking that all you needed to protect your civil liberties is the latest encryption widget. Right? Wow, let me get my check book out! Paging Mr. Omidyar…

Not so fast bucko. There’s an important caveat, some fine print that Ed himself spelled out when he initially contacted film director Laura Poitras. In particular Snowden qualified that:

“If the device you store the private key and enter your passphrase on has been hacked, it is trivial to decrypt our communications.”

This corollary underscores the reality that, despite the high profile sales pitch that’s being repeated endlessly, strong encryption alone isn’t enough. Hi-tech subversion is a trump card as the Heartbleed bug graphically illustrated. In light of the NSA’s mass subversion programs it would be naïve to think that there aren’t other critical bugs like Heartbleed, subtle intentional flaws, out in the wild being leveraged by spies.

The FBI’s Tell

James Comey’s performance at Brookings was an impressive public relations stunt. Yet recent history is chock full of instances where the FBI employed malware like Magic Lantern and CIPAV to foil encryption and identify people using encryption-based anonymity software like Tor. If it’s expedient the FBI will go so far as to impersonate a media outlet to fool suspects into infecting their own machines. It would seem that crooks aren’t the only attackers who wield social engineering techniques.

In fact the FBI has gotten so adept at hacking computers, utilizing what are referred to internally as Network Investigative Techniques, that the FBI wants to change the law to reflect this. The Guardian reports on how the FBI is asking the U.S. Advisory Committee on Rules and Criminal Procedure to move the legal goal posts, so to speak:

“The amendment [proposed by the FBI] inserts a clause that would allow a judge to issue warrants to gain ‘remote access’ to computers ‘located within or outside that district’ (emphasis added) in cases in which the ‘district where the media or information is located has been concealed through technological means’. The expanded powers to stray across district boundaries would apply to any criminal investigation, not just to terrorist cases as at present.”

In other words the FBI wants to be able to hack into a computer when its exact location is shrouded by anonymity software. Once they compromise the targeted machine it’s pretty straightforward to install a software implant (i.e. malware) and exfiltrate whatever user data they want, including encryption passwords.

If encryption is really the impediment that director Comey makes it out to be then why is the FBI so keen to amend the rules in a manner which implies that they can sidestep it? In the parlance of poker this is a “tell.”

Denouement

As a developer who has built malicious software designed to undermine security tools I can attest that there is a whole burgeoning industry which prays on naïve illusions of security. Companies like Hacking Team have found a lucrative niche offering products to the highest bidder that compromise security and… a drumroll please… defeat encryption.

There’s a moral to this story. Cryptome’s John Young prudently observes:

“Protections of promises of encryption, proxy use, Tor-like anonymity and ‘military-grade’ comsec technology are magic acts — ELINT, SIGINT and COMINT always prevail over comsec. The most widely trusted and promoted systems are the most likely to be penetrated, exploited, spied upon, successfully attacked, covertly compromised with faults hidden by promoters, operators, competitors, compromisers and attackers all of whom warn against the others while mutually benefiting from continuous alarms about security and privacy.”

When someone promises you turnkey anonymity and failsafe protection from spies, make like that guy on The Walking Dead and reach for your crossbow. Mass surveillance is a vivid expression of raw power and control. Hence what ails society is fundamentally a political problem, with economic and technical facets, such that safeguarding civil liberties on the Internet will take a lot more than just the right app.

Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal , and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.

More articles by:

Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” andBehold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs and a member of the California State University Employees Union, Chapter 305.

Weekend Edition
July 20, 2018
Friday - Sunday
Paul Atwood
Peace or Armageddon: Take Your Pick
Paul Street
No Liberal Rallies Yet for the Children of Yemen
Nick Pemberton
The Bipartisan War on Central and South American Women
Jeffrey St. Clair
Roaming Charges: Are You Putin Me On?
Andrew Levine
Sovereignty: What Is It Good For? 
Brian Cloughley
The Trump/NATO Debacle and the Profit Motive
David Rosen
Trump’s Supreme Pick Escalates America’s War on Sex 
Melvin Goodman
Montenegro and the “Manchurian Candidate”
Salvador Rangel
“These Are Not Our Kids”: The Racial Capitalism of Caging Children at the Border
Matthew Stevenson
Going Home Again to Trump’s America
Louis Proyect
Jeremy Corbyn, Bernie Sanders and the Dilemmas of the Left
Patrick Cockburn
Iraqi Protests: “Bad Government, Bad Roads, Bad Weather, Bad People”
Robert Fantina
Has It Really Come to This?
Russell Mokhiber
Kristin Lawless on the Corporate Takeover of the American Kitchen
John W. Whitehead
It’s All Fake: Reality TV That Masquerades as American Politics
Patrick Bobilin
In Your Period Piece, I Would be the Help
Ramzy Baroud
The Massacre of Inn Din: How Rohingya Are Lynched and Held Responsible
Robert Fisk
How Weapons Made in Bosnia Fueled Syria’s Bleak Civil War
Gary Leupp
Trump’s Helsinki Press Conference and Public Disgrace
Josh Hoxie
Our Missing $10 Trillion
Martha Rosenberg
Pharma “Screening” Is a Ploy to Seize More Patients
Basav Sen
Brett Kavanaugh Would be a Disaster for the Climate
David Lau
The Origins of Local AFT 4400: a Profile of Julie Olsen Edwards
Rohullah Naderi
The Elusive Pursuit of Peace by Afghanistan
Binoy Kampmark
Shaking Establishments: The Ocasio-Cortez Effect
John Laforge
18 Protesters Cut Into German Air Base to Protest US Nuclear Weapons Deployment
Christopher Brauchli
Trump and the Swedish Question
Chia-Chia Wang
Local Police Shouldn’t Collaborate With ICE
Paul Lyons
YouTube’s Content ID – A Case Study
Jill Richardson
Soon You Won’t be Able to Use Food Stamps at Farmers’ Markets, But That’s Not the Half of It
Kevin MacKay
Climate Change is Proving Worse Than We Imagined, So Why Aren’t We Confronting its Root Cause?
Thomas Knapp
Elections: More than Half of Americans Believe Fairy Tales are Real
Ralph Nader
Warner Slack—Doctor for the People Forever
Lee Ballinger
Soccer, Baseball and Immigration
Louis Yako
Celebrating the Wounds of Exile with Poetry
Ron Jacobs
Working Class Fiction—Not Just Surplus Value
Perry Hoberman
You Can’t Vote Out Fascism… You Have to Drive It From Power!
Robert Koehler
Guns and Racism, on the Rocks
Nyla Ali Khan
Kashmir: Implementation with Integrity and Will to Resolve
Justin Anderson
Elon Musk vs. the Media
Graham Peebles
A Time of Hope for Ethiopia
Kollibri terre Sonnenblume
Homophobia in the Service of Anti-Trumpism is Still Homophobic (Even When it’s the New York Times)
Martin Billheimer
Childhood, Ferocious Sleep
David Yearsley
The Glories of the Grammophone
Tom Clark
Gameplanning the Patriotic Retributive Attack on Montenegro
FacebookTwitterGoogle+RedditEmail