Discussion:
How NSA intercepts encrypted Google data-center traffic (using _NSAKEY?)
(too old to reply)
Virus Guy
2013-10-31 13:57:46 UTC
Permalink
Regarding this diagram:

Loading Image...

which is described as follows:

===============
In an NSA presentation slide on “Google Cloud Exploitation,” a sketch
shows where the “Public Internet” meets the internal “Google Cloud”
where their data resides. In hand-printed letters, the drawing notes
that encryption is “added and removed here!” The artist adds a smiley
face, a cheeky celebration of victory over Google security.

Two engineers with close ties to Google exploded in profanity when they
saw the drawing. “I hope you publish this,” one of them said.
===============

where the SSL encryption is said to be "added and removed" at a
strategic network location, my question is this:

Would the existance of a second key contained within ADVAPI32.DLL
(Windoze security and encryption driver) be instrumental for the NSA to
perform the data interception and decoding being depicted in that
diagram?

If I understand the situation correctly, the existance of a second key,
programatically labelled as _NSAKEY, has been believed for years to be
embedded in the windows encryption driver for just this purpose.

You can read the full article about the NSA intercepting Google
data-center traffic here:

http://www.zerohedge.com/news/2013-10-30/how-nsa-spies-your-google-and-yahoo-accounts

Second question: How would the NSA deal with OSX, Android or
Linux-based SSL traffic entering Google's cloud?
Ant
2013-10-31 17:57:32 UTC
Permalink
Who gives a shit? Not me. If you want to avoid being spied on by
whatever agency then take the appropriate measures. e.g, don't use
free email or cloud providers who can do what they like with your
data. Better still, don't use the internet at all if you're engaged in
nefarious activities.
Virus Guy
2013-10-31 22:04:14 UTC
Permalink
Post by Ant
Regarding NSA interception of google data-center traffic...
Who gives a shit? Not me.
What the hell is wrong with you Ant?

I certainly didn't expect such a juvenile outburst like that from you.

I put forward a cogent technical discussion and you respond like a child
with a tantrum.

This is usenet - where you don't have to respond to a post or a thread
if you don't want too. You of all people should know that by now.
Ant
2013-10-31 23:59:48 UTC
Permalink
Post by Virus Guy
Post by Ant
Regarding NSA interception of google data-center traffic...
Who gives a shit? Not me.
What the hell is wrong with you Ant?
Calm down. I'm not having a go at you.
Post by Virus Guy
I certainly didn't expect such a juvenile outburst like that from you.
I put forward a cogent technical discussion and you respond like a child
with a tantrum.
Yeah, well I'm well past the mid-life crisis point and old enough to
be going through a second childhood!
Post by Virus Guy
This is usenet - where you don't have to respond to a post or a thread
if you don't want too. You of all people should know that by now.
But I do want to respond - just not in the way you'd like, perhaps.

My point was, if you got past my initial outburst, that people who use
facilities provided by the likes of google, farcebook, etc should not
expect privacy. After all, that's the real price of using their so-
called "free" services. You are the product being sold to advertisers.
Your privacy is not their concern even though they may appear outraged.

Moreover, anyone using the internet should expect to be spied on by
government spooks; that's what they do. Why is that surprising? In
other words: who cares (gives a shit) if the NSA is reading data feeds
in the intertubes? What do people think national security or spy
agencies do?

Sorry that doesn't address your technical point but it's my reaction
to all this fuss about spying.

As for an NSA backdoor in Windows, I don't buy it. If you can point to
a particular function or export in advapi or code in any other dll or
sys (driver) you think is suspicious I might have a look but I can
only go up to XP SP3. I'm sure others with more time, skill and
inclination have already done this anyway.
crankypuss
2013-11-01 08:13:09 UTC
Permalink
... people who use
facilities provided by the likes of google, farcebook, etc should not
expect privacy. After all, that's the real price of using their so-
called "free" services. You are the product being sold to advertisers.
Your privacy is not their concern even though they may appear outraged.
Moreover, anyone using the internet should expect to be spied on by
government spooks; that's what they do. Why is that surprising? ...
What do people think national security or spy
agencies do?
Yeah, I don't get it either. People put their stuff on "free" cloud
servers and expect it to be secure? They think that in this age of
"Homeland Security" the spies have the first clue who the badguys are?
They don't... they really can't; that they try to spy on everybody in
hopes of figuring it out should be the obvious conclusion.

"Too Many Secrets" indeed. I pity the spies who waste their time spying
on me... death by boredom is just too harsh.

What I really don't get is the US budget, how much is spent on fear and
how little is spent on having something to be afraid for... I suppose
that words like "power" and "glory", not to mention "conquest" and
"supremacy", haven't yet become obsolete within the human lexicon.
Chris Ahlstrom
2013-11-01 10:40:09 UTC
Permalink
Post by crankypuss
... people who use
facilities provided by the likes of google, farcebook, etc should not
expect privacy. After all, that's the real price of using their so-
called "free" services. You are the product being sold to advertisers.
Your privacy is not their concern even though they may appear outraged.
Moreover, anyone using the internet should expect to be spied on by
government spooks; that's what they do. Why is that surprising? ...
What do people think national security or spy
agencies do?
Yeah, I don't get it either. People put their stuff on "free" cloud
servers and expect it to be secure? They think that in this age of
"Homeland Security" the spies have the first clue who the badguys are?
They don't... they really can't; that they try to spy on everybody in
hopes of figuring it out should be the obvious conclusion.
"Too Many Secrets" indeed. I pity the spies who waste their time spying
on me... death by boredom is just too harsh.
That may well be all it is at the moment. But imagine that the locus of
interest starts going beyond looking into the planning of nefarious acts,
and into what your political feelings are. Or who you're sleeping with.
--
If *I* had a hammer, there'd be no more folk singers.
Shadow
2013-11-01 14:06:27 UTC
Permalink
On Fri, 1 Nov 2013 06:40:09 -0400, Chris Ahlstrom
Post by Chris Ahlstrom
Post by crankypuss
"Too Many Secrets" indeed. I pity the spies who waste their time spying
on me... death by boredom is just too harsh.
That may well be all it is at the moment. But imagine that the locus of
interest starts going beyond looking into the planning of nefarious acts,
and into what your political feelings are. Or who you're sleeping with.
It's 2013 and you are still in 2005. No big deal, happens to
me sometimes. Shrinks have a pet word for it, "abnegation".
;)
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
crankypuss
2013-11-02 08:43:09 UTC
Permalink
I really don't expect royalties ya know, they're taxable and the US has
too many military toys already for me to be interested in helping them
buy more from the ironmongers who already have too much money.
Post by Chris Ahlstrom
Post by crankypuss
... people who use
facilities provided by the likes of google, farcebook, etc should not
expect privacy. After all, that's the real price of using their so-
called "free" services. You are the product being sold to advertisers.
Your privacy is not their concern even though they may appear outraged.
Moreover, anyone using the internet should expect to be spied on by
government spooks; that's what they do. Why is that surprising? ...
What do people think national security or spy
agencies do?
Yeah, I don't get it either. People put their stuff on "free" cloud
servers and expect it to be secure? They think that in this age of
"Homeland Security" the spies have the first clue who the badguys are?
They don't... they really can't; that they try to spy on everybody in
hopes of figuring it out should be the obvious conclusion.
"Too Many Secrets" indeed. I pity the spies who waste their time spying
on me... death by boredom is just too harsh.
That may well be all it is at the moment. But imagine that the locus of
interest starts going beyond looking into the planning of nefarious acts,
and into what your political feelings are. Or who you're sleeping with.
So what? The boogeyman can get you, so move past that fear. We all
face certain death at the end of the tunnel, and you want to spend your
life squirming because you're scared of the boogeyman, then get to the
end of the tunnel saying, "well, i should have"? Young people think
life will last forever and get involved in all this abstract crap, then
get T-boned by a semi on their way to the liquor store, oops! What's
the boogeyman going to do, solve all my problems with one bullet?
<snort> Go ahead, make my day... no more bureaucratic crap dished out
by goobermint employees, no more worries about anything at all, not even
any more chances to screw up bigtime, that don't sound too bad all
things considered. There are more important things to do in life than
be the boogeyman's toady.

The only reasons spies can get their greasy paws on encrypted data is
that (a) people write crap software that lets them reach the files, and
(b) people follow the rules set up by the spies to ensure that they can
decrypt the data. Believe whatever suits you.

I got code to write, so don't expect a whole bunch more responses from
me on this boring topic. You'll work it out, and I'll get to write my
code, and everybody will be fine at the end of the day. Happy happy happy.
FromTheRafters
2013-11-01 00:26:32 UTC
Permalink
Post by Virus Guy
http://www.zerohedge.com/sites/default/files/images/user5/imageroot/2013/10/NSA%20google%201.jpg
===============
In an NSA presentation slide on “Google Cloud Exploitation,” a sketch
shows where the “Public Internet” meets the internal “Google Cloud”
where their data resides. In hand-printed letters, the drawing notes
that encryption is “added and removed here!” The artist adds a smiley
face, a cheeky celebration of victory over Google security.
Two engineers with close ties to Google exploded in profanity when they
saw the drawing. “I hope you publish this,” one of them said.
===============
where the SSL encryption is said to be "added and removed" at a
Would the existance of a second key contained within ADVAPI32.DLL
(Windoze security and encryption driver) be instrumental for the NSA to
perform the data interception and decoding being depicted in that
diagram?
Transport Layer Security does the decryption.
Post by Virus Guy
If I understand the situation correctly, the existance of a second key,
programatically labelled as _NSAKEY, has been believed for years to be
embedded in the windows encryption driver for just this purpose.
You can read the full article about the NSA intercepting Google
http://www.zerohedge.com/news/2013-10-30/how-nsa-spies-your-google-and-yahoo-accounts
Second question: How would the NSA deal with OSX, Android or
Linux-based SSL traffic entering Google's cloud?
The same way I would think. Why would they be any different?
Virus Guy
2013-11-01 15:09:20 UTC
Permalink
Post by FromTheRafters
Would the existence of a second key contained within ADVAPI32.DLL
(Windoze security and encryption driver) be instrumental for the
NSA to perform the data interception and decoding being depicted
in that diagram?
Transport Layer Security does the decryption.
Was that supposed to be an answer to the above question?
Post by FromTheRafters
Second question: How would the NSA deal with OSX, Android or
Linux-based SSL traffic entering Google's cloud?
The same way I would think. Why would they be any different?
So you're saying that backdoors were built into the SSL encryption
mechanism of OSX, Android and Linux?
Virus Guy
2013-11-09 18:42:07 UTC
Permalink
Have you got a good URL that explains exactly what the so-called NSA
key is or does?
See here: http://endswithbeginnings.wordpress.com/tag/nsakey/
(largely reproduced below for your reading pleasure).

See also this: http://cryptome.org/jya/msnsa-ke.htm

Which provides the complete CAPI key, as does this:

http://en.wikipedia.org/wiki/NSAKEY#Secondary_key_.28_NSAKEY_and_KEY2.29

Doing a web-search for some component of that key - for example, the
first line:

mQCPAzfTdH0AAAEEALqOFf7jzRYPtHz5PitNhCYVryPwZZJk2B7cNaJ9OqRQiQoi

gives many hits - not sure which of them (if any) are useful / relavent.

More technical stuff here:

http://blogs.technet.com/b/pki/archive/2009/06/17/what-is-a-strong-key-protection-in-windows.aspx

And on a slight tangent:

http://bsd.slashdot.org/story/10/12/15/004235/fbi-alleged-to-have-backdoored-openbsds-ipsec-stack

Aggrajag and Mortimer.CA, among others, wrote to inform us that
Theo de Raadt has made public an email sent to him by Gregory
Perry, who worked on the OpenBSD crypto framework a decade ago.

The claim is that the FBI paid contractors to insert backdoors
into OpenBSD's IPSEC stack. Mr. Perry is coming forward now that
his NDA with the FBI has expired. The code was originally added
ten years ago, and over that time has changed quite a bit, "so
it is unclear what the true impact of these allegations are" says
Mr. de Raadt. He added: "Since we had the first IPSEC stack
available for free, large parts of the code are now found in many
other projects/products."

The FBI, as it turns out now, seem to be involved in many cases as aids
or agents in terms of getting stuff done for the NSA.

============

http://endswithbeginnings.wordpress.com/tag/nsakey/

Computer security specialists say that the Windows software driver used
for security and encryption functions contains unusual features which
give NSA that backdoor access.

These security specialists have identified the driver as ADVAPI.DLL. It
enables and controls a variety of security functions. These specialists
say that on Windows, it is located at C:\\Windows\system directory of
anyone’s computer that uses Windows software. Nicko van Someren says
the driver contains two different keys. One was used by Microsoft to
control cryptographic functions in Windows while another initially
remained a mystery.

Then, two weeks ago (circa 1999?) a U.S. security firm concluded that
the second key belonged to NSA. Analysis of the driver revealed that one
was labeled KEY while the other was labeled NSAKEY, according to
sources. The NSA key apparently had been built into the software by
Microsoft, which Microsoft sources don’t deny.

This has allowed restricted access to Microsoft’s source code software
that allows for such programming.

Access to Windows source code is supposed to be highly
compartmentalized, actually making such actions easier because many of
the people working on the software wouldn’t see the access.

Such access to the encryption system of Windows can allow NSA to
compromise a person’s entire operating system. The NSA keys are said to
be contained inside all versions of Windows from Windows 95 OSR2
onwards.

Having such the secret key inside your Windows operating system makes it
“tremendously easier for the NSA to load unauthorized security services
on all copies of Microsoft Windows, and once these security services are
loaded, they can effectively compromise your entire operating system,”
according to Andrew Fernandez, chief scientist with Cryptonym
Corporation of North Carolina.

===============

Deeze posted the following to the forum:

From Heise.de
How NSA access was built into Windows

Duncan Campbell 04.09.1999

Careless mistake reveals subversion of Windows by NSA.

A CARELESS mistake by Microsoft programmers has revealed that special
access codes prepared by the US National Security Agency have been
secretly built into Windows. The NSA access system is built into every
version of the Windows operating system now in use, except early
releases of Windows 95 (and its predecessors). The discovery comes
close on the heels of the revelations earlier this year that another US
software giant, Lotus, had built an NSA “help information” trapdoor into
its Notes system, and that security functions on other software systems
had been deliberately crippled.

The first discovery of the new NSA access system was made two years ago
by British researcher Dr Nicko van Someren. But it was only a few weeks
ago when a second researcher rediscovered the access system. With it,
he found the evidence linking it to NSA.

Computer security specialists have been aware for two years that unusual
features are contained inside a standard Windows software “driver” used
for security and encryption functions. The driver, called ADVAPI.DLL,
enables and controls a range of security functions. If you use Windows,
you will find it in the C:\Windows\system directory of your computer.

ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only
run cryptographic functions that the US governments allows Microsoft to
export. That information is bad enough news, from a European point of
view. Now, it turns out that ADVAPI will run special programmes inserted
and controlled by NSA. As yet, no-one knows what these programmes are,
or what they do.

Dr Nicko van Someren reported at last year’s Crypto 98 conference that
he had disassembled the ADVADPI driver. He found it contained two
different keys. One was used by Microsoft to control the cryptographic
functions enabled in Windows, in compliance with US export regulations.
But the reason for building in a second key, or who owned it, remained a
mystery.

A second key

Two weeks ago, a US security company came up with conclusive evidence
that the second key belongs to NSA. Like Dr van Someren, Andrew
Fernandez, chief scientist with Cryptonym of Morrisville, North
Carolina, had been probing the presence and significance of the two
keys. Then he checked the latest Service Pack release for Windows NT4,
Service Pack 5. He found that Microsoft’s developers had failed to
remove or “strip” the debugging symbols used to test this software
before they released it. Inside the code were the labels for the two
keys. One was called “KEY”. The other was called “NSAKEY”.

Fernandes reported his re-discovery of the two CAPI keys, and their
secret meaning, to “Advances in Cryptology, Crypto’99? conference held
in Santa Barbara. According to those present at the conference, Windows
developers attending the conference did not deny that the “NSA” key was
built into their software. But they refused to talk about what the key
did, or why it had been put there without users’ knowledge.

A third key?!

But according to two witnesses attending the conference, even
Microsoft’s top crypto programmers were astonished to learn that the
version of ADVAPI.DLL shipping with Windows 2000 contains not two, but
three keys. Brian LaMachia, head of CAPI development at Microsoft was
“stunned” to learn of these discoveries, by outsiders. The latest
discovery by Dr van Someren is based on advanced search methods which
test and report on the “entropy” of programming code.

Within the Microsoft organisation, access to Windows source code is said
to be highly compartmentalized, making it easy for modifications to be
inserted without the knowledge of even the respective product managers.

Researchers are divided about whether the NSA key could be intended to
let US government users of Windows run classified cryptosystems on their
machines or whether it is intended to open up anyone’s and everyone’s
Windows computer to intelligence gathering techniques deployed by NSA’s
burgeoning corps of “information warriors”.

According to Fernandez of Cryptonym, the result of having the secret key
inside your Windows operating system “is that it is tremendously easier
for the NSA to load unauthorized security services on all copies of
Microsoft Windows, and once these security services are loaded, they can
effectively compromise your entire operating system”. The NSA key is
contained inside all versions of Windows from Windows 95 OSR2 onwards.

“For non-American IT managers relying on Windows NT to operate highly
secure data centres, this find is worrying”, he added. “The US
government is currently making it as difficult as possible for “strong”
crypto to be used outside of the US. That they have also installed a
cryptographic back-door in the world’s most abundant operating system
should send a strong message to foreign IT managers”. “How is an IT
manager to feel when they learn that in every copy of Windows sold,
Microsoft has a ‘back door’ for NSA – making it orders of magnitude
easier for the US government to access your computer?” he asked. Can
the loophole be turned round against the snoopers?
FromTheRafters
2013-11-10 16:48:10 UTC
Permalink
Post by Virus Guy
Have you got a good URL that explains exactly what the so-called NSA
key is or does?
See here: http://endswithbeginnings.wordpress.com/tag/nsakey/
(largely reproduced below for your reading pleasure).
Thanks for the URLs. Here's another.

http://www.cs.uml.edu/~pkrolak/lab18/ExampleMS&NSA/backdoor.asp
Ant
2013-11-10 16:55:52 UTC
Permalink
Post by Virus Guy
Have you got a good URL that explains exactly what the so-called NSA
key is or does?
See here: http://endswithbeginnings.wordpress.com/tag/nsakey/
(largely reproduced below for your reading pleasure).
Nice speculation. Duncan Campbell is a journalist who loves a good
conspiracy theory.
Post by Virus Guy
See also [other stuff]
I've now read this and the links from the wikipedia article and am
pleased to see that Bruce Schneier, a respected security expert, said
the same as I did earlier:

"I don't buy it".
http://www.schneier.com/crypto-gram-9909.html

"why in the world would anyone call a secret NSA key "NSAKEY"?"

Indeed.

MS have said that NSAKEY is a backup key. They also said this:

"Why is the backup key labeled "NSA key"?
This is simply an unfortunate name. The NSA performs the technical
review for all US cryptographic export requests. The keys in question
are the ones that allow us to ensure compliance with the NSA's
technical review. Therefore, they came to be known within Microsoft
as "the NSA keys", and this was used as a variable name for one of
the keys. However, Microsoft holds these keys and does not share them
with anyone, including the NSA".
http://web.archive.org/web/20000520001558/http://www.microsoft.com/security/bulletins/backdoor.asp

This all happened years ago in 1999 and since then the US have relaxed
their strong-crypto export restrictions.

Loading...