The Deeper Meaning Of Miranda's Detention And The Destruction Of The Guardian's Hard Drives
from the deny-and-disrupt dept
As many have already observed, the detention of David Miranda comes across as an act of blatant intimidation, as does the farcical destruction of the Guardian's hard drives. But something doesn't ring true about these episodes: spooks may be cynical and ruthless, but they are not generally clueless idiots.
They would have guessed that Miranda would not possess the keys for any encrypted files that he was carrying, so seizing his equipment simply left them with a bunch of ones and zeroes that they were unable to read (unless strong encryption has been broken and we don't yet know about it). Equally, they would have assumed that the Guardian had made backups of its files on the hard drives, so destroying them was literally quite pointless. What's really going on here? A brilliant post by author Barry Eisler, who used to work for the CIA, offers perhaps the most plausible explanation so far:
The purpose was to demonstrate to journalists that what they thought was a secure secondary means of communication -- a courier, possibly to ferry encrypted thumb drives from one air-gapped computer to another -- can be compromised, and thereby to make the journalists' efforts harder and slower.
The same is true for the destruction of the Guardian's hard drives:
The point was to make the Guardian spend time and energy developing suboptimal backup options -- that is, to make journalism harder, slower, and less secure.
What is particularly chilling, as Eisler notes, is that this technique is not new:
Does this sort of "deny and disrupt" campaign sound familiar? It should: you've seen it before, deployed against terror networks. That's because part of the value in targeting the electronic communications of actual terrorists is that the terrorists are forced to use far slower means of plotting. The NSA has learned this lesson well, and is now applying it to journalists. I suppose it's fitting that Miranda was held pursuant to a law that is ostensibly limited to anti-terror efforts. The National Surveillance State understands that what works for one can be usefully directed against the other. In fact, it's not clear the National Surveillance State even recognizes a meaningful difference.
The US and UK governments' equating of journalism and whistleblowing with terrorism is becoming clearer by the day.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: barry eisler, david miranda, detention, journalism
Reader Comments
Subscribe: RSS
View by: Time | Thread
The best way around both.
Not only that, but usenet would serve as a free online backup for the file, and you could download it later. This is easier than a cyberlocker, and it would be held for three years plus on the servers, effectively for free.
Your only problem would be DMCA complaints against the file, taking it off the servers faster than you can say "Peter Piper picked a peck of pickled peppers."
(Just thought of this: Ideally put three wrappers on the files, just to hamper cracking efforts.)
[ link to this | view in chronology ]
Re: The best way around both.
[ link to this | view in chronology ]
Re: The best way around both.
Don't just upload sensitive files, also upload things like core dumps and the complete works of Shakespeare. All massively encrypted like the actual files you want to transfer. Don't just keep them guessing, keep them BUSY.
Upload things that they don't WANT to decrypt -- things that they're not supposed to know (courtesy of Wikileaks, for example) and disgusting image files (clown or midget porn, anyone?).
Naturally, use different keys, encryption algorithms and all for each file, and perhaps make the ugly stuff easier to open, heh.
Can you imagine the horror of them seizing a computer, discovering it contains 50,000+ encrypted files...and 99.99% of them are things they will wish they could un-see?
[ link to this | view in chronology ]
Re: The best way around both.
[ link to this | view in chronology ]
Re: The best way around both.
THEN what are the spooks going to do ? ? ?
I REFUSE to believe the bullshit that these revelations would endanger untold _____(dozens ? hundreds ? thousands ?) of spooks, spook-lites, and spook informants/etc who are doing dirty works...
GOOD, expose them all, run the evil pukes out of town, and/or some/all get killed ? cry me a fucking river, THEY are RESPONSIBLE -directly and indirectly- for the deaths OF MILLIONS, and i'm supposed to be contrite because BAD GUYS (so what they are 'our' bad guys?) get -probably RIGHTEOUSLY- killed for doing their dirty deeds in the dark ? ? ?
no, golden rule them: THEIR mantra is 'kill'em all, let dog sort'em out...' okay, assholes, we'll do the same to you, then, how is that shoe pinching on the other foot, evil spook slime ? ? ?
i'm sick of the whole mess, they DESERVE whatever bad karma comes there way; it is not OUR job to protect secret spooks doing evil...
art guerrilla
aka ann archy
eof
[ link to this | view in chronology ]
Re: Re: The best way around both.
1. Leak reveals evidence of NSA overreach or wrongdoing.
2. NSA issues statement explaining how leak is being misinterpreted or is an aberration.
3.NSA attends hearings and issues statements declaring it doesn't abuse its power. (Frequently qualified with "not under this program.")
4. New leak reveals evidence of NSA overreach or wrongdoing, proving NSA's most recent statements were pretty much "incomplete lies" or "least untruthful" answers.
5. Repeat.
This not only gives people time to process the information, but it also helps keep the story in the news cycle.
If you just data dump everything, the press, in an effort to one up each other will flood the media with more information than people can easily process, and try to post the most egregious violations, leaving perhaps less damning but otherwise important information overlooked.
Our Short Attention Span Theater stricken society will be momentary outraged by revelations they don't totally comprehend (due to the massive amount of data involved), and rather than taking the time themselves to comprehend it properly (unless it is spoon fed to them) it will be quickly forgotten the minute the next "Miley Cyrus" outrage comes along.
[ link to this | view in chronology ]
Re: The best way around both.
[ link to this | view in chronology ]
Re: Re: The best way around both.
[ link to this | view in chronology ]
Yes, the encryption cipher was probably strong, but that doesn't mean the user password was equally strong. A Cryptologists will always attempt to break a password first, instead of the encryption cipher's mathematical algorithm itself.
For example, most ciphers are 128-256bits in strength. If a user chooses a password that is 16 characters in length, then the password only has around 16bits of strength.
2^16 = 65536 possible password combinations to break the password. The NSA can probably chew through thousands of password attempts per second. Probably much, much more attempts per second, unless key stretching is used. Such as bcrypt, scrypt or pbkdf. In order to slow down password guessing attempts using multiple hashing rounds on the password.
The fact Greenwald and Poitras seem to be using the sneaker net (transportation of information using tennis shoes), this leads me to believe they were worried about their cryptographic capabilities.
Thus, I'm forced to assume there's a high probability their password lengths were far shorter than 128-256 characters long. Not to mention a fully random password with that is impossible to remember. Otherwise the password will be low on entropy (randomness).
I hope I'm wrong about all these assumptions. I really do.
As to why the UK and US Governments detained Miranda and stole his digital devices. I believe it has less to do with intimidation, and more to do with the UK and US Governments wanting to know what documents Snowden downloaded.
It's already been stated multiple times the the US Gov. has no idea what documents Snowden, and the media, are in possession of. The US Gov. is finding it very difficult to lie to the American people about the NSA's unconstitutional spying capabilities.
The moment they make a false statement in public, a new leak comes out contradicting the lie they just made. That has to be embarrassing.
The US Gov. wants to know what those documents are, and they probably figured Greenwald and Poitras' cryptographic skills were weak enough that they'd have a shot at breaking their weak passwords to see what documents they're up against.
Like I said, I hope I'm wrong about all this. All the circumstantial information seems to be pointing towards this though.
As for the UK Gov. destroying the Guardian's hard drives. That was indeed meant to intimidate media organizations. There's no other explanation for that barbaric move.
[ link to this | view in chronology ]
Re:
A bit is either a 1 or a 0 - a password has all the letters of the alphabet in upper and lower case, numbers and symbols available.
See here - http://www.lockdown.co.uk/?pg=combi
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
So it is quite a bit weaker than a 128-bit key, but not by as much as you suggest.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
https://xkcd.com/936/
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Poitras is supposed to be pretty adroit at security
Which suggests that the crypto was not broken, and when the UK govt described to the court the GCHQ documents Miranda was allegedly carrying, they might have been lying. Presumably to FUD G&P, but judges don't usually like liars.
[ link to this | view in chronology ]
Re: Poitras is supposed to be pretty adroit at security
-- so the anon @ 6:06am may indeed have been right, when he wrote that "The package in question was heading from P to G, so I expect the crypto was good. Which suggests that the crypto was not broken, and when the UK govt described to the court the GCHQ documents Miranda was allegedly carrying, they might have been lying. Presumably to FUD G&P, but judges don't usually like liars."
On the other hand, for tinfoil hat brigade, maybe it is now that the UK Govt is dissembling, to downplay its proficiency at decryption...
It will be interesting to see what the judges make of it.
[ link to this | view in chronology ]
Re: Poitras is supposed to be pretty adroit at security
Except the ones on the FISC.
[ link to this | view in chronology ]
95^16?
Which is slightly worse. so i put 4.4012667e+31 into google and even google couldn't answer that.
I am hoping its 'a really big number that GCHQ cryptographers will have a problem with'.
[ link to this | view in chronology ]
Re: 95^16?
[ link to this | view in chronology ]
Re: Re: 95^16?
[ link to this | view in chronology ]
Re: 95^16?
also, if you weren't aware, google can be used for more than finding horse porn: http://www.google.com/search?q=what+does+e%2Bnumber+mean+on+calculator
sorry if i come off as an a-hole here, but i have no patience for people actively trying to remain ignorant when the worlds largest repository of information is literally at their fingertips.
[ link to this | view in chronology ]
Re: Re: 95^16?
And why would he search for "what does e+number mean on calculator", when he wasn't using a calculator?
A more logical search would be simply "what does e+number mean", which, when I try it, returns a description of the European Union's system of codes for food additives.
The guy (or girl -- apologies for assumption about sex) did try "the worlds largest repository of information" as far as he could; and when he got stuck and turned to the community for help, you were a jerk to him.
Way to spread enlightenment, dude.
[ link to this | view in chronology ]
Suboptimal backup options?
By forcing them to destroy the data that was kept in a single location, they make the Guardian (and everyone else who is watching) spend time and energy developing a better backup option. That is the opposite of making them develop a suboptimal backup option.
[ link to this | view in chronology ]
Remember we warned all of you during and after the Vietnam war about the lock they have on everything now. Remember we warned you about Big Brother, well he is here and he is watching and he is controlling the money, the power and your entire life. When we complained they gave us inflation.
[ link to this | view in chronology ]
Schneier's analysis
[ link to this | view in chronology ]
Jay Rosen on Barry Eisler's piece
[ link to this | view in chronology ]
"NIST Special Publication 800-63 suggests the following scheme to roughly estimate the entropy of human-generated passwords:[2]
The entropy of the first character is four bits;
The entropy of the next seven characters are two bits per character;
The ninth through the twentieth character has 1.5 bits of entropy per character;
Characters 21 and above have one bit of entropy per character.
A "bonus" of six bits is added if both upper case letters and non-alphabetic characters are used.
A "bonus" of six bits is added for passwords of length 1 through 19 characters following an extensive dictionary check to ensure the password is not contained within a large dictionary. Passwords of 20 characters or more do not receive this bonus because it is assumed they are pass-phrases consisting of multiple dictionary words."
Using the above NIST calculation, a 16 character long password has at best.
4+2+2+2+2+2+2+2+1.5+1.5+1.5+1.5+6+6=36bits of entropy.
That's assuming the password does not contain any words found in a dictionary (+6bit bonus). Contains both uppercase and lowercase letters, plus non-alphabetic characters are used (+6bit bonus).
Just for fun, let's say the NSA has a really slow supercomputer at their disposal. One which can only make 71,000 password guesses a second against a Bcrypt hashed password. Such as this homemade 25-GPU cluster computer.
http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-pa ssword-in-6-hours/
The calculation of time needed to break our 16 character password with 36bits of entropy would be.
Total guesses:
2^36 = 68,719,476,736
71,000 guesses a second:
68,719,476,736 / 71,000 = 967,879 seconds to break password
Convert 967,879 seconds into minutes:
967,879 / 60 = 16,131 minutes to break password
Convert 16,131 minutes to hours:
16,131/60=268 hours to break password
Convert 268 hours to days:
268/24=11 days to break password
Usually it only takes around half the total number of guesses before the password breaks.
Total number of days divided by two:
11 / 2 = 5.5 days to break a 16 character password that has a high entropy, using a home built civilian PC.
What kind of supercomputers do you think the NSA has at their disposal? Maybe something along the lines of...
Titan Supercomputer Specs:
18,688 AMD Opteron 6274 16-core CPUs
18,688 Nvidia Tesla K20X GPUs
Total Power Draw: 8.2 Megawatts
https://en.wikipedia.org/wiki/Titan_supercomputer
That's a tad more powerful than a 25-GPU civilian computer. If the NSA is you adversary, I'd recommend really long passwords. Double or triple encrypting a file, with at least two or three different sets of passwords would be a wise move too.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This is going to sound corny, but...
The big difference is that they're turning the entire world into Browncoats. Mal would be proud.
[ link to this | view in chronology ]
Re: This is going to sound corny, but...
But as I recall, the "Browncoats" lost that war.
[ link to this | view in chronology ]
Re: This is going to sound corny, but...
Firefly was a TV show, the movie is Serenity.
/nerdrage
[ link to this | view in chronology ]
"2^16 = 65536 possible password combinations"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Postal service
A thick, stiff card with a thank you note written on it could easily contain a microSD card. Posted from a letter box and arriving at a post office for 'general delivery' or one of those mailing address companies, it would be very, very hard to find. You could even do what check scammers do and have an innocent (but naive) third-party forward the mail.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Spot the Fed
[ link to this | view in chronology ]
Re:
Evidence needed for every statement you just made.
[ link to this | view in chronology ]