NSA using facial recognition software to steal your images. Russia beating the West at Propaganda war in Ukraine.

I think it safe to assume nothing is sacred in terms of the NSA. They are snagging any information they can and can afford to let technology catch up to what they have. They steal your phone calls… Web searches.. Your texts… They use your phone to see where you are going and how often… They are stealing your friends lists and finding out who you talk to and how often. The New York Times is now reporting they are stealing your photos off Facebook..Instagram or any other service they want. Let’s not forget this is all against the 4th amendment of the US Constitution..

 

 

 

The implications of this are devious and mind numbing. Let’s not forget they have not stopped any attacks anywhere for any reason. They are data mining for their own nefarious illegal plans which the NSA thinks you have zero right to actually know.

 

 

http://www.nytimes.com/2014/06/01/us/nsa-collecting-millions-of-faces-from-web-images.html?_r=0

 

The National Security Agency is harvesting huge numbers of images of people from communications that it intercepts through its global surveillance operations for use in sophisticated facial recognition programs, according to top-secret documents.

The spy agency’s reliance on facial recognition technology has grown significantly over the last four years as the agency has turned to new software to exploit the flood of images included in emails, text messages, social media, videoconferences and other communications, the N.S.A. documents reveal. Agency officials believe that technological advances could revolutionize the way that the N.S.A. finds intelligence targets around the world, the documents show. The agency’s ambitions for this highly sensitive ability and the scale of its effort have not previously been disclosed.

The agency intercepts “millions of images per day” — including about 55,000 “facial recognition quality images” — which translate into “tremendous untapped potential,” according to 2011 documents obtained from the former agency contractor Edward J. Snowden. While once focused on written and oral communications, the N.S.A. now considers facial images, fingerprints and other identifiers just as important to its mission of tracking suspected terrorists and other intelligence targets, the documents show.

The implications of this are devious as well as mind numbing. They have yet to stop a single attack anywhere for any reason. Th continue Data mining for their own nefarious illegal plans.

The documents themselves can be found here.

http://www.nytimes.com/interactive/2014/06/01/us/nsa-document.html?_r=0

 

Russia and Propaganda.

I have been interested in Propaganda for awhile and the various ways it is used both know and in our past. Propaganda has been around for hundreds of years now and has been almost perfected in WW2 and since the Cold War. The US and Russia are in a bitter propaganda war for the hearts and minds of the World concerning Ukraine.

Russia appears to be winning.

Rodionov says that, since its founding, Ruptly has attracted 14 subscribers and over 200 customers, including German broadcasters “both public and private.” Subsidies from Moscow enable Ruptly to offer professionally produced videos at prices cheaper than those of the private competition.

The battle over Ukraine is being fought with diverse means — with harsh words and soft diplomacy, with natural gas, weapons and intelligence services. But perhaps the most important instruments being deployed by Moscow are the Internet, newspapers and television, including allegedly neutral journalists and pundits dispatched around the world to propagate the Kremlin position.

“We’re in the middle of a relentless propaganda war,” says Andrew Weiss, vice president of studies at the Carnegie Endowment for International Peace, an influential Washington think tank. Weiss describes this propaganda as a crucial tool used by Russia to conduct its foreign policy.

Moscow is looking beyond the short-term, seeking to influence opinion in the long-run to create “an alternative discourse in Western countries as well,” says Margarita Simonyan, editor in chief of Kremlin foreign broadcaster RT, formerly known as Russia Today, which owns Ruptly.

The Kremlin invests around €100 million ($136 million) a year in Russian media abroad in order to influence public opinion in the West. This effort also helps explain why Putin addressed Germans directly in his speech on the annexation of Crimea. Noting the Kremlin had supported Germany’s reunification process, he called on Germans to back Russia’s reunification with Crimea. Putin’s popularity in Germany has declined steadily over the years, but his worldview remains quite popular.

A Triumphant Media Advance

Sources within the Kremlin express satisfaction these days when talking about Moscow’s information policies. “We may have won the war in Georgia in 2008, but we lost the propaganda battle against America and the West by a mile,” says one. “Thanks to RT and the Internet, though, we are now closing the gap.”

Whereas Ruptly is seeking to establish itself as an alternative to Reuters and the Associated Press in providing video footage, RT has already successfully established itself in the nine years since its creation, recently surpassing even CNN when it comes to clips viewed on YouTube. With close to 1.2 billion views, the BBC is the only media outlet ahead of RT. In Britain, RT has more viewers than the Europe-wide news station Euronews and in some major US cities, the channel is the most-viewed of all foreign broadcasters. RT’s 2,500 employees report and broadcast in Russian, English, Spanish and Arabic with German to be added soon.

The triumphant advance of Putin’s broadcaster began in a former factory in northeast Moscow. Founding RT editor Simonyan was just 25 at the time Putin appointed her in 2005. Her assignment from the Russian president: to “break the monopoly of the Anglo-Saxon mass media.”

It’s a mandate she has been pursuing successfully ever since. “There’s large demand for media that doesn’t just parrot the uniform pulp from the Western press,” says Simonyan. “Even in Western countries.” RT gives pro-Russian representatives from Eastern Ukraine far more air time than supporters of the government in Kiev, and not even Simonyan disputes this fact. “We’re something along the lines of Russia’s Information Defense Ministry,” her co-workers say, not without pride.

Ruptly and RT are only the most visible instruments being used by the Kremlin. Other propaganda methods being exploited can be less obvious.

For example, when German talk shows invite Russian journalists to speak about the Ukraine crisis, they are almost always pundits who could have been taken directly out of the Kremlin propaganda department. Programmers, of course, like to book these guests because they generate heated and provocative discussion. But it’s also a function of the fact that experts critical of the government either don’t want to talk or are kept from doing so. Take the example of Sergej Sumlenny, who served until January as the German correspondent for the Russian business magazineExpert. Early on, he appeared often on German talk shows, intelligently and pointedly criticizing Putin’s policies. He has since been driven out at the magazine.

In his stead, the Russian perspective is now represented on German talk shows by people like Anna Rose, who is generally introduced as a correspondent for Rossiyskaya Gazeta, or Russian Gazette. The name sounds innocuous enough, but eyebrows should be raised immediately when this “serious” Russian journalist begins claiming that the Ukrainian army could be shooting “at women and children” and that Russian soldiers need to provide them with protection. Her positions suddenly become more understandable with the knowledge that Rossiyskaya Gazeta is the Russian government’s official newspaper.

Manipulating Comments and Social Media

Those who read comments posted under articles about Ukraine on news websites will have noticed in recent months that they have been filled with missives that always seem to follow the same line of argumentation. Moscow’s independent business daily Vedomosti reported recently that, since the start of the Ukraine crisis, the presidential administration in Moscow has been testing how public opinion in the United States and Europe can be manipulated using the Internet and social networks. The paper reported that most of the professional comment posters active in Germany are Russian immigrants who submit their pro-Russian comments on Facebook and on news websites.

In addition, journalists and editors at German websites and publications report receiving letters and emails offering “explosive information about the Ukraine crisis” on an almost daily basis. The “sources” often mention they have evidence about the right-wing nature of the Kiev government that they would like to supply to journalists. The letters are written in German, but appear to include direct translations of Russian phrases. They would seem to have been written by mother-tongue Russian speakers.Other forms of propaganda have also been deployed in recent months. For example, there have been frequent incidences of intercepted conversations of Western diplomats or Kiev politicians getting published in ways that serve Russia’s interests. From the “Fuck the EU” statement by Victoria Nuland, the top US diplomat to Europe, right up to statements made by Estonia’s foreign minister that were apparently supposed to prove who was responsible for the deaths of protesters on Maidan Square. The Russian media also seemed to take pleasure in reporting in mid-April that CIA head John Brennan had traveled to Kiev.

There’s a high likelihood that this confidential information and the content of intercepted communications is being strewn by Russian intelligence. Officials at Western intelligence agencies assume that even communications encrypted by the Ukrainian army are being intercepted by the Russians.

 propa

http://www.spiegel.de/international/world/russia-uses-state-television-to-sway-opinion-at-home-and-abroad-a-971971.html

Poland.. the Black site prisons and you. Encryption.

The last 20 year of US foreign policy has been a sad state of affairs. The rendition program and enhanced interrogation program (I will refer to it by what it actually was Torture from now on) was extremely disturbing to me personally as well as most of the rest of the World. How the leaders of the Country could believe that something like this would benefit the US is so misguided as to be delusional. We kidnapped people in the dead of night and airlifted them to Egypt, Indonesia, Thailand or Poland. We then proceeded to torture them in the hopes we could prevent another attack. How the US could consider itself at the forefront of Human Rights and at the same time chastise anyone we felt like for not being on our level in hindsight is flat out pathetic.

On a cold day in early 2003, two senior CIA officers arrived at the U.S. Embassy in Warsaw to pick up a pair of large cardboard boxes. Inside were bundles of cash totaling $15 million that had been flown from Germany via diplomatic pouch.The men put the boxes in a van and weaved through the Polish capital until coming to the headquarters of Polish intelligence. They were met by Col. ­Andrzej Derlatka, deputy chief of the intelligence service, and two of his associates.

 

 

 

 The Americans and Poles then sealed an agreement that over the previous weeks had allowed the CIA the use of a secret prison — a remote villa in the Polish lake district — to interrogate al-Qaeda suspects. The Polish intelligence service received the money, and the CIA had a solid location for its newest covert operation, according to former agency officials who spoke on the condition of anonymity to discuss the interrogation program, including previously unreported details about the creation of the CIA’s “black sites,” or secret prisons.

The CIA prison in Poland was arguably the most important of all the black sites created by the agency after the Sept. 11, 2001, attacks. It was the first of a trio in Europe that housed the initial wave of accused Sept. 11 conspirators, and it was where Khalid Sheik Mohammed, the self-declared mastermind of the attacks, was waterboarded 183 times after his capture.Much about the creation and operation of the CIA’s prison at a base in one of the young democracies of Central Europe remains cloaked in mystery, matters that the U.S. government has classified as state secrets. But what happened in Poland more than a decade ago continues to reverberate, and the bitter debate about the CIA’s interrogation program is about to be revisited.The Senate Intelligence Committee intends to release portions of an exhaustive 6,000-page report on the interrogation program, its value in eliciting critical intelligence and whether Congress was misled about aspects of the program.

The treatment of detainees also continues to be a legal issue in the military trials of Mohammed and others at Guantanamo Bay in Cuba.

And in December, the European Court of Human Rights heard arguments that Poland violated international law and participated in torture by accommodating its American ally; a decision is expected this year.

“In the face of Polish and United States efforts to draw a veil over these abuses, the European Court of Human Rights now has an opportunity to break this conspiracy of silence and uphold the rule of law,” said Amrit Singh, a lawyer with the Open Society Justice Initiative, which petitioned the court on behalf of a detainee who was held at the Polish site.

Wanted: A better location

The story of a Polish villa that became the site of one of the most infamous prisons in U.S. history began in the Pakistani city of Faisalabad with the capture of Zayn al-Abidin Muhammed Hussein, better known as Abu Zubaida, in March 2002. The CIA needed a place to stash its first “high-value” detainee, a man who was thought to be closely tied to the al-Qaeda leadership and might know of follow-on plots.

Cambodia and Thailand offered to help the CIA. Cambodia turned out to be the less desirable of the two. Agency officers told superiors that a proposed site was infested with snakes. So the agency flew Abu Zubaida to Thailand, housing him at a remote location at least an hour’s drive from Bangkok.

The CIA declined to comment, as did Polish authorities through their country’s embassy in Washington. Derlatka, the Polish intelligence officer, did not return messages seeking comment.

Several months after the detention of Abu Zubaida, the CIA caught Abd al-Rahim al-Nashiri, suspected of ties to an al-Qaeda attack on a U.S. warship in Yemen. He, too, was taken to the Thai site.

With the prospect of holding more and more captives, the CIA required a better location. “It was just a chicken coop we remodeled,” a former senior agency official said of the facility in Thailand.

The CIA reached out to foreign intelligence services. The agency’s station chief in Warsaw reported back with good news. The Polish intelligence service, known as Agencja Wywiadu, had a training base with a villa that the CIA could use in Stare Kiejkuty, a three-hour drive north of Warsaw.

Polish officials asked whether the CIA could make some improvements to the facility. The CIA obliged, paying nearly $300,000 to outfit it with security cameras.

The accommodations were not spacious. The two-story villa could hold up to a handful of detainees. A large shed behind the house also was converted into a cell.

“It was pretty spartan,” the agency official recalled.

There was also a room where detainees, if they cooperated, could ride a stationary bike or use a treadmill.

On Dec. 5, 2002, Nashiri and Abu Zubaida were flown to Poland and taken to the site, which was code-named “Quartz.”

Five days later, an e-mail went out to agency employees that the interrogation program was up and running, and under the supervision of the Special Missions Department of the Counterterrorism Center (CTC).

Officials then began shutting down the prison in Thailand, eliminating all traces of the CIA presence.

Harsh interrogations

Agency executives tapped Mike Sealy, a senior intelligence officer, to run the Polish black site, according to former CIA officials. He was called a “program manager” and was briefed on an escalating series of “enhanced interrogation techniques” that were formulated at the CIA and approved by Justice Department lawyers. These included slapping, sleep deprivation and waterboarding, a technique that involved pouring water over the shrouded face of the detainee and creating the sensation of drowning.

“I do believe that it is torture,” President Obama said of waterboarding in 2009.

In Poland, Sealy oversaw about half a dozen or so special protective officers whom the CIA had sent to provide security. The number of analysts and officers varied. Polish officials could visit a common area where lunch was served, but they didn’t have access to the detainees.

There would soon be problems in the implementation of the interrogation protocols.

Agency officers clashed over the importance of Nashiri’s alleged role in the bombing of the USS Cole in Yemen in 2000; the attack killed 17 U.S. sailors.

“He was an idiot,” said the former CIA official, who supported the program. “He couldn’t read or comprehend a comic book.”

Other CTC officials thought Nashiri was a key al-Qaeda figure and was withholding information. After a tense meeting in December 2002, top CIA officials decided that they needed to get tougher with him, two former U.S. intelligence officials recounted.

A decision was made to dispatch a CIA linguist who had once worked for the FBI in New York. Albert El Gamil was of Egyptian descent and spoke Arabic fluently, but he was not a trained interrogator.

Gamil flew to Poland, where he subjected Nashiri to a mock execution and put a drill to the head of the blindfolded man, according to several former CIA officials. The CIA inspector general also reported on those events.

Top CIA officials learned about the incidents in January 2003 after a security guard at the facility sounded the alarm. Sealy and Gamil were pulled out of Poland and dismissed from the program, according to several former agency officials. They left the CIA a little later.

Both Sealy and Gamil declined to comment.””””

http://www.washingtonpost.com/world/national-security/the-hidden-history-of-the-cias-prison-in-poland/2014/01/23/b77f6ea2-7c6f-11e3-95c6-0a7aa80874bc_story.html

It pains me that we thought this was a good idea. You cannot learn from History if you do not know it.

Other Black Site prisons in Warsaw Pact countries…

Sheer coincidence I ran across this article after updating my blog. I guess what pains me and I did not write eloquently enough above about it… Where was the outrage about what the US was doing inside this Country? We have had 50 hearings about Benghazi where 4 people died. At the same time we have had less than 5 about breaking international law in any number of ways by torture…mistreatment of prisoners and just flat out war crimes of vast and varied nature. Honestly I just do not get it. At some point we need to come to terms with our History and what we did. Stop turning the blind eye and pretending it did not happen.

 

That the Central Intelligence Agency had a so-called “black site” in Romania was well known. It was known that it was in one of those secret prisons that intelligence officials conducted harsh interrogations with major Al-Qaida operatives, including Sept. 11 mastermind Khalid Sheik Mohammad.

Today, the result of a joint investigation with German public television, the AP reports it has found the site where Mohammad was held and interrogated. And it’s not where you would think it is. The AP reports on the prison in Bucharest known as “Bright Light”:

Unlike the CIA’s facility in Lithuania’s countryside or the one hidden in a Polish military installation, the CIA’s prison in Romania was not in a remote location. It was hidden in plain sight, a couple blocks off a major boulevard on a street lined with trees and homes, along busy train tracks.

The building is used as the National Registry Office for Classified Information, which is also known as ORNISS. Classified information from NATO and the European Union is stored there. Former intelligence officials both described the location of the prison and identified pictures of the building.

In an interview at the building in November, senior ORNISS official Adrian Camarasan said the basement is one of the most secure rooms in all of Romania. But he said Americans never ran a prison there.

“No, no. Impossible, impossible,” he said in an ARD interview for its “Panorama” news broadcast, as a security official monitored the interview.

But the AP says that’s indeed the site based on its talks with unnamed former U.S. government and intelligence officials. The wire service also moved ths picture of the black site:

507656838_9776011_custom-9a23faee62e8e46a7178999a2f755efce935551c-s40-c85

Almost all these photo’s I took personally… There are a few of me as well. Hope you like them. 

 

20131215-160212.jpg20131215-220334.jpg20131215-215754.jpg20131215-215852.jpg20131215-215839.jpg20131215-215714.jpg20131215-215703.jpg20131215-215653.jpg20131215-215641.jpg20131215-215624.jpg20131215-212131.jpg20131215-212104.jpg20131215-212023.jpg20131215-212004.jpg20131215-211945.jpg20131215-211923.jpg20131215-211842.jpg20131215-211743.jpg20131215-211704.jpg20131215-211642.jpg20131215-163844.jpg20131215-163627.jpg20131215-163433.jpg20131215-163402.jpg20131215-163340.jpg20131215-163030.jpg20131215-163010.jpg20131215-162725.jpg20131215-162635.jpg20131215-162309.jpg20131215-162219.jpg20131215-162120.jpg20131215-162021.jpg20131215-161934.jpg20131215-161717.jpg20131215-161603.jpg20131215-161521.jpg20131215-161501.jpg20131215-161200.jpg20131215-161124.jpg20131215-160932.jpg20131215-160819.jpg20131215-160401.jpg20131215-160137.jpg20131215-160027.jpg20131215-155944.jpg20131215-155552.jpg20131215-155431.jpg20131215-155241.jpg20131121-141624.jpg20131121-141515.jpg20130701-155228.jpg20130701-154209.jpg

 

 

 

 

Encryption…When Obama announced reforms for the NSA he never mentioned the fact that they had sabotaged the worldwide encryption standards that were supposed to keep us all safe.

When President Barack Obama announced future changes to the government’s surveillance programs on Jan. 17, he mentioned nothing about the National Security Agency’s efforts to undermine worldwide encryption standards.

While the president focused most of his efforts on curbing the NSA’s bulk records collections on phone call metadata, a group of more than 50 leading cryptographers believes the NSA’s intentional weakening of Internet security standards is equally important and should be done away with, too.

The cryptographers, including several former federal officials, signed an open letter to the U.S. government Jan. 24 calling for an end to “the subversion of security technology,” referring to revelations from top-secret documents leaked by former NSA contractor Edward Snowden.

Those documents revealed the NSA deliberately weakened international encryption standards adopted and promoted by the National Institute of Standards and Technology, damaging NIST’s reputation and forcing it to publicly recommend against using its own adopted standard.

“Media reports since last June have revealed that the US government conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of Internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features. As leading members of the US cryptography and information-security research communities, we deplore these practices and urge that they be changed,” the open letter states.

“The choice is not whether to allow the NSA to spy,” the signatories argue in the letter. “The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. … We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.”

Among the many cryptographers to sign the letter were two former Federal Trade Commission chief technology officers: Steven Bellovin and Ed Felten, now professors at Columbia and Princeton universities, respectively.

http://fcw.com/articles/2014/01/28/cryptographers-open-letter.aspx

Related articles

Enhanced by Zemanta

Elliptic curve cryptography an introduction

I am not going to pretend to understand the Math involved in this. I do understand most of the basic concepts. Cryptography is vital to keep communications between two or more parties private and unreadable. I have posted in the past about the Nazi Enigma machine and the various ways the allies went about breaking it.

An Enigma machine was any of a family of related electro-mechanical rotor cipher machines used in the twentieth century for enciphering and deciphering secret messages. Enigma was invented by the German engineer Arthur Scherbius at the end of World War I.[1] Early models were used commercially from the early 1920s, and adopted by military and government services of several countries — most notably by Nazi Germany before and during World War II.[2] Several different Enigma models were produced, but the German military models are the most commonly discussed.
German military texts enciphered on the Enigma machine were first broken by the Polish Cipher Bureau, beginning in December 1932. This success was a result of efforts by three Polish cryptologists, Marian Rejewski, Jerzy Różycki and Henryk Zygalski, working for Polish military intelligence. Rejewski “reverse-engineered” the device, using theoretical mathematics and material supplied by French military intelligence. Subsequently the three mathematicians designed mechanical devices for breaking Enigma ciphers, including the cryptologic bomb. This work was an essential foundation to further work on decrypting ciphers from repeatedly modernized Enigma machines, first in Poland and after the outbreak of war in France and the UK.
On 25 July 1939, in Warsaw, the Poles initiated French and British military intelligence representatives into their Enigma-decryption techniques and equipment, including Zygalski sheets and the cryptologic bomb, and promised each delegation a Polish-reconstructed Enigma. Without these gifts of techniques and technology from Polish military intelligence, decryption of German Enigma messages during World War II at Bletchley Park would not have been possible, as it was based on using mathematical theory and the perfecting of methods, tools and devices — all invented and developed beginning in 1932 by Rejewski, Różycki and Zygalski.[3][4][5] From 1938 onwards, additional complexity was repeatedly added to the Enigma machines, making decryption more difficult and necessitating larger numbers of equipment and personnel—more than the Poles could readily produce. The Polish breakthrough represented a vital basis for the later British continuation and effort.[6] During the war, British cryptologists decrypted a vast number of messages enciphered on Enigma. The intelligence gleaned from this source, codenamed “Ultra” by the British, was a substantial aid to the Allied war effort.[7]
Though Enigma had some cryptographic weaknesses, in practice it was German procedural flaws, operator mistakes, laziness, failure to systematically introduce changes in encipherment procedures, and Allied capture of key tables and hardware that, during the war, enabled Allied cryptologists to succeed.[8][9]
The exact influence of Ultra on the course of the war is debated; an oft-repeated assessment is that decryption of German ciphers advanced the end of the European war by two years.[8][10][11] Winston Churchill told the United Kingdom’s King George VI after World War II: “It was thanks to Ultra that we won the war.”[12]

enigma machine

If you want a good book to read there is the history of code breaking in WW2.. The Bletchley Park Codebreakers.

book

Actual Bletchley Park Website
Bletchley park

fiction book on crypto I enjoyed

cryptonomicon in PDF form entire book

elliptic curve

After a slow start, elliptic curve based algorithms are gaining popularity, and the pace of adoption is accelerating. ECC is now used in a wide variety of applications: the US government uses it to protect internal communications, the Tor project uses it to help assure anonymity, it is the mechanism used to prove ownership of bitcoins, it provides signatures in Apple’s iMessage service, it is used to encrypt DNS information with DNSCurve, and it is the preferred method for authentication for secure Web browsing over SSL/TLS. A growing number of sites use ECC to provide perfect forward secrecy, which is essential for online privacy. First generation cryptographic algorithms like RSA and Diffie-Hellman are still the norm in most arenas, but ECC is quickly becoming the go-to solution for privacy and security online.

If you are accessing an HTTPS version of the Cloudflare blog from a recent enough version of Chrome or Firefox, your browser is using ECC. You can check this yourself. In Chrome, you can click on the lock in the address bar and go to the connection tab to see which cryptographic algorithms were used in establishing the secure connection. Clicking on the lock in Chrome 30 should show the following image.

Meaning?

The elliptic curve discrete logarithm is the hard problem underpinning ECC. Despite almost three decades of research, mathematicians still haven’t found an algorithm to solve this problem that improves upon the naive approach. In other words, unlike with factoring, based on currently understood mathematics, there doesn’t appear to be a shortcut that is narrowing the gap in a trapdoor function based on this problem. This means that for numbers of the same size, solving elliptic curve discrete logarithms is significantly harder than factoring. Since a more computationally intensive hard problem means a stronger cryptographic system, it follows that elliptic curve cryptosystems are harder to break than RSA and Diffie-Hellman.

To visualize how much harder it is to break, Lenstra recently introduced the concept of “Global Security.” You can compute how much energy is needed to break a cryptographic algorithm and compare that with how much water that energy could boil. This is a kind of a cryptographic carbon footprint. By this measure, breaking a 228-bit RSA key requires less energy than it takes to boil a teaspoon of water. Comparatively, breaking a 228-bit elliptic curve key requires enough energy to boil all the water on earth. For this level of security with RSA, you’d need a key with 2,380 bits.

With ECC, you can use smaller keys to get the same levels of security. Small keys are important, especially in a world where more and more cryptography is done on less powerful devices like mobile phones. While multiplying two prime numbers together is easier than factoring the product into its component parts, when the prime numbers start to get very long, even just the multiplication step can take some time on a low powered device. While you could likely continue to keep RSA secure by increasing the key length, that comes with a cost of slower cryptographic performance on the client. ECC appears to offer a better tradeoff: high security with short, fast keys.

article on elliptic curve crypto

Good luck NSA

Fallout

There has been significant fallout about this weeks revelations of the NSA being able to crack much of the Cryptography that is used on the Internet between Govts. Etc. I will point out again that Bramford announced the NSA had made a significant crypto breakthrough several years ago. In fact in his wired article he mentions many of the same things that Snowden is being vilified for.

Clapper says.

I do not trust this guy at all. He lied to Congress and admitted he did. Instead of losing his job and being charged in court he has gotten a promotion. He is now in charge of Obamas look into the NSA.

September 10, 2013

In June of this year, President Obama directed me to declassify and make public as much information as possible about certain sensitive intelligence collection programs undertaken under the authority of the Foreign Intelligence Surveillance Act (FISA) while being mindful of the need to protect national security. Consistent with this directive, today I authorized the declassification and public release of a number of documents pertaining to the Government’s collection of bulk telephony metadata under Section 501 of the FISA, as amended by Section 215 of the USA PATRIOT Act. These documents were properly classified, and their declassification is not done lightly. I have determined, however, that the harm to national security in these circumstances is outweighed by the public interest.

Release of these documents reflects the Executive Branch’s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States. Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed. These documents will be made available at the website of the Office of the Director of National Intelligence (www.dni.gov), and on the recently established public website dedicated to fostering greater public visibility into the intelligence activities of the Government (IContheRecord.tumblr.com).

The documents released today were provided to Congress at the time of the events in question and include orders and opinions from the Foreign Intelligence Surveillance Court (FISC), filings with that court, an Inspector General Report, and internal NSA documents. They describe certain compliance incidents that were discovered by NSA, reported to the FISC and the Congress, and resolved four years ago. They demonstrate that the Government has undertaken extraordinary measures to identify and correct mistakes that have occurred in implementing the bulk telephony metadata collection program – and to put systems and processes in place that seek to prevent such mistakes from occurring in the first place.

More specifically, in response to the compliance incident identified in 2009, the Director of NSA instituted a number of remedial and corrective steps, including conducting a comprehensive “end-to-end” review of NSA’s handling of telephony metadata obtained under Section 501. This comprehensive review identified additional incidents where NSA was not complying with aspects of the FISC’s orders.

The compliance incidents discussed in these documents stemmed in large part from the complexity of the technology employed in connection with the bulk telephony metadata collection program, interaction of that technology with other NSA systems, and a lack of a shared understanding among various NSA components about how certain aspects of the complex architecture supporting the program functioned. These gaps in understanding led, in turn, to unintentional misrepresentations in the way the collection was described to the FISC. As discussed in the documents, there was no single cause of the incidents and, in fact, a number of successful oversight, management, and technology processes in place operated as designed and uncovered these matters.

Upon discovery of these incidents, which were promptly reported to the FISC, the Court, in 2009, issued an order requiring NSA to seek Court approval to query the telephony metadata on a case-by-case basis, except when necessary to protect against an imminent threat to human life. Thereafter, NSA completed its end-to-end review and took several steps to remedy these issues, including making technological fixes, improving training, and implementing new oversight procedures. These remedial steps were then reported to the Court, and in September 2009, the Court lifted the requirement for NSA to seek approval to query the telephony metadata on a case-by-case basis and has since continuously reauthorized this program. The Intelligence and Judiciary Committees were informed of the compliance incidents beginning in February 2009 and kept apprised of the Government’s corrective measures throughout the process, including being provided copies of the Court’s opinions, the Government’s report to the Court, and NSA’s end-to-end review.

Upon discovery of these issues in 2009, NSA also recognized that its compliance and oversight infrastructure had not kept pace with its operational momentum and the evolving and challenging technological environment in which it functioned. Therefore NSA, in close coordination with the Office of the Director of National Intelligence and the Department of Justice, also undertook significant steps to address these issues from a structural and managerial perspective, including thorough enhancements to its compliance structure that went beyond this specific program. For example, in 2009, NSA created the position of the Director of Compliance, whose sole function is to keep all of NSA’s mission activities consistent with the law and applicable policies and procedures designed to protect U.S. person privacy by strengthening NSA’s compliance program across NSA’s operational and technical personnel. NSA also added additional technology-based safeguards, implemented procedures to ensure accuracy and precision in FISC filings, and initiated regular detailed senior leadership reviews of the compliance program. NSA has also enhanced its oversight coordination with the Office of the Director of National Intelligence and the Department of Justice.

Since 2009, the Government has continued to increase its focus on compliance and oversight. Today, NSA’s compliance program is directly supported by over three hundred personnel, which is a fourfold increase in just four years. This increase was designed to address changes in technology and authorities and reflects a commitment on the part of the Intelligence Community and the rest of the Government to ensuring that intelligence activities are conducted responsibly and subject to the rule of law. NSA’s efforts have proven successful in its implementation of the telephony metadata collection program since the changes made in 2009. Although there have been a handful of compliance incidents each year, these were the result of human error or provider error in individual instances and were not the result of systemic misunderstandings or problems of the type discovered in 2009. Each of these individual incidents upon identification were immediately reported to the FISC and remedied.

Moreover, the FISC in September of 2009 relieved the Government of its requirement to seek Court approval to query the metadata on a case-by-case basis and has continued to reauthorize this program. Indeed, in July of this year the FISC once again approved the Government’s request for reauthorization.

The documents released today are a testament to the Government’s strong commitment to detecting, correcting, and reporting mistakes that occur in implementing technologically complex intelligence collection activities, and to continually improving its oversight and compliance processes. As demonstrated in these documents, once compliance incidents were discovered in the telephony metadata collection program, additional checks, balances, and safeguards were developed to help prevent future instances of non-compliance.

James R. Clapper, Director of National Intelligence

NSA releases documents

Thoughts on Crypto breakthrough by MIT

When a New York Times report appeared Thursday saying the National Security Agency had “circumvented or cracked much of the encryption” protecting online transactions, computer security professionals braced for news of breakthroughs undermining the fundamentals of their field.
However, cryptography experts tell MIT Technology Review that a close reading of last week’s report suggests the NSA has not broken the underlying mathematical operations that are used to cloak online banking or e-mail.
Instead, the agency appears to rely on a variety of attacks on the software used to deploy those cryptographic algorithms and the humans and organizations using that software. Those strategies, revealed in documents leaked by Edward Snowden, came as no surprise to computer security researchers, given that the NSA’s mission includes the pursuit of America’s most technologically capable enemies.
“The whole leak has been an exercise in `I told you so,’ ” says Stephen Weis, CEO of server encryption company PrivateCore. Weis previously worked on implementing cryptography at Google. “There doesn’t seem to be any kind of groundbreaking algorithmic breakthrough,” he says, “but they are able to go after implementations and the human aspects of these systems.”
Those tactics apparently include using legal tools or hacking to get the digital keys used to encrypt data; using brute computing power to break weak encryption; and forcing companies to help the agency get around security systems.
“If the crypto didn’t work, the NSA wouldn’t bother doing all of these other things,” says Jon Callas, a cryptographer who cofounded PGP Corporation and is now chief technology officer of secure messaging company Silent Circle (see “An App Keeps Spies Away from Your Phone”). “This is what you do because you can’t break the crypto.”
After seeing the documents behind last week’s reports, security expert Bruce Schneier wrote in the Guardian that people should still “trust the math” that underlies cryptography. In June, Snowden said in an online chat that “properly implemented strong crypto systems are one of the few things you can rely on.”
Cryptography systems and security software often improve through a cycle in which researchers publish details of flaws, which are then fixed. Looking at last week’s reports in that way doesn’t suggest the security community needs to rethink the fundamentals of its tools and strategies, says Callas. Rather, adoption of known security improvements should be accelerated, and scrutiny of known weak points increased, he says. “Things have always had to be tested continuously.”

MIT Crypto thoughts

Guardian article on revelations

A judge on the secret surveillance court was so disturbed by the National Security Agency’s repeated violations of privacy restrictions that he questioned the viability of its bulk collection of Americans’ phone records, according to newly declassified surveillance documents.

Judge Reggie Walton, now the presiding judge on the Foreign Intelligence Surveillance (Fisa) court, imposed a significant and previously undisclosed restriction on the NSA’s ability to access its bulk databases of phone records after finding that the agency repeatedly violated privacy protections.

The documents, mostly from 2009 and declassified Tuesday, describe what Walton said were “thousands” of American phone numbers improperly accessed by government counterterrorism analysts.

They also indicate that US government officials, including NSA director Keith Alexander, gave misleading statements to the court about how they carried out that surveillance.

Despite repeated public assurances of NSA competence, the agency told the Fisa court in 2009 that “from a technical standpoint, there was no single person who had a complete understanding” of its phone records “architecture”.

All that led to “daily violations” for more than two years of call records from Americans “not the subject of any FBI investigation and whose call detail information could not otherwise have been legally captured in bulk,” Walton wrote.

In 2009, Walton questioned whether the program could be allowed to continue, asking if “the value of the program to the nation’s security justifies the continued collection and retention of massive quantities of US person information”.

He considered the violations serious enough to order the authorities not to “access the data collected until such a time as the government is able to restore the court’s confidence that the government can and will comply with previously approved procedures for accessing such data.”

An internal government review launched in response to the order disclosed that in 2006, the NSA discovered one of its partner agencies – its name is redacted – improperly included credit card numbers in its databases.

Ackerman (Guardian) article on FISC

More later today20130911-084544.jpg20130911-084608.jpg

20130911-084642.jpg

20130911-084739.jpg

20130911-084757.jpg

20130911-084815.jpg

20130911-084828.jpg

Cryptography.. Taking back the Internet…NSA… Syria..

I saw this article this morning. Thought it was really interesting. I am a sucker for Cryptography stories and NSA stories. It is amazing when it is a crypto story combines with the NSA to make in my opinion a Super Story.

From a new article. I thought it explained Cryptography well and how the NSA may have cracked a math problem. A very significant math problem. I have read this theory may be incorrect. I tend to believe it is a combination of two main factors. Companies have routinely let the NSA have access to everything from Emails to Search History to controls over your browser by the insidious allowance of back doors that are there to be exploited by the NSA. It has been said the Govt has been paying these companies to help comply. I know in Bramfords famous story on the NSA Bluffdale story that the NSA had made a significant break at cracking most cryptography. That does not sound like it is convincing companies to allow backdoors. That sounds like they cracked the math on some very significant level. If you know about Crypto it is very much MATH. Very complicated Math.

Bramfords thoughts from 3 years ago

But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”

Famous Bluffdale article.••••••Must read••••••

The article about if the NSA has cracked a significant math problem.

In a recent story about the U.S. National Security Agency’s controversial Internet surveillance operations, the New York Times reported that “the agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems.”

The bolding is mine, because if in fact the agency did crack the encryption schemes used for bank transactions (the Times is somewhat unclear on that point), then in doing so it may have solved a math problem that has long puzzled cryptographers and number theorists alike.

The problem in question is that of integer factorization. It has been shown that every integer (e.g. 1, 2, 3, 4, 5…) can be written as the product of prime numbers. To review, a number is said to be prime if it is divisible only by itself and 1. (The first 10 prime numbers are 2, 3, 5, 7, 11, 13, 17, 19, 23, and 29.)

That means if we pick a number, say 50, we should be able to write it as a product of primes: In this case, it would be 5 x 5 x 2. For small numbers like 50, determining prime factors is within reach of any middle schooler. However, take a sufficiently large number—one that is hundreds of digits long—and the problem quickly becomes intractable, not only for humans but even for modern computers.

To date, there is no known shortcut to quickly factor large integers into primes. It has never been proven that no such shortcut exists. We’ve just never found one.

Has the NSA made a math breakthrough concerning cryptography

Another Wired article on what they speculate is going on.

Perhaps the NSA has some new mathematics that breaks one or more of the popular encryption algorithms: AES, Twofish, Serpent, triple-DES, Serpent. It wouldn’t be the first time this happened. Back in the 1970s, the NSA knew of a cryptanalytic technique called “differential cryptanalysis” that was unknown in the academic world. That technique broke a variety of other academic and commercial algorithms that we all thought secure. We learned better in the early 1990s, and now design algorithms to be resistant to that technique.

It’s very probable that the NSA has newer techniques that remain undiscovered in academia. Even so, such techniques are unlikely to result in a practical attack that can break actual encrypted plaintext.

Bruce Schneier
Bruce Schneier is a security technologist and author. His latest book is Liars and Outliers: Enabling the Trust Society Needs to Survive.

The naive way to break an encryption algorithm is to brute-force the key. The complexity of that attack is 2n, where n is the key length. All cryptanalytic attacks can be viewed as shortcuts to that method. And since the efficacy of a brute-force attack is a direct function of key length, these attacks effectively shorten the key. So if, for example, the best attack against DES has a complexity of 239, that effectively shortens DES’s 56-bit key by 17 bits.

That’s a really good attack, by the way.

Right now the upper practical limit on brute force is somewhere under 80 bits. However, using that as a guide gives us some indication as to how good an attack has to be to break any of the modern algorithms. These days, encryption algorithms have, at a minimum, 128-bit keys.

That means any NSA cryptoanalytic breakthrough has to reduce the effective key length by at least 48 bits in order to be practical.

Wired article about what recent leaks about NSA crypto abilities might mean.

Pro Publica article on NSA

What’s New Here

The NSA has secretly and successfully worked to break many types of encryption, the widely used technology that is supposed to make it impossible to read intercepted communications.
Referring to the NSA’s efforts, a 2010 British document stated: “Vast amounts of encrypted Internet data are now exploitable.” Another British memo said: “Those not already briefed were gobsmacked!”
The NSA has worked with American and foreign tech companies to introduce weaknesses into commercial encryption products, allowing backdoor access to data that users believe is secure.
The NSA has deliberately weakened the international encryption standards adopted by developers around the globe.
Documents

BULLRUN Briefing Sheet from GCHQ
SIGINT Enabling Project

Pro Publica

http://s3.documentcloud.org/documents/784284/bullrun-briefing-sheet-from-gchq.pdf

Guardian

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.

Guardian article

Great quotes.

Government and industry have betrayed the internet, and us.

By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards.

This is not the internet the world needs, or the internet its creators envisioned. We need to take it back.

http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying

Size of US army presence in Africa

Thought this was fascinating and it totally makes sense to me.

The Pentagon’s Africa Command will tell you there’s one military base on the entire continent. Don’t believe them.
They’re involved in Algeria and Angola, Benin and Botswana, Burkina Faso and Burundi, Cameroon and the Cape Verde Islands. And that’s just the ABCs of the situation. Skip to the end of the alphabet and the story remains the same: Senegal and the Seychelles, Togo and Tunisia, Uganda and Zambia. From north to south, east to west, the Horn of Africa to the Sahel, the heart of the continent to the islands off its coasts, the US military is at work. Base construction, security cooperation engagements, training exercises, advisory deployments, special operations missions, and a growing logistics network, all undeniable evidence of expansion—except at US Africa Command.

To hear AFRICOM tell it, US military involvement on the continent ranges from the miniscule to the microscopic. The command is adamant that it has only a single “military base” in all of Africa: Camp Lemonnier in Djibouti. The head of the command insists that the US military maintains a “small footprint” on the continent. AFRICOM’s chief spokesman has consistently minimized the scope of its operations and the number of facilities it maintains or shares with host nations, asserting that only “a small presence of personnel who conduct short-duration engagements” are operating from “several locations” on the continent at any given time.

assets in Africa

http://www.tomdispatch.com/post/175743/tomgram:_nick_turse,_africom’s_gigantic_%22small_footprint%22/

20130907-090738.jpg

Cryptography

This has been in the news for awhile and I have been discussing aspects of it for months.

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
Enlarge This Image

Associated Press
This undated photo released by the United States government shows the National Security Agency campus in Fort Meade, Md.
This article has been reported in partnership among The New York Times, The Guardian and ProPublica based on documents obtained by The Guardian. For The Guardian: James Ball, Julian Borger, Glenn Greenwald. For The New York Times: Nicole Perlroth, Scott Shane. For ProPublica: Jeff Larson.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

NY times article

Unlocking Private Communications
Below are encryption tools the N.S.A. has had some success in cracking, according to documents provided by Edward J. Snowden describing the agency’s code-breaking capabilities.
VPNs
Virtual Private Networks
Commonly used by businesses to allow employees to access work networks from outside the office, via an encrypted “tunnel” through a public network.
Encrypted chat
Available with chat programs like Adium or with software added to programs like AOL Instant Messenger, providing “end to end” encryption, in which the data cannot be decrypted at any point along the transfer (even by the messaging service).
SSH Secure Shell
For Linux and Mac operating system users, this is the standard way to gain access to a remote computer.

HTTPS
Hypertext Transfer
Protocol Secure
This has long been a standard way to encrypt password and financial information when sending information from a computer to a server, and it is becoming more common with social media sites like Facebook and Twitter and Webmail services like Gmail. A URL that begins with “https://” and displays a small padlock icon designates a secured web page.
TLS/SSL
Transport Layer Security/
Secure Sockets Layer
The most common way to secure information sent over the Internet (including Web browsing and e-mail) and internal servers. HTTPS is secured by applying TLS/SSL to a Web site.
Encrypted VoIP
Voice over Internet Protocol
Services like Microsoft’s Skype and Apple’s FaceTime allow users to make free, encrypted phone and video calls over the Internet. The documents suggest that the N.S.A. is working with some VoIP services to obtain pre-encryption access to such messages.

multimedia look at how it is done

Six years ago, two Microsoft cryptography researchers discovered some weirdness in an obscure cryptography standard authored by the National Security Agency. There was a bug in a government-standard random number generator that could be used to encrypt data.

The researchers, Dan Shumow and Niels Ferguson, found that the number generator appeared to have been built with a backdoor — it came with a secret numeric key that could allow a third party to decrypt code that it helped generate.

According to Thursday’s reports by the ProPublica, the Guardian, and The New York Times, classified documents leaked by NSA whistleblower Edward Snowdon appear to confirm what everyone suspected: that the backdoor was engineered by the NSA. Worse still, a top-secret NSA document published with the reports says that the NSA has worked with industry partners to “covertly influence” technology products.

http://www.wired.com/threatlevel/2013/09/tech-industry-tainted

What the NSA says about Suite B

The secure sharing of information among Department of Defense, coalition forces, and first responders motivates the need for widespread cryptographic interoperability and for NSA-approved information assurance products that meet appropriate security standards to protect classified information.

A Cryptographic Interoperability Strategy (CIS) was developed to find ways to increase assured rapid sharing of information both within the U.S. and between the U.S. and partners through the use of a common suite of public standards, protocols, algorithms and modes referred to as the “Secure Sharing Suite” or S.3. The implementation of CIS will facilitate the development of a broader range of secure cryptographic products which will be available to a wide customer base. Some operational examples include enabling the U.S. Government to share intelligence information securely with State and local First Responders and providing war fighters on the battlefield the capability to share time-sensitive information securely with non-traditional coalition partners. To achieve the Strategy, NSA is working to influence International standards groups as well as national policies for securing National Security Systems. The use of selected public cryptographic standards and protocols and Suite B is the core of CIS.

Commercial Solutions for Classified (CSFC) will allow COTS information assurance products to be used in layered solutions to protect classified information. Click on the “Commercial Solutions for Classified Program” tab for more information.

Suite B cryptography has been selected from cryptography that has been approved by NIST for use by the U.S. Government and specified in NIST standards or recommendations. Suite B Cryptography is formalized in CNSSP-15, National Information Assurance Policy on the Use of Public Standards for the Secure Sharing of Information Among National Security Systems, dated March 2010.

Standards

The focus has been to leverage Federal and Internet standards, protocols and algorithms. Several Internet Engineering Task Force (IETF) protocol standards have been identified as having potential widespread use. IETF Request for Comments (RFCs) have been established to allow the use of Suite B Cryptography with these protocols. Additional IETF protocols are being assessed for their potential widespread use. The development of Internet Drafts to allow the use of Suite B Cryptography is either underway or being considered for these.

The next three sections identify the current IETF and NIST algorithm, protocol and modes standards that relate to Suite B Cryptography.

Algorithms

In 2005, NSA publicly announced Suite B Cryptography which built on the National Policy on the use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information (CNSSP-15). CNSSP-15 has been updated to address CIS and Suite B. In addition to AES, Suite B includes cryptographic algorithms for key exchange, digital signatures, and hashing; specifically

AES with 128-bit keys provides adequate protection for classified information up to the SECRET level. Similarly, ECDH and ECDSA using the 256-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-256 provide adequate protection for classified information up to the SECRET level. Until the conclusion of the transition period defined in CNSSP-15, DH, DSA and RSA can be used with a 2048-bit modulus to protect classified information up to the SECRET level.

AES with 256-bit keys, Elliptic Curve Public Key Cryptography using the 384-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-384 are required to protect classified information at the TOP SECRET level. Since some products approved to protect classified information up to the TOP SECRET level will only contain algorithms with these parameters, algorithm interoperability between various products can only be guaranteed by having these parameters as options.

:

NSA suite B

Quantum Cryptography

After yesterday’s NSA codebreaking revelations, there’s some good news for cryptography. A Toshiba research lab has announced a crucial breakthrough in quantum cryptography, the last truly unbreakable form of encryption, which could pave the way for a new generation of private communications networks.

Quantum cryptography uses the properties of light to create effectively unbreakable encryption. Any attempt to tap in affects the signal and can be instantly detected. The system is already in use in some expensive and high-profile setups, most notably in Geneva’s banking sector, but it comes with serious limitations. The laser-based process only works over short distances, and it can only be used to connect two computers at a time.

The new breakthrough, published this week in Nature, offers a way to solve the second problem, connecting as many as 64 computers in a setup they describe as a “quantum access network.” The breakthrough comes from an improved photon detector that can handle 1 billion photons per second, allowing it to manage photon streams from more than one computer at once. That lets quantum engineers build networks on a more common hub-and-spoke model, potentially opening the door for more sophisticated quantum-powered networks in the future.

Source Quartz, Nature

quantum crypto

The abstract from the paper

The theoretically proven security of quantum key distribution (QKD) could revolutionize the way in which information exchange is protected in the future1, 2. Several field tests of QKD have proven it to be a reliable technology for cryptographic key exchange and have demonstrated nodal networks of point-to-point links3, 4, 5. However, until now no convincing answer has been given to the question of how to extend the scope of QKD beyond niche applications in dedicated high security networks. Here we introduce and experimentally demonstrate the concept of a ‘quantum access network’: based on simple and cost-effective telecommunication technologies, the scheme can greatly expand the number of users in quantum networks and therefore vastly broaden their appeal. We show that a high-speed single-photon detector positioned at a network node can be shared between up to 64 users for exchanging secret keys with the node, thereby significantly reducing the hardware requirements for each user added to the network. This point-to-multipoint architecture removes one of the main obstacles restricting the widespread application of QKD. It presents a viable method for realizing multi-user QKD networks with efficient use of resources, and brings QKD closer to becoming a widespread technology.

nature paper on quantum cryptography

IN A recent blog post Babbage speculated what exactly an apparent cryptographic “breakthrough” achieved by America’s National Security Agency (NSA) might be. The three possibilities were, in ascending order of likelihood: the development of a quantum computer, some fundamental progress in attacking the mathematics underlying cryptographic algorithms, or else the discovery of flaws in the specific implementations of those mathematics in individual bits of software.
Reports published on Septemper 5th in the Guardian and the New York Times about the code-breaking efforts of the NSA and its British counterpart, GCHQ, add a lot of weight to the idea that, besides powerful supercomputers and court orders, the spooks are relying on dodgy software to help them to read messages. The central allegation is that the agencies have deliberately introduced flaws into the encryption used by many websites, sometimes with the connivance of the companies that run them. In the jargon (which has percolated into popular culture) this sort of flaw is known as a “back door”.

Economist article on Crypto

Syria

More thoughts later.

Per the article..

The United States and its allies are considering an attack against Syria’s government. Such an attack is limited only by the people, aircraft, ships, and vehicles available in the area, so when the U.S. Navy moves more ships into the eastern Mediterranean, it starts to look a little like war.
This infographic, by Farwa Rizwan at Al Arabiya English, looks at the military maneuvers already underway. France and the U.S., with Turkish and UK airbases serving as a staging point, are the nations most likely to act against Syria’s government. Until yesterday, when this map was published, the United Kingdom looked ready to intervene, but then its Parliament voted against intervention. I’ve left every reference to British military assets on the map intact here, but it’s unlikely now that the UK will play a direct role. All these countries are allies as part of NATO. Here is what they could bring to an intervention:
Runways and Airplanes
It’s hard to conduct a bombing campaign without a place for the warplanes to land. France has an aircraft carrier in the western Mediterranean that could be moved closer; there’s a shared U.S./Turkish airbase in Turkey; the UK has an air base in Cyprus, about 160 miles away from Syria; France and the U.S. both have bases in the United Arab Emirates; and the U.S also has bases in Qatar and Bahrain. There are also two American aircraft carriers in the region: the USS Nimitz and the USS Harry Truman, both in the Persian Gulf. It takes about 5 days for a carrier to move between the Suez and the Persian Gulf (provdied Egypt doesn’t close the canal), but they might not even need to do that. With mid-air refueling, and with permission from Iraq, American fighters could take off from carriers in the Persian gulf and attack Syria.
The map also shows American F-16s and British Typhoon planes. These are strike aircraft, or known in an earlier era as fighter-bombers. They can fight enemies in the air, as well as attack vehicles, buildings, and troops on the ground.
Submarines and Destroyers
America, France, and the UK all have ships in the Mediterranean Sea ready to strike at Syria, if need be, with cruise missiles. Both ships and subs carry cruise missiles, which can hit targets more than 1,000 miles away. You can read more about cruise missiles, and how they work, here.
Patriot Missiles
Also noted on the map are Patriot missiles, which is a bit of an odd choice. Patriot missiles are anti-ballistic, fired to intercept incoming enemy missiles. Syria has some long range ballistic missiles and last summer threatened to use them against foreign intervention.

What NATO weapons could hit Syria

20130907-124249.jpg

Why not a cyber offensive?

Seriously the brag in the various medias about how sophisticated the Govts computers are.. They have had considerable success with Stuxnet In Iran if reports are to be believed..

Famous NYTimes article about Stuxnet and Olympic Games

WASHINGTON — From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.

“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.

Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

Imfamous New York Times article on Olympic Games

http://www.nytimes.com/interactive/2012/06/01/world/middleeast/how-a-secret-cyberwar-program-worked.html?ref=middleeast

As Congress debates strikes against Syria for using chemical weapons against its own people, much attention has focused on using cruise missiles for limited strikes. The risks are evident. Will these be seen as a delayed, empty gesture that inflicts little damage but prods Bashar Assad into stepping up further attacks? Would casualties inflicted merely deepen bitterness between the sides and fuel the bloody conflict? Having declared use of chemical weapons a red line, will limited U.S. action convince other parties—notably Iran, China and Russia—that American threats should be taken seriously?

The United States must, as Steve Yates has observed, act with a sense of purpose and power. We must define the goal. Merely punishing Assad raises a problem. Secretary of State John Kerry has spoken powerfully and eloquently on why Assad should be punished. But a 1994 U.S. Senate Committee on Banking, Housing and Urban Affairs reported that the United States approved shipments to Saddam Hussein of materials that can be used in the production of biological weapons during his war with Iran. Make no mistake. No matter what they say today, any strike aimed at punishing this Arab regime for will draw criticism from Arabs and others as hypocrisy. That holds especially true if U.S. bombing or missile strikes result in Arab deaths or injury.

A goal of weakening the regime risks drawing the United States into the center of the conflict. For over a year, we have cautioned that the enemies of our enemy may not be our friends. We must tread carefully. Any use of force must define how far the United States is willing to go. There’s good reason Winston Churchill noted that sound foreign policy is driven by interests, not friendship. Our key strategic interest lies in ensuring that Assad’s formidable arsenal of chemical weapons does not get loose. That poses a threat to the international community. Israel has rightly said that any effort to transfer those weapons is cause for war. Here surfaces another problem.

The United States has declared it won’t put American boots on the ground. But containing Assad’s WMD arsenal may well require special operations that almost certainly would require intervention by special forces, even if in tandem with Arab partner states.

These considerations mandate that any strike—whether to punish, deter or weaken Assad—eschew what the military terms “kinetic” strikes (e.g., using missiles or bombs) in favor of cyber attacks. Taking out Assad’s air force and making his runways unusable might be a meaningful option, but there seems no realistic possibility the United States will opt for that. Well-targeted cyber attacks will send Assad and interested parties a strong message that we’re serious and put a meat axe into his command-and-control capabilities by sowing confusion, distrust, and chaos into those systems. The key is to direct attacks against Syrian cyber assets. That means find, fix, and finish activities against Syrian Electronic Army operatives – many of whom operate outside of Syria in the Gulf and Maghreb countries – and who can be identified and taken off the battlefield.

Cyber attack Syria?</a

Rand policy paper. Danger of intervention in Syria

I have posted this before but it seems even more timely to do so again.

In the midst of growing public wariness about large-scale foreign interventions, the Obama administration has decided to arm the Syrian rebels. Those who call for increasing the scope of U.S. aid to the Syrian rebels argue that (1) arming the rebels is the cheapest way to halt a humanitarian catastrophe, hasten the fall of the Assad regime through a rebel military victory or a negotiated settlement, and allow the Obama administration to influence the broader direc- tion of Syrian politics in a post-Assad world; (2) failure to step up U.S. involvement will damage America’s credibility and reputation in the eyes of our allies and adversaries; and (3) U.S. objec- tives can be accomplished with a relatively small level of U.S. commitment in Syria.
These arguments are wrong on all counts. There is a high risk that the decision to arm the Syrian rebels will drag the United States into a more extensive involvement later, the very sce- nario that the advocates for intervention claim they are trying to avoid. The unique characteris- tics of alliances between states and armed non-
state groups, in particular their informal nature and secrecy about the existence of the alliance or its specific provisions, create conditions for states to become locked into unpalatable obli- gations. That seems especially likely in this case. The specific way the administration has chosen to increase the scope of its support to the rebels sets the stage for even greater U.S. commitment in Syria in the future. The Obama administra- tion, therefore, should not have decided to arm the Syrian rebels.
Looking ahead, it is important for policy- makers to understand the nature of alliances between states and armed nonstate groups even after the Syria conflict is resolved. Given that Americans are unwilling to support large-scale interventions in far-flung reaches of the globe, policymakers looking for military solutions to political problems may conclude that arming proxy groups may be an attractive policy choice. They should instead, however, avoid committing to conflicts that don’t threaten core national se- curity interests.

Rand Policy Paper on Syria

http://object.cato.org/sites/cato.org/files/pubs/pdf/pa734_web_1.pdf

Chemical Weapons. Our shady past

The US has used Chemical Weapons in combat before. We have supplied Saddam Hussein with the components to use Chemical Weapons on his people and we have tested Chemical Weapons on our own Citizens and Armed forces.

Project SHAD

Totally unknown till 35 years after the Vietnam War was the DoD’s Project Shipboard Hazard and Defense (SHAD), a highly classified program, which from 1962 to 1971 tested whether US warships and their troops could withstand attacks from chemical and biological weapons. From overhead planes and nearby aircraft carriers, the military aimed lethal gases at ships carrying mostly unsuspecting sailors and marines. In the 1990s, veterans stationed on SHAD boats reported respiratory conditions and cancers only to be told by VA that nothing called Project SHAD had ever existed. Finally, after CBS broke the story in May 2001, the Department of Defense admitted to SHAD’s existence and its almost decade-long program of toxic testing.

Project Tailwind

In 1998, a CNN two-part Sunday night news report revealed that a special commando unit in 1970 used sarin gas in Laos to kill American defectors. The story about “Operation Tailwind” was researched, written and produced by seasoned journalists April Oliver and Jack Smith, with help from Pulitzer Prize-winning Peter Arnett, who narrated the broadcast. Under pressure from Henry Kissinger and others, many claim, CNN retracted the story, and fired Oliver and Smith, and Arnett soon after. ( Newsroom’s Aaron Sorkin recently explained on the Daily Show that he used “Operation Tailwind” as the basis of the second season’s centerpiece, Operation Genoa, a secret mission set in Pakistan, in which the US supposedly used sarin against civilians. CNN’s reporting, Sorkin told John Oliver, offered an intriguing example of journalism gone awry with compromising research and doctored videos.)

The story of Operation Tailwind has never been proven wrong, as Jennifer Epps persuasively documented recently on the Daily Kos. According to Oliver and Smith, the story’s prime source, Admiral Thomas Moorer, read and signed off on the script; and according to Reese Schonfeld, CNN’s co-founder, Moorer stated in a legal deposition that he had said what the journalists quoted him as saying. Even CNN’s attorneys Floyd Abrams and David Kohler “found no credible evidence at all of any falsification of an intentional nature at any point in the journalistic process….We do not believe it can reasonably be suggested that any of the information on which the broadcast was based was fabricated or nonexistent.” The attorneys asserted that high-level and reliable military personnel had been confidential sources for the story. Yet the story was pulled and the journalists fired.

chemical weapon