CIA Vault 7

[Abraham]

Weird Al's tinfoil hat isn't going to work.

It's not the right shape...

First, you must find a plastic colander, line it with tinfoil, Reynolds wrap being the finest, no grocery store house brands please, then mold your moldy old head into it for a form fit.

Now, you ready to deal with any and all pesky wave form and other intrusions.

[ScottDLS]

I don't understand why all those idiots in various government agencies - like the state department - don't use endpoint encryption. If your messages are stored in plaintext, you should be willing to shout them from the rooftops.

It also pains me that so many people seem to think a web site accessed via https (encrypted) connections is a secure server.

It might be, it might not be. Https just means the connection is secure. The data in flight to the server is pretty secure. Once its stored on the remote server it may be completely public. You just don't know.

As far as crypto that's completely uncrackable, even by the CIA, no problem - but you can't have ultimate convenience and ultimate security.

The CIA can't break a one time pad. You just have to communicate the pad separately from the ciphertext. Not convenient.

And don't get me started on election security. None of the right questions are being addressed.

No kidding it's not convenient, before the advent of Public Key encryption the symmetric keys to the ciphers had to be physically passed (like a OTP) between Navy ships, shore, Army units, etc. If someone lost the key material in battle, or if the North Koreans seized the ship, or if you had a traitor like John Walker with access to your crypto, boom your done...

The solution after John Walker and before PKI was "two person control"....i.e. LT Butthead watching ENS Beavis.... I'll let you guess which one I was....

[treadlightly]

No kidding it's not convenient, before the advent of Public Key encryption the symmetric keys to the ciphers had to be physically passed (like a OTP) between Navy ships, shore, Army units, etc. If someone lost the key material in battle, or if the North Koreans seized the ship, or if you had a traitor like John Walker with access to your crypto, boom your done...

The solution after John Walker and before PKI was "two person control"....i.e. LT Butthead watching ENS Beavis.... I'll let you guess which one I was....

Can you imagine the global crisis if anyone ever figures out how to quickly determine two prime factors for arbitrarily large numbers? One math breakthrough and the world would fall apart.

Setec Astronomy/Too Many Secrets...

[The Annoyed Man]

The CIA can't break a one time pad. You just have to communicate the pad separately from the ciphertext. Not convenient.

Funny thing...... My son and I were recently talking about setting up some book pads, just for the purpose of communications security in the event we were no longer digitally secure. Not that we ARE secure now; it's just that we're not particularly "anyone of interest". I take it for granted that if I wanted to have a secure conversation with someone in person, we'd have to leave any digital devices inside, and have it outside in the back yard. I also take it for granted that if I need to have secure communications with someone at a distance, it would have to involve dead drops and book pads.

And the thing is, I'm tired. I HATE the idea that I can be spied on at will by my own gov't, but I also figure I'm a nobody, and absent any criminal activity on my part, nobody's going to focus on my communications. But what I more than hate, and actually do worry about some, is my digital security being penetrated by someone outside of my own gov't. I take some steps to avoid that possibility, but I'm not any kind of network security professional, so my efforts are most likely regarded as paltry from a cyber-bad-guy's point of view. They primarily consist of (A) making sure my operating systems and applications are regularly updated whenever the patches become available, not opening emailed attachments from ANYbody unless I was expecting that one from that person, and not clicking on emailed links or embedded links without watching my status bar or popup prompts to see if the background URL gibes with what the link says it is supposed to be.

Code: Select all

<a href="http://www.stealyouridentity.com">https://www.checkyourcredit.com</a>!

[mojo84]

Not sure how reliable the Gateway Pundit is. However, if this is true, it sure blows holes in the theory that laws requiring warrants will keep the government from using the tools to hack and spy on US citizens.

http://www.thegatewaypundit.com/2017/03 ... wikileaks/

Not to mention the possible wiretapping of Trump's communications.

Are the two guys Hannity interviewed crazy or lying?

[bblhd672]

I don't understand why all those idiots in various government agencies - like the state department - don't use endpoint encryption. If your messages are stored in plaintext, you should be willing to shout them from the rooftops.

It also pains me that so many people seem to think a web site accessed via https (encrypted) connections is a secure server.

It might be, it might not be. Https just means the connection is secure. The data in flight to the server is pretty secure. Once its stored on the remote server it may be completely public. You just don't know.

As far as crypto that's completely uncrackable, even by the CIA, no problem - but you can't have ultimate convenience and ultimate security.

The CIA can't break a one time pad. You just have to communicate the pad separately from the ciphertext. Not convenient.

And don't get me started on election security. None of the right questions are being addressed.

No kidding it's not convenient, before the advent of Public Key encryption the symmetric keys to the ciphers had to be physically passed (like a OTP) between Navy ships, shore, Army units, etc. If someone lost the key material in battle, or if the North Koreans seized the ship, or if you had a traitor like John Walker with access to your crypto, boom your done...

The solution after John Walker and before PKI was "two person control"....i.e. LT Butthead watching ENS Beavis.... I'll let you guess which one I was....

Arrrg! John Walker! Spit! He gave all of us Navy Radioman a bad name. That traitor was responsible for potentially all of the message traffic I sent and received in the Navy being read by the Russians. Handling and destruction of key data never should have been allowed to be the purview of one person.

[ninjabread]

The snow this year is better at Innsbrook.

[treadlightly]

The snow this year is better at Innsbrook.

But not at San Moritz.

[Liberty]

Quantum Computing breaks all the rules for computing power, and is the tool that most cryptologist recognize the will break current encryption technology.IBM Q is an industry-first initiative to build commercially available universal quantum computers for business and science. I wonder how far ahead is the NSA with this science and technology. Wasn't long ago that Quantum computing was Science fiction, It's looking like the real thing is already here. With powerful quantum computing there will be no secrets from the government. All knowledge is just an algorithm away.

[ScottDLS]

Quantum Computing breaks all the rules for computing power, and is the tool that most cryptologist recognize the will break current encryption technology.IBM Q is an industry-first initiative to build commercially available universal quantum computers for business and science. I wonder how far ahead is the NSA with this science and technology. Wasn't long ago that Quantum computing was Science fiction, It's looking like the real thing is already here. With powerful quantum computing there will be no secrets from the government. All knowledge is just an algorithm away.

What if you use quantum "entanglement" to verify that the message hasn't been intercepted while in transit? Or use quantum computing to generate heretofore unimagined ciphers?

Encryption is most useful in protecting data in transit. There are other ways to protect data at rest...anti tampering protocols that wipe non persistent memory where the cipher keys and data are stored. Factoring big prime numbers with a quantum computer will be very good for attacking Public Private keypairs, but less for breaking into physically tamper protected data storage. (i.e. You lock your data in a giant vault with a bomb inside that goes off if you miss the combination 3 times, or break in....OR the electronic equivalent. )

[Nuts]

Quantum Computing breaks all the rules for computing power, and is the tool that most cryptologist recognize the will break current encryption technology.IBM Q is an industry-first initiative to build commercially available universal quantum computers for business and science. I wonder how far ahead is the NSA with this science and technology. Wasn't long ago that Quantum computing was Science fiction, It's looking like the real thing is already here. With powerful quantum computing there will be no secrets from the government. All knowledge is just an algorithm away.

Who do you think they developed it for in the first place? The NSA IS probably 2 generations ahead of that. I worked for a government contractor for a few years and we were at least two generations sometimes 4 generations ahead.

[treadlightly]

In all probability - at least for now - no American intelligence agency is likely interested in me, so I'm probably not at risk of a hack from that vector.

Quite true, but never forget Steve Jackson Games of Austin, in the dark days before the feds had a clue.

Basically, 13 year olds with Commodore 64's breached NYNEX, the New York phone company, in 1989 or 1990, and played unlawful games with the phone company. The telco was embarrassed and urged the feds to get to the bottom of it.

The FBI discovered the kids in New York had some contact with a credit card thief in Atlanta, which got the Secret Service involved. The SS wanted to show the FBI who was boss and uncovered an email dialog on a BBS-like system in Illinois with a nefarious guy called Knight Lightning who they found worked for Steve Jackson Games in Austin.

The email chatter was about universal hacking tools that would melt through Unix, VAX, any supercomputer, it would hack your Frigidaire so the light stayed on when the door shut, it would do everything, everywhere, with never a compatibility problem on any computing environment ever envisioned.

Unfortunately, the feds (at that time) were too dumb to tell they had learned about a work of fiction being written at Steve Jackson Games to support a role playing game based on rolling dice. A novel, but they thought it was all real. In fact, Steve Jackson Games had never developed computer software of any kind. Nobody bothered to check.

The Secret Service executed a no-knock warrant on Steve Jackson Games in the wee hours of March 1, 1990. Sam Sparks, the no-nothing judge who signed the warrant, is still on the bench. He may be a nice guy, but he did a stupid, stupid thing in 1990.

When Steve Jackson's employees began drifting in for work, the door was off the hinges, the premises open and unguarded, and every bit of paperwork and all electronic devices were seized.

As they drove away, the Secret Service was still unaware they had confiscated a book. More importantly in court, they had confiscated the computer hosting a BBS.

Mitch Kapor, the creator of Lotus123, and John Perry Barlow, a Grateful Dead lyricist, teamed up to create the Electronic Frontier Foundation to fight on Steve Jackson's behalf.

They won what I understand is the first successful civil rights lawsuit against the Secret Service, awarding $1,000 per each of the 300 BBS users who lost their place to peacefully assemble under the First Amendment. They couldn't reconnect since they used, as is done here, handles instead of names.

Steve Jackson was on Good Morning America, years after his raid. He'd nearly been bankrupted, and when his computers were returned they were bludgeoned into uselessness. The evidence had been abused, dropped, and mistreated in an extreme way. Nothing in the tale is a federal success story.

I've spoken to FBI agents a few times since 1990. These days the agents tasked with cyber issues are like systems administrators. They know lex from yacc, and that's great. But it's disturbing that I never spoke to one who had ever heard of the Steve Jackson Games fiasco. Not one.

A federal agent involved with communication crimes and not knowing the history of Steve Jackson's raid is like living in Texas and not knowing about the Alamo.

For more information, about Steve Jackson Games, not historic Spanish missions, read The Hacker Crackdown: Law and Disorder on the Electronic Frontier by Bruce Sterling - in the public domain to raise alarm at the author's insistence, http://www.mit.edu/hacker/hacker.html

[The Annoyed Man]

The snow this year is better at Innsbrook.

But not at San Moritz.

BWAAAAAHAHAHAHAHAHAHAAAAAAAAAA!!!!!

[mojo84]

I have a feeling some of the same folks that are saying there is no worries regarding the US government would spy on them are some of the same ones that would have an aneurysm if a cop stopped them and asked to see their LTC.

I am duly impressed with all of the technoligical knowledge and expertise that has been flaunted in this thread. I still have one question, with all of this awesome knowledge about incredible encryption technology and data protection, how in the world are all of these various breaches happening?

Then again, if you have nothing to worry about, why worry about about the government monitoring or ID'ing you?

[Beiruty]

I have a feeling some of the same folks that are saying there is no worries regarding the US government would spy on them are some of the same ones that would have an aneurysm if a cop stopped them and asked to see their LTC.

I am duly impressed with all of the technoligical knowledge and expertise that has been flaunted in this thread. I still have one question, with all of this awesome knowledge about incredible encryption technology and data protection, how in the world are all of these various breaches happening?

Then again, if you have nothing to worry about, why worry about about the government monitoring or ID'ing you?

The encryption software provider would provide a back door access to the Federal Agencies and under the protection of no-see, no-tell, not-me....
It is true for almost all software providers.