If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Apple Insider)   U.S. Drug Enforcement Agency openly frustrated that they cannot crack Apple's iMessage encryption to listen in on suspects   (appleinsider.com) divider line 34
    More: Spiffy, DEA, encryption, Mac computers, Internet Crime Complaint Center  
•       •       •

9615 clicks; posted to Main » on 04 Apr 2013 at 3:56 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



Voting Results (Smartest)
View Voting Results: Smartest and Funniest


Archived thread
2013-04-04 03:48:10 PM
11 votes:
What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?

i.imgur.com
2013-04-04 02:02:46 PM
4 votes:
It's Drug Enforcement Administration, Not Drug Enforcement Agency.
In any case, those assholes are the problem, not the solution.
2013-04-04 04:36:52 PM
3 votes:

WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.


Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

THAT is the way that Windows now works for out government to take advantage of when they need it.  Heck, for all we know the people in the Clinton Administration saw the future of cyber warfare, tried the pretty-please approach to get their people on the inside of MS, got turned down by Bill Gates, and the anti-trust case was blackmail to hammer Bill Gates into saying YES.
2013-04-04 04:06:45 PM
3 votes:
WalkingCarpet: "What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?"

Drug Dealers use burners.
It's cute to have encryption, but if you're carrying the same tracking beacon 24/7 they'll get plenty of evidence the old fashioned way.
2013-04-04 04:23:11 PM
2 votes:

WhoopAssWayne: dittybopper: Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.

Dilettantes have been telling themselves that for millennia.


It's provably so.  

Better yet, it can be implemented without any resort to electronics.  This is a set of pads I generated with 10-sided dice and a manual typewriter:

i55.tinypic.com

Completely random.
2013-04-04 02:18:50 PM
2 votes:
imgs.xkcd.com
2013-04-05 07:53:34 AM
1 votes:

NutWrench: WhoopAssWayne: dittybopper: It's provably so.

Can it stand up to Rubber Hose Cryptanalysis?

This, If "any code can be cracked" then governments wouldn't pass laws to force YOU to give up your passwords: they would simply crack the encryption on your device without involving you at all. If the government wants your password, the only thing that's going to get cracked is your skull.

(Distributed.net use to run cracking contests. It took 10,000 computers nearly 3 months to brute-force a 56-bit key. 128 bit keys are the current minimum standard for Internet banking and programs like truCrypt can encrypt with 4096 bit keys. )


Consider this:  One-time pads use a key the same length as the sum total of the lengths of all the messages added together, and the key is completely random so no amount of analysis can ever be used to divine a pattern because there is none.

If you try to brute-force a solution, all you will do is generate every possible solution of the same length.  Was the message "Kill Bill", "Kiss Kate", or "Flew away", or any other possible combination that length?  No way to tell.  Ever.
2013-04-05 07:43:31 AM
1 votes:

whither_apophis: Don't forget to burn the ribbon.


For well-worn fabric ribbons, you don't have to.  The palimpsest is too deep to extract useful information.  But if you want to be ultra-paranoid, well, typewriter ribbons are cheap, so go ahead.
2013-04-05 07:36:29 AM
1 votes:

WhoopAssWayne: dittybopper: It's provably so.

Can it stand up to Rubber Hose Cryptanalysis?


Absolutely.  Because you can't remember hundreds or thousands of random numbers you only saw once or twice, then destroyed.

No amount of beating is going to make you remember something you aren't capable of remembering.  That's one of the major features of a one-time pad:  Employed correctly, it's absolutely immune to all forms of cryptanalysis, including the kinetic forms.
2013-04-05 04:29:10 AM
1 votes:

A Shambling Mound: As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.


I could see MS denying a 0-day and not patching it back when they were much more lax but I can't see them keeping it unpatched at the behest of a governing body nor could I imagine a government body requesting such a thing for fear that they'd be liable to the same intrusion technique.
2013-04-05 04:23:35 AM
1 votes:

libranoelrose: UnspokenVoice: mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

THAT is the way that Windows now works for out government to take advantage of when they need it.  Heck, for all we know the people in the Clinton Administration saw the future of cyber warfare, tried the pretty-please approach to get their people on the inside of MS, got turned down by Bill Gates, and the anti-trust case was blackmail to hammer Bill Gates into saying YES.

You don't happen to have any evidence of this, do you?

http://en.m.wikipedia.org/wiki/Windows_Metafile_vulnerability#section _ 6


LOL! That's, umm, some strange evidence.
2013-04-04 10:15:34 PM
1 votes:

mrmopar5287: UnspokenVoice: You don't happen to have any evidence of this, do you?

All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government.  They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out.  So why would you expect Microsoft to have unimpeachable morals?


There were other large Telecom companies that were approached who did not participate with the government in that effort.  They weren't forced to participate because there weren't any legitimate warrants or subpoenas for this traffic.  If there were (legitimate) warrants, then everyone that was asked, would have been forced to participate and the backlash would have been strictly on the government and not on the carriers who succumbed to the pressure to cooperate.  My personal opinion is that gobs of money paying the best lawyers is what kept Microsoft from getting terribly damaged by all of the lawsuits the government has put on them over the years and not some form of quid pro quo.  There entire business would be shot to hell if it was ever found (and it would be eventually found) that back doors for the government were installed.  I don't think Microsoft has unimpeachable morals either.  I just think even they are not that stupid such that they would willingly participate in that kind of request.
2013-04-04 06:56:15 PM
1 votes:

mrmopar5287: A Shambling Mound: Also, do you think the US government would be using operating systems on it's own computers (some containing extremely sensitive data) that has a backdoor they know exists?
Sorry, ain't buying it.

The government has their own custom distribution of Windows for their computers.  Something about the Air Force office of information technology does their own patching of exploits and has their own distributions that are rolled out onto government computers.  The US government has access to take the exploits out of their own computers (but leave it into the retail distributions sold to everyone else).

Why do we have to develop malware like Flame or Gauss if we already have theoretical access to every computer running Windows worldwide? We could crack open Iran and China like a pistachio in a hardware shredder.

You use malware like that for the petty stuff that you know will leak into the news, or be easily discovered.  That's plausible deniability stuff that can be jettisoned overboard when you need a disposable excuse to put on the news.  You save the deep, built-in exploits for serious spying: emergencies and other stuff that is so clandestine that it will NEVER be discussed outside the high-level people at the top.


Wow, okay, I give up.  I will simply re-iterate one last time because I almost feel like it's just bouncing off - there is no government sponsored backdoor built into Windows. It is simply not there. It does not exist. It is a non-thing.

Also, I do not wish to sign up for your newsletter.
2013-04-04 06:17:49 PM
1 votes:

mrmopar5287: UnspokenVoice: You don't happen to have any evidence of this, do you?

All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government.  They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out.  So why would you expect Microsoft to have unimpeachable morals?


Your examples bear no similarity and this has nothing to do with morals. A telco handing data to the government is no more surprising than an ISP doing the same, and we all know they do so. Microsoft would cooperate in the same manner if they possessed user data on file that the government desired, of that I have no doubt. Intentionally building a point of entry into an operating system? Hell no. It would entirely obviate any attempts at security from that point forward. Also, do you think the US government would be using operating systems on it's own computers (some containing extremely sensitive data) that has a backdoor they know exists? Why do we have to develop malware like Flame or Gauss if we already have theoretical access to every computer running Windows worldwide? We could crack open Iran and China like a pistachio in a hardware shredder. By that same token, they could do the same to us and I promise you the US Government would be having NONE of that.

As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.

Sorry, ain't buying it.
2013-04-04 06:14:30 PM
1 votes:

WhoopAssWayne: dittybopper: Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.

Dilettantes have been telling themselves that for millennia.

It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance. They've never denied this as far as I know. Given the kind of pressure the US government can exert, I don't think anyone would be surprised if they did the same to Apple. This could just be a clever false flag operation. Convince drug dealers and other criminals to use something they know to be cracked wide open, like say iMessage, versus using a service with strong, open source encryption.


They repeatedly deny such conspiracy theories.

http://borepatch.blogspot.com/2009/11/microsoft-no-nsa-back-door-in-w i ndows-7.html?m=1
2013-04-04 05:59:03 PM
1 votes:

UnspokenVoice: You don't happen to have any evidence of this, do you?


All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government.  They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out.  So why would you expect Microsoft to have unimpeachable morals?
2013-04-04 05:28:48 PM
1 votes:

Infernalist: FizixJunkee: mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

Perhaps my tinfoil hat is on too tightly, but I actually buy this post.

Because it makes sense on a number of fundamental levels.


Obviously you skipped a few posts that make even more sense. People who believe there are secret Government-accesible backdoors in Microsoft products usually don't understand 1) how software works 2) how two-way network communications work and 3) the unbelievable level of culpability on Microsoft's part should something like that be compromised, allowing unfettered access to hundreds of millions of computers worldwide.

There is no "backdoor" in Windows. There just isn't. Period. There are, however, a bajillion different ways to create backdoors into Windows, many of which probably are only known to the people that use them. That is a very different thing, however.

Not only does the idea not make sense on a fundamental level, it literally flies in the face of reason.
GBB
2013-04-04 05:20:43 PM
1 votes:
Or, it's super easy to crack and the DEA is trying to get more people to use it for nefarious reasons so they can be spied on.
2013-04-04 05:03:38 PM
1 votes:
Meanwhile the NSA chuckles.
2013-04-04 04:52:04 PM
1 votes:

A Shambling Mound: As far as I am aware no one has ever found a backdoor of any kind into any Microsoft operating system, working or otherwise. The simple presence of code allowing for that kind of operation would have been found by now if it existed. Further, if it existed it would have been exploited by malware authors.


For further proof, plenty of people have run Windows machines behind Linux box firewalls/bit-loggers (which have had code reviewed all the way down), and haven't seen any evidence of unanticipated communications.  Unless they're hiding their communications very cleverly (timing of packets or some such) or communicating some way other than the internet, there's not much evidence of backdoors.
2013-04-04 04:43:21 PM
1 votes:

mrmopar5287: Rumored? I think that's pretty much confirmed. And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.


That level of paranoia overlooks the basic fact the most paranoid group of people on the entire planet, and the loudest to protest any perceived coercion, is software programmers.

You just can't make conspiracy like that work with skilled worked unless they actually believe they are personally saving lives.
2013-04-04 04:37:39 PM
1 votes:

ceebeecates4: What encryption method does iMessage use? Is it a stream or block cipher? What is the key strength? While encryption is mathematically complicated, the concepts of use are not.


Given that it's closed-source, it could be a variation of ROT13 for all we know.

ceebeecates4: while I don't expect you to name the "backdoors" you allege Microsoft products contain


Obviously I'm speculating, but I believe you're being naive if you think microsoft would put up some kind of principled fight if the government asked for such access. As far as communicating the results, it could be as simple as collecting keystrokes and saving them until the warrants get served and the machine gets confiscated. If you want to go the network route, which I think is what you were getting at, then who really monitors what their system sends out? Firewalls are pretty forgiving for anything sent over http, could be a lot of things sent in those headers, etc.
2013-04-04 04:35:39 PM
1 votes:
Anyone can be a suspect, so good. Let the subhuman scum work for a living.

Does this mean the DEA needs to be brought up to speed for every new encryption system or chat program?

DEA officials first discovered that iMessages could be a hinderance to their efforts when a real-time electronic surveillance under the Federal Wiretap Act failed to yield all of a target's text messages.

I am so sure that it was the 'one target' they had difficulties with. I shouldn't be surprised but I am still disgusted. Just because its legal doesn't mean it's right.

/special hatred for dea scum
2013-04-04 04:31:24 PM
1 votes:

Sword and Shield: dittybopper: HR MSG NR 1 GR 9 BT
05231 05231 90079 02269 13953  55743 44189 77571 89058
AR

Okay, I'll ask. I know the layout- that's likely Enigma code. How does one set the machine to decode it, if you know the reel settings?


Google *one time pad*

Then look at DITTY's profile to decypher.
2013-04-04 04:28:14 PM
1 votes:

dittybopper: It's provably so.


Can it stand up to Rubber Hose Cryptanalysis?
2013-04-04 04:24:00 PM
1 votes:

lewismarktwo: Strategeryz0r: WalkingCarpet: What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?

[i.imgur.com image 246x245]

Inception!

That's what I'm thinking.


You'll notice how little time the security agencies spend spreading warnings about how they can't read, say, PGP/GPG-coded messages.  Not sure if that's just a case of 'really, nobody uses it except extreme geeks', or a case of 'let's not entice criminals to use those tools'.
2013-04-04 04:22:11 PM
1 votes:
Nowadays the laptop has only one function for Randy: he uses it to communicate with other people, through e-mail. When he communicates with Avi, he has to use Ordo, which is a tool for taking his ideas and converting them into streams of bits that are almost indistinguishable from white noise, so that they can be sent to Avi in privacy. In exchange, it receives noise from Avi and converts it into Avi's thoughts.

At the moment, Epiphyte has no assets other than information--it is an idea, with some facts and data to back it up. This makes it eminently stealable. So encryption is definitely a good idea. The question is: how much paranoia is really appropriate?
Avi sent him encrypted e-mail:

When you get to Manila I would like you to generate a 4096 bit key pair and keep it on a floppy disk that you carry on your person at all times. Do not keep it on your hard disk. Anyone could break into your hotel room while you're out and steal that key.

Now, Randy pulls down a menu and picks an item labeled: "New key. . ." A box pops up giving him several KEY LENGTH options: 768 bits, 1024, 1536, 2048, 3072, or Custom.

Randy picks the latter option and then, wearily, types in 4096.

Even a 768-bit key requires vast resources to break. Add one bit, to make it 769 bits long, and the number of possible keys doubles, the problem becomes much more difficult. A 770-bit key is that much more difficult yet, and so on. By using 768-bit keys, Randy and Avi could keep their communications secret from nearly every entity in the world for at least the next several years. A 1024-bit key would be vastly, astronomically more difficult to break.

Some people go so far as to use keys 2048 or even 3072 bits in length. These will stop the very best codebreakers on the face of the earth for astronomical periods of time, barring the invention of otherworldly technologies such as quantum computers. Most encryption software--even stuff written by extremely security-conscious cryptography experts--can't even handle keys larger than that. But Avi insists on using Ordo, generally considered the best encryption software in the world, because it can handle keys of unlimited length--as long as you don't mind waiting for it to crunch all the numbers.

Randy begins typing. He is not bothering to look at the screen; he is staring out the window at the lights on the trucks and the jeepneys. He is only using one hand, just flailing away loosely at the keyboard.

Inside Randy's computer is a precise clock. Whenever he strikes a key, Ordo uses that clock to record the current time, down to microseconds. He hits a key at 03:03:56.935788 and he hits another one at 03:05:57.290664, or about .354876 seconds later. Another .372307 seconds later, he hits another one.
Ordo keeps track of all of these intervals and discards the more significant digits (in this example the .35 and the .37) because these parts will tend to be similar from one event to the next.

Ordo wants randomness. It only wants the least significant digits--say, the 76 and the 07 at the very ends of these numbers. It wants a whole lot of random numbers, and it wants them to be very, very random. It is taking somewhat random numbers and feeding them through hash functions that make them even more random. It is running statistical routines on the results to make sure that they contain no hidden patterns. It has breathtakingly high standards for randomness, and it will not stop asking Randy to whack on the keyboard until those standards are met.

The longer the key you are trying to generate, the longer this takes. Randy is trying to generate one that is ridiculously long. He has pointed out to Avi, in an encrypted e-mail message, that if every particle of matter in the universe could be used to construct one single cosmic supercomputer, and this computer was put to work trying to break a 4096-bit encryption key, it would take longer than the lifespan of the universe.

"Using today's technology," Avi shot back. "that is true. But what about quantum computers? And what if new mathematical techniques are developed that can simplify the factoring of large numbers?"

"How long do you want these messages to remain secret?" Randy asked, in his last message before leaving San Francisco. "Five years? Ten years? Twenty-five years?"

After he got to the hotel this afternoon, Randy decrypted and read Avi's answer. It is still hanging in front of his eyes, like the afterimage of a strobe:

I want them to remain secret for as long as men are capable of evil.
2013-04-04 04:17:23 PM
1 votes:

dittybopper: HR MSG NR 1 GR 9 BT
05231 05231 90079 02269 13953  55743 44189 77571 89058
AR


You're the reason I enjoy crypto threads, FYI.
2013-04-04 04:12:54 PM
1 votes:
So, what this means is that iMessage is actually the easiest thing for them to spy on and they want everyone who's doing illicit business to use it, right?
2013-04-04 04:12:32 PM
1 votes:
Encryption, folks.  It's not too hard to set up.
2013-04-04 04:11:53 PM
1 votes:

dittybopper: DanZero:
[imgs.xkcd.com image 448x274]

Assuming this is pointed at me, you can't be expected to remember a long string of random numbers that you destroyed immediately after use.


Actually not only is it directed at you, Randall Munro originally created the comic with you in mind.  You're that big a deal.
2013-04-04 04:05:11 PM
1 votes:

WalkingCarpet: What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?

[i.imgur.com image 246x245]


Sounds like another issue is that iMessage doesn't use the SMS system.  KiK, Gtalk, etc. may also be safe to use.
2013-04-04 02:05:55 PM
1 votes:
Meh.  I can do better with paper and pencil, something not even the NSA can crack.  Ever.
2013-04-04 01:55:21 PM
1 votes:
I thought the #2 mobile OS was better, with all the anti virus programs you can download from Google play.
/Grabs popcorn and holds tight to my lumia 920
 
Displayed 34 of 34 comments

View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking
Submit a Link »






Report