The Deeper Meaning Of Miranda's Detention And The Destruction Of The Guardian's Hard Drives

from the deny-and-disrupt dept

As many have already observed, the detention of David Miranda comes across as an act of blatant intimidation, as does the farcical destruction of the Guardian's hard drives. But something doesn't ring true about these episodes: spooks may be cynical and ruthless, but they are not generally clueless idiots.

They would have guessed that Miranda would not possess the keys for any encrypted files that he was carrying, so seizing his equipment simply left them with a bunch of ones and zeroes that they were unable to read (unless strong encryption has been broken and we don't yet know about it). Equally, they would have assumed that the Guardian had made backups of its files on the hard drives, so destroying them was literally quite pointless. What's really going on here? A brilliant post by author Barry Eisler, who used to work for the CIA, offers perhaps the most plausible explanation so far:

The purpose was to demonstrate to journalists that what they thought was a secure secondary means of communication -- a courier, possibly to ferry encrypted thumb drives from one air-gapped computer to another -- can be compromised, and thereby to make the journalists' efforts harder and slower.
The same is true for the destruction of the Guardian's hard drives:
The point was to make the Guardian spend time and energy developing suboptimal backup options -- that is, to make journalism harder, slower, and less secure.
What is particularly chilling, as Eisler notes, is that this technique is not new:
Does this sort of "deny and disrupt" campaign sound familiar? It should: you've seen it before, deployed against terror networks. That's because part of the value in targeting the electronic communications of actual terrorists is that the terrorists are forced to use far slower means of plotting. The NSA has learned this lesson well, and is now applying it to journalists. I suppose it's fitting that Miranda was held pursuant to a law that is ostensibly limited to anti-terror efforts. The National Surveillance State understands that what works for one can be usefully directed against the other. In fact, it's not clear the National Surveillance State even recognizes a meaningful difference.
The US and UK governments' equating of journalism and whistleblowing with terrorism is becoming clearer by the day.

Follow me @glynmoody on Twitter or identi.ca, and on Google+



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 3:54am

    The best way around both.

    Take your information and throw a big encrypted wrapper on it (truecrypt volume) and upload it to usenet. from there, any person in any country could download the file, but only those who hold the keys can unlock the file.

    Not only that, but usenet would serve as a free online backup for the file, and you could download it later. This is easier than a cyberlocker, and it would be held for three years plus on the servers, effectively for free.

    Your only problem would be DMCA complaints against the file, taking it off the servers faster than you can say "Peter Piper picked a peck of pickled peppers."

    (Just thought of this: Ideally put three wrappers on the files, just to hamper cracking efforts.)

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    zan, Aug 28th, 2013 @ 4:02am

    Re: The best way around both.

    I think an encrypted torrent would be a better idea, long as someones uploading and the dht network is working it'll always be downloadable.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 4:39am

    "...unless strong encryption has been broken and we don't yet know about it"


    Yes, the encryption cipher was probably strong, but that doesn't mean the user password was equally strong. A Cryptologists will always attempt to break a password first, instead of the encryption cipher's mathematical algorithm itself.

    For example, most ciphers are 128-256bits in strength. If a user chooses a password that is 16 characters in length, then the password only has around 16bits of strength.

    2^16 = 65536 possible password combinations to break the password. The NSA can probably chew through thousands of password attempts per second. Probably much, much more attempts per second, unless key stretching is used. Such as bcrypt, scrypt or pbkdf. In order to slow down password guessing attempts using multiple hashing rounds on the password.

    The fact Greenwald and Poitras seem to be using the sneaker net (transportation of information using tennis shoes), this leads me to believe they were worried about their cryptographic capabilities.

    Thus, I'm forced to assume there's a high probability their password lengths were far shorter than 128-256 characters long. Not to mention a fully random password with that is impossible to remember. Otherwise the password will be low on entropy (randomness).

    I hope I'm wrong about all these assumptions. I really do.


    As to why the UK and US Governments detained Miranda and stole his digital devices. I believe it has less to do with intimidation, and more to do with the UK and US Governments wanting to know what documents Snowden downloaded.

    It's already been stated multiple times the the US Gov. has no idea what documents Snowden, and the media, are in possession of. The US Gov. is finding it very difficult to lie to the American people about the NSA's unconstitutional spying capabilities.

    The moment they make a false statement in public, a new leak comes out contradicting the lie they just made. That has to be embarrassing.

    The US Gov. wants to know what those documents are, and they probably figured Greenwald and Poitras' cryptographic skills were weak enough that they'd have a shot at breaking their weak passwords to see what documents they're up against.

    Like I said, I hope I'm wrong about all this. All the circumstantial information seems to be pointing towards this though.


    As for the UK Gov. destroying the Guardian's hard drives. That was indeed meant to intimidate media organizations. There's no other explanation for that barbaric move.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Rabbit80 (profile), Aug 28th, 2013 @ 5:00am

    Re:

    You have you maths seriously wrong!

    A bit is either a 1 or a 0 - a password has all the letters of the alphabet in upper and lower case, numbers and symbols available.

    See here - http://www.lockdown.co.uk/?pg=combi

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 5:08am

    An infographic demonstrating how to calculate password strength.

    https://xkcd.com/936/

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Some Guy, Aug 28th, 2013 @ 5:38am

    Re:

    Assuming you can use any of the printable ASCII characters (i.e., not the initial 32 control characters or DEL, but including space), a perfectly random 16-character password has 95^16 combinations (> 2^105, < 2^106).

    So it is quite a bit weaker than a 128-bit key, but not by as much as you suggest.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Chris Rhodes (profile), Aug 28th, 2013 @ 5:40am

    Re: Re:

    Yeah, that's some seriously bad math on his part.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Zos (profile), Aug 28th, 2013 @ 5:44am

    Re:

    for everything in life, there is an xkcd

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 6:06am

    Poitras is supposed to be pretty adroit at security

    Bruce Schneier comments someplace that Greenwald was pretty naive about security, but that Laura Poitras was quite competent. The package in question was heading from P to G, so I expect the crypto was good.

    Which suggests that the crypto was not broken, and when the UK govt described to the court the GCHQ documents Miranda was allegedly carrying, they might have been lying. Presumably to FUD G&P, but judges don't usually like liars.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 6:08am

    95^16?

    not knowing what number that gave (how many zeroes?) i put it into google and that said: 4.4012667e+31
    Which is slightly worse. so i put 4.4012667e+31 into google and even google couldn't answer that.
    I am hoping its 'a really big number that GCHQ cryptographers will have a problem with'.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 6:15am

    Suboptimal backup options?

    If they had all the data in a single place, where a single accident (for instance, a fire) can destroy it, that is a suboptimal backup option.

    By forcing them to destroy the data that was kept in a single location, they make the Guardian (and everyone else who is watching) spend time and energy developing a better backup option. That is the opposite of making them develop a suboptimal backup option.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Some Guy, Aug 28th, 2013 @ 6:23am

    Re: Re: Re:

    Unless he's referring to the common metric of roughly one bit of entropy per character of English text ...

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Bergman (profile), Aug 28th, 2013 @ 6:26am

    Re: The best way around both.

    Two other things you should also do:

    Don't just upload sensitive files, also upload things like core dumps and the complete works of Shakespeare. All massively encrypted like the actual files you want to transfer. Don't just keep them guessing, keep them BUSY.

    Upload things that they don't WANT to decrypt -- things that they're not supposed to know (courtesy of Wikileaks, for example) and disgusting image files (clown or midget porn, anyone?).

    Naturally, use different keys, encryption algorithms and all for each file, and perhaps make the ugly stuff easier to open, heh.

    Can you imagine the horror of them seizing a computer, discovering it contains 50,000+ encrypted files...and 99.99% of them are things they will wish they could un-see?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Shon Gale, Aug 28th, 2013 @ 6:29am

    None of these government(s) will ever give up any of their power base to the people of their country. You can vote until you are blue in the face and you will never change a thing. Presidents change, Prime Ministers come and go, Kings and Queens live and die, but the policing and security structures always remain the same and are promoted from within. In other words these people don't work for you. They work for their power base, for their control.
    Remember we warned all of you during and after the Vietnam war about the lock they have on everything now. Remember we warned you about Big Brother, well he is here and he is watching and he is controlling the money, the power and your entire life. When we complained they gave us inflation.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    NSAtarget, Aug 28th, 2013 @ 6:30am

    Schneier's analysis

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Some Guy, Aug 28th, 2013 @ 6:36am

    Re: 95^16?

    44,012,667,000,000,000,000,000,000,000,000, or 44,012,667 trillion trillion, or a bit over 44 nonillion.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 6:45am

    Jay Rosen on Barry Eisler's piece

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Hephaestus (profile), Aug 28th, 2013 @ 6:50am

    Re: The best way around both.

    Simpler but messy on the backend solution 1 condom, 1 micro SD card, swallow.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 7:05am

    Quoted from Wikipedia: https://en.wikipedia.org/wiki/Password_strength#NIST_Special_Publication_800-63

    "NIST Special Publication 800-63 suggests the following scheme to roughly estimate the entropy of human-generated passwords:[2]

    The entropy of the first character is four bits;

    The entropy of the next seven characters are two bits per character;

    The ninth through the twentieth character has 1.5 bits of entropy per character;

    Characters 21 and above have one bit of entropy per character.

    A "bonus" of six bits is added if both upper case letters and non-alphabetic characters are used.

    A "bonus" of six bits is added for passwords of length 1 through 19 characters following an extensive dictionary check to ensure the password is not contained within a large dictionary. Passwords of 20 characters or more do not receive this bonus because it is assumed they are pass-phrases consisting of multiple dictionary words."


    Using the above NIST calculation, a 16 character long password has at best.

    4+2+2+2+2+2+2+2+1.5+1.5+1.5+1.5+6+6=36bits of entropy.

    That's assuming the password does not contain any words found in a dictionary (+6bit bonus). Contains both uppercase and lowercase letters, plus non-alphabetic characters are used (+6bit bonus).


    Just for fun, let's say the NSA has a really slow supercomputer at their disposal. One which can only make 71,000 password guesses a second against a Bcrypt hashed password. Such as this homemade 25-GPU cluster computer.

    http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-pa ssword-in-6-hours/


    The calculation of time needed to break our 16 character password with 36bits of entropy would be.


    Total guesses:
    2^36 = 68,719,476,736

    71,000 guesses a second:
    68,719,476,736 / 71,000 = 967,879 seconds to break password

    Convert 967,879 seconds into minutes:
    967,879 / 60 = 16,131 minutes to break password

    Convert 16,131 minutes to hours:
    16,131/60=268 hours to break password

    Convert 268 hours to days:
    268/24=11 days to break password


    Usually it only takes around half the total number of guesses before the password breaks.


    Total number of days divided by two:
    11 / 2 = 5.5 days to break a 16 character password that has a high entropy, using a home built civilian PC.


    What kind of supercomputers do you think the NSA has at their disposal? Maybe something along the lines of...

    Titan Supercomputer Specs:

    18,688 AMD Opteron 6274 16-core CPUs

    18,688 Nvidia Tesla K20X GPUs

    Total Power Draw: 8.2 Megawatts

    https://en.wikipedia.org/wiki/Titan_supercomputer


    That's a tad more powerful than a 25-GPU civilian computer. If the NSA is you adversary, I'd recommend really long passwords. Double or triple encrypting a file, with at least two or three different sets of passwords would be a wise move too.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    wolfy, Aug 28th, 2013 @ 7:10am

    I suspect the encryption has been broken, and the authorities are being coy about it, by repeatedly "asking" for the keys.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 7:13am

    Russian spies use Flickr to communicate why can't everybody else?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    JH, Aug 28th, 2013 @ 7:22am

    Re: Poitras is supposed to be pretty adroit at security

    There are a couple of comments from Greenwald today under his latest blog piece for the Guardian, discussing court filings made by the UK Government yesterday:
    Were the files David was carrying encrypted and if so it seems they were decrypted by the UK security services?
    Yes, they were encrypted. And no: they haven't been able to get access to those documents, as they acknowledged today.

    Where?!
    In their court filing. I don't know the exact numbers, but they said they were only able to access something like 75 documents of the tens of thousands they claim he was carrying - and I'd be willing to bet those 75 they claimed they access have absolutely nothing to do with NSA.

    -- so the anon @ 6:06am may indeed have been right, when he wrote that "The package in question was heading from P to G, so I expect the crypto was good. Which suggests that the crypto was not broken, and when the UK govt described to the court the GCHQ documents Miranda was allegedly carrying, they might have been lying. Presumably to FUD G&P, but judges don't usually like liars."

    On the other hand, for tinfoil hat brigade, maybe it is now that the UK Govt is dissembling, to downplay its proficiency at decryption...

    It will be interesting to see what the judges make of it.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Davey (profile), Aug 28th, 2013 @ 7:37am

    This is going to sound corny, but...

    The parallels between this saga and the movie Firefly are troubling. The Powers That Be haven't yet learned that they can't stop the signal and are still trying to keep a lid on the story. They'll lose.

    The big difference is that they're turning the entire world into Browncoats. Mal would be proud.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    allengarvin (profile), Aug 28th, 2013 @ 7:51am

    "2^16 = 65536 possible password combinations"

    Man, I knew it was a bad idea to adopt a binary alphabet.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Techdirt Lurker, Aug 28th, 2013 @ 8:22am

    Re: 95^16?

    don't bother hurting your brain thinking about cryptography when you can't even grasp fundamental concepts of how to use a calculator. hint: the 31 denotes how many times you move the decimal to the right in 4.4012667

    also, if you weren't aware, google can be used for more than finding horse porn: http://www.google.com/search?q=what+does+e%2Bnumber+mean+on+calculator

    sorry if i come off as an a-hole here, but i have no patience for people actively trying to remain ignorant when the worlds largest repository of information is literally at their fingertips.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 8:28am

    Makes you wonder if the government is selling us out for access. For instance, they approve all of these corporate mergers even when they are bad for competition. You can be certain they see some advantage in them.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Some Guy, Aug 28th, 2013 @ 8:55am

    Re: Re: 95^16?

    Did you miss the part where he entered the numbers into Google?

    And why would he search for "what does e+number mean on calculator", when he wasn't using a calculator?

    A more logical search would be simply "what does e+number mean", which, when I try it, returns a description of the European Union's system of codes for food additives.

    The guy (or girl -- apologies for assumption about sex) did try "the worlds largest repository of information" as far as he could; and when he got stuck and turned to the community for help, you were a jerk to him.

    Way to spread enlightenment, dude.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    Rabbit80 (profile), Aug 28th, 2013 @ 9:57am

    Re: Re: 95^16?

    44,012,666,865,176,569,775,543,212,890,625 to be precise! (At least according to the calculator built into Windows)

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    art guerrilla (profile), Aug 28th, 2013 @ 9:59am

    Re: The best way around both.

    disagree, the 'best' method, is simply to expose ALL OF IT, totally unredacted...

    THEN what are the spooks going to do ? ? ?

    I REFUSE to believe the bullshit that these revelations would endanger untold _____(dozens ? hundreds ? thousands ?) of spooks, spook-lites, and spook informants/etc who are doing dirty works...

    GOOD, expose them all, run the evil pukes out of town, and/or some/all get killed ? cry me a fucking river, THEY are RESPONSIBLE -directly and indirectly- for the deaths OF MILLIONS, and i'm supposed to be contrite because BAD GUYS (so what they are 'our' bad guys?) get -probably RIGHTEOUSLY- killed for doing their dirty deeds in the dark ? ? ?

    no, golden rule them: THEIR mantra is 'kill'em all, let dog sort'em out...' okay, assholes, we'll do the same to you, then, how is that shoe pinching on the other foot, evil spook slime ? ? ?

    i'm sick of the whole mess, they DESERVE whatever bad karma comes there way; it is not OUR job to protect secret spooks doing evil...

    art guerrilla
    aka ann archy
    eof

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 10:14am

    Re: The best way around both.

    Let's keep in mind that the NSA is trying to keep this information secret. Perhaps the best way to fight them is just to publish everything, unredacted.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 10:21am

    Postal service

    If you really want to be anonymous, follow the same methods de Beers uses to send diamonds, the postal service.

    A thick, stiff card with a thank you note written on it could easily contain a microSD card. Posted from a letter box and arriving at a post office for 'general delivery' or one of those mailing address companies, it would be very, very hard to find. You could even do what check scammers do and have an innocent (but naive) third-party forward the mail.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    bshock, Aug 28th, 2013 @ 10:22am

    Re: This is going to sound corny, but...

    It's a cute analogy.

    But as I recall, the "Browncoats" lost that war.

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    John Fenderson (profile), Aug 28th, 2013 @ 11:32am

    Re:

    Ignoring that you're confusing a character (byte) with a bit, I would seriously hope that the decryption key wasn't a password at all. Do people still use those for encryption? If so, they need to stop it.

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Anonymous Coward, Aug 28th, 2013 @ 12:36pm

    Re: Re: The best way around both.

    And if you get found out it is a minimum of 35 years in prison. I think it is pretty clear how it would end. If you want any kind of security you better hold something back as a bargaining chip.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Phil62, Aug 28th, 2013 @ 1:54pm

    Transfer the encrypted file via RFC 1149.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Loki, Aug 28th, 2013 @ 1:59pm

    Re: Re: The best way around both.

    Actually, rather than intimidation as many people think, I believe that THIS is exactly what they are hoping for. Look at it this way, as Tim pointed out in another piece, the current cycle works as such.


    1. Leak reveals evidence of NSA overreach or wrongdoing.

    2. NSA issues statement explaining how leak is being misinterpreted or is an aberration.

    3.NSA attends hearings and issues statements declaring it doesn't abuse its power. (Frequently qualified with "not under this program.")

    4. New leak reveals evidence of NSA overreach or wrongdoing, proving NSA's most recent statements were pretty much "incomplete lies" or "least untruthful" answers.

    5. Repeat.


    This not only gives people time to process the information, but it also helps keep the story in the news cycle.

    If you just data dump everything, the press, in an effort to one up each other will flood the media with more information than people can easily process, and try to post the most egregious violations, leaving perhaps less damning but otherwise important information overlooked.

    Our Short Attention Span Theater stricken society will be momentary outraged by revelations they don't totally comprehend (due to the massive amount of data involved), and rather than taking the time themselves to comprehend it properly (unless it is spoon fed to them) it will be quickly forgotten the minute the next "Miley Cyrus" outrage comes along.

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    Clark Cox (profile), Aug 28th, 2013 @ 2:41pm

    Re:

    Why would anyone in their right mind use a password at all? Use a blob of random data as big as the data you want to encrypt as the key, send it separately, and destroy it after that one use.

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    nasch (profile), Aug 29th, 2013 @ 7:39am

    Re: Poitras is supposed to be pretty adroit at security

    Presumably to FUD G&P, but judges don't usually like liars.

    Except the ones on the FISC.

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    nasch (profile), Aug 29th, 2013 @ 8:03am

    Re: This is going to sound corny, but...

    The parallels between this saga and the movie Firefly are troubling.

    Firefly was a TV show, the movie is Serenity.

    /nerdrage

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    DB Cooper, Aug 29th, 2013 @ 1:30pm

    While you guys debate the best password , encryptions etc you miss the real question of why this had to happen in the first place. What both Snowden and Manning did was not whistle blowing, It was espionage. These two didnt do it for the public good, they did it to get their picture in the news and it didnt matter who was hurt in the process. The intent on both cases was to harm the US to punish/get even wit it for some percieved wrong the country had done to them. No real whistle blowers will be treated as criminals.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Anonymous Coward, Aug 29th, 2013 @ 2:35pm

    Spot the Fed

    (I think I found him.)

     

    reply to this | link to this | view in thread ]

  42.  
    icon
    nasch (profile), Aug 29th, 2013 @ 3:49pm

    Re:

    What both Snowden and Manning did was not whistle blowing, It was espionage. These two didnt do it for the public good, they did it to get their picture in the news and it didnt matter who was hurt in the process. The intent on both cases was to harm the US to punish/get even wit it for some percieved wrong the country had done to them. No real whistle blowers will be treated as criminals.

    Evidence needed for every statement you just made.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This