NSA Tapping UN Isn't A Huge Surprise — But Ability To Crack Video Conferencing Encryption Raises Questions
from the yay! dept
Over the weekend, Der Spiegel broke the somewhat unsurprising news that the NSA had bugged the UN and various EU embassies in the US and had hacked into the UN’s videoconferencing software to be able to get access to such calls. On a first pass, this isn’t all that surprising. As we noted with some earlier leaks, spying on foreign diplomats is just something that countries do. Spying on foreign government officials is very different than spying on the public. Of course, since the NSA insists that it does everything to avoid intercepting communications of people inside the US, I wondered how they could make that claim while directly tapping conference calls from the UN in NY. The answer is likely to be yet another classic NSA twisting of the words to find a loophole. While the UN headquarters are in NYC, “technically” the headquarters are outside of the US and in the control of the UN itself, but with an agreement that it abides by all local laws. This is similar to embassies, which are often treated as if they are the territory of the country that uses them. I’m wondering if the NSA is using that to argue these are fair game, since they’re “outside” the US.
There’s also the issue, as noted in the article, that President Obama has insisted that the spying on people was only done to prevent terrorism — and spying on EU diplomats seems unlikely to have anything to do with terrorism prevention. But, again, spying between government officials is kind of expected, and not quite a huge deal, even if it may present a diplomatic problem for the US.
Much more interesting to me, however, is the snippet claiming that the NSA had figured out how to hack into the UN’s video conferencing software, allowing them to record internal video conferences. In fact, after this was cracked just a year ago, a document was sent around, “celebrating” this:
Furthermore, NSA technicians working for the Blarney program have managed to decrypt the UN’s internal video teleconferencing (VTC) system. The combination of this new access to the UN and the cracked encryption code have led to “a dramatic improvement in VTC data quality and (the) ability to decrypt the VTC traffic,” the NSA agents noted with great satisfaction: “This traffic is getting us internal UN VTCs (yay!).” Within just under three weeks, the number of decrypted communications increased from 12 to 458.
Yay! We can spy on more things! Yay! Either way, I’m curious if anyone knows who provides the UN’s video conferencing technology, because that’s now a much more interesting issue. The suggestion being made that the NSA “cracked” the encryption that was being used could have much wider implications if true — so it would be nice to know what kind of encryption, and what sort of system is being used. Either way, I’m guessing that many in the UN will be seeking out alternative communication methods shortly.
Filed Under: diplomacy, encryption, espionage, eu, nsa, nsa surveillance, spying, un, video conferencing
Comments on “NSA Tapping UN Isn't A Huge Surprise — But Ability To Crack Video Conferencing Encryption Raises Questions”
One other story I read said that when the US broke the encryption one of their discoveries was that the Chinese were already there. I wonder how many other countries are cracked the system but were not clumsy enough to get caught.
To me the amazing thing is that anyone is surprised that countries are trying to spy on UN communications. This is like Captain Renault being shocked to learn that there was gambling going on in the casino.
I agree that it is troubling to know that they could break the encryption. I would like to know the method they used. It could be that the encryption was based on codes burned into the hardware. In that case it is logical that the Chinese got in because the chips were manufactured in China and there are rumors that the Chinese have been getting copies of encryption keys at the time of manufacture. I suspect that the US used methods more similar to the methods used to crack the DVD encryption key.
I wonder what encryption system will fall next, or perhaps has already fallen and we don’t know about it yet. I think it is reasonable to suspect any proprietary system that relies on a single master key is already compromised. The NSA seems to have been able to put pressure on most companies to compromise their secrets and then shut them up about it with gag orders. Any system based on data burned into a chip is probably already open to the Chinese. This would include TPM chips in Windows 8 systems and Chromebooks.
I wonder if the NSA got the keys to just about every DRM system ever created and the Obama administration is worried that Snowden got that information. That would explain why the US and UK administrations are so insanely over the top on their responses to Snowden.
Outside the U.S.?
I’m pretty certain that the NSA and other government agencies treat the U.N. and embassies as “outside the U.S.”.
They may also have decided that eavesdropping on non-citizens within the U.S. is fair game!
Re: Outside the U.S.?
I wish the US would just simply FUCK OFF!
Re: Re:
“OFF!”
You misspelled “YOU!” – ftfy
DHS Essentially did the same thing
DHS has the Constitution Free Zones. So I’m sure the NSA will claim the same form of authoritative insanity.
Re: DHS Essentially did the same thing
The NSA’s constitution free zone is a 10,000 mile radius of all our borders.
They thought about having a 24,901 mile constitutional free zone (the circumference of the earth) but thought that was a bit too excess.
Obama: We need to stop that uppity Injun organisation – teh UN – from being all uppity and shit.
Likely its more certificates spoofed To create a man in the middle attack on the system, and cracking it involved getting the network running to capture that data without interference.
All is easier when you have access to certificate authorities.
My guess is that they didn’t “crack” the encryption but went around it somehow.
But who cares? Such a minor point.
The phony deal that evil people (and gullible fools) try to force on us: You can’t have the benefits of technology unless give up all privacy.
Re: All is easier when you have access to certificate authorities.
My guess is that pirates don’t “infringe” copyright but they work around it somehow.
Re: All is easier when you have access to certificate authorities.
What’s with the automatic reporting here?
C’mon, he have a good point, and not even the usual ranting and ad hominem.
Re: Re: All is easier when you have access to certificate authorities.
“and not even the usual ranting and ad hominem.”
No, it’s there, just more subtle then usual. However your point is valid. He makes a point, not a good one in my opinion, but a relevant one. However out_of_the_blue has a reputation for being an idiot. One relevant post out of hundreds will not negate that.
"Cracked"
Modern encryption, properly deployed, cannot be cracked by anyone (NSA or anyone else). However, unless you are capable of deploying your own encryption, you are at the mercy of whoever provides the service for you. I’m assuming that the UN has employed a local (US) contractor and that contractor has betrayed them.
…so it would be nice to know what kind of encryption, and what sort of system is being used.
Insectusflyusonthewallus
I think we should start calling this a voyeurism fetish.
Clinton and Bush Jr. taught me that a president can get impeached for a blowjob, but can’t get impeached for running the country into the ground and betraying the American people’s trust. So let’s start being perfectly frank about what the USA is engaging in here. Maybe phrasing it as if it’s a sex scandal will finally get all this evil in the country uprooted.
Re: I think we should start calling this a voyeurism fetish.
Dammit Mike! Where’s that sad but true button?
Re: I think we should start calling this a voyeurism fetish.
I’m not sure if you are aware that before Clinton’s push for FOIA and FMLA, you could not request court documents outside of being in court or take leave of your job without risk of losing it if a family member had a medical emergency that caused them to need assistance for the rest of their life.
Bush Jr. held his composure and finished reading to children after he was told about what happened the day 9/11 occurred. He held his composure and rallied this nation to never forget that day.
Re: Re: I think we should start calling this a voyeurism fetish.
I fail to see how the leader of a nation, upon hearing that his nation has just been attacked killing thousands, and responding by reading to children is somehow a mark of good leadership. Wouldn’t apologizing to the kids, but saying there’s an emergency he has to deal with have been the better response?
Re: Re: Re: I think we should start calling this a voyeurism fetish.
“I fail to see how the leader of a nation, upon hearing that his nation has just been attacked killing thousands, and responding by reading to children is somehow a mark of good leadership. Wouldn’t apologizing to the kids, but saying there’s an emergency he has to deal with have been the better response?”
Try telling that to the bunch of 5 year olds who were thrilled to see that a US president decided to take time from his busy schedule to spend the day reading to them. He finished the book and said goodbye and went straight into action calm and collected knowing exactly how to handle the situation and was mentally prepared to address the public.
Re: Re: Re:2 I think we should start calling this a voyeurism fetish.
Yes yes oh yes “Think of the children”.
Really, your hero-worship of Chimpy, who has EASILY been the worst president of the last half-century (eclipsing Nixon, who are was crooked evil and vicious, but at least had two functional neurons to wire together) is appalling.
Re: Re: Re:2 I think we should start calling this a voyeurism fetish.
I don’t mean to sound insulting to the 5 yr olds, but in context, they weren’t that important. At the time that Bush was being told that planes were being flown into buildings, his job demanded him to be at a secure facility, talking with his advisors and other government personnel, to try and solve the problem at hand…not reading to small kids.
Imagine if a company CEO were reading to kids, and one of his aides came in and said that company stock prices are tanking, but the CEO spent the next half hour reading, instead of acting immediately. If I’d been a shareholder, I would’ve called for his head on a platter.
Re: Re: Re:3 I think we should start calling this a voyeurism fetish.
Just to explain things a bit better, Bush continued to read to the kids for an additional seven minutes after being told by Andrew Card. In those seven minutes, there was a very real possibility of more plane attacks, that could have been prevented by orders that only the President could give. In that time-span, he basically gave this new unknown enemy free reign to do what they liked, instead of being at the helm and helping to stop any possible attacks.
Any kids who might’ve been scared…sorry guys, but you would’ve gotten over it. If I’d been one of those kids, I more than likely would have been proud that Bush had his priorities straight and knew where he was most needed.
Re: Re: Re:4 I think we should start calling this a voyeurism fetish.
watch it now !
that’s all been settled, doncha know… you’ll be fitted with a tinfoil beanie if you keep that up…
frankly, that is one of the memebombs i have wondered if a snowden/etc might keep in their back pocket as ‘ultimate life insurance’: if they had some smoking C4 revelations about nine one one, wouldn’t the administration go absolutely fucking apeshit to keep that buried ? ? ?
sniffsniff* ? ? ?
what is that, the smell of a reichstag fire ? ? ?
art guerrilla
aka ann archy
eof
Re: Re: I think we should start calling this a voyeurism fetish.
I’m afraid I can’t tell if this is sarcasm or not, so be advised that most people may not be able to either. It’s confusing because of the two presidents I mentioned, you’re calling the good one good and the bad one good as well.
Althought… didn’t Billy also repeal some sort of act that abolished journalistic integrity and allowed Fox News to poison the country?
Re: Re: I think we should start calling this a voyeurism fetish.
Bush Jr. held his composure…
When you’re an alcoholic halfwit who is largely incapable of actually understanding anything that’s said to you, that’s really not much of an achievement.
He held his composure and rallied this nation…
I remember that. I remember how he took advantage of the surge in pro-American sentiment to…oh…wait…he didn’t do that.
I remember how he made sure that those responsible were quickly brought to justice…oh…wait…he didn’t do that either.
I remember how he took on the nation which sheltered and encouraged the hijackers — Saudi Arabia…oh wait…he didn’t do that either.
I remember how he made sure we didn’t squander our treasure and our troops’ lives invading countries at random…oh wait…nope, didn’t do that either.
I remember how he refused to sacrifice the Constitution…ummm…well…not even close.
I remember how he emphasized the patriotism isn’t flags and salutes and banners and flyovers and flight suits…oh…dear me…nope, not that.
I remember how he bolstered economic growth, provided for the poor and sick and aged, protected the environment, stood for the rights of women and gays and immigrants…errrm…well not so much really.
But oh my yes, he rallied the country. Yep. I remember that clear as day.
Re: Re: Re: I think we should start calling this a voyeurism fetish.
“I remember that. I remember how he took advantage of the surge in pro-American sentiment to…oh…wait…he didn’t do that.”
You’re wearing a tinfoil hat. It’s very pro-American of a president to protect the innocence of children during a crisis.
“I remember how he took on the nation which sheltered and encouraged the hijackers — Saudi Arabia…oh wait…he didn’t do that either.”
Actually it was Osama Bin Laden. You’re reinventing history.
“I remember how he refused to sacrifice the Constitution…ummm…well…not even close.”
???
“I remember how he emphasized the patriotism isn’t flags and salutes and banners and flyovers and flight suits…oh…dear me…nope, not that.”
“Patriotism” was one of his favorite buzzwords. I’m pretty sure there is an an entire YouTube video dedicated to that.
“I remember how he bolstered economic growth, provided for the poor and sick and aged, protected the environment, stood for the rights of women and gays and immigrants…errrm…well not so much really.”
You are making a huge contradictory statement…you are saying that Bush Jr. “bolstered economic growth”….and then saying that he didn’t.
As for the other things…lets see now…Obama hasn’t lifted the ban on abortions after the first trimester has he? Bush put that ban in place. When the Defensive Marriage Act was proposed, it was written in a majority led Democrat House and Senate…Obama voted for it! Yup great comparison.
“When you’re an alcoholic halfwit who is largely incapable of actually understanding anything that’s said to you, that’s really not much of an achievement.”
He was a recovered alcoholic who did a ton better than his successor. 7 minutes to address a nation concerning 9/11 vs 9 months for even a peep about the details of Benghazi…the latter of which was only exposed BY THE PRESS!
Re: Re: Re:2 I think we should start calling this a voyeurism fetish.
“You’re wearing a tinfoil hat. It’s very pro-American of a president to protect the innocence of children during a crisis.”
He wouldn’t have need to scare the kids. Just say that something super-important came up and that he’s sorry, but he absolutely needs to be doing his job.
“Actually it was Osama Bin Laden. You’re reinventing history.”
Bin Laden ordered and planned the deed, but the quote mentioned who sheltered and encouraged the hijackers.
“You are making a huge contradictory statement…you are saying that Bush Jr. “bolstered economic growth”….and then saying that he didn’t.”
It’s called sarcasm.
Re: Re: Re:3 I think we should start calling this a voyeurism fetish.
“He wouldn’t have need to scare the kids. Just say that something super-important came up and that he’s sorry, but he absolutely needs to be doing his job.”
So lying to them during their moment with him is a good idea? Imagine being in Kintergarden and the president hasn’t finished the story and all the sudden he’s all up and “Well sorry kids I can’t finish the story, something important came up”. Imagine how they’d feel.
“Actually it was Osama Bin Laden. You’re reinventing history.”
Bin Laden ordered and planned the deed, but the quote mentioned who sheltered and encouraged the hijackers.”
They also condemned the attacks…and didn’t know the whereabouts.
Re: Re: Re:4 I think we should start calling this a voyeurism fetish.
“So lying to them during their moment with him is a good idea? Imagine being in Kintergarden and the president hasn’t finished the story and all the sudden he’s all up and “Well sorry kids I can’t finish the story, something important came up”. Imagine how they’d feel.”
Lying…? Whaa? The aide who whispered in Bush’s ear about the attacks was telling a lie? Unless I’m completely mistaken, 9/11 did happen and Bush was told about it by his Chief of Staff. So it would not have been a lie if Bush stood up and said “Sorry but something important came up”.
As for the kid’s feelings…so what? Sure, I can understand they may feel disappointed and maybe a little angry at the time, but it’s not like this is something that could scar them for life (the Prez walking out I mean, not the actual terror attacks). They’d get over it. At that moment in time, a classroom full of kids meant diddly squat compared to the threat of more and more plans being flown into buildings.
Re: Re: Re:2 I think we should start calling this a voyeurism fetish.
what a fucking crock of shit you are, walleyed one…
what a tool, what a total authoritarian propaganda victim…
with that attitude, you would have been a loyalist repatriated to england at the start of the revolution…
pussy
1. yeah, not ‘scaring’ a bunch of stupid gradeschoolers was W-a-a-a-y more important than saving the whole country…
fucking ‘tard
2. he -or one of his evil minions of doom- could have said ANYTHING and exited stage reich AT ANY TIME WITHOUT ANYONE ‘suspecting’ anything… THEY WERE FUCKING STUPID KIDS WHO EAT BOOGERS AND SHIT THEIR PANTS FOR NO REASON, they would not have known shit about shit…
you BELIEVE this tripe you spout ? ? ?
i feel sorry for your inability to either reason, or not start at the imaginary shadows of imaginary terrorists…
art guerrilla
aka ann archy
eof
Re: Re: Re:2 I think we should start calling this a voyeurism fetish.
since when was Osama Bin Laden a nation??
Re: I think we should start calling this a voyeurism fetish.
Betraying the people’s trust used to get you removed from office – cf Nixon. In fact he got impeached for bugging himself! Seems like bugging everyone else isn’t so much of a problem!
Re: Re: I think we should start calling this a voyeurism fetish.
Nixon was pardoned by Jimmy Carter. According to a recently declassified recording, Nixon was quoted saying this:
“I don’t care if they impeach me at this point, I just want to get this stuff with the Russians done so that we all have a future!”
He promised congress to retire on his own accord so that he could finish subduing the nuclear arms race and wanted good relations with the USSR.
Re: Re: Re: I think we should start calling this a voyeurism fetish.
Nixon was pardoned by Jimmy Carter.
Nixon was pardoned by Ford. Really. Go look it up.
Ah! I get it. You’re just as stupid, vacuous, ignorant and worthless as Chimpy. Shame on me for not figuring this out after your first comment. Never mind. You are far, FAR too inferior to grasp anything I’m saying. No, no, no…don’t try. Ssshhhh. You’ll hurt yourself.
Re: Re: Re: I think we should start calling this a voyeurism fetish.
Nixon was pardoned by Gerald Ford.
Re: Re: I think we should start calling this a voyeurism fetish.
Re: Re: Re: I think we should start calling this a voyeurism fetish.
Clinton served his full term. Nixon was forced to resign – and would have been impeached if he had not.
Re: Re: Re:2 I think we should start calling this a voyeurism fetish.
If I were the UN --
I would move to Geneva and threaten to remove the US from the security council.
They were just using Skype.
Re: Re:
You may be joking but that’s something that we should investigate. And again, what if they use open-sourced stuff? If the NSA can crack, the community would eventually do it too. And the open nature would make it be updated more frequently for bugs and open for scrutiny.
Perhaps it's Cisco (see below)
At http://www.cisco.com/en/US/prod/collateral/ps7060/ps8329/ps8330/ps8333/prod_qas0900aecd80717d8f.html we find the following:
Q. Who uses Cisco TelePresence today?
A. Companies and organizations from all sectors world-wide use Cisco TelePresence. Proctor & Gamble, HSBC, Accenture, AT&T, AXA, Media Saturn, GE, Philips, Kaiser, United Health Care, Enbridge, POSCO, McKesson, Danske Bank, and BBVA are among the many companies using Cisco TelePresence to cut costs, speed time to market and further green strategies. Many universities such as Duke, Purdue, Massachusetts Institute of Technology (MIT), University of California San Diego (UCSD), University of California Las Angeles (UCLA), North Carolina State University, Pennsylvania State University, and others use Cisco TelePresence for administration and teaching. Government agencies around the world and the United Nations also use Cisco TelePresence to speed decision making and avoid travel.
This raises some interesting questions: did the NSA really break the encryption, or did Cisco give them a backdoor? If the former, then can the NSA also break the encryption used by all those other Cisco TelePresence customers? If the latter, same question. If either, then can anyone else break the encryption? Do they even need to?
If you're wondering how they did it..,
Cisco and IBM used to work very closely with the NSA to create what are now modern encryption standards in the early to mid 1990’s.
As time goes on, the revelations just keep getting worse. Everything they say they aren’t doing, they are.
The NSA should about now be getting flashes of the Watergate scandal because that is what it is beginning to look like.
Re: Re:
AC, that’s generally true except for the fact that this goes WAY beyond Watergate. This is like Watergate on steroids.
Re: Re:
Nobody is going to see any action taken against them over the NSA spying, they have the courts in their pockets and use terrorism if they need to explain why they have done anything illegal. Damn even congress who is supposed to be overseeing the actions of the government is in on the crimes being committed,if they were not there would be bills right now to take these powers away from the government and secret agencies.
Sadly the only way any of this evidence of crimes by the government and their agencies affects them is when the people are sitting with no other recourse but to revolt, and that is not going to happen any time soon, especially with all the new tv programming coming out over the next 3 months.
Cisco TelePresence
Cisco TelePresence appears to be at least one vendor involved.
and this guy: http://vtctalk.com/forum/showthread.php?t=26498
I do really believe now that Snowden and the various newspapers he works with made a deal to wait with releasing new information until someone had made a statement that would really make them look incredibly much like a big lying joke. I totally agree with them though… this is the most effective way of doing it and it really works.
I don’t know if I hope there is much more to come. On one hand: things are already very very bad and I actually kind of fear to hear what more they possibly could have done.
On the other hand: If they keep revealing new stuff then change might happen sooner, which we need so incredibly much.
Breaking the encryption versus breaking the protocol
Everyone seems to be assuming that they broke the encryption.
Instead, it is possible that they broke the protocol.
Using HTTPS as an example: none of the recent SSL/TLS vulnerabilities that have been reported are breaks of the underlying encryption, which is considered sound. All of them are breaks of the protocol.
Odds are they didn't "crack" anything.
VTC is one of those technologies nobody wants to own. Its on a server so AV doesn’t want it, and IT doesn’t really give a shit about it.
I’d wager they have a bunch of VTC infrastructure that was poorly deployed and is not secured in any fashion. It would be quite simple to use their own equipment to record HD VTC sessions without anyone knowing.
This is far more likely that the “backdoor” and “cracking” scenarios thrown around.
I’m sure the Video Conferencing software is some kind of closed-source software program. MicroSpy’s Skype software springs to mind.
I also heard on the news this morning, that spying on UN diplomats is a crime under International Law.
Then again, spying on law-abiding US citizens is a crime under US Federal Law, but that’s never stopped the NSA from being a criminal organization.
Hell, the leader of the NSA, Mr. Clapper, is an alleged felonious liar!
If it's Cisco system...
It’s quite possible that it’s one of “certified secure” Cisco offerings, which are… not all that secure. Here’s some proof: http://www.youtube.com/watch?v=f3zUOZcewtA
See the uncut video, "Spies Gone Wild"
Can’t wait for the video, “Spies Gone Wild,” with NSA spies dressed in black and hi-fiving each other as they crowd around a monitor going gaga watching Lady Gaga on her bedroom laptop webcam. Or Kate Upton. Or Sarah Palin. Or… does it matter? It may even be you.
I’m sorry but The Patriot Act justification doesn’t wash anymore: “We’re hunting terrorists. We don’t need no stinking 4th Amendment.”
We’ve got take matters into our own hands to protect what little of our privacy remains. Start using TOR for browsing, Textcrypt for text messages and Cellcrypt for phone calls. Then take everything off DropBox, Instagram, iCloud, etc and stash it all in a Cloudlocker (www.cloudlocker.it) which works just the same but stays in the house where they still need a warrant to get inside.
Re: See the uncut video, "Spies Gone Wild"
can’t disagree with you in general, but i think we’ve fallen too far down the rabbit hole…
i have -for decades, since the spectre of echelon raised its ugly head- advocated that ‘everyone’ append a list of ‘trigger words’ at the end of ALL their emails, etc, such that the NSA/etc simply couldn’t vacuum up ALL the emails which were ‘suspicious’ because ‘everyone’s’ email had the ‘trigger words’, but it looks like they are vacuuming them all up anyway, trigger words or no…
i guess the joke’s on me…
how come it isn’t funny ? ? ?
but, seriously, folks, i am thinking that ANY/ALL malcontents and ne’er-do-wells who use tor, encryption, etc, will go to the top of the list of suspicious proto-terrorists who need to be surveilled extra good…
art guerrilla
aka ann archy
eof
Nice info about ccna certifications . I want to get it. can you tell me any good institute?
Cisco Certified Network Associate – Routing and Switching (CCNA) certification information. Find all information about ccna examinations and Cisco Certifications..
Marketing
CCNA Dumps ? CCNA Final Practice Exam Questions and Answers Which of the following statements are correct regarding EIGRP EIGRP uses bandwidth and delay as its composite metric by default EIGRP supports multiple upper layer protocols EIGRP is backward compatible?
I never knew that the NSA actaully recorded information at the United Nations. Thank you for sharing this because I am writing a school report on whether or not the NSA is helping our country. So far I have seen a lot of both sides of the issue. I wonder how they can look into what we are doing all of the time. It makes me want to research surveillance cameras at http://www.spiritdsp.com/products/voice-video-engine/ to see if it’s possible to find any of the equipment they use. I doubt it, but it’s worth a shot because I’m curious.