FLYING PIG: The NSA Is Running Man In The Middle Attacks Imitating Google's Servers
from the doubtful-that-google-is-happy-about-that dept
Glyn mentioned this in his post yesterday about the NSA leaks showing direct economic espionage, but with so many other important points in that story, it got a little buried. One of the key revelations was about a GCHQ program called “FLYING PIG” which is the first time I can recall it being clearly stated that the NSA or GCHQ has been running man-in-the-middle attacks on internet services like Google. This slide makes it quite clear that GCHQ or NSA impersonates Google servers:
in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route—on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates. One document published by Fantastico, apparently taken from an NSA presentation that also contains some GCHQ slides, describes “how the attack was done” to apparently snoop on SSL traffic. The document illustrates with a diagram how one of the agencies appears to have hacked into a target’s Internet router and covertly redirected targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format.
Documents from GCHQ’s “network exploitation” unit show that it operates a program called “FLYING PIG” that was started up in response to an increasing use of SSL encryption by email providers like Yahoo, Google, and Hotmail. The FLYING PIG system appears to allow it to identify information related to use of the anonymity browser Tor (it has the option to query “Tor events”) and also allows spies to collect information about specific SSL encryption certificates.
While some may not be surprised by this, it’s yet more confirmation as to how far the NSA is going and how the tech companies aren’t always “willing participants” in the NSA’s efforts here. Of course, the real question now is how the NSA is impersonating the security certificates to make these attacks work.
Filed Under: flying pig, impersonation, man in the middle, nsa, nsa surveillance, security certificates
Companies: google, microsoft, yahoo
Comments on “FLYING PIG: The NSA Is Running Man In The Middle Attacks Imitating Google's Servers”
This is supporting evidence that root CA is pwned
It’s not proof. But there have long been indications that the entire CA hierarchy is subject to external manipulation, and this tends to support that.
Re: This is supporting evidence that root CA is pwned
More likely, the NSA has the ability to compel American CAs to generate phony certificates, with of course a requisite gag order
Re: This is supporting evidence that root CA is pwned
The whole trust model of SSL is foobared, to put it politely.
Re: Re: This is supporting evidence that root CA is pwned
FUBAR’ed perhaps?
Re: This is supporting evidence that root CA is pwned
I have been making this point for 2 months now. If they can demand user info and content from Google, they can just as easily do that from Verisign and Godaddy etc. Only their customers are Google and Microsoft and their user info is a private key….
Re: Re: This is supporting evidence that root CA is pwned
Stop with this nonsense, please.
The certificate authorities (Verisign, Godaddy, etc) do not have the customer’s private key. The customer sends them their PUBLIC key only (wrapped in a CSR file), and gets back the signed certificate.
In no moment does the PRIVATE key have to ever leave the customer’s premises (and, with some architectures involving HSMs, it can’t, since the key lives within a dedicated tamper-resistant crypto processor).
The NSA can demand the customer private key all they want from the certificate authorities; the CAs cannot give the NSA something they do not have.
What they COULD demand from Verisign, Goddady, and so on, would be to sign a fake certificate, which says “this public key is for http://www.google.com” but with a different public key, one the NSA has the private key for. These are so-called “MITM certificates”, and highly frowned upon.
Doing that (creating a MITM certificate) puts an enormous reputation risk on the certificate authority. If word ever gets out that a certificate authority issued a fake certificate for Google, that CA would risk getting dropped from all major browser makers, and losing all their business. This kind of thing has already happened (see for instance Diginotar).
Pigs would have to fly before any of the major certificate authorities ever agreed to issue a MITM certificate for the NSA.
Re: Re: Re: This is supporting evidence that root CA is pwned
The NSA has obtained private keys from website operators in the past, so while the CA is not the weak link in those cases it has nevertheless been done. The tactic disclosed here involves fake certificates, where the NSA gets its own private/public key pair from a CA for man in the middle attacks.
LOL. Yeah right! Just like pigs would fly before telephone companies agreed to provide the NSA with bulk customer metadata.
Re: Re: Re: This is supporting evidence that root CA is pwned
Sorry, AC, this is not nonsense. MITM certificates is exactly what we’re talking about here, and it is the mostly likely method used to achieve this “FLYING PIG” operation. I myself can think of 3 ways that the NSA could acquire MITM certificates, and there are probably more:
1) Issue an NSL (or equivalent) to a medium-sized CA demanding an MITM cert. Even a large CA would be reluctant to challenge such a thing, and a medium-sized CA wouldn’t have the corporate courage nor the resources to do so. They’d roll over quickly.
2) Get a mole into any given CA and have them supply an MITM cert at need. We have already seen that the NSA does, indeed, seek to plant moles in various companies. CAs would be a prime target.
3) Steal a CA’s private authentication key so that the NSA could sign their own MITM keys at need. Pre-Snowden, this would be laughed off. Now, it looks quite likely. Again, this would be a prime target for the NSA to acquire if it could, and it has billions to spend to achieve that.
Re: Re: Re: This is supporting evidence that root CA is pwned
I think you’re correct that the CAs would not hand out fake certs to the NSA willingly. Unless they had plausible deniability. So, the NSA is probably A) bringing their brute force computing power to bear on the CA’s public key and reverse engineering their private key, which they then use to sign whatever certificates they like. Or B) simply stealing it from the CA. I have no idea how long it might take to brute force a CA key, though. I wouldn’t put it past the NSA, however.
Re: Re: Re: This is supporting evidence that root CA is pwned
What seemed far-fetched about a month ago seems fairly realistic now. For example:
Someone — more likely, multiple someones — at Google have access to Google’s private key. We already know that NSA has been recruiting assistants from inside telcos: why not recruit one inside Google? Give them a security clearance, swear them to secrecy, and have them hand over the private key.
How would other people at Google know? How would the CA know? How would we know? The NSA isn’t going to tell anyone, and the person on the inside isn’t either. Google’s execs will deny this, and from their point of view, they’re telling the truth.
Yes, yes, I know: this might also require the collusion of someone at the CA. That’s just as easily accomplished, and — were I to put on my evil subversive hat — that’s one of the first things I’d do: I’d make sure that people loyal to me were in place at all the major ones. Even if it took 5 or 10 years to do it: I have time, money, and patience.
The entire certificate process is rickety, with far too much reliance on opaque processes and unaccountable people: it’s absolutely ripe for this kind of exploitation. Doubly so because (unfortunately) we can’t just rip it out and replace it tomorrow.
And while a couple of months ago I would have agree with the assertion that no CA will issue a MITM certificate: that was then. This is now. Different ballgame with different rules. I now only think it’s possible, I think it’s plausible.
Re: Re: Re: This is supporting evidence that root CA is pwned
And the NSA would care about that why?
If I understand you correctly, you still seem to believe there’s a line that the corporate/government intelligent regime will not cross. I don’t think there is any evidence of such a limitation.
Every new revelation shows that the NSA sees absolutely no limits on what it can and will do.
Re: Re: Re: This is supporting evidence that root CA is pwned
The point is that a US-based CA can be compelled to issue a fake certificate, and can also be gagged from revealing that they have done so. The CA would know quite well that issuing such a certificate is not in their interest, but the choice would be:
a) issue the certificate and hope no one finds out.
b) go to jail.
It’s not about “agreeing” to do it.
Re: Re: Re: This is supporting evidence that root CA is pwned
Pigs would have to fly before any of the major certificate authorities ever agreed to issue a MITM certificate for the NSA.
Well – since thje program is called flying pig…
Re: Re: Re: This is supporting evidence that root CA is pwned
“If word ever gets out” – you might have noticed – it just did. Maybe it is a rumour yet, but it will confirmed eventually.
If the math is working then there are only 4 ways of faking one’s identity – either the private key used to sign certificates is no longer private (stolen or revealed), or the CA created a fake cert (in)voluntarily. So – either CAs security is C.R.A.P., or they are just happy/left_with_no_choice to sell their clients. Either way – the whole idea of “trusted third party” is falling apart before our eyes.
Re: Re: Re: This is supporting evidence that root CA is pwned
While your facts are good, I disagree with your assessment of the outcome, because if anything is to be learned from these recent disclosures it’s that the most controversial occurrences have consisted of the NSA straight up approaching these companies saying “yeah, we’re going to need you to do this for us.” However the fact that they felt the need to perform an attack may be evidence that they don’t have the clout to get tech companies to bend to their whim with respect to certificates, I will grant you that.
Re: Re: Re: This is supporting evidence that root CA is pwned
If you don’t believe SSL and other forms of security are being forced open by the government, why are so many of the encrypted email services shutting down rather than give in to the demands of the government?
How many backdoors have been found over the years on encryption programs that have been called unbreakable?
and it is all done to protect us from the terrorists (or commies if you are old enough to know past history of our government)…
Re: Re: Re:2 This is supporting evidence that root CA is pwned
Skype… ’nuff said.
Re: Re: Re: Bullshit!
They cracked Google’s certificate crypto. ?Here’s how.
A Titan graphics card can do 3 trillion FIPS. You can buy rack-mount frames for a couple of grand from Amazon, complete with one Titan card and slots for three more. Every frame also has a CPU to interface between the four cards and the central system controller via high-level commands.
The system was designed by Nvidia to be infinitely scalable, and the fastest supercomputer in the world is now an array of Titan GPUs (at Oak Ridge).
60 standard IT-department computer racks will execute as many GPU instructions as there are millimeters to the nearest star.
EVERY SECOND.
To crack Google’s certificate.
THAT’S how they forged Google’s credentials and did their man-in-the-middle horror.
?Faye Kane ♀ girl brain
Sexiest astrophysicist you’ll ever see naked
Re: Re: Re: This is supporting evidence that root CA is pwned
There has been repeated instances where certificate authorities have issued MITM certificates. News coverage of these events just disappears.
Also, there is NO PROOF that the product of large prime numbers is all that difficult to factor. Breaking the public keys of large organizations that keep the same keys for a long time (years) is well within the capabilities of even larger corporations, let alone the NSA.
Re: Re: Re: This is supporting evidence that root CA is pwned
“Pigs would have to fly before any of the major certificate authorities ever agreed to issue a MITM certificate for the NSA.”
Swine Flu right after Barrack was elected.
“Barracks were originally a temporary shelter or hut[1] but are now better known as specialized buildings for permanent military accommodation“
https://en.wikipedia.org/wiki/Barracks
Re: Re: Re: This is supporting evidence that root CA is pwned
You are right, but think about that: what if nsa owns a valid ca company? Browsers comes with dozens of “trusted” certificates authorities and nsa only need a pair of keys of any of them. If nsa runs just one valid ca as part of a covert operations, nobody will know. It can be made to look like a real company, with paying custumers, office, call center and all that other business stuff.
Re: Re: Re: This is supporting evidence that root CA is pwned
If only this was true. You don’t know enough about SSL to be commenting. Yes, they do not store the private keys in their databases, what they do is sign Google’s CA with theirs, and make the Google Internet Authority (Google’s CA) an issuing server in their certification path. So all they have to do is sign the NSA’s Google Internet Authority issuing server and voila! MITM attacks…
Re: Re: This is supporting evidence that root CA is pwned
Why would Verisign/Godaddy have Google/Microsoft’s private keys? However, CDNs (e.g. Akamai), cloud computing providers, etc. often do have valid certificates and private keys for their customers’ domains.
Re: This is supporting evidence that root CA is pwned
Yup. Considering the NSA has colluded with various companies to obtain all kinds of [meta]data on their customers, colluding with CA’s to generate fake certificates is not at all a stretch of the imagination.
I think we all know how they do their man in the middle attacks… They have broken much of the internet’s encryption.
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
Re: Re:
No need to break the encryption if they control the root CA or (as comment #2 wisely suggests) they have the ability to compel the silent generation of phony certificates.
Re: Re: Re:
Also no need to break the encryption if they’ve built in backdoors.
Re: Re:
I think we all know how they do their man in the middle attacks… They have broken much of the internet’s encryption.
I think you’re misreading that… By “breaking” the crypto, they’re often talking about ways to get around it, not to actually break it. In some cases, that might include what’s discussed here. So I think the MITM attack is part of “breaking” the crypto — not the other way around.
When pigs fly?
Pre-Snowden, if you told people the NSA is doing man in the middle attacks on services everyone in the country uses, most would probably say “yeah right, when pigs fly!”
Well you better duck to avoid all the low-flying pigs now!
Re: When pigs fly? Pre 911
No… they would call you a tin foil hat wearing conspiracy theorist. Just wait until all this is tied to the surveillance cameras being set up all over the country and facial recognition tracks you everywhere. Remember PPL… shiny side up.
Re: Re: When pigs fly? Pre 911
they’re still calling me those things and they don’t even understand
that the encryption being broken is not the “evil” encryption I use and encourage them to use but the encryption THEY use everyday and don’t even realize it. You authors do know that when you talk about SSL and broken encryption the dumb masses son’t know it is the encryption that they use to do banking etc. Can’t say I feel for them as they, just like joe six pack still won’t do anything. How did Tom B.’s “Greatest Generation” ever raise the world worst, most spoiled, entitled, blind sheep… the baby boomers! who have destroyed this world while sitting back with the tv ignoring the world burning around them.
Re: When pigs fly?
This is like playing Ghosts n’ Goblins.
Re: Re: When pigs fly?
I’m going to need a better blacksmith then.
Re: When pigs fly?
With sufficient thrust, pigs fly just fine.
Re: Re: When pigs fly?
Did you mean…
With sufficient thrust, pigs fly just fine.?
Likely NSA controls not only certificates, but the root servers.
“Imitating Google’s Servers”!!! Good one, Mike. — Why would that be necessary when Snowden says NSA has “direct” access?
Anyhoo, seems as though some just don’t understand that the internet relies entirely on a very few critical points — meaning a few hundred people in the world, tops, to be put on payroll, bribed, threatened, whatever is necessary.
Oh, and of course Mike is as always merely assuming that those corporations aren’t tacitly cooperating.
Re: Feeding the troll...
This actually lend credence to Google’s statement about that supposed “direct access” being a dropbox for requested information. Such a system would take time to request the information and it might not be the kind of hoovering of material the NSA would like.
A MitM attack like this would hoover up EVERYTHING on a target immediately… and Google would have no clue.
That would also make Google releasing information about NSL’s and other requests pointless, they’re intercepting before anything hits Google’s servers and thus wouldn’t need to request anything from them.
Re: Re: Feeding the troll...
Even more devious, they launder the information so that Google believes it’s complying with the law.
I may abhor some of their business practices, but at least they are trying to be honest about this.
Re: Likely NSA controls not only certificates, but the root servers.
Dear ootb we all know you are not the brightest bulb in, but try to keep up, universal access doesn’t mean anonymous access, there are still non-trusty third parties that they have to go to in order to get that information, the MIM make it completely stealthy, nobody can report what is going on thus allowing it to do even more that what it says it does to others.
Now here is a talking point for ya, this could be used by some to argue that Google and other tech companies are not complying fully with the government or they throw roadblocks and the NSA wanted to bypass that, making all tech companies including Google the good guys, would that make you uncomfortable? Of course it could be simpler than that, it could just mean the NSA wanted to collect data that it didn’t want any records of it anywhere, but that is not how it looks to others, specially if you see what they are doing now, suing the government to at the very least show some information to the public, it makes them look good even your nemesis Google.
And speaking of pigs...
Look at the text tab of the document and it looks like pigs talking:
“nun ruu.n-irurn-I-u-Hr-ufln”
HAHAHAHA
For “Joe 6 Pack” the revelations may be of some slight importance but nothing to loose sleep over as nothing earthshaking will happen is there secrets are disclosed at this level.
For those who require secure non corrupt communication, like banks, the revelations are earth shaking in that nothing sent over the internet or by telephone is secure from interception. Without secure communication, especially for financial issue, modern society itself is not possible except in a totalitarian form.
Re: Re:
Well of course the NSA wants a totalitarian state rather than the rumor of one. Once they can actually BE Big Brother instead of acting like his younger, stupider half-sibling, they can continue on in their quest to rule the Earth.
can you imagine what would be said if ‘an outsider’ did something like this? it’s bad enough when so-called anonymous members are supposed to use Ddos attacks on a website or sites. the security agencies and governments go ballistic! half the time, i am convinced that it’s these security agencies doing the attacks on web sites on behalf of Hollywood and the entertainment industries. even if it isn’t, there is never any mention of the culprits being found, being tried and being convicted. usually, the reason being that when it’s against a site that isn’t liked, no one official gives a flying fuck (pig). when it’s the other way round, or even just an accusation of the other way round, a real big deal is made of it, with masses of media coverage. funny how it works, eh??
Re: on behalf of Hollywood
Re: Re:
If “an outsider” did something like this, I would expect the NSA to create talking points about terrorists hacking us, and using it as an excuse to demand more power and funding, than it already has right now.
We need more ways to verify authenticity of certificates
When you click on that trusty little happy padlock in your browser’s address bar, it needs to give you a thumbprint of the certificate.
Maybe we need a number of registries of the thumbprints of valid certificates for large websites. In fact, the largest sites (Google, Yahoo, Facebook, Microsoft, Apple, etc etc) could carry such registries.
Maybe there could be a standard path to this file of valid thumbprints, similar to the standard location of robots.txt.
For someone who wants to be really sure they are talking to Amazon.com, or to Google.com, they could check the thumbprint manually.
To somewhat automate the process, numerous free utilities and browser extensions would no doubt appear to double check the certificate thumbprints for you.
As long as the utilities and the thumbprint files are available from many sources, it becomes less and less likely that they could all be compromised. A partial compromise of some sources would be quickly revealed in that client software would notice the discrepancy of different supposed thumbprints for Google’s certificate from different sources of the thumbprint registries.
There are various problems with this idea, including…
Each registry of thumbprints could become very large. There needs to be a way to segment them.
The registry of thumbprints needs to be massively distributed so it is effectively impossible to compromise them all.
How are updates distributed? When Google needs to use a new SSL certificate, how do they update all registries with the thumbprint of their new certificate?
The most obvious problems boil down to: how do you make this idea scale? How do you trust sources of updates?
Re: We need more ways to verify authenticity of certificates
People are already working on it: Certificate Transparency.
Re: We need more ways to verify authenticity of certificates
I’m inclined to think bittorrent has the answer to scalability. Just a hunch though.
I was thinking about how to pass text in front of everyone without having anybody know exactly what is in it, the idea was to generate several thousand tables with all the alphabet letters and divide the text into sectors like in a grid, put every each other column and line and apply a different alphabet table to it, the index to translate it would be only local or generated from a calculation based on a key that its generated by time or GPS or both.
The final text would be a jumb of icons, b ut if you use a camera to read it, the computer can translate the text, I was thinking Google Glass here.
I thought of that after reading about the Voynich manuscirpt, maybe I should find a new hobby LoL
Vote, protest peacefully, sign petitions
Fixes everything.
Re: Vote, protest peacefully, sign petitions
“fixes everything” ??? WOW You win Darwin award today! The NSA must love you!
It really is amazing what a huge change we brought on when the young and liberal voted Obama into office! Almost like a different country, huh?
Voting, paying taxes, petitions, calling elected officials, lol… protesting peacefully??? You are delusional. That is exactly how the tyrants in govt want you to act. makes you feel better but does NOTHING!!! Buy yourself a rifle, learn how to use it, stop paying taxes, and stop supporting your own oppression. Man you are a sad one.
Hmmm. I wonder, once you start an authenticated session could such attack be used to clone your session and access the contents of your mailbox? I’m somewhat paranoid with the accounts I use for out of the ordinary stuff (such as activism) and I haven’t noticed it on those accounts but on my everyday gmail account I’ve seen weird IPs in the access history (link at the bottom of the page). I always change my password and disconnect all open sessions when I see that because the IPs are clearly not mine or from any anonymity service I use. And I am using 2-step verification tools and some other steps to login which only leaves session cloning as a probable explanation for some foreign IP on my history. There’s nothing in the mailbox that showed such behavior that I can’t afford to lose or that I care if someone is snooping on me but it’s at least.. interesting.
Re: Re:
Sure, just clone the session cookie (this is known as the “Firesheep” attack).
As more unfolds of just what the NSA has been up to, the citizens of this country are becoming more and more distrustful and doubtful not only of this branch of government but of government as a whole. You can almost see it disintegrating before your eyes.
Sooner or later the government branches will have to address it as it isn’t going to go away and it isn’t going to be forgotten. Approval rates are already at floor level for congress, Obama’s approval rating is falling the same way in recent weeks, and you are rapidly reaching the point that if something is not done, people are going to respond to all this.
How they will respond is what worries me.
Re: Re:
they will not respond. They will keep paying taxes(the single most unameriKan thing you can do), watching dancing with who the fuck cares, and counting their retirement accounts waiting to die like good little baby boomers always have. The only thing that spurs them to action is when the precious unions that give them the crazy entitlements get attacked in one way or another. They will stand w/their pro-first amendment signs like the sheep at OWS all the while being pro-gun control/anti-2nd ??? Don’t know how that works?
NOT A SINGLE THING WILL CHANGE in any big way till the last “boomer’ is dead and it will be too late by then. When will the time come that we pick up our rifles and vote from the rooftops. Are not all Federal agents now Domestic enemies??? Sure seem to fit that description. Just like a Death camp guard following orders… 🙁
Re: Re:
Sure, they’ll label like anarchists & teach kids to snoop.
Combining fake certs with an older revelation
I recall one of the things we learned was that the NSA more or less had spies in various tech companies and the like. Such individuals could do more than supply information the NSA wants; an agent at a CA might very well be able to make the fake cert for the NSA’s MitM attacks.
It looks like this particular program probably started 2 years ago with Verizon, AT&T and Centurylink. That image certainly looks like it’s from the Verizon Business (aka UUNet/Worldcom) network to me.
Sprint and Level3 may or may not have been included at that point. I suspect they probably were but without the public announcement. They might not have had the requisite government contracts for plausible deniability.
Shortly after these NSA revelations I began to assess possible security weakpoints in my network. I am by no means a security professional but it was obvious that my ISP provided router was a weak link. I replaced it with one running the open source DD-WRT firmware. Nothing is NSA-proof but it should help. Many ISPs never even update their hardware. I also discovered that my ISP (Verizon FiOS) uploads the local wifi password and SSID to their servers and prominently displays them when logging into a verizon.net account. There is no way to disable this.
Hopefully more and more people will take internet security more seriously and take steps to improve it for themselves and their loved ones.
Re: Re:
Cox install all the routers with NO passwords to get into a router’s web interface. And they charge over a 100 quid to do this. When I called after finding router after router in my area set up like this and they informed me that was the policy. :-O OK??? Thats COX people so check your router if you paid those idiots to set up your home network. geek squad at least used the defaults that are listed in 100’s of places just a non-google search away!
“Of course, the real question now is how the NSA is impersonating the security certificates to make these attacks work.”
That is the most worrying thing about this.
Re: Re:
My educated guess would be that Symantec was involved. They were one of CISPA’s biggest cheerleaders and if I’m not mistaken they’re also the biggest CA.
Re: Re: Re:
Does anyone remember when Norton made the mistake of publicly stating he was more than willing to white-list Carnivore? Haven’t used a Norton product since.
Already been done
Check out https://www.grc.com/fingerprints.htm
He discusses this and gives you a method to determine if your connections are being intercepted.
Also, does anyone remember the Trustwave certificate?
http://www.theregister.co.uk/2012/02/09/tustwave_disavows_mitm_digital_cert/
and
http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html
I don’t even know if I can trust Chrome, that I downloaded from what I thought was a Google.com server, even though it has a built-in list of CA certificates that it validates against….
Re: Already been done
Chrome is closed-source so you shouldn’t trust it in the first place.
Are we gonna see??
Two of the uglier heads of our corrupt government get in a serious battle over this?? Capital Cronyism vs. The Military Industrial Complex.
Watch this people, because when they’re done we’re going to need to do some real political reform in this country and clean that mess up.
Re: Are we gonna see??
Nope…
After the Feds looked away while the banksters’ carried on with their shenangans, and then bailed them out after their gambling debt came due, you think the banksters will make a fuss over this? I highly doubt it. They’re all in bed together; that and for safe measure there are probably well positioned moles within the banking industry. Thus nothing will come of this from them but maybe some hollow words of complaint and fake posturing.
WTF. I make a sarcastic joke about holding out for the ultra secure flying pig based com systems- and the next day, this! maybe I’m the one being MITM’d’… I laughed so hard- my paranoia gauge is officially borked.
Man in the Middle
Einstein implemented MIM into DNS
“log into router and add static route for target traffic”
https://www.documentcloud.org/documents/785152-166819124-mitm-google.html
This is how the NSA is man-in-the-middling selected ‘targets’. It’s simple, just add new static routes which redirect all the target’s traffic away from a real Certificate Authorities’ IP addresses, to an NSA run Certificate Authority Server’s IP address.
In other words. When the ‘target’ attempts to connect to Verisign.com, he/she will be redirected to nsa.com, which is running a fake Certificate Authority server setup by the NSA. Although these would be IP addresses, not Domain Names. Static routes work using IP addresses.
This is accomplished through changing ‘static routes’, inside an ISP’s network. Specifically, by editing static routes inside ISP corporate routers.
So the ‘router’ you see in picture of the classified slide, isn’t a residential home router. It’s most likely an ISP’s corporate router.
Which is why you see multiple inbound ‘Google Requests’ coming into the router, and multiple ‘Targeted / Non-Targeted’ requests coming out of the router.
The ‘Non-Targeted’ requests are from ISP subscribers the NSA doesn’t care about. The ‘Targeted’ requests is the actual subscriber the NSA cares about intercepting.
As for Google’s SSL/TLS private session key stored on Google’s own servers. The NSA doesn’t need to have this key in their possession.
The NSA runs their own Certificate Authority Server, which stores a public key for the spoofed Google Server. Which the NSA is also running. So the ‘target’ encrypts against the NSA’s spoofed public key. Establishing an encrypted session to the spoofed NSA Google Server.
The spoofed NSA Google Server then establishes a second encrypted session to the real Google servers, using Google’s real public key, obtained from a real Certificate Authority.
Then the NSA just sits there in the middle and reads everything unencrypted. Because the NSA server is in control of both session keys. The spoofed Google key, and the real Google key.
Here’s a visualization to help explain how this works:
1. Spoof a Certificate Authority thru static reroutes.
Target >——> NSA Certificate Authority
_________^Spoofed Google Public key
2. Establish encrypted session with spoofed NSA Google Server.
Target >—> spoofed Google Server(MITM)
_______^Spoofed Google Private key
3. Establish encrypted session from spoofed server to the real Google Server.
spoofed NSA Google Server (MITM) >—> real Google Server
________________________________^Real Google private key
4. The end result looks like this:
Target >—> NSA Spoofed Google Server(MITM) >—> Real Google Server
_______^NSA Spoofed Google private key_______^Real Google private key
I hope I did a good job explaining this. It’s hard to do without picture to aid the explanation.
In summery, the REAL Certificate Authorities themselves are probably not compromised. The NSA is using static routes to re-direct a specific ‘targets’ traffic to the NSA’s FAKE certificate authorities, they are running themselves.
The NSA Certificate Authority then has the target encrypt against it’s fake public key, and redirects it (thru static routes) to the NSA’s fake Google server. A session connection is established using the NSA’s fake private key.
Then the spoofed NSA Google server sets up another encrypted connection with the REAL Google server, and simple relays information back and forth between the target and real Google server. The NSA is now able to sit in the middle, reading and decrypting everything.
This leaves one question. How did the NSA come into possession of a Certificate Authorities root certificate? Without a root certificate, web browsers will refuse to connect to the NSA’s fake Certificate Authority Server.
The answer is simple. The NSA either hacked into a Certificate Authority and stole the root certificate. Or the NSA used one of their super computers to brute force the root certificate’s private key, by analyzing their public key.
I suppose they could also force an American CA to make give them a copy of their private key. I’m going to go with the hacking into a CA and stealing the key, as my pick of exploitation.
Re: Google... really?
People still use Google products? Honestly, we’ve known they’ve been sping ad-mongering monster for years who could not be trusted. I don’t see any reason to use Google products at all. Not a one. What is the attraction and what am I missing? and why is this stupid window blocking the right-most 10% of this comment window!!
The NSA has screwed with the wrong people. I was predicting this.
Citations?
Lots of links in the above story, but I couldn’t find any to an authoritive source. The story makes perfect sense, given all we’ve heard so far, but I’d really like some corroboration.
Did I miss the appropriate links here?
Re: Citations?
Slate and the slides themselves maybe?
opportunity
i see billions in business opportunities for companies that can provide the hardware and software to avoid NSA intrusion.
I'm inclined to think bittorrent has the answer to scalability.
It’s TOR that they are after here. All the bad guys use TOR (including bittorrent). What you are seeing is the entry router being compromised. They’ve probably gotten into all the TOR routers and are able to trace along the entire path.
open wide!
even Tor visiting SSL sites are not safe.
with or without using Tor, please install and use the HTTPS Everywhere Add-on for Firefox. Configure it to use the Observatory option(s) which will help us all.
fly little piggies. fly... be free!
When pigs fly? Hey, the swine flew! EMF means broadcast, and that means “out to the public”. Duh, EMF and private are conflicting terms. Still, Pigs In The Sky is “pi-in-the-sky” encoding. Yeah,the value of pi would seem consistently random while the sky is indeed the limit — cool encoding, huh?
Nobody’s safe on the internet