This 29 August 2006 post from the internal NSA newsletter SIDToday explains how the Human Language Technology analysts working on speech-to-text technology within the agency understand their role in dealing with large amounts of intercepted data: see the Intercept article The Computers are Listening: How the NSA Converts Spoken Words Into Searchable Text, 5 May 2015.
Edward Snowden’s coversation with Bruce Schneier formed the first session in Harvard’s annual Data Privacy Symposium. Bruce Schneier has written widely on the subject of encryption and has had access to the NSA and GCHQ documents held by the Guardian.
A recap of the main themes of the discussion follows after the video.
Bruce Schneier begins the discussion by remarking that “for me the biggest surprise in the NSA documents is the lack of big surprises.” Edward Snowden responds that, as he said said before “encryption really is one of the main things, when the mathematics are properly implemented, that we can rely on”, but that still leaves the NSA and other agencies opportunities to subvert communications: “typically the software is not reliable but… the math is sound.”
The conversation then moves on to James Clapper’s remarks in his introduction to the 2013 Congressional Budget Justification for the US intelligence community (the “Black Budget”). Is the talk of “investing in groundbreaking cryptoanalytic capabilities to defeat adversarial cryptography and defeat internet traffic” just for PR purposes, or does the NSA have impressive cryptanalytic capabilities to deploy?
Edward Snowden cautions, “Black budget documents are typically the results of budget justification…”, but the agency does have “a lot of successes against homebrewed crypto, boutique crypto, commercial closed-source crypto and, critically, hardware implementations of crypto. But when we talk about the real academic open-source peer-reviewed standards – things like AES, Blowfish, Twofish – those are typically pretty robust and pretty reliable.”
As Bruce Schneier points out, documents recently published by Der Spiegel appear to indicate that certain cryptographic protocols are still, indeed, problematic for the NSA. He remarks that despite the estimated 440 million US dollars the Black Budget provides for mathematical research, the gap between the NSA’s knowledge and that of the academic and open source community seems to be much narrower than had been assumed:
Twenty years ago we in the academic world assumed we were a decade behind the NSA and other countries and it seems that that might not be true, that there’s more parity than we thought.
Edward Snowden starts by agreeing with Schneier but states that the NSA’s mathematical research “does have a pay-off in certain respects. Sometimes governments use their own algorithms. For instance the Russian government has their own encryption algorithm for protecting their own classified data.” Of course, capabilities against the main publicly used algorithms are “really dangerous… if NSA has such capabilities it should not be using them, it should be reporting them and closing them.” This caution need not necessarily apply against ’boutique cryptography’ used only, or primarily, by actual adversaries.
Schneier moves on by stating that there’s a real problem of insecure cryptography still being used commercially. Several documents recently released by Der Spiegel describe exploiting VPNs that rely on PPTP – a weakness that Schneier himself wrote about as long ago as 1998.
Snowden agrees that such publicly known weaknesses are exploited by the NSA at scale – and that the detection, exploitation, and storage of such information is increasingly automated. He wonders if there is a particular issue with the adoption of new cryptographic algorithms:
When we get new crypto tools, it normally takes a number of years before we know they’re robust. They have to be reviewed by a number of people, they have to be broken a number of times and they have to be fixed. Eventually they reach a level where think they’re defensible.
For algorithms, we don’t have that standard typically because there’s not that many people who can attack them in a credible way outside of the academic community, which is quite small – which is why, when we get new crypto, we don’t see it adopted for ten years. What I wonder is if there’s any way we can pull that curve forward by doing research into cascading cryptographic algorithms, where we don’t rely on a single implementation of a single algorithm at a single bitlength but actually rely on an arbitrary number of cryptographic algorithms.
Schneier responds saying that, ultimately, implementation is the bigger issue and, introducing the second main theme of the conversation, says that what the NSA is doing is now accessible to any number of actors. What differentiates the NSA “the major countries… is the budget to do parallelisation – doing it automatically, 24 by 7 and based on privileges on the internet.”
Everyone can do it
Both Schneier and Snowden note that the kinds of capabilities exposed in the revelations are accessible to a much wider group of actors than before. Passive surveillance on a mass scale is relatively inexpensive and, as encryption becomes more ubiquitous, so will the efforts by state-level actors to acquire encryption keys.
Schneier notes that there’s not much in the revelations in terms of techniques that wasn’t already known widely, explaining:
When I was working with the Guardian in October  and released the story about Tor, the big thing the Guardian and the NSA were negotiating, and they didn’t want released, was the Quantum programme, which is basically packet injection. What surprised me is how that’s not a big secret…
You see it everywhere, there are hacker tools that do packet injection, the Great Firewall of China works on packet injection, FinFisher and Hacking Team sell packet injection to pretty much any third world country that wants it. A lot of the techniques are very democratic. FoxAcid, the big NSA system that does exploiting individual computers, looks like Metasploit, it’s another hacking tool. Yes, it has a bigger budget, a better user interface, certainly better tech support, but these aren’t major differences.
I think we have to start looking at a world in which these capabilities are everywhere, it’s attack versus defence, but these defences affect everybody because these attack tools are very very common.
Snowden concurs, noting that popular conception of the technical prowess of many state-level actors is inaccurate and that, while the NSA will sometimes try to make itself look less capable when performing offensive operations in order to disguise their authorship, the people who staff Tailored Access Operations’ (TAO) Remote Operations Centers (ROCs) are not “these mystical hackers on steroids guys … a great proportion of them are junior enlisted military guys, they’ve gone through a couple of weeks of training.”
This explains why the NSA’s (still-unpublished) FoxAcid manual includes so many stop conditions, says Snowden, “really it’s a paint-by-numbers operation.” In these circumstances, where operatives could rapidly find themselves outside their comfort zone, bureacratising the decision-making process to minimise the political risk of detectability is “sensible in a lot of ways.”
Nevertheless, the agency’s caution should be understood in terms of attribution, not in terms of the targets that have been chosen. Indeed, since the beginning of the war on terror, Snowden says “they’ve been hacking everybody”, with the scope of targeting probably only slowing down after his revelations. In this sense, says Snowden, “I think it’s wrong to say they’re risk adverse… a lot of the targets they’re picking are insane.” In particular, Snowden cites the recent revelation about GCHQ retaining journalists’ emails as an example of an action that was the opposite of risk adverse.
Agreeing with this, Bruce Schneier notes too, that mainstream representations of many Chinese attacks are also inaccurate – some of the attacks we’ve seen are “surprisingly sloppy” and there have been suggestions that many hackers are not actually employees of the Chinese government but free agents working in various degrees of conformity with government objectives.
Edward Snowden, in turn, agrees that as the number of people with the relevant knowledge base increases, the range of actors involved in this sort of activity is growing too and that along with “more exceptional actors who are never noticed because they are never caught and others who are caught regularly” and that even those working under government employ may be moonlighting in order to boost their income:
I actually worked against the Chinese target when I was based in Hawaii… so I know quite a bit about this and can’t talk at full liberty here but in general the level of sophistication in Chinese cyber is not great. There are probably people in this room who were much more capable than a Chinese military cyber unit when they were teenagers.
Referring to commercial surveillance developers like Gamma or Hacking Team, Schneier notes that there are now the equivalent of state-level “script kiddies” in the mix, using these off-the-shelf tools. Many of these are now being regularly detected by the academic community.
Looking at these developments in the round, Schneier says it is surprising that publication of their techniques didn’t appear to be within the range of the “risk-adverse” NSA’s scenarios. Surely now the NSA and other Five Eyes agencies are going to have to examine their tools in light of what reaction might be when they become public.
Edward Snowden responds by noting that Obama has already indicated that the principles used in authorising operations have changed, “which is probably wise.” Nevertheless, the NSA has significant compliance issues, which is reflected in the number of self-reported infractions revealed by the New York Times. NSA analysts may not be bad people but there is certainly a “culture of impunity” within the organisation.
Both Snowden and Schneier note that much of the growth in the NSA’s mass surveillance capabilities was preceded by the corporate exploitation of “big data” models. Government has piggy backed on corporate surveillance – sometimes directly, as we can see in the use of Google cookies by the intelligence agencies.
Schneier notes that “it’s always amusing to see them [Google ]complain about government spying on their users, because it’s their job to spy on their users” and that, while organisations like Google and the IETF are trying to increase the resilience of the internet, there is a problem of business models in play here as well as engineering.
Snowden agrees that the public debate has not really begun to tackle the corporate spying yet and that there will have to be a role for more decentralised business models need to come into play. At a technical level, metadata is not easily encrypted – he uses the example of a counter-cyber investigation to show that, even where content is encrypted, there’s a lot you can do with packet analysis alone.
An incompatible mission
In conclusion, Bruce Schneier returns to an argument he has made before, that the NSA’s dual missions – to defend US computer systems and perform offensive operations – are incompatible. This was less true, he says, during the Cold War because, unlike today, adversaries tended not to be using a shared communications resource. Today’s environment “requires a different way of thinking.”
Edward Snowden concurs with this, returning to an argument of his own, that because of the increased size of the US online economy and the country’s prominence in commercial and academic research, it has on balance more to lose when the internet becomes a regular site of attack. The United States could better serve its interests by promoting network defence and increasing resilience.
This 24 May 2010 NSA presentation describes the ways the agency uses botnets (“bot herding”): see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This June 2010 NSA presentation for the SIGDEV conference describes efforts to trace a suspected Chinese cyber attack: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This undated NSA presentation describes the process of Fourth Party collection – “I drink your milkshake”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This 7 February 2010 NSA presentation outlines techniques to “discover, understand, evaluate, and exploit foreign CNE/CNA exploits”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This 26 April 2011 SIDToday post from the NSA/CSS Threat Operations Center (NTOC) Hawaii describes how the NSA has developed its capabilities in collecting “other people’s sigint”, for instance in exploiting Chinese operations against the United Nations: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This undated NSA Menwith Hill presentation describes SPINALTAP, a project to combine data from active operations and passive signals intelligence: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This internal NSA document dated 15 June 2009 describes a protocol the agency uses to exfiltrate data from its computer network exploitation operations: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.