Hmm... if only there was some sort of National Security Agency that employed cryptographers so we'd know about these things first and could protect us from these attacks.
Clearly posters aren't getting the sarcasm, so I'll spell it out: the NSA is clearly suspect number one.
What's more interesting to me, though, isn't that they had this technique, it's that they let it out for ... what? It seems like this is a garden variety public worm. One would think that if the NSA had the ability to forge windows code signatures like this, they would have used it more selectively. Some spook is in deep trouble about this.
The NSA is not suspect number one. The Russians have had superb cryptographers for decades, heck GCHQ invented public key cryptography years before Diffie Helmann and denied it's very existence within for decades.
Attribution is a bitch. It's not a slam dunk to suggest that a particular agency is at fault without supporting evidence.
> the GCHQ beat DH by three years and RSA by four, not decades.
Correct. But they kept the fact that they did secret for decades. That's what I meant, apologies if it was ambiguous (I can't actually edit the comment now to fix it).
The Russians have far more of an economic risk to set something like this off in the middle east. Their huge investments in oil infrastructure could go up in flames if this was traced back to them. And this is just the stuff that's somewhat above the table.
It's easy to pin it on a nation state or intelligence agency, but it's worth considering the possibility that it was rogue elements in one (or both worlds) that exploited this (and various people) for purely financial gain.
Hell, the people I know who don't work for the government scare me with the kind of advanced research they do. And if it was government funding they might farm out to the private sector if there was more advanced research there with this kind of attack vector in mind.
Does anyone have any idea what kind of salary a mathematician in NSA can expect? Unfortunately I'm not a US citizen, so I cannot apply, but I'd like to compare it to what they would pay me in my home country.
Intelligence agencies and criminal hackers use the same techniques that white hat security researchers do, so every time I read about an attack like this, I wonder who else discovered it and reverse-engineered it, when, and how they used the knowledge. Imagine the irony (assuming Flame is an American product) if China had discovered Flame first and used its technology to conduct industrial espionage against U.S. companies. In fact, getting first crack at advanced technology is great incentive for rival powers or criminals to cooperate with targeted nations. Our next target might solicit the help of Chinese or Russian hackers, government-affiliated or not, who might be very happy to help so they could reverse-engineer the attack and replicate it themselves.
Even worse -- and this is off-topic so I'll keep it brief -- I don't know if the intelligence gleaned from this operation would produce any benefit at all. Theoretically, if we discovered that Iran's nuclear program wasn't a threat, we could save ourselves a lot of worry. It might save a lot of time and money, and possibly even save lives if it prevented military action. But after Iraq who can be confident that an accurate assessment of the threat from Iran would have any effect on policy? We might be disseminating dangerous knowledge for nothing.
I really don't think that the failure of accurate intelligence to drive policy in the past suggests we should give up on trying to have policies driven by facts.
Well, MD5 attacks are actually quite old news[1,2,3,4]. There even are some open source projects to help you find them[5]. Would love to hear more details on what was the breakthrough that Flame introduced.
Edit: The breakthrough that Flame introduced can be read here[8, 9]
SHA-1 is not yet broken, as MD5 is, but fortunately we are having the SHA-3[6] competition (like we had for AES[7]).
That depends when this attack was first conducted and when this variant of the cryptanalysis on MD5 was made as Marc Stevens sums up [1]:
More interestingly, the results have shown that not our published chosen-prefix collision attack was used, but an entirely new and unknown variant. Therefore it is not unreasonable to assume that the particular chosen-prefix collision attack variant underlying Flame had already been in development before June 2009. This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis.
it's always unsettling seeing a governmental or otherwise undisclosed institution developing such cryptographic breakthroughs in secrecy. this leaves me as a developer with inferior tools to protect my data against any kind of intrusion. it’s understandable from a national perspective but unfortunate for the programming community at large. so far we still have bcrypt or scrypt - but who knows, maybe someday we'll have an efficient collision attack there as well...
The fascinating thing is that strong commercial/public cryptography has only really become a "thing" in the past couple of decades; it used to be nearly exclusively the domain of governments, which is why even today there are still residual export controls on strong cryptography.[1]
The "programming community's" threat model in cyberspace is no different than anyone's threat model in meatspace. If a well funded government decides you are an enemy of the state they can harm you in meatspace or cyberspace. Are you staying up at night worried about a hellfire missile coming in your window?
the great thing about the internet is that it puts you as a citizen in a superior position to your local government (assuming you can somehow hack your way thru government controlled routers, which is in most cases trivial), because thanks to the anonymous nature of the web and the global access to it you can circumvent any national censorship and expose any kind of unjustice happening in your own country. those kinds of cryptographic attacks reduce anonymity on the web and make internet users an easier target for national espionage. as internet citizens (or netizens) it would just be nice if we could keep the upper hand in this game.
This is why Sergey Brin is netizen hero number one in my book. He actually cares, at a visceral level, about this and has taken actions to protect the net.
His fear stems from the fact that most people believe they have a right to the Internet and are essentially anonymous.
To respond to your hellfire missile analogy, if I am in Canada or the US, I'm not worrying about it but if I'm in the middle east, it's a different story.
And I am saying that he does not have to worry about NSA, Mossad or The Secret Army of Northern Virginia spending years to develop Flame 2.0 so they can read his email. On the flip side if you are a high level enemy of the state you should still be worried if you are in Topeka or Ottawa; if its not a hellfire coming in the window it will be equally lethal scary rough men dressed in black.
On the other hand, keeping data safe from (known and unknown) attacks is also in the interest of such institutions. So I guess it goes both ways. (See: NSA "suggesting" IBM's DES use modified S-boxes, for (at the time) undisclosed reasons)
"Flame could only have been developed by a wealthy nation-state"
While I do agree that it was indeed developed by one, I'm not sure how it could only have been developed by one. Would it truly take massive levels of money to do or simply some smart, determined people?
Presumably, if you are not employed by a three-letter agency, and you manage to invent a breakthrough crypto technique, there's more value in publishing it, than sitting on it until you just blow it all away on one exploit anonymously.
At least, you would _hope_ criminal enterprises don't actually have the means to fund and recruit their own secret, cutting-edge math research labs/networks :)
> there's more value in publishing it, than sitting on it until you just blow it all away on one exploit anonymously
Value is a subjective thing. Some people want money and fame, and for them it would be better to publish. But if you want to get rid of Iran's nuclear program because, well, you don't like nukes, or you don't like Iran, or you Just Want To Watch The World Burn, then well...
> At least, you would _hope_ criminal enterprises don't actually have the means to fund and recruit their own secret, cutting-edge math research labs/networks :)
Those submarines are crude, has you seen pictures? And submarines and cell phone networks are pretty standard technologies, well understood, that any competent engineer can build off of off the shelve components.
It's not like drug cartels are Dr. No like enterprises...
Well understood also. It's not like they're doing cutting edge pharmaceutical drug research that takes mega scientists and billions in funding and very precise enzyme targeting, etc.
They mostly iterate on known drugs to make their making cheaper / more addictive. And they can easily test on junkies (I presume).
The "research chemical" community, out of China, SE Asia, Israel, and Europe, is pretty much doing cutting edge pharmaceutical drug research -- the point being to produce "interesting" club drugs while staying ahead of regulation. Not spending billions, but doing fairly reasonable drug discovery, synthesis, and testing.
Of course, sometimes they get it wrong, and you end up with face flesh eating humans in Florida.
Thanks. Just to be clear, toxicology is pending. My gut says this is mental illness, not drugs, based on the perp's record.
Also, I don't own a TV, don't watch TV, and get my news from friends and NPR. So I don't generally see much of this news-of-the-wierd. Thankfully, it appears.
I supplement my lack of TV news with a once-or-twice-daily visit to Drudge. It compresses all the utter lunacy down to one appropriately-ugly page and keeps me a couple days ahead of the GOP talking points at the same time.
I disagree. You're focusing on recreational drugs, but the performance drug market might be smaller but significantly richer.
During years EPO wasn't detectable by anti-doping testing. Correct me if I'm wrong but I think it requires cutting edge pharmaceutical drug research to avoid detection.
Its actually a shame, in the pursuit of blaming the USA and/or Israel people lose common sense.
Look, It seems that it was certainly USA/Israel, but throwing common sense out the window just so we can make this point is not a good idea.
What these people are saying, essentially is that very few countries have lots of smart people in different industry's, which is wrong.
The zero days can come from all over, the PLC and SCADA system knowledge is all over the world.
meh, I'm rambling now, I agree with you kposehn. Its more obvious that this is the work of USA/Israel simply because they are the ones desperate enough to try anything. I might be wrong but who else is threatening war with Iran?
The author of that is wrong to conflate nationality and ethnicity. A nationality is a much more general concept. Because most people in the US would list "American" as their primary group identity, and because the people who don't aren't off in their own geographical areas, the US is more of a nation state than it is anything else. Now, you shouldn't throw around the term nation state unless you deliberately mean to exclude, say, Kenya or the old USSR - but that's a different matter.
EDIT: Or compare the US and the EU. The typical New Yorker regards people in Florida as the same sort of person as them, so the permanent fiscal transfers from New York to Florida don't spark the sort of outrage in the US that permanent transfers from Germany to Greece do.
There's also the combination of goals and benefits: it's easy to hypothesize a drug cartel or the Russian mafia having enough money to fund something - complicated by the percentage of top-notch crypto people who wouldn't work for an illegal organization - but it's hard to come up with a scenario where they'd be going after Iran rather than, say, compromising a few million credit cards.
Industrial espionage would be similar: hard to keep secret, fairly high risk and in most cases it'd be easier and more reliable just to take your megabucks and pay someone for whatever data you want. Why spend millions funding a big R&D team when you could just pay one of your target's sysadmins a million or two to get the data for sure?
Probably something like flame does need much money for development. The clearest sign is of course the MD5 collision. For this you need not only the genius who actually devises the attack, but also an entire infrastructure of people who check proofs and chat during coffee breaks on a useful level. So essentially an secret institute for applied cryptography.
Atop of this you need to write the rest of the code, which is not at the same level, but still you need at least several programmers.
So probably not all suspects are nation-states, but I believe all suspects are rather large organizations.
Smart determined people don't come for cheap, and you don't get world class cryptanalysts and mathematicians working on such a specific endeavor out of "determination".
Plus, we can all guess what wealthy nation-state developed the software and similar things in the past, let's not be hypocritical here...
you don't get world class cryptanalysts and mathematicians working on such a specific endeavor out of "determination"
In World War II, you had such in Poland:
http://en.wikipedia.org/wiki/Marian_Rejewski
(Who deserves some of the credit for cracking Enigma and thus for the outcome of World War II.)
What you can get for lots of money, you can also get for patriotism and somewhat less money. There are over 30 countries with populations over 40 million. Most of these are industrialized. The odds are that they've produced the requisite mathematical talent. The only question is if they've been able to retain and apply it.
Yes, but I was talking in context here. The level of patriotism you had in Poland in World War II, is nothing like the (far lower) level of patriotism you get of scientists in affluent modern states in no immediate danger.
Plus, the rest of the context is the target of the attack and precedence. Given those constraints, one can only thing of 2 such states. And it's not like those "30 countries with populations over 40 million" are not spied to death already, or that they had foreign policy autonomy on the level of making such attacks without asking consent from a certain power.
One of those countries is Iran. That said, Japan prior to and during World War II knew of its pressing need, had plenty of patriotism to draw upon, had high levels of education and infrastructure, and still failed to compete in that area.
I think the point was more that the amount of money it would take would not necessarily come from a "wealthy nation-state." I'm not arguing over who actually did it; but I agree with the above that it's a pretty big leap to include that only.
There are a lot of organizations in the world, corporate, criminal, and otherwise, that can muster say $25 million (which, I admit is a number I just pulled out of my ass) to accomplish a monumental task. I'm just not sure that I'm ready to believe that the money amounts we're talking here are restricted only to the wealthiest of nation states. Is the claim that you would need literally billions of dollars to get the smart people and equipment?
That was basically my thinking. The purpose of Flame seems to be clear intelligence gathering, so most likely it is a state actor that wanted it; I wonder however if it was indeed developed by a state or a private group on behalf of a state.
Absolutely. I have very little doubt that it was indeed a nation-state who developed it; but, my main issue is with the distinction of it being a "wealthy" one. Couldn't Flame, perhaps, have been developed by Iran and released on themselves as a means for drumming up anti-Israeli or anti-American sentiment?
I realize something like that is totally conjecture; but, I don't see it as any further conjecture than, "it must be the US and / or Israel"
[Edit] Since somehow this didn't come across in my post; throwing up conjecture at another possible source of Flame outside of US / Israel doesn't mean I believe any of these explanations--my point was merely that both ideas are pure conjecture with little (at least that I'm aware of) evidence to support the claim.
Considering that the New York Times this week published a leak from within the administration admitting responsibility for Stuxnet and Duqu, both of which targeted Iran, do you honestly believe that Iran developing Flame as a false flag operation is equally credible?
No, I don't "honestly believe" that at all; I thought my post made it quite clear that is was pure conjecture. I don't see it as "outside the realm of possibility;" though, it is quite unlikely.
It depends on how one defines "wealthy." The IMF has Iran at 25th out of 182 wealthiest in the world, World Bank has them at 29 out of 190, and the CIA has them at 25 out of 191 (source: http://en.wikipedia.org/wiki/List_of_countries_by_GDP_(nomin... ). I think they're using "wealthy" to mean "wealthy enough for the government to fund non-trivial computer science research."
If Iran developed Flame you think they would chose to use it as a PR stunt over using it for intelligence gathering. From what I understand Iran is more interested in developing nukes than generating bad press for US/Israel.
Um, what is it then? Since the 20th Century most inhabitants of the US seem to think of themselves as Americans as opposed to Pennsylvanians or whatever. The US has a few things that look sort of like imperial possessions (e.g. Puerto Rico), but those are a pretty small part.
According to their careers page[1], the NSA is offering $42K - $97K for mathematicians and $72K - $134K for computer scientists. I'm guessing that's on par with many academic and industrial research positions, especially for the locations they have offices (i.e. not Silicon Valley or New York).
Probably not. There are people who have the math chops, and the coding chops, and the other knowledge around security, but with so many qualifiers, that's getting pretty rare.
Several smart, determined people capable of it together would be easier to find, and well within the reach of many nations and large organizations.
>I mean, if I had the capability to screw up Iran's nuclear program in my spare time I probably would, because, y'know, fuck Iran.
Fuck Iran why exactly? Because toppling their democratically elected government and establishing a puppet in the fifties wasn't enough? Or arming Saddam's Iraq to fight them in the eighties?
Or maybe because, say, TX can execute 15 year old "criminals" and ban abortion and/or gay marriage, but Iranians don't get to decide how they want to live? Or maybe because what's OK for Saudi Arabia is not OK for everybody?
Or is it because they haven't harmed anyone in the region, where other nations have already invaded 2 nearby countries?
Or just because, you know, muslims are bad in general? (I don't like the religion myself, but they have the right to do as they damn please in their OWN country).
I understand your position here, but, please make contact with some Iranian refugees/dissidents near you for the full picture. Its bad. Worse than I understand Texas to be, by several ball parks.
>I understand your position here, but, please make contact with some Iranian refugees/dissidents near you for the full picture. Its bad. Worse than I understand Texas to be, by several ball parks.
Sure, but those are "refugees/dissidents", of course they would think that. It's not like the great Iranian masses are held there by force or hate their culture.
In general, dissidents are also overplayed for political gain by other countries. I mean, even the USSR played upon US political dissidents, the McCarthy era etc. If you are going to judge a whole country better ask the locals, not the dissidents.
No, you're arguing from isolated facts presented in a sentimental package from mainstream media. Do you know how many deaths there have been in protests in the US? Like, say, the Kent State shootings, were police shot 4 students dead. Or all around the world, for that matter? There have been 2-3 killings by the British police in the last 2 years, they even beat a guy in wheelchair ( http://www.bbc.co.uk/news/uk-11987395 ). And that's an "advanced western democracy".
Now, put this to perspective. The Kent students were shot doing a mostly harmless protesting, in a country that had sent troops to a third country (Cambodia), and that was in no danger itself. The tension in Iran, on the other hand, is in a country that feels threatened by the US, that has seen 2 other countries invaded in the region, and that foreign powers are known to support vocal dissidents and minorities against the state. In the name of "democracy" of course, and not crude oil. Same foreign powers do nothing for countries having even more extreme muslims, and far less democracy, like, say, Saudi Arabia.
What would the US police do if the US was feeling directly threatened, say like in the WWII? Well, we know what they did at the time: concentration camps for Japanese, for example.
Ok, look man, I'm down with anyone who wants to say the US could do better. I could do better. You could do better. But a fact, always beats a strawman, which is what you presented previously. Because the reality is that the Iranian government killed a bunch of its own people and did their level best to suppress that information. Now you've switched from defending Iran to reaching back a generation to find something you can cite to prosecute the United States.
Just to add another fact, Here's a more comprehensive discussion of casualties in the protests where that Iranian lady died
My point stands: you are arguing from a very weak position. Further weakened by the fact that your thesis keeps moving around. If you're going take on the martyr's quest of defending an outrageous position, you can expect you're going to be expected to present an outragously good argument: all your shit in one bag, sewn up tight. If you're frustrated that people can come along and shoot holes in your argument with a sentence or two, maybe you could consider that as evidence that your argument may not ever hold water.
There's a great passage, I think it's TH White's Once and Future King, where Lancelot has a dream where he sees two armies of knights, white and black fighting. The white side is loosing, so he takes their side. And gets slaughtered. On waking, he is told: know what you're fighting for. Don't fight for the losing side just because they're losing.
We like to separate the citizens and the government, but I don't think this is the case. For most of the citizens, loyal muslims etc, that's exactly how they want to live.
Western media just overplays dissidents and people that talk to our "sentiments". Insignificant opposition parties and small protests are elevated to the level of mass popular protest.
If the situation was reversed, imagine what other countries would say of the 2000 US Bush-Gore elections, what with the electoral fraud et al, or things like the Vietnam protests, etc.
Downvotes? Because of disagreeing? Very democratic. It amazes that people believe that the people of such a country like Iran do not want to live in a religious muslim state and are "forced" by the government.
And it amuses me, because, you have an example right in your backyard: the "middle america" has tens of millions of people that want to live in a Christian state, with no evolution teaching in schools, no abortions, no gay marriages, the death penalty, Bible, etc. Those people are not "forced by the state" to want to live like so. If anything, they think the state FAILS them by not being more christian.
If you consider this --that even within the US there are people who want those kinds of things--, you might understand why your San Franciscan or whatever ideas are not directly applicable to muslim countries, with a much different history and culture than what the US has.
It is entirely appropriate to criticize Iran on its own merits. You can argue that it is hypocritical to do so, but it does nothing to mitigate the facts against the Iranian government, which are many. And while it is true that there are executions in Texas, a lack of rights for gays in the US, etc, you wouldn't want to try to argue that Iranians have it better...or would you?
I think the OP used the term nation state when he meant sovereign state; it was just a mistake of language. johnlepson, on the other hand, seems to have a bee in his bonnet about the US not being a nation state. Whether the US is a nation state or not depends on how multicultural you think it is; it's a political disagreement.
What exactly was the requirement for a "0day" MD5 collision attack here; I thought the Terminal Server Licensing thing at Microsoft spat out good-for-code-signing certificates by itself?
They did, but it seems that those certificates had some extensions that made the code-signing attack difficult to carry out on some versions of Windows, so the collisions were used to generate certs without those extensions.
(I read this at http://blog.cryptographyengineering.com/2012/06/flame-certif...)
I see; on Vista and above, certain fields in the certificate prevent it from being accepted for code signature. So they did a collision attack to create a slightly twisted certificate where all those fields are tucked away in a useless segment and ignored.
Are there any details on what's new with this particular attack, compared to the known previously published ones? Why wouldn't earlier public research (such as that ps3 fake SSL CA stunt) suffice?
We don't yet have details on the differences. I've looked at the evil colliding cert and, AFAICT, the "MD5 Considered Harmful" technique would probably have been sufficient to pull this off.
News from a few days ago made it sounds like MS left their cert wide open to using it to sign code and make it look like it came from Microsoft.
Now this news comes out that they used a pretty powerful crypto attack to essentially create their own trusted root to be able to sign their code to make it look like it came from Microsoft.
Why would you need both vectors? It seemed (yesterday) that the Microsoft bug alone was enough to trick Windows Update into installing your code.
I think it makes sense that a well funded government was behind flame, but it makes me wonder, there is nothing that explicitly calls for huge funding. Nothing is very costly other than talent. So just a hypothetical situation here but why can't a hypothetical real life Tony Stark make it? (not rich like Stark but intelligent like Stark) Just a one or two people in a garage on their PC. What makes it impossible for that to be the case?
It's also the timing. The assumption is that since this is a novel attack and apparently not based on Marc Stevens' attack which was published in 2009, that it therefore was likely developed prior to 2009.
Time? But besides that, I can't really think of anything. Some guy on NPR was talking about how it might be some professional developers who did this in their free time, so that would kind of make sense.
If someone is capable of doing stuff that flame is doing, he/she might as well do it in 2 months time. The thing is we are unaware of the exact capabilities of the author of the code, so it can be a very intelligent person doing it in a few weeks or a group of smart people doing in a few years.
But the problem with later is that the more people know about it and the longer it takes to make such malware, the higher are the chances of a pre release leak, or some double agent doing his work. So one or two very intelligent people doing it in very small time make more practical sense for a covert mission.
Earlier information linked to from this site suggested that Flame was able to spread by some quirk involving using Terminal Services licenses as signing keys (instead of just licenses) and continuing up a trust chain. Was that information accurate? Is this an additional technique Flame uses for its attack? Or is it the only attack?
"There were mathematicians doing new science to make Flame work."
the government thinks that this is just like normal weapons research.
what they don't realize is that "secure-enough" crypto is far more important to the world economy than their small use in breaking it.
if a government could spend $800B and prove/create a machine that makes asymmetric cryptography impossible - and will be reverse-engineered and known to the world within 3 years of when they start using it, they probably would.
meanwhile, the world loses a lot more than $800B if you can't do anything secure over the public Internet anymore, or have to have previously exchanged a one-time pad to anyone you want a secure connection with.
this isn't just another weapon. mathematics is a public good. Of course, if you can spend $800B on new math and then break it, then in some sense it was "always broken." In another sense, however, that's not true at all. Quit messing it up for everyone.
>if a government could spend $800B and prove/create a machine that makes asymmetric cryptography impossible - and will be reverse-engineered and known to the world within 3 years of when they start using it, they probably would.
The alternative is waiting 10 years for academia to discover the vulnerability, the whole time risking that an even worse organization will discover and exploit it.
Ideally they would spend the $800B breaking it, along with another $200B developing something to replace it before it goes public. Even if they don't do the second part, it's still no worse than what would happen eventually anyway.
This will only become an arms race, or skipping that entirely; the web will just be a destructive place. Another battlefield. Where in the history of civilization can we pull similarities and find a solution?
As the facts appear today; someone (or group, or government) attacked someone else (or group, or government) abusing a mechanism millions upon millions rely upon. Now the instructions to mimic that abuse is in the hands of another malignant.
There is no past for this type of thing. In 1857, 40,000 people could not sit in the woods of Russia and (potentially, just possibly) ruin worldwide communications, much of commerce, trade and banking, etc, for everyone just by invalidating some mathematics and sending a few letters out stating their findings - with no other direct or indirect manipulation of anything. That's what I meant by saying it's a "public good."
This is unprecedened. I chose $800B as an absurdly large sum that I believe is more than Academia would spend on this question in a few years. (I could be wrong though.)
Downvoter: I know you think it's not secure if a trillion dollars of research can break it - but guess what: there is a nonzero chance that between here and 800 billion dollars from here there is a quantum device. that doesn't mean it actually exists. it means it could exist if one of the world's biggest economies throws that much military R&D at it. I'm saying they shouldn't. at least, not with that goal (breakig crypto for everyone; quantum computing itself is a welcome advance). Please be more practical.
It seems as though the governments of western democracies are spending a lot more effort on digital swords to stab at our enemies than on digital shields to protect their citizens.
The NSA says that about 1/3 of their budget is put towards protecting US government systems and data (though there is no way to verify that). It is extremely difficult for them to even attempt to protect non-governmental systems. The NSA was involved in SELinux, and designed the SHA family of hash functions. This, along with their certification of various cryptographic standards as acceptable for government use, seems to me to be about all they could do defensively without requiring them to have access to private systems and data.
Ha! Everybody knows that this virus was hand-written by our Great Leader and Horse Rider King Jong Ill, right before he decided to exchange his earthly existence for another greater one.
