I propose a "Denial of usefullness" attack on the NSA

Discussion in 'Apple' started by Alan Browne, Sep 7, 2013.

  1. That isn't relevant to my claim. My claim is that the amount of data
    they need to analyze (if they want to anything other than monitor
    people of whom they are already suspicious) is of such proportions
    that they can't succeed.

    But back to my other point - suppose I have a source for that. If it
    was the NSA, you wouldn't believe it. If it wasn't the NSA you
    wouldn't believe itt.
    That's right. What you _do_ need AI for is to check for hidden
    communications in every photo uploaded to Facebook, Flickr, Google+
    (and hundreds of other places), every video uploaded to YouTube, etc.,
    every song on BitTorrent, etc.

    And then we can start looking at all the files people attached to
    their email, etc.

    The problem isn't breaking crypto (though that often is a problem) the
    problem is detecting the many easy ways of hiding information in plain
    sight.
    And how are you going to use this to search through the petabytes of
    snapshots and home movies posted every day? What tiny differences are
    you going to look for in one-offs?

    You _might_ be able to do tricks like that for people posting and
    reposting the same LOLCAT (though you need AI or something to identify
    this as a repost of the same LOLCAT).

    _Maybe_ if I tried to hide a message in a .wav track of Hey Jude, you
    could compare to the album. But an mp3 rip - it is going to depend on
    the platform, the software and the settings. Not so straightforward.
    Sure, but these algorithms solve the _wrong_ problem. They are good
    if you believe someone has taken a known binary file and altered it.
    But you have to know the file that's been altered.

    They are useless if someone just uploads their own picture/movie/sound
    file/etc.
    What they can do (and it uses their massive budget, fiber optic taps,
    etc.) is do a detailed examination of communication with a specific
    individual or individuals, including breaking lots of crypto.

    That is very different from being able to monitor the worlds data
    traffic in real time looking at everything. They'd _like_ to be able
    to do that, but as I've said before, they are drowning in that kind of
    data.
     
    Doug Anderson, Sep 11, 2013
    #41
    1. Advertisements

  2. Alan Browne

    Charlie Guest

    But that is only possible when the original is available
    and it isnt with video that whoever wants to hide the
    data has produced.

    And such algorithms are easily
     
    Charlie, Sep 11, 2013
    #42
    1. Advertisements

  3. Alan Browne

    Howard Guest

    I apol for diverting the topic .....

    But has anyone here imagined what kind of money the NSA is pouring into
    this every year ? ...... and it must be BILLIONS ...... and if this was
    spent on education and health services ... surely the benefit to the
    country would be vastly more than the so-called risks against the US
    that these uber-nuts are protecting againt !!!
     
    Howard, Sep 11, 2013
    #43
  4. I'm not suggesting anyone love it or leave it. Simply that this is an
    assinine way to accomplish anything constructive; in fact, it is counter
    productive.

    Mr. Browne is a Canadian citizen, and so I suggested to him to butt out.
    He won't, but that's my gist.
     
    John McWilliams, Sep 11, 2013
    #44
  5. Alan Browne

    Alan Browne Guest

    These are vulnerable to comparison, statistical analysis of differences
    in the LSB's and ... (below)
    Statistical differences in LSB's will tend to reveal patterns in a given
    image. eg: the noise content in each RGB should smooth out over the
    image, but if there is a message in there it's existence would tend to
    come out of the noise.
    Cryptanalysis depends hugely on statistical analysis to detect minute
    non-randomness that belies a signal amongst erstwhile noise. The
    technique has been used in many forms from WW II onward to both winnow
    message traffic out of the noise and to help break codes.
    See below. You're not thinking front end.
    Again, detection can be reduced to firmware capable of immense bandwidth
    per function. These black boxes can be chained without end. So a file
    or message gets shot in one end and is handed box to box to box without
    end until one (or more) detects "something" worth further analysis.
    Speculation to be sure but you'd be stunned at how fast such devices
    are. They are cheap. They are wicked fast. They can be chained
    together endlessly and sift in real time whatever data the NSA sees.

    (Indeed some of the efforts to brute force DES were based on such
    devices back in the late 90's - and the cost has shot down even as the
    bandwidth and speed have shot up. I'm not suggesting these decrypt
    messages but sift through video and stills looking for likely encrypted
    content and flag the message for a deeper look).

    Will they detect everything? Likely not. But they will continuously be
    black hatting the problem and implementing searches in computers or
    dedicated black boxes.

    --
    "Political correctness is a doctrine, fostered by a delusional,
    illogical minority, and rapidly promoted by mainstream media,
    which holds forth the proposition that it is entirely possible
    to pick up a piece of shit by the clean end."
    -Unknown
     
    Alan Browne, Sep 11, 2013
    #45
  6. Alan Browne

    Alan Browne Guest

    The Washington Post has a recent article on the black budgets and uses
    of them. I just wonder if there is an even blacker shade of budget.
    What has the truth ever had to do with US national policy?

    --
    "Political correctness is a doctrine, fostered by a delusional,
    illogical minority, and rapidly promoted by mainstream media,
    which holds forth the proposition that it is entirely possible
    to pick up a piece of shit by the clean end."
    -Unknown
     
    Alan Browne, Sep 11, 2013
    #46
  7. Alan Browne

    Alan Browne Guest

    My citizenship has nothing to do with it generally and specifically
    since Canada[1] is one of the "5 eyes" embroiled in this American idiocy.

    I am most surprised, disappointed and dismayed at your submission to US
    policy and agency bending of the law that completely violates all
    notions of individual freedom and privacy for which the United States of
    America "stands" (or used to) and has encoded in the 4th amendment for
    the benefit and protection of its citizens.

    [1] I'm also deeply ashamed that the Canadian government was part of the
    fiasco of weakened internet crypto standards:

    QUOTE
    Internal N.S.A. memos describe how the agency subsequently worked
    behind the scenes to push the same standard on the International
    Organization for Standardization. “The road to developing this
    standard was smooth once the journey began,” one memo noted.
    “However, beginning the journey was a challenge in finesse.”

    At the time, Canada’s Communications Security Establishment ran the
    standards process for the international organization, but classified
    documents describe how ultimately the N.S.A. seized control. “After
    some behind-the-scenes finessing with the head of the Canadian
    national delegation and with C.S.E., the stage was set for N.S.A. to
    submit a rewrite of the draft,” the memo notes. “Eventually, N.S.A.
    became the sole editor.”
    END QUOTE

    http://bits.blogs.nytimes.com/2013/...dence-on-encryption-standards/?ref=technology
    or http://tinyurl.com/nshxnn6

    So John, get off your "it's our problem" attitude. It's EVERYBODY'S
    problem.

    --
    "Political correctness is a doctrine, fostered by a delusional,
    illogical minority, and rapidly promoted by mainstream media,
    which holds forth the proposition that it is entirely possible
    to pick up a piece of shit by the clean end."
    -Unknown
     
    Alan Browne, Sep 11, 2013
    #47
  8. I won't bother replying in detail to the points you make since again,
    it misses the point.

    Yes, you are correct that there are statistical tools that can look
    for likely steganography. They have significant false positive rates
    if you want them to be sensitive enough to detect smallish messages
    hidden in big files.

    One could try to assemble the hardware required to apply these
    techniques to the entire daily traffic of the internet. That can
    probably be done for less than the gross domestic product of the US.

    _Then_ one needs to start working on decrypting one's false positives (still
    petabytes of data). If one happens to know already exactly how they
    were encrypted and the keys, this is just an insane amount of work,
    not necessarily an impossible amount of work.

    But one doesn't. So for each false positive one needs to explore all
    the ways one already knows it _could_ be encrypted, and then when none
    of them expose anything, one needs to tap real brainpower by trying to
    figure out what new method of encryption might have been applied that
    isn't on one's list.


    Repeating: my point _isn't_ that the NSA isn't big (it is). It isn't
    that the NSA doesn't have resources (it does). It isn't even that the
    NSA is unable to break high level encryption (I'm sure sometimes it
    can, and I suspect often it can't, but like I said that isn't the
    point).

    My point is that for a hundred or a thousand or a million geeks to
    start sending around gibberish files as you suggest in an attempt to
    flood the NSA with useless data to analyze ignores the fact that the
    NSA is _already_ flooded with useless data to analyze.

    You are free to do that. If you add a 100MB binary gibberish file to
    each usenet post you generate, then lots of people will killfile you,
    and maybe you'll generate some marginable unnoticeable uptick in the
    cost of internet service (and possibly a more than marginable uptick
    in the cost of your own service). But you won't have succeeded in
    adding to the burden of the NSA.
     
    Doug Anderson, Sep 11, 2013
    #48
  9. Alan Browne

    Alan Browne Guest

    Yeah I guess the NSA just throw their hands up and say WTF - let's
    barbecue instead.
    Not enough, apparently.
    I guess we'll have to agree to disagree - but - for clarification only -
    I never meant that anyone should post to any useful usenet group.


    --
    "Political correctness is a doctrine, fostered by a delusional,
    illogical minority, and rapidly promoted by mainstream media,
    which holds forth the proposition that it is entirely possible
    to pick up a piece of shit by the clean end."
    -Unknown
     
    Alan Browne, Sep 11, 2013
    #49
  10. The NSA spend a lot of effort analyzing data flow to and from "persons
    of interest." This is plenty hard already.

    They don't try to look at every single traffic flow on the internet
    and filter it for hidden messages. That doesn't work.
    Not apparent at all.

    You are counting it as "apparent" that the NSA is capable of analyzing _all_
    data traveling the networks on a real time basis?

    In spite of the fact that there is no evidence for this, and that if
    they could do this they would be breaking the laws of thermodynamics.
    OK, so if people are slinging around these 100MB distractor binaries,
    they can only do it in places where they _don't_ interfere with useful
    traffic? Somehow you think NSA has the resources to analyze
    _everything_ but not the resources to distinguish between posts to
    misc.test.dev.null and venues where communication takes place?

    You have to simultaneously believe that NSA is magically competent and
    that they are idiotically incompetent (I believe neither one myself)
    for your "Denial of usefullness" strategy to bear fruit.
     
    Doug Anderson, Sep 11, 2013
    #50
  11. Alan Browne

    Alan Browne Guest

    Never noticed any in the groups I frequent (which is a small number indeed).


    --
    "Political correctness is a doctrine, fostered by a delusional,
    illogical minority, and rapidly promoted by mainstream media,
    which holds forth the proposition that it is entirely possible
    to pick up a piece of shit by the clean end."
    -Unknown
     
    Alan Browne, Sep 11, 2013
    #51
  12. Alan Browne

    Mxsmanic Guest

    Only a very small fraction of total traffic. You don't need data, since a
    simple calculation proves the mathematical impossibility of capturing and
    analyzing everything.
    You have it backwards. Cryptographic algorithms are not being broken, by human
    or artificial intelligence.

    The advent of computers in cryptography has made it possible to devise
    encryption algorithms that are effectively unbreakable without some unforeseen
    breakthrough in mathematics, and unforeseen breakthroughs are rare--and those
    with truly practical value are rarer still.
    You don't exploit weaknesses with an algorithm. You exploit weaknesses _in_ an
    algorithm, if you can find any.
    That doesn't help if you need a fifty-magnitude improvement in speed to
    develop a practical exploit.

    Many exploits also require unattainable amounts of memory, rather than
    processor time. So having fast processors doesn't necessarily help, if you
    need a quintillion terabytes of RAM to make an attack work.
    That's not the way it works. Increasing computer power increases the gap
    between the computational cost of legitimate encryption and the cost of
    attacking that encryption, and thus the trend is towards ever increasing
    security in algorithms. This is a major source of frustration for the NSA.
    It's not like that at all.
    Yes. I'm seeing that here.
    What is the point of you arguing about a topic that you don't seem to know
    much about?
    There has been no wicked breakthrough. In fact, everything disclosed thus far
    merely confirms what people who do this for a living have expected all along.
    If anything, it is increasingly clear that there is truly no magic at the NSA.

    Nobody is surprised that the NSA has been engineering backdoors, because
    anyone familiar with the field knows that straight cryptanalysis and brute
    force are no longer able to accomplish much.
     
    Mxsmanic, Sep 12, 2013
    #52
  13. Alan Browne

    Mxsmanic Guest

    Sometimes, if the encryption is very primitive. Simple steganography may show
    this, but many parties have moved far beyond that.
    You have to know what you are looking for in order to find patterns.
    Cryptography and cryptanalysis are way past WWII. Perhaps your reading list is
    out of date.
    Science-fiction novels are not a good source of information on the state of
    the art in cryptography.
     
    Mxsmanic, Sep 12, 2013
    #53
  14. Alan Browne

    Mxsmanic Guest

    No. People at the NSA are smart. However, being smart also means recognizing
    what is practically possible and what isn't. The trend is away from attempts
    to crack encryption algorithms, and towards other methods such as analysis of
    practical implementations and insertion of backdoors.

    The NSA is pushing elliptical-curve encryption, and one reason for that is
    that EC is extremely sensitive to the choice of parameters. A wrong choice
    introduces useful backdoors. That was far less true with RSA, although the NSA
    has tried to weaken RSA by putting backdoors into the algorithms that set up
    the encryption, such as "random" number generators.
     
    Mxsmanic, Sep 12, 2013
    #54
  15. Alan Browne

    Mxsmanic Guest

    Or the terrorists are stupid, which certainly happens often enough.
     
    Mxsmanic, Sep 12, 2013
    #55
  16. Alan Browne

    Mxsmanic Guest

    Terrorists are no smarter than average people, and perhaps less so if they
    resort to terrorism, so certainly a substantial number of them are indeed that
    stupid.

    There are plenty of occasions on which the NSA doesn't really have to do any
    fancy code-breaking at all, as the parties that interest them haven't been
    bright enough to take any real steps to hide what they are doing.
    When you have a lot of bandwidth, you can hide messages that the spooks expect
    in it while hiding the real messages. That way the spooks are deceived by
    their own prejudices, and the messages they find, after expending considerable
    effort, are not the messages you were really transmitting at all.
     
    Mxsmanic, Sep 12, 2013
    #56
  17. Alan Browne

    Mxsmanic Guest

    That could be said about money wasted on lots of things. But it seems that
    working for the better of mankind isn't nearly as interesting to governments
    as playing games like spying, war, and crypto.
     
    Mxsmanic, Sep 12, 2013
    #57
  18. Alan Browne

    Rod Speed Guest

    Not with that sort of thing they arent.
     
    Rod Speed, Sep 12, 2013
    #58
  19. Alan Browne

    Rod Speed Guest

    That's very arguable with the best of them.
    No. That's not stupidity and terrorism can work as Israel proved.
    No, not THAT stupid. None of the terrorists they care about
    have been caught because they have been that stupid.
    No, not with the terrorism they care about there haven't been.
    Sure, that's always been one viable approach.
     
    Rod Speed, Sep 12, 2013
    #59
  20. Alan Browne

    Rod Speed Guest

    That's a very fundamental feature of the political process.

    Its always a lot easier to find the money for something like a war
    or a response to something like 9/11 than for that other stuff.
     
    Rod Speed, Sep 12, 2013
    #60
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.