Open Sources- 10MAR16

snowden

Snowden on Apple and the FBI

RT’s take on the same story

At a recent conference, the controversial former Contractor weighed in on the FBI-Apple legal battle. He feels, as do many others who know better, that the FBI already got into that phone long ago.

And they did. But that’s not the larger issue. The larger issue is that they’d rather you not know how they did it. In the RT article another interesting tidbit was included:

Comey also acknowledged that the FBI made the mistake of changing the iCloud password on Farook’s account, security researcher Jonathan Zdziarski wrote in a blog post.

“In other words, the mistake of trying to break into the safe caused the safe to lock down in a way that made it more difficult to get evidence out of it,” Zdziarski said.

Meaning, in other words, they tried to backdoor their way in.

The larger picture is that wire taps and government surveillance is nothing new. It has been a legal battle almost as long as telephones have been in widespread use; and the answer to all of this hasn’t changed either. Technology may, but people don’t.

No matter what may be thought of Edward Snowden, his presence and revelations to the mainstream are important. Knowing how to work without other people’s infrastructure makes life hard for those who consider the Liberty Movement the enemy. And to them, we’re much worse than the muslims who have proven their propensity to violence. Act accordingly.

Advertisements

19 thoughts on “Open Sources- 10MAR16

  1. Mike Bishop

    There’s more to (breaking into the phone) than brute-forcing the 4-digit pin.

    There’s also the capability to enter a full alphanumeric password. Apple also uses dedicated hardware for crypto. This chip is refered to as the Secure Enclave.

    When the passcode is entered, the passcode is intertwined with a key embedded in the Secure Enclave to unlock the device, via a 2-tiered system. iOS is actually PHYSICALLY DETACHED from the Secure Enclave. The Secure Enclave contains the device’s unique identification. This cannot be accessed from any other part of the device or iOS. On the phone, is the device’s group identification, which is combined with the unique ID to create a portion of the crypto key. Both of these are hardware devices that work in tandem.

    The other portion of crypto is generated via random sequence.

    Regardless of the height of the the hurdle, the government is requesting that Apple provide, what basically amounts to a cheat-code for unlimited password guesses so they can brute force the fuck out of iOS devices.

    The problem is that the offending device that is the center of this controversy is a 5C.

    The 5C doesn’t have TouchID nor a Secure Enclave. The password protection can be circumvented via traditional attacks, such as jailbreaking/firmware updates, etc.

    This illustrates that this entire debacle is being used as a red-herring. The 5C, has an 80ms delay between password guess attempts. 4-digit pin can be brute-forced in 30 mins.

    Furthermore, if this is a national security issue, the NSA already has everything the government could want or desire sitting in Bluffdale.

    The whole situation reeks to high heaven.

    Like

    1. A big thanks for the insight- I’m not a expert on the topic, but I’ve seen folks at work who are, and if there’s a will there’s a way. You’ve likely forgotten more than I’ll know(I just handed off phones and hard drives once found)

      It’s really interesting how, just like everything else, an encroachment on liberty is guised as “for the public good”.

      Like

      1. Mike Bishop

        That’s the pitfall, for sure. It’s always to protect us from ourselves.

        The truth of the matter is that the encryption on the newer model iPhones is a pretty robust system. A back-door, or a “cheat code” as I refer to it, would make the process of breaking in far more easy. I won’t bore anyone with the details, but once the 10-tries/fail is bypassed, it’s essentially “party time” for any bad actors, whether governmental, criminal, or foreign intelligence.

        This was, in my opinion (worth what ya’ paid for it), a ruse to “never let a crisis go to waste.”

        Anything of value is sitting in a database somewhere, or has already been cracked on the physical phone in possession. It was a convenient excuse to attempt to obtain a new capability for decryption on the part of the party involved.

        I could be wrong. I doubt it, though.

        Like

    1. Mike Bishop

      @gamegetter

      Absolutely. Brute force attacks are far slower, but far more common.

      The irrelevance of length comes into play, based on the sophistication of the tools/methods used to crack the password.

      The bottom line, and it’s sadly the truth, is that encryption straight up pisses people off. And that’s a good thing.

      Encryption is the alligator-infested-moat, with gargoyles pulling overwatch, for your data. Doesn’t matter if it’s state-level players, criminal elements, or black-hat hackers, it is a line of defense.

      It isn’t necessarily foolproof, but it will damned sure make it a pain in the ass for someone. Big time. Until quantum computing becomes prevalent, but that’s a whole ‘nother fish to fry.

      Bottom line, as you’ve brought up; there will most likely be a push to make it illegal to use, if the big players in industry won’t toe the line.

      Liked by 1 person

  2. I agree that the FBI got everything they needed from that phone long ago.
    What they are trying to get is instant access to all encrypted devices-and the key to break the encryption.
    The FBI is a little behind on the encryption in use,but it won’t take them long to catch up.
    On the plus side-it’s still possible to encrypt info/data that would take even the NSA far too much time to crack to do any .gov stormtroopers any good in any “investigation”,and I don’t see how anyone can come up with a faster means of breaking strong encryption.

    Liked by 2 people

    1. Mike Bishop

      Brute-force cracking, depending upon the complexity of the “passcode” (be it alphanumeric, or a long number string” will always have a time element involved.

      Last time I did the maths, I want to say at a certain point, you could get into years, or require a computer capable of crunching more numbers than there are atoms in the universe, depending on the strength of the encryption/passcode.

      Long/Short of it: Encryption works. I wouldn’t be surprised if it eventually became illegal.

      Liked by 1 person

      1. The way I understand it is that after 15 characters,be they letters or numbers,it gets into at least months to crack,if not a year or more.
        I’m in no way all that knowledgeable about the subject,but I do read what I can about it.
        I think this whole FBI-vs-Apple “issue” is about attempting to make encryption illegal-unless the feds and any local cops get a backdoor so they can read whatever is encrypted via phone,tablet,laptop,or desktop.

        Like

      2. mtnforge

        Making encryption illegal is kind of like outlawing other components of freedom from tyranny of a state or tyrant, like outlawing arms and self defense. Outlawing weapons doesn’t make them less effective, how they are used, nor your right to self defense.
        Does it really matter to those who defy and rebel such diktat?
        What I’m trying to say is outlawing encryption is for chattel and their slave masters, right? If it is outlawed, it still doesn’t change the reality that encryption is still encryption, how it can be employed, the fact it is regardless still very difficult to unlock, and its benefits.
        I mean, outlawing Liberty, which is an ongoing goal of the regime, actually gives Liberty a certain legitimacy. All the laws imaginable doesn’t change the primal nature of Liberty. Same with encryption if I’m thinking straight. If anything encryption then becomes the domain of people who have every reason to not just use it as tactical and strategic tools, but it becomes an organic process of resistance, and it takes on the nuances and imperatives of insurgent information warfare and all the concepts of how to wage that 4th gen style. In other words, it evolves in unintended ways, and the state then is faced with use of encryption it did not anticipate and may have a high degree of difficulty countering or defeating.

        Like

  3. mtnforge

    Thinking it out a bit further, is it presumptuous to contend outlawing encryption will make the state even more vulnerable than it has already made itself because of its organic inability to create such things and its arrogance which naturally blinds itself from the potential for countermeasures to begin with?
    I imagine encryption within open market information technology is a fruit of brilliant and practical minds, its best aspects are products of an open and unfettered free economic culture, designed with benign intent for the most part to thwart criminal activity in a free economic environment.
    The state isn’t exactly known for its indigenous creativity and invention. It generally relies on the private sector for its needs.
    If the imperative of the state is to deny its subjects technological privacy, and enable free reign for data gathering on its citizenry, doesn’t that set a wholly different set of imperatives for creating encryption along entirely new or different lines for the citizenry to counter its intrusions?

    At one time I built, installed, repaired, and maintained detention equipment in jails and prisons, it never ceased to amaze me how ingenious humans are in the ways they where able to figure out the weaknesses, and develop organic methods with the barest of resources to defeat what would be considered un-defeatable lock and detention systems.
    It wouldn’t be a leap of assumption the same could be possible if encryption where to be somehow outlawed.
    Look at Mr. Snowden, a private citizen contractor, Snowden essentially pulled off the espionage coup of the century, within one of the most secretive, and supposedly most accomplished encryption/decryption organizations in the world today. Who really knows what data he took with him. I’d bet it is far more than the NSA is willing to ever disclose, and that in itself is an indicative of what Snowden has and how vulnerable the NSA is.

    So it begs the question if my assumptions hold water, what is the deeper intent with the FBI going after Apples encryption really about? Are they after something which isn’t evident on the face of things beyond nullifying commercial based encryption? What is the larger picture here? Is Apple gas lighting the buying public to cover its ass and avoid the loss of sales by making the government the scapegoat and it is all a ruse and false flag?
    I just can’t but help think there is something seriously different than the propaganda allowed to be seen here.

    Like

    1. Mike Bishop

      Encryption works.

      The goal is to demonize it, and associate it with criminals, terrorists, and general dirtbaggery:

      Absurdistan is out to ban it:

      https://www.eff.org/deeplinks/2016/03/worried-about-apple-california-has-bill-would-disable-encryption-all-phones

      “Smartphone users in California take notice: a new CA State Assembly bill would ban default encryption features on all smartphones.

      Assembly Bill 1681, introduced in January by Assemblymember Jim Cooper, would require any smartphone sold in California “to be capable of being decrypted and unlocked by its manufacturer or its operating system provider.”

      This is perhaps even more drastic than the legal precedent at stake in Apple’s ongoing showdown with the Justice Department, in which the government is trying to force a private company to write code undermining key security features in specific cases.”

      The ban hammer. They seek to wield it wantonly.

      Like

      1. They can ban all they want-as encryption is not dependent on a specific phone,tablet,laptop,desktop or operating system.
        Any one of us,as long as we have the knowledge can encrypt data that can only be decrypted by the intended end user.

        Liked by 2 people

      2. mtnforge

        I guess what I’m getting at Mike, is the status quo of encryption, like so many other status quo aspects of control, like all this control going on, it really doesn’t matter in the broader scope to insurgent encryption what the government says does it?
        I’m thinking outside the box here, does it really matter what big corporate interests and the state do here? This stuff is between them, it is going down because of them, it is created by them, and isn’t it contingent on our freedoms, our property, physical and intellectual, do we actually need them and their lunacy of control. Change in thinking is what I’m talking about. I don’t need the government to own my rifle, how to use it effectively, how to incorporate all the aspects of my knowledge, training, preps, my outlook, my liberty neither, in fact in spite of my government. How is different for encryption. The government encrypts everything in one fashion or another, it is highly secretive about almost everything just by the very nature of what government is. But it will deny the same from you and I? I’m not trying to be philosophical about this, I’m trying to incorporate the holistic idea of the ideals of operating as a total self determine person. To be free you got to think free.
        Encryption is encryption, it is not dependent on whether it is “legal” or not. Like an AR-15, a government can outlaw them all they want, it is still an AR, it still shoots boolits, it still is a weapon. Just because a “Law” says you can not own one, doesn’t stop you from building an AR and using it. “Outlawing” encryption doesn’t make it not viable. So what does it matter, after all encryption is to keep your data secure, all the more reason it becomes even more useful, like an AR, a practical tool in the kit to defend something and to fight for something.
        I’m not trying to argue with you Mike, it’s just thinking in X instead of Y.

        Maybe defining something here in another way. How can encryption as a tool, it’s viability, be dependent on what a corporation or a government says or does?
        Encryption is a matter or reality, it is based on mathematical theory and equations. Like the sun, it rises every day, it sets every day, right? Because a corporation or government says it sets in the east and rises in the west, does it, does it matter? Why is encryption and its uses dependent on what Apple and government does? Are they gods?
        Like my rifle, the government says it is “illegal”, I’m not permitted to own my property any longer because it says so, when before I was. Well, I have this rifle, it exists, it’s real, what the government says about it doesn’t make its capabilities, or how I use it not work just because it says I can’t own it or is “outlawed”. Kind of preposterous isn’t it, on how many think, that what those entities say has so much bearing on the truth.
        So, the question in my mind, like with my “outlawed” rifle, what now matters most is not what the government says, but how do I employ encryption. And in thinking out further, isn’t my rifle and encryption now a much more effective tool in the way they are employed? That is simplistic, but isn’t the crux of it the matter at hand of the higher order?
        Encryption is like boolits, you can never have enough.
        And it is probably a blessing in disguise “outlawing” encryption. It will go grass roots, indigenous, it will evolve and change in so many ways, the idea and act of trying to control encryption will have unintended consequences, cause people to make it even more secure and difficult for government to control and crack. 4th generation information warfare.

        Like

      3. mtnforge

        Got another thing about this to run by you. Can you really truly trust the corporate encryption out there in the market place to begin with? Just because Apple and the FBI are going at it, is the presentation of events really to be trusted?
        It is like industrial food in the supermarket, there’s a label, denotes what the ingredients contained in the product. But do they? Is all as it seems? it is just ink on paper. If you don’t list an ingredient, then how do you know if it is in there?
        Same with encryption, a corporate entity says it’s operating system is protected by encryption. Is it? how do you know for sure? Being sure encryption is secure is a primal component of encryption, right? It is the whole point isn’t it?
        What if the entire show here between the government and Apple is because Apples encryption, and others encryption, was never secure to by design to begin with? And this is just another false narrative in a very long connected line of them.

        I don’t eat industrial food because I don’t trust what is put into it. Profits over everything, power over everything, rules so much of the products in the mainstream marketplace. The only way I know the food I eat is wholesome is if I trust its source first hand. Industrial encryption is any different?

        Like

      4. Just have to come up with a System D way of digital devices, comms and encryption.

        I see part of the solution is in how the majority thinks and acts on that thinking. If everyone is focused on using only industrial and corporate devices and encryption, then everyone who does will always be vulnerable to such corporate/state monopoly and group think.
        Why play by their rules and be boxed in by their products and services?
        Freedom and liberty means just that. It encompasses every facet of activity doesn’t it?

        Like

Comments are closed.