Fears that the National Security Agency (NSA) has managed to convince U.S.-based suppliers of software, hardware and services to install backdoors for espionage purposes has created a crisis of confidence around the world.
There has been, of course, perennial suspicion that the NSA has sought backdoors, but documents leaked by former NSA contractor Edward Snowden last month confirm it. And neither the NSA nor the Director of National Intelligence, James Clapper -- whose office has frequently been the mouthpiece of the Obama Administration to speak about the NSA imbroglio — has attempted to dissuade us otherwise. Mounting concern that NSA backdoors might be literally everywhere is causing network vendors, their customers, and security researchers to question what they trust.
An article in the New York Times based on Snowden-leaked documents, even questions whether a crypto random-bit generator known called “Dual Elliptic Curve Deterministic Random Bit Generator” promoted by the National Institute of Technology was subverted by NSA cryptographers that worked on it several years ago. Crypto experts had raised questions about oddities they saw in Dual EC DRBG years ago, but the standard went on to be widely adopted and used.
Reacting to an outpouring of anger, NIST, which says it has no knowledge of any NSA backdoors, decided to open the Dual EC DRBG standard on Sept. 10 to public comments, saying if vulnerabilities are found NIST would work with the cryptographic community to address them. “NIST would not deliberately weaken a cryptographic standard,” NIST said in a statement.
Paul Kocher, president and chief scientist at Cryptography Research, is one of many crypto experts that think Dual EC DRGB does contain an NSA backdoor. “It’s an unusual backdoor in that it requires a secret to exploit it,” explains Kocher. He says it’s “consistent with the conclusion that NSA could break it.” The only way to get the “smoking gun” on this, though, is to “reveal the secrets to break it.” And the absolute proof would be the key itself, he says.
The Dual EC DRBG technology has been widely deployed, not least through the RSA BSAFE toolkit which contained it. RSA, the security division of EMC, makes the BSAFE toolkit available to add a range of crypto functions to vendor- or enterprise-designed software, and Dual EC DRBG was the default in it.
The day after NIST said it was opening up Dual EC DRBG to public comment, RSA issued an advisory related to its RSA BSAFE and RSA Data Protection Manager, telling customers they should drop Dual EC DRBG and use another crypto technology. Some cryptographers have even cast aspersions on RSA’s motives, but RSA adamantly denies any willful act related to NSA backdoors.
“RSA always acts in the best interests of its customers and under no circumstances does RSA design or enable any backdoors in our products,” the company said in a Sept. 20 advisory. In most instances, swapping out Dual EC DRBG is viewed as a simple configuration change, but in some cases it won’t be. Many hundreds of high-tech products, including those from Cisco, BMC and EMC storage products as well, have included Dual EC DRBG because of RSA BSAFE.
Whether the smoking gun related to Dual EC DRBG is ever found, the damage to U.S. industry from this and other NSA revelations has been done.
“NIST standards are vetted by the NSA,” says Tatu Ylonen, CEO of Finland-based SSH Communications Security, saying he senses a crisis in confidence and credibility around U.S. products and services. “U.S. cloud services have been put into question for good reason.”
And if the NSA expresses confidence in some technology, such as the Trusted Platform Module (TPM), hardware security standardized by the Trusted Computing Group, reaction is often suspicious whether that’s really deserved or not, he notes. As an example of the far reaching implications, Ylonen says that since the Snowden documents about the NSA were leaked, Finland stopped electronically communicating top secret material between embassies, preferring to courier this kind of information instead.
Malcolm Harkins, Intel Corp. vice president, chief information security and privacy officer
Malcolm Harkins, Intel’s vice president and chief information security and privacy officer, says Intel has no reason to suspect a backdoor in TPM and adds Intel itself “does not support anything that creates a backdoor in security and trust in technology.”
He says Intel is concerned about supply chain safety and buys from its own list of approved and trusted suppliers. However, he acknowledges the Snowden revelations are creating a stir and, to some extent, a backlash. From his own perspective, he isn’t observing too much in the way of CISOs expressing lack of confidence in technology from U.S.-based providers, but they are sometimes hearing this expressed at the upper management and executive level.
Ylonen of SSH admits occasionally feeling “paranoid” about the potential for the NSA or other countries’ spy agencies to cyber-snoop, acknowledging that he has even worried that they would use undocumented SSH keys to gain entry into systems, a known vulnerability. But he never imagined the extent of what the Snowden leaks suggest about the NSA.
The leaked Snowden documents suggest NSA has been busy subverting network products for years, perhaps working with its ally in the United Kingdom, the GCHQ, to place “moles” in high-tech firms for that purpose.
The NSA is suspected, for example, of using fraudulent X.509 certificates to perform man-in-the-middle attacks against its targets.
So the question is, has the NSA been doing this and more to ensure it could snoop on anything that the commercial world has tried to secure over the years?
This question is being asked by nearly 50 technical experts that have an abiding interest in the social implications of technology. They hail from universities and research groups (including Harvard, Johns Hopkins, and Carnegie Mellon), and public-advocacy groups, including the Electronic Frontier Foundation and Center for Democracy & Technology. A few of these security experts have industry or open-source connections with AVG Technologies, BT, Mozilla, and Silent Circle. Together, they filed their comments about the NSA on Oct. 4 based on their own opinions, not necessarily their employers. Their comments were submitted to a so-called “review group” set up by the President last August to review how the intelligence community uses technologies.
Faced with the uproar over how NSA operates, President Obama in August set up what’s called the “Director of National Intelligence Review Group on Intelligence and Communications Technology.” This Review Group is intended to “review our intelligence and communications technologies” with the goal of soon delivering its “findings” to the President.
The main question the Review Group is supposed to answer is how “the United States can employ its technical collection capabilities in a way that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust, and reducing the risk of unauthorized disclosure.”
This Review Group consists of Richard Clarke, Michael Morell, Geoffrey Stone, Cass Sunstein and Peter Swire. Clarke, now a consultant, had a long career in U.S. intelligence and was former White House cybersecurity adviser.
The technical experts addressing the Obama-appointed Review Group expressed deep concerns about what’s become known about NSA surveillance.
“What we have learned about this surveillance apparatus shows that it is complex, systematic and state-of-the-art,” the group said in the filing. “It encompasses vast collection, targeting and processing systems as well as powerful technologies such as high-speed Internet filtering appliances, and intrusion techniques such as man-in-the-middle attacks using fraudulent X.509 certificates, and the planting of backdoor mechanisms in software and hardware.”
The technical experts say they hope the Review Group will find out exactly how the NSA and the UK’s GCHQ amass content on targets, even if full disclosure of details is not possible given the secretive nature of intelligence gathering. Among the many technical experts is Bruce Schneier, affiliated with BT as chief technology officer at BT Managed Security Solutions and an author of many articles, including some about the NSA based on his own reading of some of the Snowden documents.
In their filing the technical experts are asking many questions, including whether the NSA hacks into remote servers, perhaps by “obtaining keying material surreptitiously or covertly without authorization or notice of the key holder.” Another question is, “Does the NSA place operatives, analysts or agents inside U.S. companies to facilitate surreptitious or covert access to keying material? Does it do so outside the United States? Does it cooperate with the UK’s GCHQ in doing this?”
The roughly 50 technical experts also said the Review Group appointed by President Obama should inquire how the NSA keeps the vast quantity of information it collects secure to minimize the chance of a data breach. The experts indicated more should be known about the NSA’s PRISM program revealed by Snowden and how it collects the content of targets.
Regarding the RSA BSAFE issue, the group says, “NIST and RSA have initiated public recalls of the standard and the products that rely on BSAFE and have advised users that they more than likely contain a backdoor. This has not only worked to undermine NIST’s credibility but also it has made it easier for those that would spy on business communications that rely on U.S. security tools.”
The experts’ filing says, “The reality is that backdoors and covert access mechanisms are fragile and often exploited by organized criminals, hackers and the military and intelligence services of other governments, and they can be easily bypassed by using non-vulnerable communications methods. The revelation of these backdoors has already had a negative effect on commerce in the United States, as businesses and users worldwide with a need for secure communications are likely to look outside of the United States for products and services.”
The high-tech industry is increasingly wary about what the next Snowden revelations — whether proven true or false over time — may bring.
A primary fear, one company representative said privately, is one day we’ll see screaming headlines that his company had an executive that years ago made some kind of secret deal with the NSA to embed a backdoor in a product. How would a vendor survive that?
And the question of putting a tech-savvy insider into a high-tech firm who could compromise products or services on behalf of an intelligence agency would be fairly simple, thinks Kocher of Cryptography Research.“ There’s no doubt in my mind that’s being done.”
Kocher says the NSA revelations have created a “loss of innocence in the security world.” The NSA has been given billions of dollars by the U.S. government to attack commercial systems. But the bugs in them don’t need to be planted so much as simply exploited based on weaknesses already there, Kocher notes. He concludes that now that the U.S. knows more about the NSA, maybe it’s time to learn a little about what happens in intelligence agencies in far more repressive countries around the world.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org