The NSA codeword for this is "Flying Pig". It's called a "man-in-the-middle" attack and it works like this:
NSA employees log into an internet router—most likely one used by an internet service provider or a backbone network. (It's not clear whether this was done with the permission or knowledge of the router's owner.) Once logged in, the NSA redirects the "target traffic" to an "MITM," a site that acts as a stealthy intermediary, harvesting communications before forwarding them to their intended destination.Browsers are supposed to detect MITM attacks by looking for a "certificate of authority", but the NSA makes their own copies (or gets them from Google) and your browser is fooled.
So the NSA doesn't need to break SSL encryption to read your shit. By impersonating Google (or Lord knows how many others), you send your shit to them, they copy it and pass it on to the real Google. In old terms, they're steaming open your mail, copying it, and re-mailing it.
And if the NSA can do this, who else is doing it? When you're buying shit from Amazon or booking flights on Expedia/Kayak, who else is seeing what you do?
What that means is when you are on a secure web page and you see the little lock symbol, that means nothing anymore.
Congratulations, NSA. You fuckers just broke the Internet as an engine of retail commerce. If people stop trusting the Internet, down goes Amazon, Zappos, Priceline and so on and so forth.
But that's what can happen when you put someone in charge who is apparently a little bit crazy.
SSL depends on being able to trust certificate authorities to tell you the truth when you ask, "is this the real certificate that Google just gave me?" If we can't trust certificate authorities, the whole basis of e-commerce crumbles. But you raise another possibility, which is that the NSA may have just swiped the private keys to go with the public keys. One of the flaws of SSL, maybe deliberate, is that each load balancer providing service to the public needs its own copy of the private key to encrypt the connection. Load balancers are what takes you incoming request and choose a web server to handle the request, decrypting the connection and sending it unencrypted to the web server, which then sends the reply back unencrypted and then the load balancer encrypts it and sends the reply back to you. In the case of Google, that's hundreds of load balancers worldwide. Each with a copy of a Google private key in it. Google's data centers are secured extremely well, but they're secured against criminals, not against NSA agents armed with National Security Letters. All the NSA would have to do is grab one of the load balancers, snarf the private key out of it, and voila.
ReplyDeleteIn a way, I almost wish that the NSA *did* just steal the private key. Unfortunately, reading some of the documents that have been released about how the NSA wants to do massive real-time interception of virtually all SSL traffic, it's clear to me that they've also subverted a certificate authority. Grrr!
- Badtux the eCommerce Penguin
I think that at this stage you have to assume that NSA has subverted all of the Root Certificate Authorities that matter. And hacks the rest when they feel the need to.
ReplyDeleteThe Compelled Certificate Creation Attack, in which a CA produces root certs for various actors, usually governments, has been a Known Weakness of SSL for a while.
ReplyDeleteMost countries have a government-owned CA, and your browser probably trusts it by default.
And, to make matters worse, there is no way to know if a particular Root CA is authorized to sign certs for a particular domain. I believe Iran was caught generating certs off their national CA for Western companies in order to do NSA-style monitoring of Iranians accessing Western web sites.