What do Vulcan mind-meld, Vulcan death grip, turtle-power, flying pig, hush puppy and poison nut all have in common? They are names found in NSA documentation that describe how virtual private networks encryptions are cracked.
Over the holidays, the German news magazine Der Spiegel outlined how the NSA has been weakening or flat-out breaking cryptographic systems and thereby “posing a grave threat to the security of everyone who relies on the Internet.” We previously looked at secret NSA hackers from the Office of Tailored Access Operations (TAO) who have been pwning China for 15 years, but Der Spiegel published numerous NSA presentation slides about other secret NSA hackers. One of the most disturbing groups is within the NSA’s Office of Target Pursuit (OTP), where a VPN Exploitation Team answers the security/privacy cry of encrypt, encrypt, encrypt with “decrypt, decrypt, decrypt.”
The NSA and its Five Eyes alliance partners – the UK’s Government Communications Headquarters (GCHQ), Canada's Communications Security Establishment, the Australian Signals Directorate (ASD) and New Zealand's Government Communications Security Bureau have longed considered "ubiquitous encryption" to be a "major threat." At a Five Eyes top secret signals intelligence development (SIGDEV) conference, the VPN ExploitTeam listed its most common VPN-related cracking requests as of September 2010.
If you are silly and cling to the hope that Skype’s encryption keeps your communications private, then wake up as NSA documentation outlines “sustained Skype collection” which began in February 2011. If you gave up believing Skype was secure and private after Microsoft acquired it, and instead believe that VPNs are the most secure way to go, then known that by 2010, the NSA was using tools to attack commonly used VPN encryption technologies such as Internet Protocol Security (IPSec), Secure Socket Layer (SSL), Secure Shell (SSH) and Point-to-Point Protocol (PPTP).
Here’s the VPN Exploitation Team’s slide about data flow:
Millions of people use VPN services to create a “secure tunnel between two points on the Internet” with encryption protecting all data in that tunnel. Yet Der Spiegel pointed out that virtual is also the way to describe VPN privacy. According to one NSA presentation (pdf), the agency expected to process 100,000 decrypt requests per hour by 2011. Based on the projected 20% success rate of decrypting and reinjecting data traffic, "the NSA's plans called for simultaneously surveilling 20,000 supposedly secure VPN communications per hour" by the end of 2011.
In another example, the NSA has targeted and successfully fingerprinted SecurityKiss, a free VPN service from which you can tunnel Tor. Documentation from the VPN Exploitation Team – which acts as a “one stop shop for all VPN and network encryption exploitation related issues” – had me wondering … TorrentFreak compiles a list of VPN services that really take anonymity seriously, but then wouldn’t the ones not keeping logs most likely be targeted?
There’s a ton of documentation just pertaining to exploiting VPNs, such as SigDev basics (pdf), Flying Pig and Hush Puppy (pdf), Poison Nut (pdf) and ValiantSurf (pdf); the latter is a “coverterm for the development of Data Network Cipher (DNC) exploitation capabilities in TURMOIL for integration into the TUBULENCE (pdf) DNC thread.” Gallantwave is a program meant to "break tunnel and session ciphers."
There’s too many to cover in-depth in one article, so let’s look at the most up-to-date presentation from Sept. 2010 (pdf); among other things, it explained repositories such as BLEAKQUERY: a "metadata database of potentially exploitable VPNs,” which includes TOYGRIPPE metadata, XKEYSCORE fingerprints and daily VPN exploitations.
TOYGRIPPE is a VPN metadata repository storing "fingerprints" and info on VPN sessions between systems of interest; those fingerprints can be extracted to XKEYSCORE, but the team’s presentation suggested trying to avoid relying on the latter “due to legal and logistical issues.” VULCANDEATHGRIP contains a “full take” of IPSec VPN traffic and VULCANMINDMELD is the SSL VPN data repository.
The VPN Exploitation Team presentation explains that usernames and passwords can potentially be recovered from SSH, a protocol used to securely log into other machines via a network. The presentation also looks into busting IPSec and SSL. There’s a slide that describes Point-to-Point Protocol (PPTP) collection, but we’re skipping that one since PPTP is known for having serious security vulnerabilities.
According to Der Spiegel:
IPSec as a protocol seems to create slightly more trouble for the spies. But the NSA has the resources to actively attack routers involved in the communication process to get to the keys to unlock the encryption rather than trying to break it, courtesy of the unit called Tailored Access Operations: "TAO got on the router through which banking traffic of interest flows," it says in one presentation.
Attack scripts are used on the repositories. Successfully cracked VPNs go into a TURTLEPOWER system before being fed into PINWALE or XKEYSCORE; CORALREEF stores preshared keys such as from exploited routers. If VPN traffic can be decrypted, then the suggested response should be a “happy dance.”
An IPSec success story in the presentation included how the “TAO got on the router through which banking traffic of interest flows.” Airlines, governments, banking and financial as well as a Nigerian power company’s internal network are listed under PPTP success.
If the NSA can’t decrypt the VPN traffic, then it says to “turn that frown upside down” because besides the network security products, Tailored Access Operations and collection sites, NSA’s VPN Exploitation Team suggested contacting other “friends” for help. Those “friends” included the NSA/CSS (Commercial Solutions Center) that manages industrial relationships, SIGDEV “as it develops tools and methods to help you find the traffic you desire;” OTP VPN representatives to “assist in location traffic of interest” and the TOPI for “target knowledge.”
Best bet for secure communications via uncracked crypto
It’s time to embrace layers, like you would if you were outside in arctic cold, but apply those layers to your surfing. Your best bet for secure communications via uncracked encryption, at least as of 2012? According to Der Spiegel, the NSA considered the following scenario to be "catastrophic."
When, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states. ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal.