Flame virus used world-class cryptographic attack

The recently discovered computer worm Flame could have been created only by "world-class" cryptographers, say experts in the field who have discovered that the malware uses a previously unseen cryptographic attack.

Flame installs itself on a target computer by hijacking the Windows Update system. Normal updates are signed with a digital certificate that verifies their origin, but Flame's creators were able to fake their own certificate.

Such certificates are signed by a hash algorithm that converts any digital data into a short sequence of characters. It isn't possible to recover the original data from this sequence, but it can be used to verify it, allowing the hash sequence to act as a virtual "signature". Crucially, it should be very difficult to discover two pieces of data that convert to the same hash sequence - otherwise someone can perform a "collision attack", generating a spoof hash sequence without knowing the original data.

That's exactly what Flame's authors have done, though it isn't the first time the feat has been achieved. In 2008 cryptographer Mark Stevens and colleagues showed that the oft-used MD5 hash algorithm is vulnerable to collision attacks - a feat that required 200 PlayStation 3 consoles to crunch through the numbers to find a match.

Now Stevens and others have analysed Flame's code and discovered it uses a previously unseen variant of the attack, probably developed before his research was published, allowing the attackers to calculate the exact hash sequence used by Microsoft's update system.

"The results have shown that not our published chosen-prefix collision attack was used, but an entirely new and unknown variant," says Stevens. "This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis."

Whoever designed Flame, they are now trying to cover their tracks. Antivirus firm Symantec says that computers infected with Flame have received a "suicide" update module designed to completely remove the worm. It appears that this module was created on 9 May, just a few weeks before the malware became publicly known.

Hmmm, seems like I did the right thing (for once) disabling Windows Update on my system.
Hope you've all installed the new MS fix. Ya have to keep pace with the game.


Spooks have proudly contributed to the development of the latest version of Windows.

NSA helped with Windows 7 development

By Gregg Keizer
ovember 18, 2009
The National Security Agency (NSA) worked with Microsoft on the development of Windows 7, an agency official acknowledged yesterday during testimony before Congress.
“Working in partnership with Microsoft and elements of the Department of Defense, NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft’s operating system security guide without constraining the user to perform their everyday tasks, whether those tasks are being performed in the public or private sector,” Richard Schaeffer, the NSA’s information assurance director, told the Senate’s Subcommittee on Terrorism and Homeland Security yesterday as part of a prepared statement.
“All this was done in coordination with the product release, not months or years later during the product lifecycle,” Schaeffer added. “This will improve the adoption of security advice, as it can be implemented during installation and then later managed through the emerging SCAP standards.”
Security Content Automation Protocol, or SCAP, is a set of standards for automating chores such as managing vulnerabilities and measuring security compliance. The National Institute of Standards and Technologies (NIST) oversees the SCAP standards.
This is not the first time that the NSA has partnered with Microsoft during Windows development. In 2007, the agency confirmed that it had a hand in Windows Vista as part of an initiative to ensure that the operating system was secure from attack and would work with other government software. Before that, the NSA provided guidance on how best to secure Windows XP and Windows 2000.
According to Marc Rotenberg, the executive director of the Electronics Privacy Information Center (EPIC), the NSA’s involvement with operating system development goes back even farther. “This battle goes back to at least the crypto wars of the early ’90s,” said Rotenberg, who remembered testifying about the agency’s role in private sector computer security standards in 1989.
But when the NSA puts hands on Windows, that raises a red flag for Rotenberg, who heads the Washington, D.C.-based public interest research center. “When NSA offers to help the private sector on computer security, the obvious concern is that it will also build in backdoors that enables tracking users and intercepting user communications,” Rotenberg said in an e-mail. “And private sector firms are reluctant to oppose these ‘suggestions’ since the US government is also their biggest customer and opposition to the NSA could mean to loss of sales.”
Rotenberg’s worries stem from the NSA’s reputation as the intelligence agency best known for its eavesdropping of electronic messaging, including cell phone calls and e-mail.
Andrew Storms, the director of security operations at nCircle Security, didn’t put much credence in the idea that Microsoft would allow the NSA to build a hidden entrance to Windows 7. “Would it be surprising to most people that there was a backdoor? No, not with the political agenda of prior administrations,” said Storms. “My gut, though, tells me that Microsoft, as a business, would not want to do that, at least not in a secretive way.”
Roger Thompson, chief research officer at AVG Technologies, agreed. “I can’t imagine NSA and Microsoft would do anything deliberate because the repercussions would be enormous if they got caught,” he said in an interview via instant messaging.
“Having said that, I think we should understand that there is every likelihood that certain foreign governments are constantly looking for vulnerabilities that they can use for targeted attacks,” Thompson continued. “So if they’re poking at us, I think it’s reasonable to assume that we’re doing something similar. But I seriously doubt an official NSA-Microsoft alliance.”
The NSA’s Schaeffer added that his agency is also working on engaging other major software makers, including Apple, Sun and Red Hat, on security standards for their products.
“More and more, we find that protecting national security systems demands teaming with public and private institutions to raise the information assurance level of products and services more broadly,” Schaeffer said.
Microsoft was not immediately available for comment on the NSA’s participation in Windows 7′s development.
Copyright © 2009 Computerworld Inc

So there you go. Who do you trust to raise the flag each morning?


...a few men with one leg?

Former NSA Mathematician Says He Believes the Agency Stores Copies of All Emails Transmitted in America

The Secret Sharer (The New Yorker):

While most of the N.S.A. was reeling on September 11th, inside SARC the horror unfolded “almost like an ‘I-told-you-so’ moment,” according to J. Kirk Wiebe, an intelligence analyst who worked there. “We knew we weren’t keeping up.” SARC was led by a crypto-mathematician named Bill Binney, whom Wiebe describes as “one of the best analysts in history.” Binney and a team of some twenty others believed that they had pinpointed the N.S.A.’s biggest problem—data overload—and then solved it. But the agency’s management hadn’t agreed.
Binney, who is six feet three, is a bespectacled sixty-seven-year-old man with wisps of dark hair; he has the quiet, tense air of a preoccupied intellectual. Now retired and suffering gravely from diabetes, which has already claimed his left leg, he agreed recently to speak publicly for the first time about the Drake case. When we met, at a restaurant near N.S.A. headquarters, he leaned crutches against an extra chair. “This is too serious not to talk about,” he said.
Binney expressed terrible remorse over the way some of his algorithms were used after 9/11. ThinThread, the “little program” that he invented to track enemies outside the U.S., “got twisted,” and was used for both foreign and domestic spying: “I should apologize to the American people. It’s violated everyone’s rights. It can be used to eavesdrop on the whole world.” According to Binney, Drake took his side against the N.S.A.’s management and, as a result, became a political target within the agency.

Binney, for his part, believes that the agency now stores copies of all e-mails transmitted in America, in case the government wants to retrieve the details later. In the past few years, the N.S.A. has built enormous electronic-storage facilities in Texas and Utah. Binney says that an N.S.A. e-mail database can be searched with “dictionary selection,” in the manner of Google. After 9/11, he says, “General Hayden reassured everyone that the N.S.A. didn’t put out dragnets, and that was true. It had no need—it was getting every fish in the sea.”
Binney considers himself a conservative, and, as an opponent of big government, he worries that the N.S.A.’s data-mining program is so extensive that it could help “create an Orwellian state.” Whereas wiretap surveillance requires trained human operators, data mining is automated, meaning that the entire country can be watched. Conceivably, U.S. officials could “monitor the Tea Party, or reporters, whatever group or organization you want to target,” he says. “It’s exactly what the Founding Fathers never wanted.”
Former NSA Genius Apologizes for His Super Spying Software (Gizmodo):

Long before 9/11, brilliant NSA crypto-mathematician Bill Binney had developed an algorithm to make sense of the unbelievably massive amounts of data American spies were pulling in—he called it ThinThread. And then it went very, very wrong.
ThinThread, the New Yorker reports, proved to be too good: designed to track foreign enemies via their electronic footprints, Binney was horrified to find that the powerful software processed mammoth amounts of American communications as well. Without a warrant—illegally. Binney implemented an encryption scheme that blurred out American chatter unless it was flagged by a judge, but his system was discarded by the NSA for being too invasive.

Good stuff, albeit long: The Secret Sharer


A story of how a small state could be made completely transparent and (possibly) a subject of manipulation. It only takes a patch of software to be inserted into the right place.

Does anybody (with sufficiently paranoid mind :D) wonder how Greece has reached such a dire state of affairs? The whole Greek government was tapped while they were making decisions on the Opympic Games 2004 that made nation's financial problems very grave.

The Athens phone tapping affair

The trouble in the Euro is growing into a ginormous avalanche which is teetering on the brink of descending the entire global economy into chaos. And no one knows what to do about it.

Some say Greece should leave the Euro, others (the majority of those in power) say it will be a disaster.

At the base of this trouble, lies a problem slightly different to what we had thought. We thought the Sub-Prime mortgage and the Debt-Swap issue were the commercial problem that then transferred to the public zone, where governments have to bail out, and the people had to suffer to help their governments bail. Now it is becoming apparent that another, older issue lies at the heart of the current armageddon: global competitiveness.

When I first learnt Economics at tertiary level, we were taught as fact, that countries should give up doing what others can do cheaper, and focus on what they have a special capacity for. This was the mantra against protectionism. In class I was never comfortable with this economic theory, yet I was also not comfortable with protectionism, as that seemed appropriate for only the 'child' phase of anything.

What I didn't know were the words to ask out teacher: "Where's the evidence for this?"
It was a theory, and had never been tested on a global scale.

Now we are seeing the consequences of this economic model. Some countries are significant winners of this theory, while others are losers. Then there are the countries who were temporarily suspended in mid air, like the UK, the US, and many EU nations. Not any more. The house of cards was built on a principle of imbalance, and now it is falling.

Unfortunately we have no easily substitutable alternative. Global competitiveness has become so imbalanced, that it has destroyed it's own operational domain. Gloom is over everything.


Interesting thought. Do you think there is anything that could substitute competitiveness within economy? At the end of the day majority the forces driving competitiveness are the same that are blamed for all sorts misbehaviour of people.

I try not to watch too closely this conflict, as it is so violent and disturbing. But from what I do see, it appears Syria is descending into a living nightmare. There appears no way out. They are too powerful for outside countries to intervene.

Worse, there is no clear line of support. After the experience of Libya and Egypt, there are many of us across the globe who now see romantic notions of public freedom and independence as sheer vanity on our part.

Something horrendous has been happening in Syria, and it is going to become much worse.

Interesting thought. Do you think there is anything that could substitute competitiveness within economy? At the end of the day majority the forces driving competitiveness are the same that are blamed for all sorts misbehaviour of people.

I don't have anything against competitiveness per se. It is a powerful force which can be as useful for good as bad.

It is the global economic competitiveness which has now created imbalances which can no be sustained. The market will rectify, and people will suffer to serve.

I try not to watch too closely this conflict, as it is so violent and disturbing. But from what I do see, it appears Syria is descending into a living nightmare. There appears no way out. They are too powerful for outside countries to intervene.

Worse, there is no clear line of support. After the experience of Libya and Egypt, there are many of us across the globe who now see romantic notions of public freedom and independence as sheer vanity on our part.

Something horrendous has been happening in Syria, and it is going to become much worse.

That war might be approaching turning point already. Quite good analysis

That war might be approaching turning point already. Quite good analysis

Interesting. Didn't read the whole thing, but the summary and got the gist it. So the insurgency is stronger than I have been led to believe from reports coming to me.


I would say quite confidently that Saudis, Qataris and few others are already supplying some serious weaponry to insurgents who seem to have infinitely more skills and discipline than Libyans did. Military people are fighting al-Assad's military.


