Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NSA Able To Crack A5/1 Cellphone Crypto

timothy posted about 10 months ago | from the keith-alexander-huffs-righteously dept.

Encryption 122

jones_supa writes "The most widely used cellphone encryption cipher A5/1 can be easily defeated by the National Security Agency, an internal document shows. This gives the agency the means to intercept most of the billions of calls and texts that travel over radiowaves every day, even when the agency would not have the encryption key. Encryption experts have long known the cipher to be weak and have urged providers to upgrade to newer systems. Consequently it is also suggested that other nations likely have the same cracking capability through their own intelligence services. The vulnerability outlined in the NSA document concerns encryption developed in the 1980s but still used widely by cellphones that rely on 2G GSM. It is unclear if the agency may also be able to decode newer forms of encryption, such as those covered under CDMA."

Sorry! There are no comments related to the filter you selected.

Time Travel (0)

TempleOS (3394245) | about 10 months ago | (#45688607)

Can you match time travel? Surrender. C:\TAD\Text\YANKEE.TXT eath; that while it lasted the whole country, from one end to the other, was in a pitiable state of panic, and the churches, hermitages, and monkeries overflowed with praying and weeping poor creatures who thought the end of the world was come. Then had followed the news that the producer of this awful event was a stranger, a mighty magician at Arthur's court; that he could have blown out the sun like a candle, and was just going to do it when his mercy was purchased, and he then dissolved his enc

This is why... (5, Funny)

Anonymous Coward | about 10 months ago | (#45688621)

I only speak in Navajo.

Re:This is why... (1)

Anonymous Coward | about 10 months ago | (#45688781)

I only speak in Navajo.

I use a combination of speaking in Valley Girl talk with a Scottish accent.

"Ack! Gack meh widda spoooon!"

VoIP + ZRTP (5, Informative)

mrchaotica (681592) | about 10 months ago | (#45689379)

I haven't tried it out yet, but ZRTP [wikipedia.org] apparently provides strong (PGP-based) encryption for VoIP. So why not just quit using cellphone "voice calls" entirely? There exist cellphone plans that provide enough data cheaply enough to make this work economically.

Re:VoIP + ZRTP (1)

Anonymous Coward | about 10 months ago | (#45689567)

It has nothing to do with PGP. But it uses strong encryption and the user has the option of verifying the session key by reading out a short authentication string that is displayed in the client - if it matches the authentication string displayed at the other end, you know that there is no man-in-the-middle attack going on. It is probably the best VoIP protocol there is in terms of security and user-friendlyness.

Re:VoIP + ZRTP (1)

Lennie (16154) | about 10 months ago | (#45691161)

Or use WebRTC, it's encrypted by default with the other encrypted RTP protocol: SRTP.

There is even a system where you can be sure who you are talking to and be sure there is no man-in-the-middle, with an RFC draft to tie it into oAuth or BrowserID protocols:

http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-07 [ietf.org]

https://air.mozilla.org/intern-presentation-seys/ [mozilla.org]

With BrowserID/Persona your privacy will also be preserved.

Persona is the first implementation by Mozilla of the Mozilla developed protocol.

Re:VoIP + ZRTP (0)

Anonymous Coward | about 10 months ago | (#45691403)

Or RedPhone. Real easy. https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone

Don't Worry they Built it that Way (5, Insightful)

Anonymous Coward | about 10 months ago | (#45688629)

The NSA has maintained a policy that any encryption that was able to block their efforts was ILLEGAL in the USA. Do you actually expect anything to work? Bluntly do you expect to have your banking transactions secure when they can crack them. How about your phone call confirmations when they can record them and appear to be you. How about a hacker who walks into the NSA back-door in all of this. This makes the NSA the biggest terrorist and criminal agents in the world and the accomplace to the stunningly biggest crime situation in history where nobody is secure!

Re:Don't Worry they Built it that Way (1)

gl4ss (559668) | about 10 months ago | (#45688701)

sure, that's why you import your 3g networks.

Flamebait? (-1)

Anonymous Coward | about 10 months ago | (#45688841)

Some NSA cunt marked you as flamebait. Hi NSA cunt. Nice try. You are our enemy.

Re:Flamebait? (0)

cjjjer (530715) | about 10 months ago | (#45689009)

And anonymous coward's are the NSA's enemies... stalemate...

Re:Flamebait? (0)

Anonymous Coward | about 10 months ago | (#45689333)

Some NSA cunt marked you as flamebait. Hi NSA cunt. Nice try. You are our enemy.

But I thought you approved the new NCIS agent Ellie Bishop, a transferee from the NSA and replacement for NCIS agent Ziva Davide.

Re:Don't Worry they Built it that Way (1)

ne0n (884282) | about 10 months ago | (#45691299)

True all that. And you have to wonder if anybody actually believes the line, "We only collected metadata!"

Right... and they only looked at the nipples on all the porn they downloaded in between spying on Merkel and $FRENCHGUY too.

And this is news? (5, Informative)

Anonymous Coward | about 10 months ago | (#45688633)

Hardly rocket science these days, see e.g.https://srlabs.de/decrypting_gsm/

Re: And this is news? (1)

Anonymous Coward | about 10 months ago | (#45688731)

The question isn't the fact that they've been able to break it, the question ultimately is how long have they been able to break it and if they have the processing power to break all of it, all the time.

If they broke that encryption five years ago, that's a lot different from the NSA breaking it 25 years ago, or worse, it being insecure from the beginning due to the NSA knowing the vulnerability (or inserting it).

Re: And this is news? (4, Informative)

Joce640k (829181) | about 10 months ago | (#45688761)

A5 has been broken for *years*.

(Since 1994 according to wikipedia: https://en.wikipedia.org/wiki/A5/1#Security [wikipedia.org] , with many improved attacks since then)

So this is hardly "news" ... but it's good to keep shining bright lights on the NSA to keep them scurrying.

Re: And this is news? (0)

Anonymous Coward | about 10 months ago | (#45688931)

So this is hardly "news" ... but it's good to keep shining bright lights on the NSA to keep them scurrying.

Meh! I am getting tired of this leak being a drip at a time. At least with Bradly Manning's wikileaks escapade, it was a one shot dump of everything. Not release of "juicy bits" used at best for bribery against the government and at worst to keep that asshat Snowden in the news.

Single action doesn't move anyone (0)

Anonymous Coward | about 10 months ago | (#45688995)

And what "single dump" has done? Everyone talked for a month and then nothing. Now maybe people will notice that something is wrong.

Re:Single action doesn't move anyone (0)

Anonymous Coward | about 10 months ago | (#45690145)

That's a load of bull. People still moan and complain about the stuff in his leaks. Just go back to that story about Assange's possible involvement with wiretapping Iceland's Parliament [slashdot.org] and take a look. There are "discussions" (arguments) there about things that were leaked by Manning.

Re:Single action doesn't move anyone (0)

Anonymous Coward | about 10 months ago | (#45690635)

Disagree... the slow drip is better because it's been in the news for like what? Months now.....

Waaaaaaay better than a One-And-Done...

Re: And this is news? (0)

Anonymous Coward | about 10 months ago | (#45690755)

Look, I found the shill! Do I get a prize?

Re: And this is news? (0)

Anonymous Coward | about 10 months ago | (#45688791)

This isn't news. Its flaws have been taught in University security courses for a long time.

Re:And this is news? (2)

Lennie (16154) | about 10 months ago | (#45691233)

GSM has had problems for many years.

But let's have a look at something a bit more modern.

Did you know with LTE Advanced it's all IP-traffic ? Even speech is IP-traffic.

Did you know the encryption they use is IPSEC ? LTE is 2 types of packets: data and control.

Did you know IPSEC is optional ? The network operator decides what you get, when you roam and connect to an other operator you might actually get something else.

So they got proper encryption (at least I hope they pick the right algorithms, we know IPSEC supports some good but also bad ones), but it's optional. That doesn't sounds particularly smart.

I don't know what the operators really do, I read somewhere: control messages are encrypted, data not always.

If you don't like them hearing your private speech (3, Insightful)

Toe, The (545098) | about 10 months ago | (#45688655)

Well then, just self-censor. Isn't that the road we're heading down?

Re:If you don't like them hearing your private spe (2, Insightful)

Anonymous Coward | about 10 months ago | (#45688715)

Why should we self-censor, they shouldn't be listening in without probable cause. I don't care about differing opinions on that front.

Re: If you don't like them hearing your private sp (0)

Anonymous Coward | about 10 months ago | (#45688805)

Why should we self-censor, they shouldn't be listening in without probable cause.

How quaint, this guy still believes in human rights. Haven't you heard? Nowadays we can target and kill a 16 year old American boy via drone strike and it's all on the up-and-up.
https://www.aclu.org/national-security/aclu-ccr-lawsuit-american-boy-killed-us-drone-strike

Re: If you don't like them hearing your private sp (0)

Anonymous Coward | about 10 months ago | (#45690127)

What has predator missiles got to do with constitutional rights to privacy?

That mindset of combining security with privacy is what's wrong with America today.

Re:If you don't like them hearing your private spe (0)

Anonymous Coward | about 10 months ago | (#45688857)

Asking people not to listen in on radio communications is like asking people not to listen in on the guy shouting his opinion on a street corner: if you don't want to be heard, don't shout it.

Now, what they shouldn't be doing is using what they have listened to in any legal (or illegal) process. And regulations ought to require providers to upgrade any encryption which is shown to be broken, issues notices that all calls can be listened to by public or private entities in the meanwhile.

Re:If you don't like them hearing your private spe (0)

Anonymous Coward | about 10 months ago | (#45689503)

Asking people not to listen in on radio communications is like asking people not to listen in on the guy shouting his opinion on a street corner: if you don't want to be heard, don't shout it.

The problem is that the NSA only claim to collect metadata, when did actual content become metadata? Again as I said earlier, probable cause or GTFO.

Re:If you don't like them hearing your private spe (3, Interesting)

Anonymous Coward | about 10 months ago | (#45688739)

It isn't a private speech. You have no reasonable expectation of privacy because it is now widely known that the government spies on our communications. Therefore, it is not reasonable to have an expectation of privacy.

Man, the courts really screwed up when they called it an "expectation of privacy".

Re:If you don't like them hearing your private spe (2, Interesting)

davecb (6526) | about 10 months ago | (#45688877)

Actually it's an expectation a randomly-selected private individual would have, in the absence of specific knowledge. The proverbial "person on the Clapham omnibus" would have the expectation that the government won't act illegally against him. The paranoid wearing the tinfoil hat in the next seat, who considers all governments illegal and intrusive, doesn't count in this case.

It's also called "a reasonable expectation of privacy", where "reasonable[1]" doesn't include admittedly illegal mass collection efforts by the CSE.

Now that the cat's out of the bag, reasonable expectations still hold (the action's illegal, after all), but absolute ones fail. Consult a lawyer in your country for specifics.

--dave
[1. It's interesting to note you can't translate "reasonableness" into Latin or modern French. It seems to be something very English-language-specific. My college's motto, "Let Reasonableness Flourish", is in English because of that oddity, and it says interesting things about other countrys' jurisprudence.]

Re:If you don't like them hearing your private spe (1)

fuzzywig (208937) | about 10 months ago | (#45689079)

It's worth noting at this point, that the paranoid among us (fortunately but not coincidentally including people writing cryptography systems), have assumed that the NSA (and others) could theoretically be doing at lot of the things that we now know they have done.
Turns out the paranoiacs were right.

Re:If you don't like them hearing your private spe (0)

Anonymous Coward | about 10 months ago | (#45690209)

The paranoiacs have done us a huge favor, you can now bring up the NSA in a privacy related discussion without coming across as a tinfoil paranoid nut.

Re:If you don't like them hearing your private spe (0)

Anonymous Coward | about 10 months ago | (#45690583)

So true. It is easy to just say "didn't we already know this already", but the Snowden papers have really opened people's eyes into what's happening.

Re:If you don't like them hearing your private spe (1)

davecb (6526) | about 10 months ago | (#45690641)

To be fair, it's really Mr. Snowden and the whistle-blowers we should be thanking.

Re:If you don't like them hearing your private spe (1)

davecb (6526) | about 10 months ago | (#45690621)

Fortunately that doesn't affect the nominally reasonable person by extinguishing their right to privacy. Professional paranoids and whistle-blowers are valuable the the community, but if their existence could make it easy for the CSE to erase my right to privacy, It Would Be Bad (;-))

Re:If you don't like them hearing your private spe (4, Insightful)

Anonymous Coward | about 10 months ago | (#45689083)

> [1. It's interesting to note you can't translate "reasonableness" into Latin or modern French. It seems to be something very English-language-specific. My college's motto, "Let Reasonableness Flourish", is in English because of that oddity, and it says interesting things about other countrys' jurisprudence.]

After five years of Latin, I feel fairly confident in saying the following:

rationabilis [latin-dictionary.net] is Latin for "reasonable" or "rational".

-itas [wiktionary.org] is the Latin suffix for "-ness".

Thus, it would be fair to say that "rationabilitas" is Latin for "reasonableness". So no, reasonableness is not an English-language specific concept. And no, it doesn't imply shit about anything.

Re:If you don't like them hearing your private spe (0)

Anonymous Coward | about 10 months ago | (#45690403)

Thus, it would be fair to say that "rationabilitas" is Latin for "reasonableness".

For what it's worth even Google Translate [google.com] agrees with you.

Re:If you don't like them hearing your private spe (1)

davecb (6526) | about 10 months ago | (#45690735)

Alas, rationabilis was used in non-ecclesiastical latin in strictly the sense of "capable of reasoning", or rational, while we were trying to translate reasonableness in the senses of

  • Being within the bounds of common sense: arrive home at a reasonable hour.
  • Not excessive or extreme; fair: reasonable [farlex]

If we'd used rationabilis, we would have a real risk of it translating back into English as "let spocky-ness flourish"

Re:If you don't like them hearing your private spe (2)

mrchaotica (681592) | about 10 months ago | (#45689397)

Hey, the DMCA makes it illegal to circumvent DRM no matter how ineffective it is. Surely, since the laws are entirely fair and symmetrical, the expectation of privacy remains when using encrypted communications no matter how ineffective that encryption is... right?

Re:If you don't like them hearing your private spe (0)

Anonymous Coward | about 10 months ago | (#45691169)

Are you suggesting that the RIAA should go after the NSA for breaking DRM laws. I think that's a good point actually, imagine if the NSA were forced to cough up those $150.000 per infringing song or whatever it is, the NSA would fold within the year.

Re:If you don't like them hearing your private spe (1)

TheGratefulNet (143330) | about 10 months ago | (#45689069)

^H^H^H^H^H^H^H^Hyes, it is.

Re:If you don't like them hearing your private spe (1)

sexconker (1179573) | about 10 months ago | (#45690897)

Well then, just self-censor. Isn't that the road we're heading down?

Fuck that.
Our government is thoroughly corrupt and they'll have to kill me to stop me from saying so.

Encryption experts (0)

Anonymous Coward | about 10 months ago | (#45688667)

They have released the rainbow-table and USRP Software nearly 5 years ago, so how is it news that the NSA can do that???

So what? (5, Insightful)

Guppy06 (410832) | about 10 months ago | (#45688677)

My mobile carrier is AT&T. The NSA doesn't need to break the encryption.

Re:So what? (0)

brunes69 (86786) | about 10 months ago | (#45688787)

It is indeed interesting because this means that the NSA or CIA or FBI can listen into your phone calls without a wiretap warrant just by grabbing the electrons flying through the air.

Re: So what? (0)

Anonymous Coward | about 10 months ago | (#45688819)

If they are close enough to detect the electrons you're emitting, then they're _really_ close. I think you meant radio waves.

Re:So what? (4, Informative)

tulcod (1056476) | about 10 months ago | (#45688825)

FYI, in usual radio communication, what flies through the air are not electrons but photons. These photons are generated by wiggling a few electrons back and forth at the transmitter, and this in turn wiggles a few electrons back and forth on the receiving end.

Re:So what? (1)

bill_mcgonigle (4333) | about 10 months ago | (#45688829)

without a wiretap warrant

They already have a general warrant to search and seize all the calls that everybody makes. At least, NSA claims this and FISA backs them (and by extension, Chief Justice Roberts).

Re:So what? (1)

cold fjord (826450) | about 10 months ago | (#45690263)

There is a difference between the business records containing the metadata and the actual verbal contents of the call. If all they have is the metadata, and they had permission to actually look at it from the court as opposed to simply storing it, they would know that you called Pizza Hut for 5 minutes at 9:30 PM on 01 December 2013. They wouldn't know anything about the content of the call which could be just about anything, such as:

1. Cancel my standing order for tonight.
2. Change my standing order from peperoni to sausage.
3. Tell my daughter to catch a ride home with her friends when she finishes her shift, her mother had to take the car to see grandma.
4. Is my son there? It would be a party of 10 that arrived around 8:00 PM.
5. Hold music ...... Oh, this isn't the pharmacy? I guess I misdialed. Sorry.
6. Is the manager there? ..... Is your refrigerator running? You better catch it.
7. I want to order a nightly special with an extra Coke.
8. The delivery person you sent yesterday was great! Very polite.
9 .... 99999. Other

As we saw yesterday, interest in committing attacks in the US in the name of Jihad continues as noted in the story below.

Wichita Airport Technician Charged With Terrorist Plot [nytimes.com]

Mr. Loewen, who was employed at the airport, apparently worked alone and had planned to kill himself in the explosion, Mr. Grissom said. “He made statements that he was resolved to commit an act of violent jihad against the government of the United States,” Mr. Grissom said. ....

In a note left for a family member and included in the complaint, Mr. Loewen said the operation was orchestrated to cause “maximum carnage and death.”

“By the time you read this, I will — if everything went as planned — have been martyred in the path of Allah,” the note said.

He was charged with attempting to use a weapon of mass destruction, attempting to damage property by means of an explosive and attempting to provide material support to a designated foreign terrorist organization.

scanners (0)

Anonymous Coward | about 10 months ago | (#45688685)

Handheld and desktop radio scanners that cover police, air, sporting events, and other open frequencies are crippled in the USA so that they do not cover cell phone frequencies. Long, long ago before encryption when cell phones first came out, yes you could intercept celll phones, but that stoppped when encryption came in. However these scanners were still banned in the USA.
Other countries allow radio scanners with these frequencies ranges, so the question always was, why not the USA? Now we likely know, as I suspect the NSA and others have had this ability for a long, long time. Perhaps they are projecting the fear of thier own ability and what might wrong with onto the general public. Cannot let John Q Public have this power, can we know? Imagine if private citizens started listening to and watching over the shoulder the government?
It isn't the decryption inside the radio itself, with software defined radio and the proper software, I suspect many encrypted radio signals can be decoded. NO, the real issue is having a radio receiver than can pick up these frequencies to begin with. Now that we "officially" know that A5/1 can be defeated, it is just a matter of time before some guy living in his mother's basement comes out with the proper software - if it hasn't already been done.

Re: scanners (0)

Anonymous Coward | about 10 months ago | (#45689185)

Oh dear. A5/1 has been publicly broken over 5 years ago. You can break it with your own PC in realtime nowadays.

Re: scanners (0)

Anonymous Coward | about 10 months ago | (#45691213)

Technically yes, but it requires a high level of expertise to get it right.

Re:scanners (2)

plover (150551) | about 10 months ago | (#45689805)

The original wiretap laws passed in 1968 were clear in that it was the use of devices to intercept a conversation with a "reasonable expectation of privacy" that was a violation, not simply owning them.

The current laws banning cell phone receivers were not created from logic. The laws were created in a poorly-thought-out reaction to some incident involving a VIP; I think some reporter recorded some congressman's cordless phone chat with his mistress, and published it. The wiretap laws passed in 1968 were very clear in that they protected wire based communications, but they did not include radio based communications, and so the reporter went unpunished.

This was another case where the average Joe Sixpack long had the ability to buy an off-the-shelf scanner, but he frequently demonstrated that he lacked the ethics required to prevent himself from using it to violate the law. There were other problems, too, where organized criminals would operate a scanner to listen for police responses to their activities. (At least that was the published story - we don't know how widespread this problem actually was.)

So Congress, applying all their legendary skills at doing the right thing, went to the dark side and banned the equipment, instead of strengthening the illegality of the act. A law was passed making possession of an unauthorized receiver illegal. Joe Sixpack didn't like being told no, so he began buying certain brands of scanners that had "blocking diodes" that could be easily clipped from the circuit. The FCC banned those as well, in 1997.

It's very much like the gun debate, but radios aren't protected by the second Amendment.

Can you build one yourself? Of course. Can you buy one from another country and use it here? Of course. But both of those acts take time, knowledge, and effort, and Joe Sixpack doesn't like to be bothered. So the law takes advantage of people's propensity towards laziness and self-doubt about their skills.

More Haystack, less Needle (2, Interesting)

Anonymous Coward | about 10 months ago | (#45688693)

I get the feeling they're just drowning themselves in data now. Back in the day, a lot of Turing's great work was for nothing because there wasn't enough staff to process the reams of decrypted traffic coming in, and that was just from the German navy. Yea they can do dumb-ass word-level matching automatically, but I guess most of the potentially useful semantic stuff goes straight down the drain.

Re:More Haystack, less Needle (1)

NormalVisual (565491) | about 10 months ago | (#45689723)

The general consensus is that the data not actively needed at the time gets sent back to Utah for storage in case it turns out to be of interest later.

Just like Counterfeiters (1)

rmdingler (1955220) | about 10 months ago | (#45688721)

The hackers and crackers receiving a government check & benefits at the NSA, et al, are working the newest countermeasures out almost before a technology hits the public domain. That an older encryption method is compromised by the guys with the biggest budget is not too difficult to believe. Is it possible a submission about hopscotch rules and an NSA headline could get voted in?

Targeted maybe (0)

Anonymous Coward | about 10 months ago | (#45688751)

Well this isn't really news. No encryption is going to be perpetually unbreakable, and the fact that GSM is only marginally better than TDMA/CDMA 2G and AMPS doesn't help the case (yes the second generation cell phone networks that could fallback to AMPS, the weakest part was the fact that they could fallback to AMPS.)

We're not going to be rid of the weak encryption unless all pre-LTE technologies are dropped ASAP. This will not happen until LTE has been out at least 10 years, so we're facing at least another 8 years of being able to fall back to 2G GSM and the ability to be intercepted easily. By the time LTE is entrenched, it's encryption will likely be broken as well. Though in more likeliness it won't be the phone-to-base station crypto breaking that matters, but rather the interconnects (fiber) instead.

Only Logical (1)

GWXerog (3151863) | about 10 months ago | (#45688773)

So if the NSA can do it, I can do it too right? I be charged with illegal wiretapping?

Re:Only Logical (0, Interesting)

Anonymous Coward | about 10 months ago | (#45688849)

Yes, you can be. And so can any member of the NSA, FBI, etc that does the tapping without a warrant. Wake up people. The government can do things that the average user does not know or care about. This is meant to help protect us. You are all so paranoid about people listening to your conversation illegally that you don't even bother to look up what guidelines that they have to follow. RTFM! It's called public accessible knowledge for a reason!

Re:Only Logical (2)

zippthorne (748122) | about 10 months ago | (#45689539)

The problem is that they can apparently issue their own warrants, in secret.

Re:Only Logical (3, Interesting)

NormalVisual (565491) | about 10 months ago | (#45689753)

And the other part of the problem is that those charged with enforcing the laws won't do it. Both James Clapper and Keith Alexander have openly admitted to lying before Congress (which is a federal felony) regarding the NSA issue, and no one responsible for enforcing the law has said boo about it.

Re:Only Logical (1)

cold fjord (826450) | about 10 months ago | (#45690305)

Is that the actual problem? Or is it something else? Keep in mind that the Congress operates in both open session for matters for the general public, and closed session to deal with confidential matters such as classified information.

Wyden’s Stunt Was Congress at its Worst [commentarymagazine.com]

... though I have little sympathy for Clapper, whose policy positions on the Islamist threat are highly questionable, lumping him together with Holder would not be fair. Far from being an honest probe into what the government was doing, it’s actually yet another example of how congressional grandstanding does the country little good. Wyden, who was already well briefed on PRISM and other intelligence operations, already knew the answer to the question when he asked it. But he also knew that it would have been inappropriate, if not illegal, for Clapper to answer the question honestly since doing so would have required him to publicly reveal highly classified information that ought not to be made available to America’s enemies. Wyden’s purpose wasn’t to shed light but to merely embarrass Clapper and the administration.

Edward Snowden’s leak about the existence and purpose of PRISM made sure that Wyden’s questioning of Clapper would become a major story, thus giving the Oregon senator the prize he sought. As the clip of Clapper’s lie is shown in a seemingly endless loop on the cable news stations, Wyden is back in the spotlight posturing about the need for “straight talk” from the administration. But the senator, who has carefully built up a reputation as a sober advocate of civil liberties, is the one who is being disingenuous, not Clapper.

You, like many people, have been played as part of political showmanship.

Re:Only Logical (1)

NormalVisual (565491) | about 10 months ago | (#45690351)

I wouldn't say I've been "played", as I think the entire Senate Intelligence Committee is as complicit in this as the NSA itself as they had knowledge of the program, yet still did nothing. That Wyden intentionally put Clapper on the spot doesn't change the fact that Clapper and Alexander both lied to Congress - *why* they did it really doesn't matter, IMO.

Re:Only Logical (1)

cold fjord (826450) | about 10 months ago | (#45690431)

If they had already told the truth to Congress behind closed doors or in reports, then I think it is hard to argue that they lied to Congress since Congress had been informed of the truth, and Wyden knew that. It would be more proper to describe this as providing a cover story when asked an inappropriate question at an inappropriate time. Wyden comes off as kind of a jerk.

If the programs were legal, which they apparently are, there would be nothing for Congress to do as long as they were consistent with policy and the law. The fact that there were occasional compliance problems would be something to address, but that doesn't change the overall legal picture. If there was a valid concern they could certainly enhance their oversight.

Bottom line is that your opinion as expressed appears to be wrong, although you are certainly free to prefer a different policy.

Re:Only Logical (1)

zippthorne (748122) | about 10 months ago | (#45690401)

Eh.. why would Clapper need to lie to congress. Why couldn't he have instead, said, "I cannot answer that question in open session as it would be inappropriate and possibly illegal to answer the question as doing so would require me to publicly reveal highly classified information that ought not be made available to our enemies."

Also, the answer to a question like, “Does the N.S.A. collect any type of data at all on millions or hundreds of millions of Americans?” doesn't provide any operational intelligence to any of america's enemies. Further, its value as propaganda depends solely on whether the answer is what the American people actually want, and whether they had the opportunity to participate in the decision.

In other words, the postulated "enemy" that the lying about the answer to this question protects from is the american people themselves, which by definition are not an enemy of America.

Re:Only Logical (1)

cold fjord (826450) | about 10 months ago | (#45690521)

People keep trying to pull this rhetorical nonsense of describing the American people as "the enemy," and it is utter nonsense - just plain stupid. If you want to do that, then please describe how you could inform 300,000,000 Americans about the most secret inner working of the intelligence agencies without the information also leaking to the thousands or tens of thousands of spies and terrorist group members or associates in the US, and ultimately to foreign countries that are enemies? I think you need to demonstrate how you could do that if you want to suggest that the information shouldn't be protected by the legislators doing their job as representatives in a democratic republic. If you want a practical demonstration as to why your idea is really bad, just try sharing your account name and PINs with 100 of your closest friends and see how things turn out in a year or two.

As to your first question, if Congress had already been informed, I think it is hard to argue that he was lying. See my other reply in the thread.

Re: Only Logical (0)

Anonymous Coward | about 10 months ago | (#45690963)

You really outdid yourself this time cold. Tell me, how do you know, on good authority, that there are all these spies and terrorists IN OUR COUNTRY if it would violate our laws to go handing out classified intel? Fucking shill. Or, are you just talking out of your ass?

Re: Only Logical (0)

Anonymous Coward | about 10 months ago | (#45690975)

I'm sure he'll try to weasel out of directly answering that. What else do you expect from an NSA shill?

Re: Only Logical (1)

cold fjord (826450) | about 10 months ago | (#45691217)

I'm assuming you're referring to the US. If I understand you correctly, you either question or don't think there are (or could be?) any foreign spies, or associates or members of terrorist groups running lose in the US?

One recent famous case: How the FBI Busted Anna Chapman and the Russian Spy Ring [slashdot.org]
FBI Investigating Possible Russian Spy Recruiting In U.S. [freebeacon.com]
After the Cold War, Russian Espionage in the U.S. [npr.org]
Russian spying at cold war levels, say experts [ft.com]

China's Growing Spy Threat [thediplomat.com]
Spy case patterns the Chinese style of espionage [csmonitor.com]

Senator’s memo shows Iran links in Homeland Security’s troubled immigration program [washingtontimes.com]

Cigarette Smuggling Linked to Terrorism [washingtonpost.com] - (From 2004, but the problem remains.)

Smugglers with ties to terrorist groups are acquiring millions of dollars from illegal cigarette sales and funneling the cash to organizations such as al Qaeda and Hezbollah, federal law enforcement officials say, prompting a nationwide crackdown on black market tobacco.

The federal Bureau of Alcohol, Tobacco, Firearms and Explosives has more than 300 open cases of illicit cigarette trafficking -- including several with terrorist links -- up from only a handful five years ago, ATF sources said.

"This is a major priority for us," said Michael Bouchard, assistant director of the ATF. "The deeper we dig into these cases, the more ties to terrorism we're discovering."

Those links above are only a drop in the bucket, especially where China is concerned.

There is a process for properly releasing classified information. Broadcasting it on CSPAN without prior coordination and clearance generally doesn't conform to that.

Re: Only Logical (0)

Anonymous Coward | about 10 months ago | (#45691269)

No, I'm curious as to which hat you pulled your numbers out of. Thousands? Tens of thousands? You ought to know better than spouting off numbers. And what you quoted says there's some fraction of 300 (less than 1000!) with *ties*. Listen, cold, you'd be a lot more convincing if you didn't engage in hyperbole.

Re: Only Logical (1, Flamebait)

cold fjord (826450) | about 10 months ago | (#45691493)

I suggest you do more reading, and read more carefully. That "300" is cases, not 300 people, in similar cases mentioned there 12 people went to jail. There are hundreds to low thousands of Hezbollah in the US. There are more than 3,000 Chinese front companies alone used for espionage.

Peter King warns: Hezbollah agents in U.S. [politico.com]
American Universities Infected by Foreign Spies Detected by FBI [bloomberg.com]

When you start adding in Hamas, al Shahab, and plenty of other extremist organizations, spies from Russia, China, Cuba, Brazil, Venezuela, Iran, and plenty of other nations, it starts to add up.

The problem isn't the lack of evidence, but the disregarding of it.

If you aren't getting it yet, I'm just about going to have to assume you're trolling.

Re: Only Logical (0)

Anonymous Coward | about 10 months ago | (#45691281)

How does questioning "thousands or tens of thousands" imply that the AC doesn't believe there are any? It was a question directed at your playing fast and loose with numbers. You're suggesting AC said something he didn't--a clear sign of bullshit.

Re: Only Logical (1)

cold fjord (826450) | about 10 months ago | (#45691507)

Lets read that comment again.

Tell me, how do you know, on good authority, that there are all these spies and terrorists IN OUR COUNTRY

He was questioning knowledge of any spies.

Are you the one playing fast and loose with the facts? It seems so. I think that also clarifies where the BS is, and it isn't from me.

Re: Only Logical (0)

Anonymous Coward | about 10 months ago | (#45691693)

Nope, I'm the one wasting your time. ;) If you can't beat reason into the trolls, waste their time.

Re: Only Logical (0)

Anonymous Coward | about 10 months ago | (#45691729)

Because of you there are now more facts about terrorism and spying posted on Slashdot for people to read. Those facts may very well persuade additional readers as to the reality of the situation. I think that means that the jokes on you. ;D

Re: Only Logical (0)

Anonymous Coward | about 10 months ago | (#45691005)

Tens of thousands of spies and terrorists! In our country! Who's paranoid again?

Re: Only Logical (1, Troll)

cold fjord (826450) | about 10 months ago | (#45691415)

Its not a question of paranoia, but ignorance. I'll let you guess who that applies to.

Here is a hint: China, just by itself, has more than 3,000 front companies devoted to espionage. Russian spies are back a Cold War levels. There are plenty of other countries with an interest in the US.

American Universities Infected by Foreign Spies Detected by FBI [bloomberg.com]

China also has more than 3,000 front companies in the U.S. “for the sole purpose of acquiring our technology,” former CIA officer S. Eugene Poteat, president of the Association of Former Intelligence Officers in McLean, Virginia, wrote in the fall/winter 2006-2007 edition of “Intelligencer: Journal of U.S. Intelligence Studies.”

Peter King warns: Hezbollah agents in U.S. [politico.com]

Rep. Peter King (R-N.Y.) warned Wednesday that there are hundreds — maybe even thousands — of Hezbollah agents inside the United States capable of launching a terror attack if U.S.-Iran tensions continue to escalate.

“The American intelligence community believes we are very much at risk for an attack by Iranian operatives, which would be Hezbollah, that is a terrorist-trained force in this country. It really is the ‘A’ team of international terrorism — far more sophisticated than Al Qaeda,” the chairman of the Homeland Security Committee said on CNN’s “Starting Point.”

Note that is just Hezbollah, not including Hamas, al Qaida, al-Shabaab, or many other terrorists or narco-terrorist organizations with a presence in the US.

And then there are the spies from Russia, Iran, Cuba, etc., etc., etc.

That is before you consider the Americans that go overseas to participate in Jihad who will return as trained, experienced terrorists.

Congressional Report: 40 Americans Training in Somalia Are 'Direct Threat' to U.S [washingtonpost.com]

Re: Only Logical (0)

Anonymous Coward | about 10 months ago | (#45691477)

There you go! Good cold fjord! You're learning how to cite your sources. See how much more reasonable you sound now? Try that in the future.

Re:Only Logical (-1)

Anonymous Coward | about 10 months ago | (#45690719)

This is meant to help protect us.

Go drink some battery acid, you bootlicking subhuman moronic piece of waste.

Hysterics (4, Interesting)

squiggleslash (241428) | about 10 months ago | (#45688845)

1. A5/1 is the "insecure, intended for export" cipher. Any US or European operator that uses it is not following recommendations.
2. It was cracked in the early 1990s. It would be bizarre if the NSA didn't know how to read it. Like I said, it was never intended to be secure by its creators. As in - GCHQ, the NSA's UK ally, has ALWAYS known how to crack it.
3. One problem with intercepting a GSM mobile call would be dealing with the fact that, as soon as you move away from the transmitting device, you're having to deal with interference from neighboring cells. Which is why any intelligence agency worth its salt isn't going to do that terribly often. What they'd do is install the tap on the operator's network.

So, in short, this article is claiming the NSA "can do" something, but only in non-Western countries, that it's unlikely to need to do given the fact the alternatives are way easier, and that we know it "can do" anyway, and knew it in the mid-1990s, and probably figured it could do right from the beginning given the close relationship between the NSA and CCHQ. This is news... why?

Re:Hysterics (5, Informative)

cianduffy (742890) | about 10 months ago | (#45688865)

A5/1 is not the export cipher - that's A5/2.

I'm not NSA (1)

Behrooz Amoozad (2831361) | about 10 months ago | (#45688847)

And I remember doing this like 3 or 4 years ago with a rainbow table.It was called the $2000 attack by a website teaching how to do it back then.

Can you hear me now? (3, Funny)

Sponge Bath (413667) | about 10 months ago | (#45688851)

Loud and clear. All your phone calls are belong to us.

there's a couple of calls i want to apologize for (0)

Anonymous Coward | about 10 months ago | (#45688853)

who can i call? the ones' that sounded cow farts that was me too.... sorry

free the innocent stem cells. never a better time to trust in momkind our spiritual centerpeace

Re: there's a couple of calls i want to apologize (0)

Anonymous Coward | about 10 months ago | (#45689155)

You just go down to the dmv and tell the nice lady at the counter all of your mistakes and all will be forgiven by Big Brother. And then you'll feel all better!

this has been known for some time.. (0)

Anonymous Coward | about 10 months ago | (#45688985)

It's been demonstrated a few times around at the CCC congress over the years. latest iteration only required a 15€ motorola phone and a PC...

Thst's 14 year old news (4, Informative)

ei4anb (625481) | about 10 months ago | (#45689007)

It has been common knowledge for at least 14 years that governments could eavesdrop on A5/1 traffic http://cryptome.org/gsm-joke.htm [cryptome.org]

Many governments have warned industrialists not to discuss secrets when using a mobile phone near the country borders. Only the radio channels are encrypted in GSM, lawful interception happens on the wired network that interconnects the base stations so eavesdropping on A5/1 is mostly used when lawful interception is not an option, e.g. listening to the GSM traffic of other countries.

Cryptome seems to be having a sale on gsm a5 (1)

auric_dude (610172) | about 10 months ago | (#45689205)

A few links to further information and some history on this topic http://cryptome.org/0001/gsm-a5-files.htm [cryptome.org]

M-Pesa dead (0)

Anonymous Coward | about 10 months ago | (#45689225)

Maybe people will see this article and FINALLY see why M-Pesa is an untrustworthy system? (Because texts could be constructed to fool you into thinking there was a payment when there was none / etc.) They really should be switching to something like Bitcoin. (But I don't know how they'd get it to run on their old feature phones.)

CDMA really is something different (0)

Anonymous Coward | about 10 months ago | (#45689311)

Also, CDMA is a *multiplexing technology* (ie airwave coding) , not a full mobile communications standard on its own.

Anyone can do it from 2009 (1)

Luke_22 (1296823) | about 10 months ago | (#45689411)

26th Chaos Communication Congress, 2009:
http://media.ccc.de/browse/congress/2009/26c3-3654-en-gsm_srsly.html [media.ccc.de]

It is already well known that you can break A5/1 offline anytime you want, and at the 26th CCC there was the "GSM: SRSLY?" conference which outlined the 2 main problems of GSM and UMTS.
GSM A5/1 can be broken (and the give plenty of details), but it is not used in UMTS. No worries, for UMTS you just need a fake station and you are set. No offline decoding though.

Anyone (0)

Anonymous Coward | about 10 months ago | (#45689885)

who thinks that NSA/FBI/CIA/government would allow any encryption that they couldn't break easily to be used in the U.S. is extremely niave.

Re:Anyone (1)

koan (80826) | about 10 months ago | (#45690945)

What about one time pads?

Ah, but what did she *really* mean? (0)

Anonymous Coward | about 10 months ago | (#45689911)

"Don't forget to pick up milk on your way home from the office, dear."

The problem is that the NSA never told (1)

Mister Liberty (769145) | about 10 months ago | (#45690971)

QED their nefarious character, not your or mine interest in mind.

NSA is the biggest Ettus customer. (1)

citizenr (871508) | about 10 months ago | (#45691017)

NSA and its subcontractors are the biggest Ettus customers, they love USRP SRD platform.

Lemme know... (Sqore:300, Yupper) (1)

Anonymous Coward | about 10 months ago | (#45691135)

...when they can rip a BD.

That's totally un-breakable encryption.

what they think about ZRTP encrypted calls? (0)

Anonymous Coward | about 10 months ago | (#45691649)

these guys do a really safe calls network - https://xvoice.eu

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?