Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Government

New Revelations From the Snowden Archive Surface (computerweekly.com) 151

An anonymous reader quotes a report from Computer Weekly: A doctoral thesis by American investigative journalist and post-doctoral researcher Jacob Appelbaum has now revealed unpublished information from the Snowden archive. These revelations go back a decade, but remain of indisputable public interest:

- The NSA listed Cavium, an American semiconductor company marketing Central Processing Units (CPUs) – the main processor in a computer which runs the operating system and applications -- as a successful example of a "SIGINT-enabled" CPU supplier. Cavium, now owned by Marvell, said it does not implement back doors for any government.
- The NSA compromised lawful Russian interception infrastructure, SORM. The NSA archive contains slides showing two Russian officers wearing jackets with a slogan written in Cyrillic: "You talk, we listen." The NSA and/or GCHQ has also compromised Key European LI [lawful interception] systems.
- Among example targets of its mass surveillance program, PRISM, the NSA listed the Tibetan government in exile.

These revelations have surfaced for the first time thanks to a doctoral thesis authored by Appelbaum towards earning a degree in applied cryptography from the Eindhoven University of Technology in the Netherlands. Communication in a world of pervasive surveillance is a public document and has been downloaded over 18,000 times since March 2022 when it was first published. [...] We asked Jacob Appelbaum, currently a post-doctoral researcher at the Eindhoven University of Technology, why he chose to publish those revelations in a technically written thesis rather than a mass-circulation newspaper. He replied: "As an academic, I see that the details included are in the public interest, and highly relevant for the topic covered in my thesis, as it covers the topic of large-scale adversaries engaging in targeted and mass surveillance."
According to The Register, "Marvell (the owner of Cavium since 2018) denies the allegations that it or Cavium placed backdoors in products at the behest of the U.S. government.

Appelbaum's thesis wasn't given much attention until it was mentioned in Electrospaces.net's security blog last week.
This discussion has been archived. No new comments can be posted.

New Revelations From the Snowden Archive Surface

Comments Filter:
  • Snowden is a hero (Score:5, Insightful)

    by bradley13 ( 1118935 ) on Thursday September 21, 2023 @08:09AM (#63865372) Homepage

    Shame on the NSA, and the US government. The government should have immediately acted to end the overreach of the 3-letter agencies. Sniwdn should also be pardoned.

    I know, I know...

    • by AmiMoJo ( 196126 )

      I wonder if governments will be asking telcos to rip out anything with a Marvell chip in it now.

      • by khchung ( 462899 ) on Thursday September 21, 2023 @09:47AM (#63865638) Journal

        I wonder if governments will be asking telcos to rip out anything with a Marvell chip in it now.

        Every government should ask telcos to rip out everything made by Americans if they don't want their communications to be spied on US 3-letter agencies, since every American company is just one NSL away from having to spy for their government.

        What they are going to replace them with, is not so easily answered.

        • by ceoyoyo ( 59147 )

          I suspect the reason much of the western world replaced all their Huawei gear is that the US offered to share at least some of the data they gather. The initial responses to American claims that Huawei were spying were pretty skeptical, then several countries were won over in secret meetings. There might be rules about spying on your own people, but if the Americans do it "without your knowledge" and tell you about anything interesting they happen to discover, then that's fine, right?

    • Re:Snowden is a hero (Score:4, Informative)

      by Midnight_Falcon ( 2432802 ) on Thursday September 21, 2023 @10:54AM (#63865833)
      Unfortunately, the writer Jacob Appelbaum is not a hero. He's a creep who got kicked out of the Tor project for sexual misconduct.
      • Funny how these people seem to have some sexually deviant behavior revealed right when an attack on their credibility would be most useful. Weird.

      • Weird how the article goes to lengths to characterize him.

      • by djinn6 ( 1868030 )

        It's sad when you realize upstanding people don't have the conviction to do what he does.

        Good thing truths don't suddenly become false because the messenger groped too many women.

        • In this case, it seems his primary motivation for him to do what he does is to be put in situations where he can grope women. In which case, you have to doubt the authenticity of what he's doing.
        • by yusing ( 216625 )

          Also, good thing that all of these sex-abuse accusations aren't auto-discovered by AI's and register-shifted into a special look-up file where some non-cooperative party people can be quickly found by the Right persons.

          "Oh ja! Ve haff our vays."

      • Unfortunately, the writer Jacob Appelbaum is not a hero. He's a creep who got kicked out of the Tor project for sexual misconduct.

        Give credit where credit is due. Don't be an asshole or you will never get good behavior from anyone.

        • I give him credit for finding a way to be around a lot of young women and establish himself as some kind of figure to look up to. It became clear to me at Noisebridge the guy was in it for the chicks.
      • The person who made those allegations retracted them. It felt like character assassination at the time.
    • by tlhIngan ( 30335 )

      Shame on the NSA, and the US government. The government should have immediately acted to end the overreach of the 3-letter agencies. Sniwdn should also be pardoned.

      I know, I know...

      Except well, everyone does it. I'm' absolutely certain the EU countries have taps in the US, China has taps everywhere in the US, EU and UK.

      The truth is - EVERYONE is spying on everyone else. That is the nature of the game, and for everyone involved, it literally is everyone is disavowing they do it.

      Snowden basically revealed tha

    • A spy agency was spying. You could make the argument that backdoors are always bad, but you haven't made that argument. This negative response just seems like a reflex, and I don't know that it's constructive. Should spy agencies not spy? Should they not exist at all?
    • The watchmen do not police themselves, not even secretly.
    • by shocking ( 55189 )

      He handed over millions of TS documents to a hostile intelligence service - the released stuff was just a smokescreen to make him look like a hero.

  • Its SIGINT-enabled (Score:5, Interesting)

    by RobinH ( 124750 ) on Thursday September 21, 2023 @08:23AM (#63865406) Homepage

    When they say SIGINT-enabled it could just mean that the processors have some feature which makes them easy to backdoor. There are stories of how the NSA was able to intercept networking equipment manufactured in the US that was destined for foreign countries and install backdoors before it left the country. You need a piece of hardware in there that you can compromise. That story I read had to do with network switches. Are Cavium CPUs typically used in network switches?

    Seriously, there are surprising ways to hide backdoors in devices that are almost impossible to detect. Hard drives are an example where the firmware in the drive itself can be compromised in a way that hides its presence, and resists attempts to re-flash the firmware.

    • by AmiMoJo ( 196126 )

      It could just be a zero day flaw in the CPU. Maybe they found a hidden debug mode.

      There was a project a few years back that tried simply sending every possible op-code to an x86 CPU, and found lots of undocumented features. Really any code like that which is needed for manufacturing or testing should be disabled as the last step during production.

      • I am in the software security business not hardware. But I was asked during a panel discussion once if I thought there were security vulnerabilities in actual CPUs. My answer was a firm yes, I believe they exist, and the only reason we haven't seen them exploited is because more pedestrian attacks still exist. We would be fools to think there *aren't* such defects in CPUs and other devices. Are they being actively exploited? Probably in only the most extreme situations. It's a weapon that might not be
    • According to Wikipedia - https://en.wikipedia.org/wiki/... [wikipedia.org] - they make chips for "routers, switches, appliances, storage and servers"

    • by eth1 ( 94901 ) on Thursday September 21, 2023 @10:23AM (#63865741)

      Are Cavium CPUs typically used in network switches?

      Worse, actually... I know the brand of firewalls we have at least used to use Cavium chips for data-plane processing. That includes SSL inbound and forward proxy decrypt and re-encrypt, as well as VPNs, etc. They also store certificates AND the associated keys, in some cases. Perfect place for a snoop, especially since in general, the more secure you make your network, the more you separate stuff with a firewall, and the more of the traffic is then visible to the firewall.

      • by MeNeXT ( 200840 )

        That's why we encrypt the content.

        The content can also include routing so even the destination can be hidden.

        • You can encrypt your data on top of the transport layer which prevents inspection by the firewall. But it also means that application-level defects are now easier to exploit and harder to detect. It's a trade-off.
    • What it means is the ARM based core was easy to integrate with Vertex DSPs that are key to building high performance Software Defined Radios. Why does everyone assume this means backdoor? The NSA is full of engineers that need to collect a wide variety of signals and they need excellent software defined radios.
  • but... (Score:5, Insightful)

    by DarkOx ( 621550 ) on Thursday September 21, 2023 @08:25AM (#63865410) Journal

    Isn't this actually the job of the NSA doing signint against possible foreign adversaries.

    I don't really have an issue with NSA hacking to Russian surveillance infrastructure. That sounds like the sort of thing they actually SHOULD be doing.

    • by Zak3056 ( 69287 )

      Yeah, this is a weird story, especially the breathless suggestion that this is something that should be in e.g. the NY Times rather than an academic paper. The 'revelations' here amount to "In addition to their unlawful, unconstitutional, spying on American Citizens in the US, the NSA was also doing the lawful, constitutional, job it was created to do."

    • It is not the job of the NSA to bulk spy on Americans, slurping up every bit of data from every device we touch and save it forever in their huge data center to be analyzed for thought crimes.

      You realize we all have a "file" now?

    • by radaos ( 540979 )
      How exactly is the Tibetan government in exile, an organisation publicly supported by the US, an 'adversary' of the US?
    • Well, perhaps. However, they listed an American manufacturer as "sigint enabled". The manufacturer denies this. Sadly, given the NSA's proven capabilities, it is entirely possible that they have some sort of backdoor that the manufacturer itself is unaware of.

      More to the point: After the Snowden revelations, no one with two brain cells believes that the NSA won't use this to spy on domestic targets. They will just deny it and classify the reports.

    • But I have an issue with the NSA hacking into European LI infrastructure. And, honestly, I don't give a fuck about what you think about that.
  • OH NO! The NSA is working to thwart foreign intelligence gathering! How dare they invade the privacy of those working to destroy the privacy of our government! They must be stopped! /s
    • by neubsi ( 1039512 )
      You do know that PRISM is/was used to survail American citizens, right? And I agree, some sort of survailance of foreign enemies is a good thing.
    • How does PRISM make us safe from evil people like the Tibetan government in exile? The lowest privacy fear on my list is the Dalai Lama grabbing my texts and emails.

  • by Ol Olsoc ( 1175323 ) on Thursday September 21, 2023 @09:06AM (#63865538)
    Calling a CPU sigint enabled - then people speaking of backdoors - those two are not the same thing.

    Now I'm not saying there isn't a backdoor, but basing it on signals intelligence is not even wrong.

    So I kinda call bullshit here.

    • True, but you may have also explained how are they different.

      A backdoor allows someone to take control of a computer. On the other hand Signal Intelligence is the recollection and analysis of data, usually communications. So, quite different.

      • True, but you may have also explained how are they different.

        A backdoor allows someone to take control of a computer. On the other hand Signal Intelligence is the recollection and analysis of data, usually communications. So, quite different.

        Sure, But a lot of Snowden fanbois will reject anything at all.

        If we look at say Comsec, you can use that as a possible definition. But that's a really broad field like any communications in any form.

        Sigint is generally collection of signals emanating from a transmitter. Or maybe Elint.

        There's a lot of overlap, so it is hard to pin down things precisely. But no, a computer backdoor is not sigint. It's a backdoor.It's a way to get into a computer via the network usually. It might be useful for interes

    • by gweihir ( 88907 )

      Have you noted that two of the advisers were D.J. Bernstein and Tanja Lange? It does not get much more high-powered in the cryptography field. If these names are on the thesis, it is up to _you_ to disprove the claims in there.

      • Have you noted that two of the advisers were D.J. Bernstein and Tanja Lange? It does not get much more high-powered in the cryptography field. If these names are on the thesis, it is up to _you_ to disprove the claims in there.

        Or I could just not believe them.

        • by gweihir ( 88907 )

          Sure, everybody has the right to be a disconnected idiot. Just do not expect to get respect for that.

          • Sure, everybody has the right to be a disconnected idiot. Just do not expect to get respect for that.

            If you are calling me a disconnected idiot, that's your opinion. But So tell this idiot how SIGINT is the same thing as a CPU backdoor.

            Hey Gweihir - I do something to you to drop to calling me an idiot? And friend, I'm definitely not disconnected.

            You definitely do not know everything you think you know. Educate us.

  • by Urd.Yggdrasil ( 1127899 ) on Thursday September 21, 2023 @11:08AM (#63865865)

    > The NSA compromised lawful Russian interception infrastructure, SORM. The NSA archive contains slides showing two Russian officers wearing jackets with a slogan written in Cyrillic: "You talk, we listen." The NSA and/or GCHQ has also compromised Key European LI [lawful interception] systems.

    Are these the same sort of 'lawful interception' systems that western governments are constantly trying to ram through "for the children"? The ones that they constantly assure the public are 'secure' and will only be used for 'lawful purposes'?

    • Are these the same sort of 'lawful interception' systems that western governments are constantly trying to ram through "for the children"? The ones that they constantly assure the public are 'secure' and will only be used for 'lawful purposes'?

      ROFLMAO

      You noticed that too? The blindness and hypocrisy is ... I am at a loss for words. There are no words that convey the stupidity.

  • "Marvell (the owner of Cavium since 2018) denies the allegations that it or Cavium placed backdoors in products at the behest of the U.S. government."

    When their spokesdrone's lips are moving.

  • Despite all of this capability, they couldn't see 2016 election interference coming or did they and just lack the basic understanding of the human psyche? Or do we give too much credit to the backer and not the method? Like so what if Russia was doing it, A billion otherwise legit political actors were doing the same thing? These are the things that keep me up at night. With so much capability, why hasn't our intelligence services done a better job? The fact that Snowden was able to do what he did is als

Keep up the good work! But please don't ask me to help.

Working...