[Cryptography] Bruce Schneier has gotten seriously spooked

[Brian Gladman]

On 07/09/2013 20:58, Gregory Perry wrote:
> On 09/07/2013 02:46 PM, Brian Gladman wrote:
>> Because NSA and GCHQ are much more interested in attacking communictions
>> in transit rather than attacking endpoints.
>>
>> Endpoint attacks cost more to undertake, only give access to a limited
>> amount of data and involve much greater risks that their attack will
>> either be discovered or their means of attack will leave evidence of
>> what they have done and how they have done it.  The internal bueaucratic
>> costs of gaining approval for (adverarial) endpoint attacks also makes
>> it a more costly process than the use of network based interception.
>>
>> There is significant use of open source encryption software in end to
>> end encryption solutions, in file archivers, in wifi and network
>> routers, and in protecing the communications used to manage and control
>> such components when at remote locations.  The open source software is
>> provided in source code form and is compiled from source in a huge
>> number of applications and this means that the ability to covertly
>> substitute broken source code could provide access to a huge amount of
>> traffic without the risks involved in endpoint attacks.
> 
> I would submit that the exact inverse is the real target - endpoint devices.  There is simply too much volume of Internet traffic to realistically analyze and process, even with the next big datacenter in Utah and multi gigabit wire rate capable deep content inspection blades.  It's the endpoint devices that the FBI is after for targeted intrusions (for both domestic and foreign targets), and the NSA used to have a very legitimate charter with a culture dedicated to protecting U.S. communications at all costs.

I don't have experience of how the FBI operates so my comments were
directed specifcally at NSA/GCHQ interests.  I am doubtful that very
large organisations change their direction of travel very quickly so I
see the huge investments being made in data centres, in the tapping of
key commmunications cables and core network routers and 'above our
heads', as evidence that this approach still works well for NSA and
GCHQ.  And I certainly don't think that volume is a problem yet since
they have been able to invest heavily to develop the techniques that
they use to see through lightweight protection and to pull out 'needles
from haystacks'.

Of course, you might well be right about the future direction they will
have to travel because increasing volume in combination with better end
to end protection must be a nightmare scenario for them.  But I don't
see this move happening all that soon because a surprisingly large
amount of the data in which they have an interest crosses our networks
with very little protection.  And it seems even that which is protected
has been kept open to their eyes by one means or another.

  Brian