[Cryptography] OneRNG kickstarter project looking for donations
Ray Dillinger
bear at sonic.net
Fri Dec 19 13:58:16 EST 2014
On 12/18/2014 03:39 PM, R P Herrold wrote:
> On Thu, 18 Dec 2014, Ray Dillinger wrote:
>
>> In fact it is known that they have done so - but as far as can be told
>> from the Snowden papers this only happens as part of TAO (Tailored
>> Access Operations). And TAO is used only as a last resort - when
>> there is a *specific* target whose information they have a pressing
>> need to get for some very specific reason, but whose computers they
>> can't otherwise break into.
>>
>> TAO requires deploying agents in the field to get to single targets,
>> so it is VASTLY too risky and expensive for the kind of ubiquitous
>> surveillance that constitutes the threat for ordinary users.
>
> memory fades, but as I recall one of the TOR team of the EFF
> had a new laptop from Dell's Asian point of dispatch make a
> 'dogleg stop' at Langley for a day before delivery in SoCAl
> per UPS tracking records ...
>
> per the popular press and self-reporting, fwiw, but such an
> approach is riskless and affordable
>
I would say that "one of the EFF team working on TOR" is a fairly
specific target as opposed to ubiquitous surveillence, and the
fact that he found out about it means that the risk of exposure
involved must have been nonzero.
Now, whether such a person *ought* to be a target for TAO is an
entirely different debate, but that is a fine example of deploying
actual human effort to compromise a single specific target that
they apparently couldn't get to with less risk and effort.
And, in fact, it seems very likely that they intended to leverage
whatever they stole from and installed on his laptop for purposes
of making it easier for them to do ubiquitous surveillance on
TOR users.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141219/bbc5e597/attachment.sig>
More information about the cryptography
mailing list