[Cryptography] "Exclusive: Russia carried out a 'stunning' breach of FBI communications system, escalating the spy game on U.S. soil"

Tom Mitchell mitch at niftyegg.com
Tue Sep 17 00:40:27 EDT 2019 

On Mon, Sep 16, 2019 at 5:54 PM Jerry Leichter <leichter at lrw.com> wrote:

> Too long to try to summarize.  It looks as if the Russians, starting in
> roughly 2010, managed to crack the encryption used on FBI tactical radios.
> "A former senior counterintelligence official blamed the compromises on a
> “hodgepodge of systems” ineffective beyond the line of sight. “The
> infrastructure that was supposed to be built, they never followed up, or
> gave us the money for it,” said the former official. “The intelligence
> community has never gotten an integrated system.”"
>
>
> https://news.yahoo.com/exclusive-russia-carried-out-a-stunning-breach-of-fbi-communications-system-escalating-the-spy-game-on-us-soil-090024212.html


Jerry is right tool long to summarize but I did notice a couple things from
the outside.  Those on the inside that know cannot discuss this mess.

The technical cryptographic takeaway I see is that 5G systems must be
improved and adding China to the vendor list a s a sole source is
"interesting".   We should have our crypto folk and elected officials fix
5G.

<slightly-editorial>
The dates in the exclusive article go back to 2006 and the events likely
preceded disclosure dates by a lot of time
so this is a long lived problem. Other hints appear in 1995 and a lot
earlier.

I own a now old but very good scanner (HAM radio stuff) and it had legal
holes cut into its tuning spectrum to keep a civilian owned commercial
product from scanning Cell, Military and Law enforcement  bands. They
imposed security by obscurity and used their legal status to listen in on
drug dealers on the same equipment with a permitted modification to the
same radio that allowed listening.

Joint operation exercises in the SF Bay area in this time frame commonly
had communication problems before and after 911.  Print, Radio and TV
reported on this without details.    Post 911 there was a big push to unify
and integrate any and all law enforcement and first responder communication
tools.  The easy way to urgently integrate disparate systems is to
downgrade systems.

Law enforcement joint task forces never wanted the bad guys to go dark so
they never addressed obvious flaws in the cell phone radio and backbone
systems. Some going back to Captain Crunch and Blue box hacking of digital
phone services on POTS lines.

No improvements to 3G 4G LTE (and now 5G?)  were allowed... Stingray tools
apparently must function as a priority.

Politics and power gave the joint task force desires a lot of clout and the
displays of million dollar drug busts validated their methods.
Same for asset forfeiture largess.

Recall that CB radios were almost banned because truckers were using them
to communicate and avoid "traps" (Smokey and the Bandit 1977).

Currently, the debate around whether the FCC should address violations of
the use of private digital messaging in amateur radio has heated up.  The
discussion exposes the reality that encoding and encryption are related and
that agile spread spectrum looks like noise without a magic decoder ring.

Most law enforcement communications are encoding more than encryption and
they still have difficulties talking to each other.
https://transition.fcc.gov/pshs/docs-basic/ntfi-interoperability0205.pdf
<-- "Working Together To Bridge the
Communications Gap To Save Lives A Guide for Public Officials February 2005
NATIONAL TASK FORCE ON INTEROPERABILITY"
...
In a sidebar...
"On September 11, 1996, 5 years to the day before the 9/11 terrorist
attack,the Public Safety WirelessAdvisory Committee(PSWAC) released its
final report, which stated that “unless immediate measures are taken to
alleviate spectrum short fall and promote interoperability, public safety
will not be able to adequately dis-charge their obligation to protect life
and property..."

So back to 1995 there was communication troubles.

Summary communication security is hard it is more than tech and "Tora Tora
Tora" was sent in the clear.









-- 
          T o m    M i t c h e l l ( o n   N i f t y E g g )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190916/96ac2638/attachment.htm>

More information about the cryptography mailing list