[Cryptography] "Exclusive: Russia carried out a 'stunning' breach of FBI communications system, escalating the spy game on U.S. soil"

Tue Sep 17 07:44:51 EDT 2019

At 09:40 PM 9/16/2019, Tom Mitchell wrote:
>On Mon, Sep 16, 2019 at 5:54 PM Jerry Leichter <leichter at lrw.com> wrote:
>Too long to try to summarize.  It looks as if the Russians, starting in roughly 2010, managed to crack the encryption used on FBI tactical radios.  "A former senior counterintelligence official blamed the compromises on a 'hodgepodge of systems' ineffective beyond the line of sight.  'The infrastructure that was supposed to be built, they never followed up, or gave us the money for it,' said the former official.  'The intelligence community has never gotten an integrated system.'"
>
>https://news.yahoo.com/exclusive-russia-carried-out-a-stunning-breach-of-fbi-communications-system-escalating-the-spy-game-on-us-soil-090024212.html
>
>Jerry is right tool long to summarize but I did notice a couple things from the outside.  Those on the inside that know cannot discuss this mess.
>
>The technical cryptographic takeaway I see is that 5G systems must be improved and adding China to the vendor list as a sole source is "interesting".  We should have our crypto folk and elected officials fix 5G.
>
><slightly-editorial>
>The dates in the exclusive article go back to 2006 and the events likely preceded disclosure dates by a lot of time so this is a long lived problem.  Other hints appear in 1995 and a lot earlier.
>
>I own a now old but very good scanner (HAM radio stuff) and it had legal holes cut into its tuning spectrum to keep a civilian owned commercial product from scanning Cell, Military and Law enforcement bands.  They imposed security by obscurity and used their legal status to listen in on drug dealers on the same equipment with a permitted modification to the same radio that allowed listening.
>
>Joint operation exercises in the SF Bay area in this time frame commonly had communication problems before and after 911.  Print, Radio and TV reported on this without details.  Post 911 there was a big push to unify and integrate any and all law enforcement and first responder communication tools.  The easy way to urgently integrate disparate systems is to downgrade systems.
>
>Law enforcement joint task forces never wanted the bad guys to go dark so they never addressed obvious flaws in the cell phone radio and backbone systems.  Some going back to Captain Crunch and Blue box hacking of digital phone services on POTS lines.
>
>No improvements to 3G 4G LTE (and now 5G?) were allowed...  Stingray tools apparently must function as a priority.
>
>Politics and power gave the joint task force desires a lot of clout and the displays of million dollar drug busts validated their methods.
>Same for asset forfeiture largess.
>
>Recall that CB radios were almost banned because truckers were using them to communicate and avoid "traps" (Smokey and the Bandit 1977).
>
>Currently, the debate around whether the FCC should address violations of the use of private digital messaging in amateur radio has heated up.  The discussion exposes the reality that encoding and encryption are related and that agile spread spectrum looks like noise without a magic decoder ring.
>
>Most law enforcement communications are encoding more than encryption and they still have difficulties talking to each other.
>https://transition.fcc.gov/pshs/docs-basic/ntfi-interoperability0205.pdf <--
>
>"Working Together To Bridge the Communications Gap To Save Lives A Guide for Public Officials February 2005 NATIONAL TASK FORCE ON INTEROPERABILITY"
>...
>In a sidebar...
>"On September 11, 1996, 5 years to the day before the 9/11 terrorist attack,the Public Safety Wireless Advisory Committee(PSWAC) released its final report, which stated that "unless immediate measures are taken to alleviate spectrum short fall and promote interoperability, public safety will not be able to adequately dis-charge their obligation to protect life and property..."
>
>So back to 1995 there was communication troubles.
>
>Summary communication security is hard it is more than tech and "Tora Tora Tora" was sent in the clear.
>
>-- 
> T o m  M i t c h e l l ( o n  N i f t y E g g )

Re: "No improvements to 3G 4G LTE (and now 5G?) were allowed...  Stingray tools apparently must function as a priority":

Perhaps this "rule" is the reason for the current freakout over Huawei's lead in 5G systems?  I.e., 5G could be the worst of both worlds for the 5i's: China's backdoors will work on 5G, but 5i backdoors won't work on 5G.

Aside: Israel has been fingered as the culprit for the "unauthorized" stingrays in the DC area, presumably to spy on Trump's well known vulnerable cellphone, but the Trump administration apparently doesn't care, and won't censure Israel.