[Cryptography] Signal Security / Secure Chat Metadata Traffic Analysis Generally

[Ray Dillinger]

On 10/29/23 01:42, arxlight wrote:
> I don't want to lead too severely any discussion that might follow 
> here but I found it rather interesting that over the course of a few 
> days in November of 2022, Signal's Auto Deletion feature was, 
> according to the document, turned off on dozens of the 325 listed 
> groups. Perhaps some panicked compliance official persuaded the FTX 
> team (or SBF himself?) that this feature was legally dangerous? As far 
> as I can tell, Joe Bankman was the only actual lawyer listed as a 
> participant in these various groups. Mr. Bankman-Fried was arrested in 
> the Bahamas December 12, 2022. Perhaps he had criminal defense counsel 
> a month earlier who warned about the hazards of spoliation?

I never know how seriously to take encrypted or covert discussion lists 
doing high-profile things with many participants where it's assumed, 
more or less, that none of the participants is also an attacker.

I recall a protest of a local rapid-transit company that was organized 
on signal, and when the protesters got to the place they discovered the 
police and company security already set up and waiting for them.  They 
felt so betrayed.  They were distraught, asking, "How did they know?! 
Did we get hacked?  How did they get the messages from our encrypted 
private group?"  And nobody seemed to have even considered that these 
organizations actually employ people for exactly the purpose of 
participating in such "private" online protest groups and notifying them 
of upcoming events. Nobody has to be hacked if the group is organizing 
or recruiting members, or advertising its actions in public.  Take it as 
read that if a thousand protesters know where to show up with their 
signs, then any alert police force also knows where they're going to 
show up with their signs.  No encryption needs to be penetrated if some 
of the participants, who get their keys exactly the same way the other 
participants do, are working for the opposition.

Channels known to the attacker have a very high probability of being 
compromised, because the attacker sees traffic and is motivated to place 
someone into the network so they can get keys to read it.

In this case it appears that some participants in those discussions have 
already turned over the records of the signal conversations to the 
investigators.  Recalling that at this point Bankman-Fried, FTX, 
Ellison, and Alameda Research had already been under SEC investigation 
for a couple of years, that is no surprise.  They'd had plenty of time 
to get close and insert eavesdroppers into the groups.  And even if they 
hadn't, as has already been pointed out Ellison and a couple of other 
people have already made a plea bargain and started cooperating with the 
investigation.

At the risk of bringing up another controversy consider the recent 
counterexample in the Gaza strip: Hamas knew that Israel was running the 
phone service and eavesdropping on all the phone and Internet traffic 
both wired and wireless, and had the SOP of inserting spies to get 
access to whatever was encrypted.  They established unmonitored channels 
by running their own telephone and TCP/IP network through their existing 
underground tunnels under Gaza.  Israel was confident that nothing was 
happening because they hadn't heard a breath of it over the telephone 
networks and internet which they ran and assiduously monitored, and they 
were confident that nothing unknown was going on because they didn't see 
significant encrypted traffic on their known and monitored channels that 
they couldn't account for.  And in this case Israel got blindsided by a 
sneak attack that apparently took years to plan.

Well-known public channels like phone lines and the Internet are run, in 
most cases, by people who have financial motives or legal mandates to 
cooperate with eavesdroppers.  Encrypted or not, any kind of group 
communications over most of them are effectively public because the 
traffic is visible and the eavesdroppers can get keys to read it by 
pretending to be participants.  This isn't a problem that can be solved 
with encryption. This is an organizational security problem that was 
real even when 'authentication' was handled by personally recognizing 
the speaker by face and voice.

Bear